$4.8M in Seized Crypto Stolen After Korean Tax Agency Accidentally Leaks Wallet Seed Phrase
scsecMarch 3, 20262 Mins read 
$4.8M in Crypto Stolen After South Korean Tax Agency Exposes Wallet Seed Phrase
South Korea’s National Tax Service (NTS) accidentally exposed the mnemonic recovery phrase of a confiscated cryptocurrency wallet, leading to the theft of approximately $4.8 million in digital assets.
The wallet, a Ledger cold storage device, had been seized during coordinated raids targeting 124 high-value tax evaders. Authorities reported confiscating digital assets worth 8.1 billion won (about $5.6 million) as part of the enforcement action.
However, when announcing the operation’s success, the NTS released photographs of the Ledger device. The images included a handwritten note displaying the wallet’s recovery seed phrase — effectively the master key required to restore and access the wallet on any compatible device.
How the Theft Happened
Because the recovery phrase was visible in the publicly released images, anyone could use it to reconstruct the wallet and transfer the funds.
Shortly after the press release went live, approximately 4 million Pre-Retogeum (PRTG) tokens — valued at roughly $4.8 million at the time — were moved out of the seized wallet to a new address.
According to blockchain analysis, the attacker first transferred a small amount of Ethereum (ETH) into the wallet to cover gas fees. They then executed three separate transactions to move the PRTG tokens out of the account.
On-chain data reviewed via Etherscan confirmed the sequence of transactions.
Cho Jae-woo, a blockchain data analysis expert and professor at Hansung University in Seoul, compared the mistake to leaving a wallet open in public and inviting anyone to take the money. He attributed the incident to a lack of understanding of virtual asset security, noting that the oversight effectively cost the national treasury billions of won that had already been successfully confiscated.
Aftermath and Investigation
The NTS has since removed the press release from its website. It remains unclear whether authorities have launched a formal investigation into the theft or identified the recipient address behind the stolen funds.
The incident underscores the irreversible nature of cryptocurrency transactions. Once assets are transferred and confirmed on the blockchain, recovery is extremely difficult without cooperation from exchanges or other intermediaries.
A Critical Reminder About Seed Phrases
This case highlights the importance of safeguarding recovery phrases for hardware wallets.
A seed phrase provides full control over a cryptocurrency wallet. Anyone who obtains it can recreate the wallet on another device without needing the original hardware wallet, PIN, or owner permission.
Security experts recommend:
- Never digitizing seed phrases
- Avoid storing them in photos, email drafts, cloud storage, or messaging apps
- Keeping them offline in a secure physical location
- Immediately transferring funds to a new wallet if a seed phrase is ever exposed
Even hardware wallets offer no protection if the recovery phrase is compromised. As demonstrated in this case, a single lapse in operational security can result in multimillion-dollar losses within minutes.
- blockchain forensics
- blockchain security
- cold wallet breach
- crypto confiscation
- crypto investigation
- crypto security
- cryptocurrency theft
- digital asset security
- Ethereum gas fees
- Etherscan
- hardware wallet
- Ledger wallet
- mnemonic recovery phrase
- National Tax Service Korea
- operational security failure
- PRTG token
- seed phrase leak
- South Korea news
- wallet compromise
1 Comment
Leave a Reply
Related Articles
BlackBerry Report: Governments Rely on WhatsApp Despite Widespread Misunderstanding of Messaging Security
A new report from BlackBerry Secure Communications highlights widespread confusion among government...
UK Opens Formal Investigation Into Telegram Over CSAM and Child Safety Compliance Concerns
The United Kingdom’s communications regulator, Ofcom, has launched a formal investigation into...
Over 1,500 Perforce Servers Still Expose Sensitive Source Code and Critical Data to Attackers
Thousands of internet-facing Perforce P4 servers are still exposing sensitive data due...
NGate Malware Hijacks NFC Payments on Android to Steal Card Data
A newly discovered variant of the NGate Android malware is targeting users...
This incident is a stark reminder that even government agencies must follow strict operational security when handling digital assets. A seed phrase is the ultimate key to a crypto wallet — once exposed, there’s no recovery. Proper redaction and basic crypto awareness could have prevented a multimillion-dollar loss.