Crypto theft: Korean authorities have been rocked by two separate incidents where seized digital assets were stolen, highlighting significant vulnerabilities in their management systems. These events underscore a critical lack of understanding and robust security protocols within government agencies tasked with handling valuable virtual currencies.
The first incident involved South Korea’s National Tax Service (NTS) inadvertently exposing the mnemonic recovery phrase of a seized cryptocurrency wallet. This egregious blunder led to the theft of approximately 4 million Pre-Retogeum (PRTG) tokens, valued at around $4.8 million (or 6.9 billion won). The NTS released press photos in late February 2026, which included images of Ledger hardware wallets with handwritten notes openly displaying the seed phrases. This effectively handed over the ‘master key’ to anyone who viewed the press release.
Exposed Seed Phrase: A Costly Oversight
An unknown individual quickly exploited this publicly available seed phrase, transferring the PRTG tokens out of the seized wallet. The first thief later confessed to the police on March 28 and was arrested two days later, claiming they stole the crypto ‘out of curiosity’ and subsequently returned it. However, in a twist of fate, the returned tokens were immediately stolen again by a second, unidentified thief, as they were sent back to the same, still vulnerable wallet. This incident, occurring in South Korea, involved assets seized from 124 high-value tax evaders, further amplifying the financial implications and public scrutiny.
“The NTS’s ‘lack of basic understanding of virtual assets’ led them to include photos of Ledger hardware wallets with handwritten notes displaying the seed phrases, effectively providing the ‘master key’ to the crypto.”
Separately, South Korean prosecutors faced their own digital asset nightmare. The Gwangju District Prosecutors’ Office lost 320.8 Bitcoin (BTC), valued at approximately $21.5 million (31.6 billion won), due to a sophisticated phishing attack. This substantial amount of Bitcoin was initially stolen in August 2025 during a routine audit of seized crypto assets. Alarmingly, the theft went unnoticed for four months, only coming to light in December 2025 during a transfer to the national treasury.
Phishing Attack and Eventual Recovery
A staff member at the Gwangju District Prosecutors’ Office was deceived by a phishing website, unknowingly entering a 24-word seed phrase into a fake Google search result. This critical error granted hackers unfettered access to the wallet. The hacker eventually returned the funds in February 2026, after authorities successfully froze the assets across domestic and international exchanges, making it impossible for the perpetrator to cash out. The prosecutors then proceeded to sell the recovered Bitcoin between February 24 and March 6, 2026. This incident involved funds originally seized during an investigation into an illegal cross-border gambling group that operated from 2018 to 2021.
Addressing Digital Asset Security Gaps
Both incidents highlight severe security weaknesses in the management of digital assets by South Korean government agencies. These include poor verification of cryptocurrency balances, inadequate private key management, and a significant lack of cybersecurity training for personnel. The repeated related Fraudulents news surrounding these events serves as a stark warning to other governmental bodies and institutions globally about the critical need for robust, specialized protocols when handling digital currencies. Without fundamental improvements in education and infrastructure, the risk of further crypto theft: Korean authorities face will remain high.




