South Korea crypto theft recurrence has sent ripples through the nation’s financial and law enforcement agencies, as a significant amount of Bitcoin, initially stolen and then returned, was subsequently sold by authorities only for further security lapses to emerge. The Gwangju District Prosecutors’ Office in South Korea was at the center of this saga, where 320.8 Bitcoin (BTC), valued at approximately $21.5 million, was stolen in August 2025 due to a phishing attack. Remarkably, the hacker unexpectedly returned the stolen crypto in February 2026. Following its recovery, the Gwangju Prosecutors’ Office proceeded to sell the 320.8 BTC in batches over 11 days, from February 24 to March 6, 2026, successfully transferring 31.6 billion Korean won (approximately $21.5 million) to the national treasury.
The Bitcoin in question was originally seized between 2018 and 2021 during a raid on an international gambling platform that had converted criminal proceeds into cryptocurrency. The initial phishing attack in August 2025 occurred when officials managing these seized assets fell victim to a sophisticated phishing website, leading directly to the theft of the cryptocurrency. The hack itself went undetected until December 2025. Prior to the hacker’s unexpected return of the funds, prosecutors had taken steps to block the wallet’s access to various liquidation channels. The identity of the hacker responsible for this initial incident remains unknown, with investigations ongoing.
Alarming Pattern of Security Lapses
This incident is not an isolated event but rather one of several recent security lapses involving cryptocurrency held by South Korean authorities. In a separate, equally concerning event, the National Tax Service (NTS) inadvertently exposed the mnemonic recovery phrase for a seized crypto wallet in a public press release. This astonishing blunder led to the theft of 4 million Pre-Retogeum (PRTG) tokens, theoretically valued at $4.8 million, which were transferred to an unidentified address. The initial thief of the PRTG tokens reportedly confessed to the police on March 28 and was arrested two days later, claiming they stole the crypto out of curiosity and then returned it. However, officials later revealed that a second thief stole the crypto again after it was returned, and police are now actively tracking this second individual, highlighting the complexities of managing digital assets. This ongoing pattern of related Fraudulents news underscores the urgent need for enhanced digital asset security.
“The repeated security failures highlight a critical lack of technical literacy and standardized protocols among South Korean authorities handling digital assets.”
Internal Investigations Uncover More Missing Crypto
Furthermore, a nationwide internal investigation initiated after the Gwangju incident brought to light another significant loss: the Seoul Gangnam Police Station had lost 22 BTC, worth over $1.5 million, which had been stored in a USB cold wallet since 2021. In this particular case, the cold wallet itself was never stolen, raising serious questions about potential internal involvement. The police had entrusted the cryptocurrency with a third-party custodian without retaining direct control over the private keys, and this issue only came to light during the internal probe. The sheer volume of these incidents emphasizes the challenges in securing seized crypto.
South Korea Crypto Theft Recurrence Prompts Policy Changes
These repeated security failures and the ongoing South Korea crypto theft recurrence have drawn significant public criticism regarding the perceived lack of technical literacy and standardized security protocols among South Korean law enforcement and tax authorities. In response to these pressing concerns, South Korea’s National Police Agency has introduced new, stringent guidelines for handling seized cryptocurrencies. These guidelines include standardized procedures for managing wallet addresses, private keys, and software wallets. Additionally, Finance Minister Koo announced a comprehensive full inspection of all digital assets held by public institutions and a thorough review of their management under enforcement processes, aiming to prevent future recurrences.
The saga of the stolen and re-stolen crypto, particularly the South Korea crypto theft recurrence, serves as a stark reminder of the unique challenges and vulnerabilities associated with managing digital assets, even for governmental bodies. While steps are being taken to rectify these issues, the ongoing investigations and the persistent threat of sophisticated cyberattacks underscore the imperative for continuous vigilance and robust, evolving security frameworks in the age of cryptocurrency.




