South Korea’s Tax Authority Exposes Seed Phrases, Resulting in $4.8 Million Loss of Confiscated Cryptocurrency

This week, the National Tax Service (NTS) of South Korea transformed a standard enforcement success into a significant operational blunder by disclosing private keys in a press release, leading to the theft of $4.8 million in confiscated assets.

The agency released unredacted, high-resolution images of hardware wallets that included a visible seed phrase leak, enabling opportunistic on-chain actors to remotely siphon off 4 million PRTG Tokens.

This incident was avoidable. Rather than securing the cryptocurrency seizure in newly established government-controlled wallets, officials publicly displayed the original recovery codes. The funds were depleted within hours.

Key Takeaways:

• The Leak: The NTS shared press images featuring clear handwritten notes that contained the 24-word recovery phrases for confiscated Ledger wallets.
• The Loss: Criminals extracted around 4 million PRTG tokens, valued at approximately $4.8 million (6.9 billion KRW), utilizing the exposed codes.
• The Failure: This event reveals a significant flaw in Institutional Custody protocols, as agents neglected to transfer assets to secure storage prior to making the information public.

Discover: The best crypto to diversify your portfolio with

How The National Tax Service of South Korea Lost $5 Million in Crypto in Hours

On February 26, the National Tax Service released a press statement detailing the seizure of 8.1 billion KRW ($5.5 million today) from affluent tax evaders.

Hilarious.
South Korea’s National Tax Service published their recent confiscation of stolen crypto by showing a photo of the seed phrase they retrieved.
$4.8 million was immediately drained. pic.twitter.com/cKyYBq60Jn

— Terence Michael (@ProofOfMoney) March 2, 2026

To support the announcement, the agency included images of the physical assets, which featured a Ledger hardware wallet. Next to the device was a handwritten note containing the complete mnemonic recovery phrase, the master key that provides full access to the funds, regardless of who possesses the physical device.

The image was of such high resolution that the words were clear. For anyone with a basic understanding of crypto self-custody, the photo was akin to displaying a bank account number and PIN on a billboard.

As reported by Gizmodo and local sources, the theft occurred in two phases. A first actor drained the wallet but, possibly fearing repercussions for stealing from the government, returned the funds shortly after.

A second thief was less cautious. Approximately 2.5 hours later, this second individual permanently transferred the restored funds out.

Authorities are currently investigating, but the immutable nature of the blockchain complicates retrieval without the thief’s cooperation.

The Scale of the Loss

The financial impact is considerable, although market conditions may mitigate the thief’s actual earnings.

The wallet held 4 million PRTG (Pre-Retogeum) tokens, with a nominal value of around $4.8 million or 6.9 billion KRW. On-chain data indicates that the attacker funded the wallet with a small amount of ETH to cover gas fees before executing three rapid outbound transactions.

While the paper loss is nearly $5 million, liquidity for PRTG is limited. Dumping that quantity on open markets would likely crash the price, meaning the realizable value for the hacker is significantly reduced.

However, for the NTS, the loss is total; credits that were meant to address tax obligations have been erased from the treasury’s balance sheet.

Institutional Custody: What Went Wrong

This was not a technical breach. It was a procedural failure. Institutional custody necessitates more than merely seizing a physical device; it requires the immediate transfer of digital assets to a secure, government-controlled environment.

Retaining funds in a suspect’s original wallet and then photographing the recovery phrase demonstrates a fundamental misunderstanding of how digital bearer assets function.

South Korean shares sank 12%, posting the biggest drop in their 46-year history and wiping out about half a trillion dollars in value this week, as fears that the Iran war could cripple Asia’s fourth-largest economy sent the won to a 17-year low https://t.co/R17XR8DHmL pic.twitter.com/lNzRyejj21

— Reuters (@Reuters) March 4, 2026

The mistake underscores a stark contrast in regional institutional competence. While the Bank of Japan is rigorously testing blockchain infrastructure for high-level reserve settlements, South Korean tax authorities failed the most basic test of digital asset security: maintaining the confidentiality of the password.

The NTS has since issued an apology and committed to revising its manuals, but the damage to its credibility is already done. Recovering the funds now relies entirely on police tracking, a reactive approach to a problem that was proactively created.

Discover: The best meme coins on Solana

Beyond South Korea: Broader Implications for Crypto Enforcement

South Korea is among the most active crypto markets globally, and its government has been assertive in taxing digital wealth. This incident undermines that authority. It indicates that while the state can identify tax evaders, it lacks the operational maturity to manage the resulting seizures securely.

The risk profile for traders in the region is evolving. Typically, the concern is regulatory overreach. When conflict with Iran escalated, Iranian exchange outflows surged by 700%. Here, the risk is different: sovereign incompetence. If seizure equates to loss, the enforcement mechanism itself becomes a source of market instability.

As governments worldwide increase crypto seizures, the NTS error serves as an expensive lesson. Physical possession means little on the blockchain. Without stringent digital hygiene, state agencies are just as susceptible as the retail investors they seek to regulate.

The post South Korea Tax Service Leaks Seed Phrases, Loses $4.8M in Seized Crypto appeared first on Cryptonews.