Facepalm: Last month, South Korea's National Police Agency realized that 22 Bitcoin had been missing for years after officials failed to transfer the seized funds to a state-owned wallet. Now the country's National Tax Service has stumbled into an even more damaging mistake – effectively handing cybercriminals the keys to confiscated crypto.
South Korean authorities made a serious blunder as they sought to showcase their crackdown on online fraud and cybercrime. According to local reports, Seoul's National Tax Service (NTS) released a press statement detailing an on-site investigation targeting 124 high-profile tax fraud suspects. In the process, it also published a photo that revealed far more than intended.
The agency had seized 8.1 billion won (roughly $8.2 million) in digital tokens, with several sizable crypto wallets stored across four USB drives. The press image displayed the thumb drives, stacks of cash, and a sheet of paper containing a wallet recovery phrase.
That "mnemonic" phrase is effectively a master key. With it, anyone can restore access to a crypto wallet, even without the original physical drives. It didn't take long for someone to do exactly that. An unidentified party used the exposed recovery phrase to transfer 4 million PRTG (Pre-Retogeum) tokens into their own wallets, allegedly draining about $4.8 million (6.4 billion won) from the NTS.
Blockchain analyst Jae-woo Cho said the perpetrators appeared to know precisely how to execute the theft. They first sent a small amount of ETH (Ethereum) to the compromised wallet to cover transaction fees, then moved the 4 million PRTG tokens out in three separate transfers.
Cho argued the incident underscores a fundamental lack of understanding within South Korea's tax authorities about how virtual assets function. Dongguk University professor Hwang Seok-jin drew a blunt comparison: publishing a recovery phrase in a press release is akin to photographing the most sensitive credentials required to access a bank account.
In effect, the agency told the internet to help itself, and someone did. Recovery phrases and other security credentials tied to digital assets are meant to be stored offline, on paper or other physical media, Hwang noted. As the NTS case demonstrates, even paper-based secrets cease to be secure the moment they're broadcast online, no matter how compelling the enforcement optics may be.