South Korea’s National Tax Service Faces Major Crypto Security Breach
South Korea’s National Tax Service (NTS) has reportedly lost nearly $4.8 million in cryptocurrency after accidentally publishing an unredacted wallet recovery phrase in a press release. This incident marks the third major crypto custody failure by Korean authorities in as many months and is considered one of the most embarrassing security lapses to date.
On February 26, the NTS issued a press release announcing that it had seized a total of 8.1 billion won (approximately $5.6 million) from an enforcement action targeting 124 high-value and habitual tax delinquents. Among the accompanying photographs was an image of hardware confiscated from a delinquent taxpayer identified as “Mr. C,” a Ledger cold wallet device, and, displayed next to it in plain view, a handwritten mnemonic phrase. However, no redaction was applied to the phrase, leaving it vulnerable to exploitation.
The Risks of a Mnemonic Leak
A mnemonic, typically a sequence of 12 to 24 words, serves as the master key to a cryptocurrency wallet. It functions as a public certificate, password, and security card. Whoever knows it can restore the wallet on any device and withdraw its contents from anywhere in the world, with no further authentication required.
By the early hours of February 27, a person or persons unknown had acted on the intelligence the NTS had freely provided. According to Professor Cho Jae-woo of Hansung University’s Blockchain Research Institute, on-chain data from Etherscan shows that 4 million Pre-Retogeum (PRTG) tokens were transferred out of the exposed wallet in three batches, following a preliminary deposit of Ethereum to cover transaction fees.
The estimated value of the tokens at the time of the theft was approximately 6.4 billion won, which is around $4.8 million. Professor Cho criticized the NTS for such a critical oversight, stating, “If they seized virtual assets, they would disclose the most important mnemonic in a press release that the entire nation can see. This is like advertising to open your wallet and take your money.”
The NTS had not issued a public statement on the matter at the time of writing.
A Pattern of Crypto Custody Failures
The NTS incident is, in fact, the third significant crypto custody failure by South Korean public institutions since January. The Gwangju District Prosecutors’ Office discovered that it had lost 320.8 Bitcoin, worth over $21 million, according to current market rates, after a staff member accessed a phishing site while attempting to verify wallet storage during an asset handover.
The Bitcoin, confiscated from a family found to have laundered proceeds of an illegal gambling operation into cryptocurrency, had been bound for the national treasury following the conclusion of criminal proceedings. It was eventually recovered on February 17 after investigators froze domestic and international exchange accounts, which authorities say may have prompted the hacker to return the Bitcoin voluntarily when they were unable to convert it to cash.
This same February, Seoul’s Gangnam Police Station disclosed the disappearance of 22 Bitcoins worth over $1.4 million, discovered during a nationwide audit of law enforcement cryptocurrency holdings that had itself been triggered by the Gwangju incident. Officers at the station had failed to transfer the confiscated Bitcoin to a government-controlled cold wallet, instead leaving funds managed by a third party without retaining the seed phrase needed to access them.
So far, two suspects have been arrested in connection to the stolen Bitcoin.
Legal and Regulatory Developments
In January 2026, South Korea’s Supreme Court ruled that Bitcoin qualifies as an object of seizure under criminal law, a landmark decision that formally expands the state’s authority to confiscate digital assets. The country is also working on regulating the crypto space with stablecoins in focus, and it plans to do so this year.
However, these three incidents expose a consistent gap between South Korea’s ambitions as a digital asset regulatory power and the operational readiness of its agencies. The repeated failures highlight the need for stronger internal protocols and better training for handling digital assets.
Conclusion
As South Korea continues to position itself as a leader in the digital asset space, the recent string of crypto custody failures raises serious concerns about the effectiveness of its regulatory framework and the security practices of its public institutions. The NTS incident, in particular, serves as a stark reminder of the risks involved in mishandling sensitive information and the potential consequences of negligence in the fast-evolving world of cryptocurrency.