South Korea's Tax Office Leaks Wallet Seed, Loses $4.8M in Seized Tokens
In a recent incident that highlights the vulnerabilities of public bodies in the digital age, South Korea's National Tax Service (NTS) reportedly exposed a crypto wallet seed phrase in an official press release, resulting in the loss of 4 million PRTG tokens worth approximately $4.8 million.
The NTS accidentally published the mnemonic phrase in a press release related to their enforcement campaign against tax delinquents and seizures. The image accompanying the release included a Ledger cold wallet and a sheet of paper showing the wallet's full mnemonic phrase without any blur or masking. Blockchain researchers later identified an Ether (ETH) address linked to the leaked phrase that briefly held the 4 million PRTG tokens before the entire balance was transferred out.
According to associate professor Jaewoo Cho of Hansung University's Blockchain Research Center, who analyzed the flows, "We have confirmed that 4 million PRTG tokens, worth approximately $4.8 million, were stolen from the mnemonic that was leaked (disclosed) through a press release from the National Tax Service." He noted that the other exposed mnemonics do not seem likely to cause any major issues and argued that because the stolen tokens were difficult to cash out, "the actual damage is at a negligible level."
This incident comes as South Korean authorities face another crypto custody scandal. In a separate case, police discovered in February 2026 that 22 Bitcoin (BTC) seized in a 2021 hacking investigation had vanished from a cold wallet stored in a Gangnam police vault. Two suspects were arrested on Thursday after investigators found that the coins had been moved using a mnemonic phrase that the police had never controlled.
Furthermore, regulators are under pressure over Bithumb's recent 620,000 BTC fat finger promotion error, where the exchange briefly credited users with about $43 billion in non-existent Bitcoin, and the Financial Services Commission extended its probe after criticism that it failed to spot serious systems flaws earlier.
The recent crypto custody failures test Korean authorities' ability to secure digital assets. As the use of cryptocurrencies continues to grow, it is essential for public bodies to implement robust virtual asset custody systems to prevent such incidents in the future.
In conclusion, the leak of a crypto wallet seed phrase by South Korea's National Tax Service has highlighted the importance of maintaining the confidentiality and integrity of sensitive information. This incident serves as a reminder to public bodies to prioritize cybersecurity and take necessary measures to protect digital assets from potential threats.
**The Risks of Crypto Custody Failures**
Crypto custody failures can have severe consequences, including significant financial losses and damage to an organization's reputation. In the case of South Korea's National Tax Service, the leak of a wallet seed phrase resulted in the loss of 4 million PRTG tokens worth approximately $4.8 million.
**Best Practices for Crypto Custody**
To prevent such incidents in the future, public bodies should implement robust virtual asset custody systems that prioritize cybersecurity and data protection. This includes:
* Implementing multi-factor authentication and access controls * Conducting regular security audits and penetration testing * Using secure encryption methods to protect sensitive information * Providing training and education to employees on crypto custody best practices
By prioritizing cybersecurity and taking proactive measures to protect digital assets, public bodies can minimize the risk of crypto custody failures and ensure the integrity of their operations.
**Conclusion**
The recent incident involving South Korea's National Tax Service highlights the importance of maintaining the confidentiality and integrity of sensitive information. By implementing robust virtual asset custody systems and prioritizing cybersecurity, public bodies can prevent such incidents in the future and protect digital assets from potential threats.