South Korean tax agency leaks seized crypto wallet recovery phrase

South Korea’s National Tax Service tried to make a crypto-seizure press release “more eye-catching.” It published photos of a Ledger hardware wallet next to a handwritten recovery phrase—and then watched roughly $5 million in seized tokens disappear.

According to Ars Technica, the agency had announced it had seized about $5.6 million in cryptocurrency from 124 wealthy tax evaders. The images included a clearly legible mnemonic recovery phrase, the master key that allows anyone to recreate the wallet and move funds without needing the physical device. Blockchain analyst Cho Jae-woo told local media that the wallet held 4 million PRTG (Pre-Retogeum) tokens worth about $4.8 million when the thief struck.

On-chain traces described by The Block show a familiar operational pattern: the attacker first sent a small amount of ETH into the seized wallet to pay transaction fees, then transferred the PRTG tokens out in three transactions. That detail matters because it underlines what “custody” means in crypto: control is not about holding an object in an evidence locker, but about controlling a secret. Once the secret is public, the asset is effectively gone.

The tax agency removed the press release and later issued a public apology, saying it failed to redact sensitive information. It also said it had opened an investigation with national police and would attempt to trace the transfer and recover the funds. But unlike a bank transfer, there is no central counterparty to reverse. The best chance is that the thief eventually touches a regulated exchange, where KYC checks might create a choke point.

The episode also sits in a pattern. Ars Technica notes recent reports of other South Korean custody lapses, including missing seized bitcoin in Gwangju and an internal probe in Seoul’s Gangnam district after 22 seized bitcoins vanished from a cold wallet without the device leaving police control. Whether those cases were phishing, insider access, or sloppy procedures, they point to the same gap: public agencies are being asked to run high-discipline key management without the incentives or tooling that private custodians build around.

Crypto custody is solvable in theory—multi-signature schemes, hardware security modules, air-gapped procedures, and strict access logging exist precisely to reduce single points of failure. But those controls are expensive, slow, and operationally unforgiving. A press office optimizing for publicity can undo a security team’s work in a single photo.

The National Tax Service said the mistake would lead to stronger internal controls. The stolen tokens moved as soon as the images circulated online.