A serious security lapse by tax authorities in South Korea has led to the loss of millions of dollars worth of cryptocurrency.
According to local media reports, the National Tax Service (NTS) of Korea accidentally shared a recovery key (seed phrase) for a seized cryptocurrency wallet in a press release photo. It was soon discovered that tokens worth approximately $4.8 million (around 6.4 billion won) had been transferred to an unknown wallet.
The incident began with a press release issued by the NTS announcing the results of a field operation targeting 124 high-debt and duplicate tax debtors. The statement announced the seizure of assets worth a total of 8.1 billion won (approximately $8.2 million). In the case referred to as “Case 3,” it was stated that four USB drives used to store cryptocurrency wallets were seized during a search of tax debtor C’s address.
However, the real problem emerged in the photos shared to demonstrate the success. The images showed a Ledger device, a popular hardware wallet, and the “mnemonic” code—a string of English words used to recover the wallet—clearly displayed without any censorship. In the cryptocurrency world, mnemonic phrases are as critical as a combination of a bank account password and security card. Even without possessing the physical device, individuals who know this sequence of words can recreate the wallet and transfer assets from anywhere in the world.
Indeed, this vulnerability was quickly exploited. According to Professor Cho Jae-woo, Director of the Hansung University Blockchain Research Institute, who stated on the 27th, immediately after the mnemonic was leaked, 4 million PRTG (Pre-Retogeum) tokens in the wallet were transferred to an unknown address. The total loss is estimated to be approximately $4.8 million.
According to an analysis of blockchain data via Etherscan, the attacker first sent a small amount of Ethereum (ETH) to the wallet to cover transaction fees. Then, they transferred 4 million PRTG tokens to their own wallet in three separate transactions. This indicates that the attack was deliberate and technically planned.
*This is not investment advice.