Estafette
Compose Login
You are browsing eu.zone1 in read-only mode. Log in to participate.
rss-bridge 2026-02-28T15:17:23+00:00

$4.8M in crypto stolen after Korean tax agency exposes wallet seed

South Korea's National Tax Service accidentally exposed the mnemonic recovery phrase of a seized cryptocurrency wallet in an official press release, allowing hackers to steal 6.4 billion won ($4.8M) worth in cryptocurrency. [...]

---

$4.8M in crypto stolen after Korean tax agency exposes wallet seed

Bill Toulas

- February 28, 2026

- 10:17 AM

- 0

[Image: $4.8M in crypto stolen after Korean tax agency exposes wallet seed]

Someone jumped at the opportunity to steal $4.4 million in crypto assets after South Korea’s National Tax Service exposed publicly the mnemonic recovery phrase of a seized cryptocurrency wallet.

The funds were stored in a Ledger cold wallet seized in law enforcement raids at 124 high-value tax evaders that resulted in confiscating digital assets worth 8.1 billion won (currently approximately $5.6 million).

When announcing the success of the operation, the agency released photos of a Ledger device, a popular hardware wallet for crypto storage and management.

[Image: Wiz]

However, the images also showed a handwritten note of the wallet recovery phrase, which serves as the master key that allows restoring the assets to another device.

[Image: Images released by the South Korean tax authority]

*Images released by the South Korean tax authority
Source: mk.co.kr*

The authorities failed to redact that info, allowing anyone to transfer into their account the assets in the cold wallet.

Reportedly, shortly after the press release was published, 4 million Pre-Retogeum (PRTG) tokens, worth approximately $4.8 million at the time, were transferred out of the confiscated wallet to a new address.

“On-chain data (Etherscan) analysis shows that the attacker first deposited a small amount of Ethereum (ETH) into the wallet to pay transaction fees (gas fees), and then meticulously transferred the 4 million PRTG tokens to their own wallet in three separate transactions,” reports Korean media.

Blockchain data analysis expert Cho Jae-woo, a professor at Hansung University in Seoul who observed the transfer, commented on the authorities’ blunder by comparing it to leaving a wallet open and advertising it to the entire nation for people to take the money.

The professor attributed the mistake to the tax authorities’ “lack of basic understanding of virtual assets,” which effectively cost the national treasury tens of billions of won that had been successfully confiscated.

The press release has now been removed from the NTS website, and it is unclear if authorities started an investigation to determine where the stolen funds ended.

The case is a reminder for hardware wallet owners that their seed phrase gives complete access to their wallet without any additional protections. Anyone who has it can recreate the wallet anywhere without their device, PIN, or permission.

It is recommended to avoid digitizing seed phrases, store them in electronic notes, photos, in email messages, cloud storage, or send them over messaging apps. If a seed is exposed, all funds should be moved to a new wallet as soon as possible.

[Image: tines]

The future of IT infrastructure is here

Modern IT infrastructure moves faster than manual workflows can handle.

Snail mail letters target Trezor and Ledger users in crypto-theft attacks

Ledger customers impacted by third-party Global-e data breach

New GlassWorm malware wave targets Macs with trojanized crypto wallets

Hacker arrested for KMSAuto malware campaign with 2.8 million downloads

QuickLens Chrome extension steals crypto, shows ClickFix attack

---

[Original source](https://www.bleepingcomputer.com/news/security/48m-in-crypto-stolen-after-korean-tax-agency-exposes-wallet-seed/)

Reply