TL;DR

Seed Phrase Ended Up in Official Press Release

South Korea's National Tax Service (NTS) has found itself in an embarrassing situation after a seed phrase — the cryptographic key sequence that grants full control over a digital wallet — was mistakenly included in a public press release, according to Decrypt.

The wallet contained seized PRTG tokens on the Ethereum network. As soon as the press release was published, someone acted: the tokens, worth an estimated $4.8 million, were transferred out of the wallet in a very short time.

What's remarkable is that the funds were eventually returned. The circumstances surrounding this are not yet fully clarified, and it is unknown whether the authorities have identified the responsible party.

A seed phrase in a PDF press release — that's like putting your bank card and PIN in the same envelope and sending it to the press.
South Korea Published Seed Phrase in Press Release — Crypto Stolen in Minutes

Part of a Larger Pattern

The incident is not an isolated case. According to research material related to the case, South Korean authorities have been affected by a series of serious security breaches in the handling of seized digital assets in recent years.

In August 2024, employees at the Gwangju District Prosecutors' Office were reportedly tricked by a phishing site while inspecting seized assets — thus losing 320 Bitcoin, valued at approximately $8.3 million. Around November 2021, 22 Bitcoin disappeared from the Gangnam Police Station under unclear circumstances. The cold wallet device was intact, but the Bitcoin had been transferred externally — apparently because the seed phrase was in the hands of a third party and not the police themselves. Two individuals, including a CEO of a crypto firm, were reportedly arrested in connection with this.

$4.8M
PRTG tokens stolen
320 BTC
Lost in phishing attack against Gwangju office
South Korea Published Seed Phrase in Press Release — Crypto Stolen in Minutes

Authorities Implement Immediate Measures

It is worth noting that South Korean authorities have reacted to the broader security problem with a series of measures. According to research material, the Supreme Prosecutors' Office has developed national regulations for handling seized cryptocurrency, which include requiring the use of approved blockchain analysis tools, detailed traceability for any interaction with seized wallets, and mandatory cybersecurity training for involved officials.

Furthermore, the National Police Agency (NPA) plans to entrust the custody of seized crypto assets to licensed crypto exchanges and Virtual Asset Service Providers (VASPs), and the Financial Services Commission (FSC) will require multi-signature wallets for all seized funds going forward.

However, these measures came after — not before — a series of incidents like the one illustrated in this case.

Critical Look: What Do We Really Know?

Decrypt is the source of the original news, and some details surrounding the return of the tokens are unclear. It has not been confirmed who drained the wallet, or under what circumstances the funds were returned. The research material describing the authorities' response program is drawn from secondary sources and should be read with the caveat that details of implementation and compliance have not been independently verified.

What is well-documented, however, is that a systematic problem exists with the security of seized crypto assets in South Korea — and that the NTS incident is among the more fundamental errors in the series.