Public Blunder, Private Key: South Korean Tax Agency Accidentally Leaks Wallet Seed, Leading to $4.8M Crypto Theft

A South Korean tax agency's error in a press release exposed a wallet's recovery phrase, leading to the theft of $4.8M in PRTG tokens within hours.

By: AXL Media

Published: Feb 28, 2026, 11:07 AM EST

Source: The information in this article was sourced from BleepingComputer

The Trajectory of a "Public-Facing" Security Crisis

The trajectory of the National Tax Service’s enforcement campaign shifted from a public relations success to a catastrophic security breach on Thursday, February 26, 2026. In an effort to showcase the results of on-site investigations into 124 habitual tax delinquents, the NTS released a series of high-resolution photographs to various media outlets. The trajectory took a disastrous turn when one image, intended to show a seized Ledger hardware wallet, clearly displayed an unmasked sheet of paper containing the wallet’s 24-word mnemonic seed phrase. Within 10 hours of the release, blockchain researchers confirmed that the wallet had been drained.

Navigating the Complex Technical Framework of a "Key" Leak

The competitive landscape of cryptocurrency security is defined by the absolute necessity of seed phrase confidentiality. Navigating this framework requires an understanding that a physical "cold wallet" is only as secure as its recovery phrase. In this instance, the technical hurdle for the thief was non-existent; they simply had to read the words from the NTS's own press materials. According to Associate Professor Jaewoo Cho of Hansung University’s Blockchain Research Center, the thief deposited a small amount of Ethereum (ETH) into the compromised wallet to cover gas fees before executing the theft in three separate transactions. The ease of this breach has led experts to describe the press release as a "public advertisement" to take state-controlled funds.

Strategic Rationale: A Systemic Lack of Virtual Asset Custody

The strategic rationale behind the NTS’s botched rollout reveals a systemic institutional gap in South Korea’s crypto management. This incident is not isolated; it follows the recent discovery that 22 Bitcoin (BTC) seized in a 2021 investigation had vanished from a Gangnam police vault. According to industry analysts, the primary hurdle for Korean authorities is the lack of a centralized, professional virtual asset custody system. The current strategic rationale where individual agencies manage their own confiscated "cold wallets" in physical drawers has proven to be a massive integration risk, leaving billions of won in state assets vulnerable to both human error and targeted cyberattacks.