South Korea’s National Tax Service (NTS) accidentally leaked the seed phrase (also called mnemonic phrase or recovery phrase) of a seized cryptocurrency wallet in an official press release.
This catastrophic slip-up directly led to the theft of approximately $4.8 million worth of tokens. The wallet in question held seized assets, specifically around 4 million PRTG tokens.
The seed phrase was inadvertently included and exposed in a photo or document within the NTS’s public press release materials; likely a screenshot or embedded image of wallet recovery info. Attackers (likely automated bots or quick-acting hackers monitoring official channels) spotted the leak almost immediately.
They accessed the wallet, first deposited a small amount of ETH to cover gas fees, then drained the entire balance by transferring out the PRTG tokens. The theft happened rapidly—reports mention the funds were moved within hours (one source notes a “10-hour liquidity drain”).
Register for Tekedia Mini-MBA edition 19 (Feb 9 – May 2, 2026).
Register for Tekedia AI in Business Masterclass.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab.
Blockchain transactions being irreversible means the stolen tokens are likely unrecoverable unless the thief voluntarily returns them which is extremely unlikely. The incident highlights major concerns around government handling of seized crypto assets—institutions often lack the same opsec rigor as private crypto holders or exchanges, leading to risks when dealing with sensitive info like seed phrases.
South Korea has been ramping up crypto tax enforcement and seizures in recent years, collecting billions in won equivalent from virtual assets, which makes proper custody even more critical. No official statement from the NTS but the story is spreading fast in the crypto community as a stark reminder: never expose seed phrases, even accidentally in official docs.
Attackers acted fast: They deposited a small amount of ETH for gas fees, then transferred everything out to unknown addresses. Blockchain transactions are irreversible, so recovery is virtually impossible without the thief returning funds (highly unlikely).
This represents a total wipeout of the seized crypto value, turning a “successful” enforcement action into a major embarrassment and financial hit for the state. Highlights catastrophic opsec lapses in government handling of crypto assets. Seized wallets require military-grade custody (multi-sig, air-gapped environments, audited processes), yet a photo of a handwritten seed phrase next to a Ledger device was publicly released.
Exposes a lack of basic crypto awareness among officials — seed phrases are the “master keys” to wallets, equivalent to handing over full bank account control. This wasn’t a sophisticated hack; it was preventable human error amplified by poor redaction protocols.
Raises questions about broader NTS procedures for managing seized digital assets, especially as South Korea has aggressively seized crypto; over $100M+ in prior years from tax delinquents, including cold wallets via home raids. Erodes public trust in government crypto enforcement.
South Korea has ramped up seizures to combat tax evasion (targeting exchanges, cold wallets, and hidden holdings), but this incident shows even authorities can mishandle keys catastrophically. If the NTS can’t secure seized assets, it undermines arguments for mandatory disclosures, forced liquidations, or expanded tracking powers.
May prompt immediate policy reviews: Expect calls for stricter guidelines on seized asset handling, mandatory training, or third-party custodians for government-held crypto. Could accelerate or complicate South Korea’s ongoing crypto tax regime rollout; repeatedly delayed, with debates over reporting infrastructure and enforcement.
Incidents like this highlight risks in scaling government involvement in digital assets. PRTG token likely suffered severe damage — the theft overwhelmed its tiny daily liquidity ~$331 USD, causing a potential price crash and loss of confidence in the project.
Serves as a stark, real-world reminder for everyone in crypto: Never expose seed phrases, even in “official” contexts. It reinforces best practices like never photographing and photocopying them, using hardware wallets properly, and avoiding any public sharing.
Sparks memes, outrage, and schadenfreude in the crypto community, but also serious discussions on institutional custody risks. May influence global regulators — similar to past exchange hacks or phishing incidents involving authorities — pushing for higher standards in how seized crypto is managed worldwide.
In short, this isn’t just a “$4.8M theft”; it’s a high-profile demonstration of how fragile crypto security remains when institutions treat it like traditional assets without understanding its unique risks. The fallout could lead to accountability measures at the NTS, renewed scrutiny of South Korea’s crypto tax crackdown, and a lasting cautionary tale for anyone dealing with digital wallets.