Accidental disclosure of recovery phrase in enforcement press release raises concerns over public-sector digital asset custody.
South Korea’s National Tax Service (NTS) has come under criticism after it accidentally exposed the recovery phrase of a confiscated cryptocurrency wallet in an official press statement, triggering the movement of digital tokens worth about $4.8 million. The sensitive information was included in documents released to highlight the agency’s enforcement actions against repeat and large-scale tax offenders.
According to local media reports, the press package included high-resolution images of confiscated items in what was labeled “Case 3.” Among them were Ledger hardware wallets placed beside a sheet of paper displaying the wallet’s full 12-word mnemonic phrase, with no redaction or blurring applied. Within hours of publication, the exposed seed phrase was reportedly used to access the wallet and move 4 million PRTG tokens, an Ethereum-based asset.
How the Breach Unfolded
The NTS had announced on Feb. 26 that it seized roughly 8.1 billion won (about $5.6 million) during inspections of 124 tax defaulters. In one case, officials discovered four crypto hardware wallets stored at a taxpayer’s residence. While the seizure itself was lawful, the subsequent public release of sensitive wallet credentials effectively undermined the security of the assets.
On-chain data from blockchain explorers show that shortly after the images were circulated, a small amount of Ether (ETH) was first sent to the affected address to cover transaction fees. This was followed by three transfers totaling 4 million PRTG tokens into a linked wallet, and then a single outbound transaction moving the entire balance to another address. The total value at the time was estimated at around 6.4 billion won ($4.8 million).
Expert Analysis: “Equivalent to Publishing a Private Key”
Blockchain researchers quickly flagged the incident. Associate professor Jaewoo Cho of Hansung University’s Blockchain Research Center spoke about the transfers publicly, stating:
“We have confirmed that 4 million PRTG tokens, worth approximately $4.8 million, were stolen from the mnemonic that was leaked through a press release from the National Tax Service.”
Cho and other analysts described the mistake as functionally equivalent to publishing a private key. In cryptocurrency systems, a mnemonic seed phrase grants full control over the wallet and its contents. Once exposed, assets can be moved without additional authorization.
However, Cho also noted that the actual financial impact may be smaller than initial headlines suggest. The PRTG tokens reportedly represented a significant share of the token’s circulating supply, but market liquidity was limited. Large-scale liquidation would likely have caused sharp price declines, making it difficult to convert the tokens into cash at face value.
A Broader Custody Challenge
Subsequent blockchain records indicated that the transferred tokens were later sent back to the original address. It remains uncertain whether the individual responsible acted as a so-called “white-hat” participant seeking to highlight the vulnerability or simply realized that monetizing the assets would be impractical due to low liquidity.
The NTS has not released a detailed explanation regarding the incident, nor has it clarified whether internal disciplinary or procedural reviews are underway.
The episode has renewed debate over how South Korean public institutions manage seized digital assets. As enforcement agencies increasingly confiscate cryptocurrencies linked to tax evasion and financial crimes, they must also assume responsibility for secure custody — a function traditionally handled by private-sector exchanges or specialized custodians.
This is not the first crypto custody controversy involving Korean authorities. Earlier this year, officials discovered that 22 Bitcoin seized in a 2021 investigation had disappeared from a police-managed cold wallet. That case prompted questions about how recovery phrases and hardware wallets were stored and monitored.
Structural Gaps in Public-Sector Crypto Handling
The latest incident highlights several operational risks facing government agencies:
- Lack of technical safeguards when documenting seized digital assets
- Insufficient awareness of how mnemonic phrases function as full wallet credentials
- Absence of standardized custody protocols across agencies
While hardware wallets are designed to enhance security, their protection depends entirely on keeping the recovery phrase confidential. Public disclosure, even unintentionally, effectively nullifies that protection.
Implications for Policy and Enforcement
South Korea remains one of the world’s most active cryptocurrency markets, and authorities have stepped up enforcement against tax evasion and illicit financial flows involving digital assets. However, as this case demonstrates, the technical complexity of crypto custody can create new vulnerabilities if not managed properly.
Analysts say the incident may serve as a catalyst for reform, prompting clearer guidelines for handling seized digital assets and potentially encouraging collaboration with professional custodians. As digital assets become more integrated into law enforcement and regulatory frameworks, secure management practices will likely become a central focus of oversight discussions.
The NTS episode underscores a broader reality: in the digital asset era, operational security failures can emerge not only from hackers, but also from procedural oversights within institutions tasked with safeguarding public trust.
