South Korea's National Tax Service accidentally exposed wallet seed phrases, leading to the instant theft of $4.8 million in crypto assets

South Korea’s government has once again experienced a major incident involving digital asset management. The National Tax Service (NTS) recently accidentally disclosed the 12-word recovery seed phrase for a confiscated crypto wallet in an official press release, leading to approximately $4.8 million (about 64 billion KRW) worth of digital assets being transferred out within hours. As police launch an investigation, this “photo causing millions in losses” incident is becoming the latest and most representative security warning case in South Korea’s digital asset regulation history.

High-Resolution Photo Reveals Seed Phrase, Becomes Hacker Entry Point

The incident originated from a routine press release by the NTS. The announcement aimed to showcase results of investigations into high-value tax evaders and included photos of seized items, such as multiple Ledger hardware wallets used for storing digital assets.

However, the problem lay in one high-resolution image. The photo clearly displayed a handwritten note with the full 12-word seed phrase placed next to a hardware wallet. Even more shockingly, this critical information was not obscured or blurred before being publicly released.

In the blockchain world, seed phrases are equivalent to a wallet’s “master key.” Anyone with these 12 words can restore the wallet and fully control its assets. This basic mistake is akin to voluntarily handing over millions of dollars.

400 Million PRTG Tokens Transferred Out, Valued at About $4.8 Million

Within hours of the press release going live, an unknown individual used the seed phrase to restore the wallet and quickly transferred about 4 million Pre-Retogeum (PRTG) tokens.

PRTG is an Ethereum-based token asset, with a total value of approximately $4.8 million at the time of the incident, equivalent to about 64 billion KRW. On-chain data shows the funds were transferred to an unknown Ethereum address, completing the process in just a few minutes.

More dramatically, the transferer also transferred a small amount of ETH into the wallet beforehand to pay for gas fees. This indicates familiarity with blockchain operations and suggests a calm, planned approach.

Jaewoo Cho, Associate Professor at Seoul National University’s Blockchain Research Center, confirmed the theft on social media. He stated that leaking the seed phrase “equates to relinquishing control of the wallet,” representing a serious security management failure.

Tokens Possibly Returned After About 20 Hours? Low Liquidity as a Key Factor

Notably, reports indicate that the stolen PRTG tokens were partially or fully transferred back to the original address after about 20 hours. However, the official reason has not been disclosed.

Market analysts speculate that PRTG itself has extremely low liquidity, with daily trading volume as low as $299. In such a thin market, large sell-offs could immediately trigger a price crash and quickly reveal the fund flow. Therefore, the suspect may have returned the assets due to difficulty in liquidation or concerns about tracking.

The NTS has only stated that they are “confirming the situation” and have not provided further details on whether the assets have been fully recovered or if internal negligence was involved.

Police Investigate, Third Major Crypto Asset Mishandling in Three Months

The Korean National Police Agency has officially launched an investigation, assigning the cyber attack response team to handle the case and clarify whether there was internal mismanagement.

In fact, this is the third incident involving government agencies’ mishandling of crypto assets within three months.

In January 2026, Gwangju prosecutors faced controversy after Bitcoin worth about $48 million was lost during a seizure related to a scam case. Earlier in February, the Gangnam Police Station in Seoul reported that 22 BTC (about $1.4 million) seized in 2022 went missing due to improper third-party custody.

Repeated management failures have led to public doubts about the professionalism of South Korea’s public sector in managing and operating digital assets.

Stricter Regulations, Yet Government Becomes the Biggest Risk?

As one of the most active countries in cryptocurrency trading per capita, South Korea has been strengthening regulations on exchanges, influencer promotions, and market manipulation in recent years. However, after Bitcoin sharply declined at the end of 2025, retail funds have gradually shifted to domestic stocks like AI and semiconductors.

In this stricter regulatory environment, this incident reveals another risk—the potential operational errors by the government itself.

Several blockchain researchers and opposition lawmakers criticized that this incident could have been prevented with basic security procedures, such as mandatory obscuring of sensitive data, establishing standardized document review processes, and providing digital asset security training for law enforcement personnel.

A Clear Photo, Costing Millions

The investigation is ongoing, with law enforcement analyzing on-chain data to trace the flow of funds and identify potential suspects. The NTS has not released further details.

This incident serves as a reminder that in the decentralized finance world, technology may be secure, but human error often remains the biggest vulnerability. For government agencies managing large confiscated assets, the $4.8 million lesson will undoubtedly become a crucial turning point for future reforms.

In the blockchain world, a single mistake—just one photo—can instantly wipe out assets.

This article “South Korea’s NTS Accidentally Reveals Wallet Seed Phrase, $4.8 Million Crypto Assets Stolen in an Instant” first appeared on Chain News ABMedia.