South Korea’s Tax Authority Leaks Private Key: Seized Crypto Stolen in Major Security Breach

Government-held digital assets vanish overnight—thanks to a self-inflicted security blunder.

How a Single Key Unlocked Millions

Forget sophisticated hacks or shadowy cybercriminals. This multi-million-dollar heist had a shockingly simple cause: a leaked private key. The very agency tasked with securing confiscated cryptocurrency assets accidentally exposed the master password, turning its digital vault into an open treasure chest. It’s the institutional equivalent of taping your bank PIN to the ATM.

The Irony of Centralized Custody

Regulators worldwide preach the dangers of self-custody, urging users to trust licensed third parties. Yet here, a major national authority—armed with a full compliance department and presumably a hefty security budget—failed at the most fundamental task. The incident cuts to the core of the custody debate, proving that centralized points of failure exist whether you’re using a hot wallet or answering to the tax man.

A Wake-Up Call for Digital Asset Policy

The breach forces a brutal reassessment. If a government tax body can’t safeguard keys, what does that mean for broader adoption by traditional finance? The episode bypasses technical jargon and highlights a human and procedural problem. It’s not about cracking encryption; it’s about failing to protect a string of characters. The finance sector’s old guard will likely use this as ammunition—conveniently ignoring that legacy banks lose more to operational errors every quarter.

Moving forward demands more than just better key management. It requires a foundational shift in how institutions handle digital property. Otherwise, they’re just building fancier vaults with the same old, fragile locks. After all, in traditional finance, losing client funds usually just means a fine and a sternly worded press release—hardly incentives for real change.

One Photo, One Mistake, Millions Gone

The press release included an image of a Ledger hardware wallet placed next to a handwritten sheet containing the wallet’s complete mnemonic phrase — the string of words that functions as the master key to any crypto wallet.

No blurring. No masking. Nothing. According to reports from Korean media outlets including Naver and Chosun, the release was part of a broader NTS enforcement campaign targeting people who owed taxes, with seized crypto assets shown as evidence of the agency’s work.

What was meant to showcase government action instead handed anyone with sharp eyes full access to the funds inside.

Blockchain researchers who examined the wallet’s transaction history found three separate incoming transfers totaling 4 million PRTG (Pre-Retogeum) tokens, followed by a single outgoing transfer that swept the entire balance to another address. Clean. Quick. Gone.

Researcher Says Actual Losses May Be Smaller Than They Appear

Associate professor Jaewoo Cho of Hansung University’s Blockchain Research Center confirmed the theft publicly on X, writing that the 4 million tokens — valued at roughly $4.8 million — were taken directly from the mnemonic phrase exposed in the NTS release.

국세청에서 보도자료로 유출(공개)한 니모닉에서 10시간 전에 PRTG 토큰 400만 개, 약 480만 달러어치가 탈취된 것을 확인했습니다.https://t.co/q6Ck7lxazK pic.twitter.com/JWnVI5Ua0N

— 조재우(Jaewoo Cho)(@clayop) February 27, 2026

He also examined other wallets whose seed phrases may have been visible in the same image and said those did not appear to carry significant risk.

Cho added that because PRTG tokens are hard to convert into cash, the real financial damage could be far smaller than the headline number suggests. He expressed hope that the incident WOULD push South Korean government agencies to finally build proper systems for holding seized crypto assets.

The NTS has not issued a public response to the incident as of this writing.

What makes this story harder to ignore is that it did not happen in isolation. Reports say South Korean police separately discovered in February 2026 that 22 bitcoin seized during a 2021 hacking case had gone missing from a cold wallet kept inside a Gangnam police station vault.

Two suspects were arrested after investigators determined the coins had been moved using a mnemonic phrase that authorities had never held control over.

The coins, worth roughly $1.4 million, are gone.

Featured image from Unsplash, chart from TradingView