In a shocking turn of events, South Korea’s National Tax Service (NTS) inadvertently exposed a crypto wallet seed phrase in an official press release, leading to the loss of 4 million PRTG (Pre-Retogeum) tokens worth approximately $4.8 million. The incident, which occurred on Thursday, highlights the growing challenges and vulnerabilities in the country’s crypto custody practices.
The Leak and Its Consequences
According to multiple Korean media reports, the NTS press release, which detailed the agency’s enforcement campaign against tax delinquents, included an image of a Ledger cold wallet and a sheet of paper displaying the wallet’s full mnemonic phrase without any obfuscation. Blockchain researchers quickly identified an Ether (ETH) address linked to the leaked seed phrase, which briefly held the 4 million PRTG tokens before the entire balance was transferred out.
Onchain data for the address shows three inbound transfers totaling 4 million PRTG, followed by a single outbound transfer sending the same amount to another wallet. Associate professor Jaewoo Cho of Hansung University’s Blockchain Research Center, who analyzed the transaction flows, confirmed the theft on X, stating, “We have confirmed that 4 million PRTG tokens, worth approximately $4.8 million, were stolen from the mnemonic that was leaked through a press release from the National Tax Service.”
Assessing the Damage
While the incident is a significant financial loss, Professor Cho noted that the stolen tokens are difficult to cash out, suggesting that the actual damage is at a “negligible level.” He added, “Fortunately, the other exposed mnemonics do not seem likely to cause any major issues.” However, he emphasized that this incident should serve as a “blessing in disguise” to push Korean public bodies to develop more robust virtual asset custody systems.
A Series of Custody Failures
This latest mishap is not the first crypto custody scandal to hit South Korean authorities. In February 2026, police discovered that 22 Bitcoin (BTC) seized in a 2021 hacking investigation had vanished from a cold wallet stored in a Gangnam police vault. Two suspects were arrested after investigators found that the coins had been moved using a mnemonic phrase that the police had never controlled.
Separately, regulators are under increasing pressure over Bithumb’s recent 620,000 BTC fat finger promotion error, where the exchange briefly credited users with about $43 billion in non-existent Bitcoin. The Financial Services Commission extended its probe following criticism that it failed to detect serious systems flaws earlier.
Looking Forward
The series of crypto custody failures underscores the urgent need for improved security and regulatory oversight in South Korea’s digital asset landscape. As the country continues to navigate the complexities of blockchain technology, the focus will likely shift toward developing comprehensive guidelines and protocols to prevent such incidents in the future. The NTS and other public bodies must prioritize the implementation of robust security measures to protect both public and private assets in the digital age.
About the Author
