Regulations & Policies

South Korea’s NTS Wallet Code Leak Triggers Major Crypto Custody Overhaul

The National Tax Service has apologized after exposing recovery phrase in press photo, prompting a massive overhaul of seized digital asset protocols.

Written By:
Dhara Chavda

Reviewed By:
Divya Mistry
South Korea's NTS Wallet Code Leak Triggers Major Crypto Custody Overhaul

Key Highlights

  • The National Tax Service (NTS) accidentally included an unmasked 12-to-24-word mnemonic recovery phrase in a press release photo.
  • Approximately 4 million PRTG tokens (worth $4.8 million) were drained from the wallet shortly after the leak.
  • This incident has exposed a critical lack of technical literacy within Korean law enforcement.

In what is being described as one of the most avoidable security lapses in the history of South Korean law enforcement, the National Tax Service (NTS) has issued a public apology after a press photograph inadvertently enabled the unauthorized transfer of nearly 7 billion won ($4.8 million) in seized cryptocurrency.

The incident prompted Deputy Prime Minister and Minister of Economy and Finance Koo Yun-cheol to order an immediate audit of all digital assets held by public institutions.

“Recent National Tax Service’s digital asset information leak incident, the government will, in collaboration with relevant agencies such as the Financial Services Commission and the Financial Supervisory Service, conduct an inspection of the current status and management practices of digital assets held and managed by the government and public institutions through seizure and other measures from delinquents, and will promptly develop and implement measures to prevent recurrence, including strengthening digital asset security management,” said Koo Yun-cheol.

Koo also highlighted that the country does not hold cryptocurrencies except for assets acquired during enforcement actions, such as seizures.

The “mnemonic” mistake

The crisis began on Thursday, February 26, when the NTS triumphantly announced the seizure of assets from 124 high-income tax delinquents. Among the haul were four “Cold Wallets”—these are offline USB-like devices—confiscated from a taxpayer’s drawer.

To provide “vivid information” to the public, the NTS attached several high-resolution photos to its press release. One image clearly displayed the hardware device alongside a handwritten sheet of paper containing the mnemonic code—the recovery phrase that bypasses all physical locks on a digital wallet.

By Friday, blockchain analysts, including Professor Cho Jae-woo of Hansung University, noticed $4.8 million worth of PRTG (Pre-Retogeum) tokens leaving the seized address. The tokens moved in three distinct transactions between 7:43 p.m. and 8:13 p.m., just hours after the photo went live.

A “curiosity” defense and the investigation

On Saturday, the Korean National Police Agency’s Cyber Terror Response Division received a startling online report. An individual claimed they had seen the exposed code and accessed the wallet “out of curiosity” to see if it would work. The person alleged they had returned the assets the following day, though police are currently verifying transaction records to confirm if the 6.9 billion won has indeed been fully restored to government control.

“We failed to recognize that the original photo contained sensitive virtual asset information,” the NTS stated in a formal apology on Sunday. “This is entirely our fault.”

Poor management

The NTS leak is not an isolated embarrassment; it is the third major failure involving seized cryptocurrency in recent months.

Earlier in February, the operator of “Queenbee Coin” was arrested for stealing 22 Bitcoins (worth about $1.5 million) that were supposedly under the custody of the Seoul Gangnam Police. Because the police allowed the suspect to retain knowledge of the mnemonic code, the operator simply “restored” the wallet on a private device and drained the funds while the physical USB sat in a police evidence locker.

In a separate case involving the Gwangju District Prosecutors’ Office, 320.88 Bitcoins ($21 million) were moved without authorization. Investigators found that staff had accidentally entered the wallet’s credentials into a phishing site while attempting to check the balance.

In both cases, authorities were criticized for a fundamental misunderstanding of blockchain technology: the belief that possessing the physical device constitutes “control” of the assets.

Stung by these failures, the National Police Agency introduced a “Step-by-Step Management System” on February 23. Under the new rules, the government will no longer act as its own bank. Instead, all seized assets will be moved to specialized Virtual Asset Service Providers (VASPs)—third-party custodial firms with institutional-grade security.

As the investigation into the NTS leak continues, the incident serves as a stark reminder that in the world of decentralized finance, a single unmasked photograph can be as costly as leaving a vault door wide open.

Also Read: Inverse Finance Faces $240K Loss in DOLA Manipulation Alert

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.
Google News Banner
TAGGED:
Share This Article
Dhara Chavda- Crypto Research Analyst at The Crypto Times
By Dhara Chavda
Follow:
Dhara Chavda is a Content Strategist and Research Analyst with 5 years of experience in the crypto industry. She holds a Bachelor’s degree in Computer Engineering and brings a strong technical perspective to her work. Dhara specializes in DeFi, price analysis, and the core mechanics of cryptocurrencies. She also works on crypto news, including research, analysis, and assigning stories, ensuring accurate and timely coverage of key developments in the space.
Divya Mistry - Content Editor at The Crypto Times
By Divya Mistry
Follow:
Divya Mistry is a Content Editor with over 9 years of experience in news, PR, marketing, and research. Armed with a Master’s Degree in English Literature from the University of Mumbai, she specializes in crafting and refining long-form content across digital and print platforms. Over the years, Divya has contributed to and shaped content for leading brands across a range of industries, including real estate, healthcare, vertical transport, entertainment, lifestyle, education, EdTech, tech, and finance. Her research work has been featured on platforms like DNA India, Forbes, and Elevator World India. She now brings her editorial and research skills to explore the rapidly evolving world of cryptocurrency.

Join Our Newsletter

Subscribe to get latest crypto news!

    Built with Kit

    Latest News

    XRP Breaks $1.50 as Market Cap Jumps $1.48B in One Hour
    XRP Breaks $1.50 as Market Cap Jumps $1.48B in One Hour
    Polymarket Announces V2 Upgrades To Go Live on April 22
    Polymarket Announces V2 Upgrades To Go Live on April 22
    World Rolls Out World ID Upgrade with Tinder and Zoom Integration
    World Rolls Out World ID Upgrade with Tinder and Zoom Integration
    Pi Network Sets April 27 Deadline for Protocol 22 Node Upgrade
    Pi Network Sets April 27 Deadline for Protocol 22 Node Upgrade
    X Cashtags Drives $1B Trading Volume Just Days After Launch
    X Cashtags Drives $1B Trading Volume Just Days After Launch

    Find Us on Socials

    You may also like