Bragging About the Bust, Keys Exposed: 5 Warnings Korea's NTS Mnemonic Code Leak and ₩6.9 Billion Crypto Theft Sends to Public Agency Digital Asset Security

Why you need to read this now: A government agency publicly exposed the master key to a crypto cold wallet while promoting a tax enforcement result — and ₩6.9 billion was stolen twice. This is not a simple mistake. It reveals a structural gap in South Korea's public sector digital asset security framework.

TL;DR

• Korea's NTS included a mnemonic code (wallet master key) in a Feb. 26 press release touting seizure of a tax evader's cold wallet
• Immediately after publication, approximately 4 million PRTG coins (≈₩6.9B / ~$4.8M) were stolen
• A suspect returned the coins and self-reported — but a second theft occurred within 2 hours
• NTS issued an official apology on March 1; police were called in
• One suspect arrested; additional investigation ongoing

📋 The Facts: What Happened?

On February 26, 2026, the National Tax Service (NTS) announced the results of a field search targeting 124 high-value and habitual tax evaders, during which 4 USB cold wallets (offline crypto wallets) were seized. The problem was a photo attached to the press release.

The photo showed a Ledger hardware wallet alongside a piece of paper displaying a 24-word English mnemonic phrase — the recovery seed for the wallet. A mnemonic code is the equivalent of a bank security card plus PIN: anyone with this code can access and withdraw all crypto assets in the wallet without the physical device.

Internet users spotted this immediately and drained the wallet. Around 4 million PRTG coins (≈₩6.9B) disappeared. A person later self-reported out of curiosity, saying they returned the coins — but within just 2 hours, a second theft occurred, compounding the damage.[1][2]

🔥 Why This Went Viral

1. The absurdity — Comparisons to "posting a gift card with the barcode visible on a secondhand marketplace" spread as a meme
2. Double theft — Getting robbed again just after coins were returned made the story even more unbelievable
3. Blow to public trust — The incident coincided with the March 5 parliamentary discussion of Korea's Digital Asset Basic Act, damaging policy credibility
4. Global coverage — Picked up by CoinDesk, Tom's Hardware, SC Media, and other international outlets[3]

🏛️ Background: Korea's Track Record on Seized Crypto

This is the second known case of seized crypto being lost in Korea. In 2021, police lost 22 BTC in a similar manner. In other words, the lack of a proper seizure → custody → disclosure procedure has been a known issue — yet it was never resolved.

The NTS has annually promoted its AI-powered tax analysis capabilities and high-profile seizure results. Yet its approach to digital asset security has remained at an analog level.

📊 5 Warnings: What This Incident Means for Public Agency Crypto Management

1. Custody segregation — Upon seizure, cold wallets must be immediately transferred to an agency-controlled wallet; this should be mandatory procedure
2. Pre-release security review — The practice of sharing raw photos with media without any sensitive information screening must end
3. Mnemonic code handling policy — Photographing a handwritten seed phrase is equivalent to broadcasting your bank PIN on live TV; this awareness must be institutionalized
4. Alignment with the Digital Asset Basic Act — The bill under discussion on March 5 must include provisions for public agency custody standards for seized assets
5. Second-loss response protocol — Systems for immediate wallet freeze and asset transfer upon detection of a leak must be built urgently

⏳ Durability Outlook

✅ Checklist: What You Should Do Now

References

• NTS Official Apology for Crypto Leak – Yonhap News
• S. Korea's Tax Agency Leaked Crypto Master Key – Yahoo Finance
• South Korea probes $4.8M crypto theft – CoinDesk
• Crypto stolen twice from NTS – Chosun Ilbo
• Tom's Hardware Report

Image credit: Bitcoin logo – Wikimedia Commons (CC0)