Bragging About the Bust, Leaking the Keys: 5 Warnings Korea's NTS Mnemonic Code Incident Sends to Government Digital Asset Security
Korea's National Tax Service (NTS) accidentally exposed the mnemonic code — the master key — of a seized cold wallet while publicizing a tax delinquent crackdown, leading to the theft of approximately ₩6.9 billion worth of PRTG coins. The NTS issued an official apology, admitting it was 'inexcusably our fault,' and the incident has triggered urgent calls for a comprehensive review of the government's digital asset security management.
Why does this matter right now? The very agency tasked with seizing digital assets from tax delinquents publicly leaked the password to those assets. This incident is not a simple mistake — it starkly exposes just how unprepared government institutions are to manage digital assets.
TL;DR
- On February 26, 2026, the NTS exposed the mnemonic code — the master key of a seized crypto cold wallet — as an original high-resolution photo during a press briefing on tax enforcement results
- Approximately $4.8 million (₩6.9 billion) worth of PRTG coins was allegedly stolen shortly after the exposure
- The NTS issued an official apology on March 1: "This was inexcusably the NTS's fault"
- A person turned themselves in to police — claiming they stole it out of curiosity and returned it the next day
- Actual financial damage was limited to a few thousand dollars, but the incident revealed systemic vulnerabilities in the government's digital asset management
1. The Facts: What Happened?
On February 26, 2026, the NTS held a press briefing to announce results from its special task force targeting high-value tax delinquents — 124 people had been subject to on-site searches, yielding ₩1.3 billion in cash, gold frog figurines, luxury watches, and assets totaling ₩8.1 billion.
During the briefing, the NTS highlighted the seizure of four cold wallet USB drives containing cryptocurrency — and in doing so, provided the press with an original, high-resolution photo showing the mnemonic code, the master key to those wallets.
An initial lower-resolution photo was distributed, but a higher-resolution version was provided upon request — and that's where the breach occurred.
- What is a mnemonic code? Typically 12–24 English words used as a wallet recovery passphrase. Anyone who obtains this code can immediately withdraw all assets from the wallet.
- Stolen coins: PRTG coin, approximately $4.8 million (₩6.9 billion) at market value
- Actual damage: PRTG coin is an inactive token traded only on the MEXC exchange, with near-zero liquidity. The account was frozen and blacklisted immediately. Actual cash-convertible value was estimated at just a few thousand dollars.
2. Spread Mechanism: Why Did This Go Viral?
The incident spread rapidly because it revealed not just a simple error but a structural failure in institutional knowledge.
- The seizure itself was legal: Announcing tax enforcement results is a normal NTS function
- The problem was a complete lack of security awareness: The employee who distributed the image did not realize the mnemonic code was a "master key"
- Immediate theft attempt: The code spread quickly through online communities, leading to an attempted theft
- Plot twist — a voluntary surrender: The person who attempted the theft turned themselves in to police, becoming an unexpected focal point of the story
"I did it out of curiosity and returned it the next day" — Statement of the person who surrendered (under police verification)
3. Context and Background: Who Are the Stakeholders?
| Party | Role | Position |
|---|---|---|
| National Tax Service (NTS) | Responsible party; issued official apology | "Inexcusably our fault; implementing measures to prevent recurrence" |
| Deputy Prime Minister Koo Yun-cheol (Ministry of Economy and Finance) | Supervisory authority | Ordered comprehensive security audit of digital assets across all government agencies |
| National Police Agency Cyber Terror Response Center | Investigating authority | Accepted voluntary surrender; investigation ongoing |
| Tax delinquent | Victim of the breach | Had information about seized assets leaked |
| Cryptocurrency experts | Damage assessment | Assessed actual damage as minimal due to low liquidity |
4. Durability: How Long Will This Issue Last?
This incident is expected to bring short-term shock + medium-to-long-term policy changes.
Short-term (1–2 weeks):
- Police announcement on investigation results and whether charges will be filed
- NTS announcement of specific recurrence prevention measures
Medium-to-long-term (1–3 months):
- Full overhaul of digital asset management manuals across government and public institutions
- Possible legislative reform of procedures for seizing, holding, and liquidating virtual assets
- Potential National Assembly hearings or legislation on digital asset security
5. Five Warnings the NTS Incident Sends
⚠️ Warning 1: Zero Digital Asset Literacy in Public Institutions
It is alarming that the agency actually seizing cryptocurrency did not even understand the concept of a "password" for those assets. The incident revealed a complete absence of training on core blockchain security concepts like mnemonic phrases and seed words.
⚠️ Warning 2: The Urge to Publicize Overrode Security
The NTS's explanation that it provided the high-resolution image "to deliver more vivid information" suggests that the drive to showcase achievements outpaced even the most basic security checks.
⚠️ Warning 3: No Protocol for Managing Sensitive Information in Seized Assets
There was no systematic manual for the storage and management of digital assets seized from tax delinquents. Unlike bank accounts, cryptocurrency can be transferred instantly with just a passphrase — a crucial distinction that was overlooked.
⚠️ Warning 4: Exposure = Immediate Theft (Unlike Traditional Data Leaks)
Traditional personal data breaches typically take time before secondary or tertiary harm occurs. But a mnemonic code leak means assets can move in real time. Incident response systems must be designed accordingly.
⚠️ Warning 5: Similar Vulnerabilities Likely Exist Across Government
This is not just an NTS problem. The fact that Deputy Prime Minister Koo immediately ordered a "review of the current state and management of digital assets at all government and public institutions" is an implicit acknowledgment that similar vulnerabilities may exist elsewhere.
6. Outlook: What Happens Next?
While it is fortunate that actual damages were limited to just a few thousand dollars, the true significance of this incident lies not in the amount, but in the systemic vulnerability it revealed. The fact that the government lacks the basic competency to manage digital assets it has seized has been laid bare for all to see.
References
- NTS Issues Official Apology Over Crypto Asset Leak, Vows Recovery — Yonhap News
- NTS Apologizes After Leaking Crypto Info While Publicizing Crackdown — Hankyoreh
- NTS Apologizes for Crypto Leak Incident; Actual Damage Likely Limited to Thousands of Dollars — Seoul Economy Daily
- Police Launch Full Investigation Into NTS Crypto Leak Case — Maeil Business News
- South Korea Investigates Seed Phrase Leak Leading to $4.8M Crypto Theft — CoinDesk
Image Source
- Bitcoin logo: Wikimedia Commons (Public Domain)