₩6.9 Billion in Crypto Vanished: 5 Warnings Korea's National Tax Service Mnemonic Code Leak Sends to Digital Asset Administration
South Korea's National Tax Service (NTS) accidentally exposed a cold wallet's mnemonic recovery code in a press release photo promoting seizure achievements, leading to the theft of approximately ₩6.9 billion (USD $4.8 million) worth of PRTG coins in two separate incidents. Despite an official apology on March 1 and promised security improvements, the incident raises fundamental questions about the government's capacity to manage digital assets.
"Bragging about results, they handed over the master password" — South Korea's National Tax Service (NTS) topped real-time search rankings in March 2026 after an unprecedented digital administration blunder.
TL;DR
- On February 26, the NTS exposed a cold wallet's mnemonic (seed recovery) code in a promotional photo showcasing seizure results from a delinquent taxpayer raid.
- Within hours, approximately ₩6.9 billion (USD $4.8 million) worth of PRTG coins were stolen — a second theft was subsequently confirmed.
- An official apology was issued on March 1 — "This is entirely the NTS's fault, with no excuse" — and the case was referred to the National Police Agency's Cyber Terror Investigation Unit.
- Two suspects have been booked and are being tracked; the first thief turned themselves in claiming to return the coins, but the coins were then found transferred to yet another account.
- The NTS has pledged an external security audit, strengthened pre-screening of sensitive information, and a comprehensive overhaul of procedures for seizing, storing, and disposing of virtual assets.
1. The Facts: What Happened
Chain of Events
On February 26, 2026, the NTS announced seizure results from raids targeting 124 high-value delinquent taxpayers. The agency reported seizing approximately ₩8.1 billion worth of cash, luxury watches, and jewelry. The problem, however, lay in the photos attached to the press materials.
The photos showed four cold wallet (offline hardware wallet) USB drives — and right beside them, the mnemonic code (a 12–24 word recovery phrase serving as the wallet's master key) was fully visible.
A mnemonic code is the absolute key that allows anyone to recover and withdraw all assets from a wallet, even without the password. Anyone who knows it can drain the wallet entirely.
The code spread across online communities almost immediately, and 4 million PRTG coins (approximately $4.8 million / ₩6.9 billion) were stolen within hours.
Stolen Twice
- 1st theft: Suspect A, who found the code online, took the coins "out of curiosity" and turned themselves in the following day, claiming to return them.
- 2nd theft: The coins A claimed to return were confirmed to have moved to yet another account. A separate suspect B is believed to be involved.
- The National Police Agency's Cyber Terror Investigation Unit booked both A and B on charges of computer fraud and is currently tracking them.
2. Why It Went Viral: Real-Time Search #1
A perfect trifecta of absurdity triggered simultaneous public outrage and ridicule.
- Irony: The agency that seized a delinquent taxpayer's assets then publicly revealed the password protecting those very assets.
- Speed: The fact that the theft occurred within hours of the exposure made the real-time nature of digital threats viscerally apparent.
- Pattern: Critics pointed out that "police already lost 22 bitcoins seized in 2021," escalating the incident into a broader controversy over the government's structural inability to manage digital assets.
3. Context: Why Did This Happen?
Officials Who Didn't Know What a Mnemonic Code Was
The NTS explained the mistake occurred while "trying to deliver vivid information to the public" — suggesting the officials in charge may not have understood what a mnemonic code was or why it was dangerous.
Unlike traditional financial assets, virtual assets:
- Use a self-custody model — assets are held directly via private keys/mnemonics, with no intermediary like a bank
- Are irreversible if the key is lost or leaked
- Are difficult for government agencies to safely manage without technical training
Legal Gaps
The current National Tax Collection Act and Virtual Asset User Protection Act do not specifically regulate procedures for storing and managing seized virtual assets. Enforcement procedures designed for traditional assets (cash, securities, real estate) are being applied to digital assets without modification.
4. Outlook: Challenges Left by This Incident
Short-Term
- Police investigation may lead to suspect arrest and asset recovery — though PRTG coins have very low liquidity, limiting the practical scale of losses
- NTS internal security audit and external expert assessment to be conducted
Medium to Long-Term
| Challenge | Current Status | Direction |
|---|---|---|
| Digital asset seizure manual | Insufficient | Full overhaul required |
| Official training | Nearly nonexistent | Mandatory security & technical training |
| Multi-signature (Multi-sig) adoption | Not implemented | Essential review for government custody |
| Third-party custodian utilization | Not reviewed | Collaboration with crypto exchanges & custodians |
| Legal framework reform | Gap in National Tax Collection Act | Create dedicated provisions for digital asset seizure |
5. Checklist: 5 Things the NTS Must Do Now
References
- Hankyoreh — NTS apologizes for leaking virtual asset information while showcasing achievements
- Yonhap News — NTS officially apologizes for crypto leak, vows all-out recovery effort
- Munhwa Ilbo — NTS crypto stolen twice; police tracking suspects
- CoinDesk — South Korea probes $4.8 million crypto theft after tax seizure photo blunder
- The Register — South Korea's tax office apologizes for password leak
- Korea Policy Briefing — A deep apology to the public for the virtual asset leak incident
Image Credit
- Bitcoin icon: Wikimedia Commons — Bitcoin.svg (Public Domain)