Bragging About the Bust, Keys Exposed: 5 Warnings Korea's NTS Mnemonic Code Leak and ₩6.9 Billion Crypto Theft Sends to Public Agency Digital Asset Security
On February 26, while publicizing the results of a crackdown on high-debt tax evaders, Korea's National Tax Service (NTS) accidentally exposed a cold wallet master key (mnemonic code) to the press — leading to the theft of approximately ₩6.9 billion (USD $4.8M) worth of PRTG coins in two separate incidents. Even after an official apology on March 1, a police investigation is ongoing, and calls for a fundamental overhaul of the government's digital asset security framework are growing.
"They bragged about the bust — and lost ₩6.9 billion." — A single photo in an NTS press release laid bare the government's blind spots in digital asset management.
TL;DR
- On February 26, an NTS press release promoting seizure results exposed a cold wallet mnemonic (seed phrase) in plain sight
- Immediately after the photo went public, approximately 4 million PRTG coins (USD $4.8M / ₩6.9B) were stolen
- One hacker turned themselves in and returned the coins — but a second hacker re-stole them during the return process, making it a double theft
- March 1 official NTS apology: "There is no excuse — this is entirely the NTS's fault"
- The Cyber Terror Investigation Unit of the National Police Agency has booked 2 suspects and is tracking them
🔍 The Facts: What Happened
On February 26, 2026, the NTS made a high-profile announcement of field search results targeting 124 major tax delinquents. The agency claimed to have seized assets worth a total of ₩8.1 billion, including cash and luxury goods — among them 4 cold wallet USB drives belonging to delinquents.
The problem was a photo attached to the press release. The image clearly showed not only the cold wallets, but also a mnemonic code (seed phrase) — a combination of 12–24 words that acts as the master key to the wallet. Anyone with a mnemonic code has unlimited access to all assets in that wallet.
As soon as the photo spread online, 4 million PRTG coins (approximately USD $4.8M / ₩6.9B) were drained. The first hacker turned themselves in, claiming they had acted out of curiosity and were remorseful, and returned the coins — but a second hacker intervened during the return process and re-stole the coins, resulting in a double theft.
📢 Why This Is Still Trending
The incident went viral immediately after it happened, but spread to mainstream media with the official NTS apology statement on March 1. On March 3, the second theft was revealed, reigniting public outrage. International outlets including The Register, CoinDesk, and Yahoo Finance covered the story extensively, turning it into a global issue.
Reasons it continues to dominate search rankings as of March 5:
- Police investigation ongoing — news updates every time there's a development in the suspect hunt
- The absurdity of the double theft — coins went missing again even after a voluntary return
- The "taxing to lose taxes" paradox — fueling online memes and satire
- Timing clash with the Digital Asset Basic Act governing party consultations (March 5) — damaging policy credibility
👥 Stakeholders: Who's Involved
| Party | Position / Role |
|---|---|
| National Tax Service (NTS) | Responsible party for the incident; issued official apology on March 1; promised external security audit |
| Hacker 1 (turned self in) | Claims to have acted out of curiosity, returned coins, booked by police |
| Hacker 2 (being tracked) | Re-stole coins during return process; currently being pursued as a suspect |
| National Police Agency Cyber Terror Investigation Unit | Investigation ongoing; 2 suspects booked |
| National Assembly & Personal Information Protection Commission | Expected to push for stronger legislation on government digital asset security |
📌 5 Structural Warnings
- Mnemonic code = digital cash — Government agencies operated cold wallets without training on proper handling. Exposing a seed phrase is not a password leak — it's the equivalent of publicly distributing a copy of a physical key.
- The paradox of publicity-first thinking — The desire to communicate results vividly skipped over security review procedures. They tried to boast about a seizure and ended up losing the seized assets themselves.
- No post-seizure custody manual — There were no guidelines covering the entire process from digital asset seizure → custody → sale. The NTS promised a "complete overhaul of the manual" in its apology statement.
- Double-theft loophole — There was no system in place to prevent a second theft during the return process. The open nature of the public blockchain appears to have been exploited.
- Déjà vu of the 2021 Bitcoin 22 BTC loss — Despite a previous incident where police lost seized Bitcoin, no systemic improvements had been made.
🔮 Outlook & Secondary Issues
- Estimated news cycle: Half a day to 3 days. Police investigation results, whether suspects are arrested, and National Assembly hearing demands will keep the story alive
- Legislative discussion: High likelihood that the National Assembly will push to add digital asset security provisions to the National Tax Collection Act
- Clash with CBDC & Digital Asset Basic Act: The Digital Asset Basic Act currently under governing party consultations (March 5) may include provisions for government digital asset custody standards
- International image: Negative foreign media coverage of "K-Government blockchain competence" spreading
📎 References
- Hankyoreh — NTS Apologizes for Leaking Crypto Information While Promoting Seizure Results
- Yonhap News — NTS Issues Official Apology for Crypto Leak: "Will Work to Recover Assets"
- Munhwa Ilbo — NTS Coins Stolen Twice; Police Tracking Suspects
- CoinDesk — South Korea probes $4.8M crypto theft after tax seizure photo blunder
- The Register — South Korea's tax office apologizes for password leak
- NTS Official Apology Press Release
🖼 Image Credit
- Bitcoin SVG Logo: Wikimedia Commons — Public Domain