Korean Tax Agency Seed Phrase Leak Leads to $4.8M Crypto Theft

South Korea’s National Tax Service lost $4.8 million in seized cryptocurrency assets on February 28, 2026. A public press release exposed the mnemonic recovery phrase of a Ledger hardware wallet. Thieves quickly drained 4 million Pre-Retogeum (PRTG) tokens from the wallet.

Authorities raided 124 high-value tax evaders and confiscated digital assets worth 8.1 billion won, about $5.6 million. They shared photos of the Ledger device to highlight the operation’s success. One image clearly showed the handwritten 12- or 24-word seed phrase, the master key to access all funds.

The seed phrase acts as full control over the wallet. Anyone with it can recover assets on any compatible device without the hardware, PIN, or owner permission. Korean media reported the theft happened soon after the announcement. The press release later vanished from the NTS website.

Blockchain expert Cho Jae-woo from Hansung University analyzed the on-chain data. The thief added a small Ethereum deposit to cover gas fees. They then split the PRTG tokens into three transactions to their own address. He called it like leaving a wallet open for public theft due to the agency’s poor grasp of crypto basics.

This blunder cost the government tens of billions of won in recovered funds. Investigations into the theft’s destination remain unclear as of March 1, 2026.

Theft Timeline

Key Lessons for Wallet Security

Hardware wallets like Ledger keep keys offline for safety. Seed phrases provide total access if compromised. Never store them digitally or share images.

• Avoid photos, emails, cloud backups, or app notes for seeds.
• Use metal plates or split-paper storage in secure spots.
• If exposed, move funds to a new wallet immediately.
• Check blockchain explorers like Etherscan for activity.

Governments and firms handling seized crypto need better protocols. This case shows even officials overlook basics.

FAQ