There is a basic rule in cryptocurrency security that even casual users understand: never share your seed phrase. South Korea's National Tax Service (NTS) apparently did not get the memo. On 26 February 2026, the agency published a press release celebrating a major enforcement sweep against tax delinquents and, embedded in one of the accompanying photographs, handed whoever was watching the complete master key to a seized digital wallet.
The consequences were swift. Blockchain data expert Jaewoo Cho confirmed that shortly after the mnemonic phrase was leaked, the 4 million PRTG tokens stored in the wallet were transferred to an unidentified wallet in the early hours of 27 February, with an estimated loss of approximately 6.4 billion won (about US$4.8 million). The operation required almost no skill. Analysis shows the thief first deposited a small amount of Ethereum into the wallet for transaction fees, then transferred all the tokens in three separate transactions.
The press release had been issued to publicise a genuine enforcement success. The NTS published materials detailing on-site seizures involving 124 high-value and habitual tax delinquents, stating it had confiscated assets worth a combined 8.1 billion won (approximately $5.6 million). In one case, authorities said they seized four USB devices used to store digital assets from an individual identified as "Mr. C." A photo included in the press release showed a hardware wallet identified as a Ledger cold wallet alongside a sheet of paper containing a mnemonic recovery phrase that appeared clearly visible without redaction.
For anyone unfamiliar with how crypto custody works, a mnemonic phrase is not a password that can be reset. A mnemonic phrase is a sequence of words that serves as the cryptographic root for generating all private keys and addresses in a cryptocurrency wallet. Possession of this phrase grants complete and irreversible access to all assets stored in the wallet, regardless of any device-level security or PIN protection. Publishing it in a public document is, as one expert put it, the digital equivalent of mailing your house keys to a stranger.
Professor Cho Jae-woo of Hansung University's Blockchain Research Institute, who first identified the breach by analysing on-chain data, was unsparing. He compared the authorities' blunder to leaving a wallet open and advertising it to the entire nation, and attributed the mistake to the tax authorities' "lack of basic understanding of virtual assets," which effectively cost the national treasury tens of billions of won that had been successfully confiscated. A second academic, Hwang Seok-jin, a professor at Dongguk University, told local media that photographing and storing a mnemonic code digitally is something that should never be done, stressing that recovery phrases must be recorded on physical media and stored offline.
There is a partial counterpoint worth acknowledging. Professor Cho himself noted that the stolen PRTG tokens face a significant liquidity problem. Market data shows PRTG recorded just $332 in 24-hour trading volume and is listed on a single exchange, MEXC. The token has a reported market capitalisation of about $12 million, with the 4 million tokens moved representing 40 per cent of the total supply, suggesting that converting a large portion of the tokens into cash at prevailing prices would prove difficult. Cho went so far as to suggest the actual financial damage may be negligible in practice, and expressed hope the episode would be a catalyst for genuine reform in government digital asset custody.
That is a generous reading of events. The more troubling context is that this is the third major crypto custody failure by South Korean public institutions in as many months. The Gwangju District Prosecutors' Office lost 320.8 Bitcoin, worth over $21 million at current market rates, after a staff member accessed a phishing site while attempting to verify wallet storage during an asset handover. Seoul's Gangnam Police Station separately disclosed the disappearance of 22 Bitcoins worth over $1.4 million, discovered during a nationwide audit of law enforcement crypto holdings, after officers failed to transfer confiscated Bitcoin to a government-controlled wallet and instead left funds managed by a third party without retaining the seed phrase.
The pattern exposes a structural problem, not a series of isolated accidents. South Korea's Supreme Court ruled only in January 2026 that Bitcoin qualifies as an object of seizure under criminal law, a landmark decision that formally expands the state's authority to confiscate digital assets. The legal framework is racing ahead of the operational capability required to implement it safely. Agencies are seizing assets they do not yet fully understand how to secure, and the public is paying the price.
The National Tax Service had not issued a public statement on the matter at the time of writing. That silence is itself a governance problem. Accountability requires more than enforcement action against tax evaders; it demands the same rigour be applied to the agencies doing the seizing. The episode is a pointed reminder that in the era of digital assets, a government's institutional competence must keep pace with its legal authority. Seizing crypto is only half the job. Keeping it is the other half, and right now, South Korean authorities are failing at both.