In a stunning turn of events that has sent ripples through South Korea’s public sector, the National Tax Service (NTS) found itself at the center of a major virtual asset theft after a critical security lapse exposed the master key to confiscated cryptocurrency wallets. The breach, which led to the loss of digital assets worth approximately 69 billion KRW (about 480 million USD), has reignited public debate about the security protocols of government agencies managing virtual assets.
It all began on February 26, 2026, when the NTS distributed a press release intended to showcase its recent successes in cracking down on high-value tax delinquents. The release included photos of four USB cold wallets seized from a taxpayer with significant arrears. Cold wallets, for the uninitiated, are physical devices used to store cryptocurrencies offline, considered by many to be among the safest methods for safeguarding digital assets. However, these wallets can be compromised if their recovery keys—known as mnemonic codes—are exposed.
And that’s exactly what happened. The NTS, in its eagerness to publicize its enforcement efforts, inadvertently included a high-resolution photograph clearly displaying the mnemonic code. This code, often referred to as the “master key,” is the single most sensitive piece of information for any cryptocurrency wallet. With it, anyone can restore access to the wallet’s contents from anywhere in the world—no hardware required.
Within just a day of the press release’s distribution, the worst-case scenario materialized. According to YTN, 4 million PRTG coins, valued at approximately 69 billion KRW, were siphoned from the wallets into an unknown account. The theft was swift, silent, and devastating, exploiting the very vulnerability that had been laid bare by the NTS’s own documentation.
The fallout was immediate. On February 27, the NTS formally requested a police investigation into the theft. By February 28, the National Police Agency’s cyberterror response team had launched a preliminary inquiry, treating the incident with the utmost seriousness. A police spokesperson told Yonhap News, “From the moment we received the investigation request, we have been analyzing the flow of the stolen virtual assets and are actively tracking the perpetrator.”
The authorities are reportedly focusing on the possibility that the mnemonic code was extracted from the high-resolution images distributed to the media. Investigators are tracing the digital trail left by the stolen assets and working to identify everyone who had access to the press materials. If a suspect is identified, they could face charges under the Information and Communications Network Act as well as computer fraud statutes outlined in the Act on the Aggravated Punishment of Specific Economic Crimes.
The incident has cast a harsh spotlight on the broader issue of virtual asset management within South Korea’s public sector. It is not the first time such a mishap has occurred. Just last month, the Gwangju District Prosecutors’ Office faced public scrutiny after losing a significant amount of bitcoin that had been seized as evidence. While the lost bitcoin was eventually recovered, the episode highlighted glaring vulnerabilities in how seized digital assets are handled and stored.
Similarly, the Gangnam Police Station recently reported the loss of bitcoin valued at 2.1 billion KRW, which had been submitted voluntarily and was supposed to be under secure custody. The suspect in that case has since been apprehended, but the pattern is clear: public institutions are struggling to keep pace with the unique security demands of cryptocurrencies.
In the aftermath of the latest incident, the NTS has faced tough questions about its internal protocols. Why was such critical information included in a routine press release? Was there a failure in the review process, or was there a broader lack of understanding about the sensitivity of mnemonic codes? The answers remain elusive, but the consequences are undeniable.
Park Hae-young, Director of the NTS’s Legal Affairs Division, provided some context in the original press briefing: “As a result of the search, we seized virtual asset USBs at the address, and at the spouse’s address, we seized 19 luxury bags worth about 400 million KRW.” The intention was to demonstrate the agency’s effectiveness in asset recovery. Instead, the move has backfired, with critics arguing that the NTS’s eagerness to publicize its achievements directly contributed to the loss.
The mnemonic code’s exposure is particularly egregious because it bypasses the very security cold wallets are designed to provide. As YTN explained, “The mnemonic code is the key password for recovering a virtual asset wallet. With just this code, coins can be recovered externally without the physical wallet.” In other words, the press release handed the keys to the digital vault directly to the public.
For many observers, the incident underscores the urgent need for specialized training and robust security protocols for all public officials handling digital assets. Unlike cash or physical property, cryptocurrencies are uniquely vulnerable to remote theft, and once stolen, they can be nearly impossible to recover. The transparency and traceability of blockchain transactions offer some hope for tracking stolen funds, but the technical sophistication required to do so is not always present within traditional law enforcement agencies.
Public confidence in the government’s ability to manage seized virtual assets has taken a substantial hit. As more cases of mismanaged digital property come to light, calls for reform are growing louder. Some experts suggest establishing dedicated digital asset management teams within each relevant agency, staffed by personnel with both legal and technical expertise. Others advocate for third-party custodianship or independent audits to ensure best practices are followed at every step.
Meanwhile, the investigation into the NTS theft continues. Police are methodically analyzing the movement of the stolen PRTG coins, leveraging blockchain analytics to trace their path through the labyrinthine world of cryptocurrency exchanges and wallets. The hope is that, despite the anonymity often associated with digital currencies, a digital footprint will eventually lead to the perpetrator.
This latest breach serves as a sobering reminder that, in the digital age, even well-intentioned transparency can have unintended and costly consequences. As the government grapples with the aftermath, one thing is clear: the management of virtual assets demands a level of caution and expertise that cannot be taken for granted.