Originally reported by BleepingComputer
TL;DR
South Korea's National Tax Service inadvertently exposed a seized cryptocurrency wallet's mnemonic recovery phrase in an official press release. Attackers quickly exploited this exposure to drain 6.4 billion won ($4.8 million) worth of cryptocurrency from the wallet.
While the financial impact is significant ($4.8M), this represents an isolated operational security failure rather than a systemic threat or widespread vulnerability affecting multiple organizations.
South Korea's National Tax Service (NTS) suffered a costly operational security breach when officials accidentally published the complete mnemonic recovery phrase of a seized cryptocurrency wallet in an official press release. The exposure enabled attackers to steal 6.4 billion won (approximately $4.8 million) worth of cryptocurrency assets.
According to BleepingComputer's reporting, the government agency included the wallet's 12-word recovery phrase directly in public documentation related to a tax enforcement case. Cryptocurrency wallets use these mnemonic phrases as master keys that provide complete access to stored funds, equivalent to publishing a bank account number along with all required authentication credentials.
The timing proved critical: once the sensitive information became publicly available, malicious actors moved quickly to import the wallet using the exposed seed phrase and transfer the funds to addresses under their control.
This incident highlights the operational challenges government agencies face when handling seized digital assets. Unlike traditional financial accounts that can be frozen through institutional cooperation, cryptocurrency wallets require direct private key management. A single point of failure in key security can result in immediate and irreversible loss.
The South Korean case demonstrates how standard document handling procedures may be inadequate for managing cryptocurrency evidence. Government agencies worldwide are grappling with similar challenges as digital asset seizures become more common in financial crime investigations.
The National Tax Service has not yet released details about internal security review procedures or whether additional seized wallets may be at risk. The incident represents one of the more significant government cryptocurrency security failures documented to date.
For organizations handling digital assets, the case reinforces established security practices: seed phrases should never appear in documentation, communications, or systems accessible to unauthorized personnel. Air-gapped storage and multi-signature architectures provide additional protection layers for high-value wallets.
Originally reported by BleepingComputer