Tax Agency Blunder: $4.8M Crypto Heist Shocks Korea

$4.8M in Cryptocurrency Stolen Following South Korean Tax Agency’s Wallet Seed Exposure

Recently, a staggering $4.4 million in cryptocurrency assets was illicitly obtained after South Korea’s National Tax Service mistakenly revealed the mnemonic recovery phrase of a confiscated crypto wallet.

The pilfered funds were housed in a Ledger cold wallet that was seized during law enforcement operations targeting 124 high-value tax evaders. These raids resulted in the confiscation of digital assets totaling 8.1 billion won, which is equivalent to approximately $5.6 million.

As part of their operation’s success announcement, the agency shared images of a Ledger device, a prominent hardware wallet used for storing and managing cryptocurrencies.

However, the images inadvertently disclosed a handwritten note containing the wallet’s recovery phrase, which essentially functions as the master key enabling the restoration of assets on another device.

Unfortunately, the failure to redact this critical information allowed opportunistic individuals to transfer the assets from the compromised cold wallet into their own accounts.

Shortly after the publication of the press release, approximately 4 million Pre-Retogeum (PRTG) tokens, valued at around $4.8 million at that time, were siphoned off to a new address.

An analysis of on-chain data (Etherscan) revealed that the attacker strategically deposited a small amount of Ethereum (ETH) into the wallet to cover transaction fees before meticulously transferring the 4 million PRTG tokens in three separate transactions.

Blockchain data analysis expert Cho Jae-woo, a professor at Hansung University in Seoul, likened the authorities’ oversight to leaving a wallet wide open for anyone to help themselves to the money.

Professor Jae-woo attributed this blunder to the tax authorities’ inadequate understanding of virtual assets, resulting in a substantial loss for the national treasury despite successful confiscations.

Subsequently, the incriminating press release was removed from the NTS website, leaving uncertainty regarding any follow-up investigations to trace the stolen funds.

This incident serves as a stark reminder for hardware wallet owners that their seed phrase grants unrestricted access to their assets without additional safeguards. Any individual possessing this seed can recreate the wallet elsewhere without requiring the physical device, PIN, or authorization.

It is strongly advised to refrain from digitizing seed phrases or storing them in electronic formats such as notes, photos, emails, or cloud storage. If a seed is compromised, it is crucial to swiftly transfer all funds to a new wallet to prevent further unauthorized access.

Protecting Your Cryptocurrency Assets

Modern IT infrastructure often outpaces manual workflows, leading to hidden delays and potential vulnerabilities. In a comprehensive guide by Tines, learn how automation can streamline response processes, enhance reliability, and scale intelligent workflows using existing tools.

Modern IT infrastructure moves faster than manual workflows can handle.

Discover how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use in the new Tines guide.

Get the guide