South Korea Tax Service Leaks Seed Phrases, Loses $4.8 Million in Seized Crypto

By: crypto insight|2026/03/06 00:00:00

Key Takeaways

The National Tax Service of South Korea inadvertently leaked private keys in a press release, resulting in a $4.8 million theft of seized PRTG tokens.
A procedural misstep involved posting seed phrases visibly in high-resolution photos, akin to publicly sharing personal bank details online.
The incident underscores the importance of secure handling procedures for digital assets by state agencies.
It serves as a cautionary tale for other governments ramping up crypto enforcement efforts to manage digital assets securely.

WEEX Crypto News, 2026-03-05 13:11:42

In a surprising event that has highlighted the complexity and risks associated with handling digital currencies, South Korea’s National Tax Service (NTS) transformed a successful enforcement action into a costly blunder. The agency’s inadvertent leaking of seed phrases led to the theft of $4.8 million in seized cryptocurrency, a misstep that underlines the paramount importance of digital hygiene and security in governmental processes handling digital assets.

An Unprecedented Operational Misstep

On February 26, the NTS announced the seizure of approximately 8.1 billion KRW (equivalent to $5.5 million at the time) from individuals evading taxes. However, this achievement was marred by an unexpected oversight: the publication of unredacted high-resolution images containing seed phrases for the crypto assets seized. These images showed a Ledger hardware wallet next to a handwritten note of its mnemonic recovery phrase, the master key granting full access to crypto funds, irrespective of who holds the device.

For those familiar with cryptocurrency management, this mishap was akin to broadcasting a bank account number and PIN for all to see. The authenticity of these crucial details allowed hackers to remotely commandeer 4 million PRTG (Pre-Retogeum) Tokens. Consequently, the agency’s oversight swiftly transformed into a financial debacle.

The Swift Leakage of Seized Assets

The narrative of the asset leakage unfolds in two stages. The first individual who accessed the wallet quickly returned the funds, perhaps deterred by the potential repercussions of stealing from a government agency. In stark contrast, a second actor was less inhibited, permanently siphoning the returned assets just 2.5 hours later. This series of events culminated in the irreversible theft of funds, underscoring the challenges posed by blockchain’s immutability—once funds are moved without consent, recovery becomes exceedingly difficult without the thief’s cooperation.

The Scope of Financial Implications

Although the actual financial blow sums up to $4.8 million, the true market impact of such a theft is nuanced. The wallet held 4 million PRTG tokens with a theoretical worth of $4.8 million. However, the liquidity for these tokens was notably sparse. An immediate and substantial sale on the open market would likely have depreciated their value, thus reducing the net gain for the perpetrator. For the NTS, however, the loss remains irreversible and absolute, erasing credits designated to offset tax liabilities from the national treasury.

-- Price

Institutional Custody: Key Lapses and Lessons

This incident did not arise from a sophisticated technical hack but from human and procedural errors. Proper procedures for handling digital assets extend beyond the mere physical confiscation of devices; they demand the prompt and secure relocation of digital assets into government-controlled wallets. The decision to leave the assets in an original suspect’s wallet and publicly present the recovery phrase demonstrates a misunderstanding of the responsibilities tied to digital asset management.

This operational failure highlights a concerning disparity in the competency levels of regional institutions. While Japan’s central bank diligently tests blockchain infrastructure for high-level financial operations, South Korea’s tax authorities have faltered in executing foundational digital security protocols. In response, the NTS has issued an apology and pledged to update its handling procedures. However, the damage in terms of public trust and financial integrity is already substantial, leaving recovery heavily reliant on police investigations.

The Significance of Secure Crypto Enforcement

This incident does more than paint a cautionary tale for South Korea; it resonates on a global stage. As one of the world’s most vibrant cryptocurrency markets, South Korea’s governmental bodies exhibit a proactive stance on taxing digital assets. Yet, this incident reveals a critical vulnerability in the system—demonstrating the state’s ability to track offenders does not equate to operational competence in asset management.

The risk landscape for traders in South Korea is evolving. While concerns traditionally centered around regulatory decisions, the new threat stems from governmental mismanagement. If asset seizures equate to inevitable loss, this could foster market instability, highlighting the flawed enforcement mechanisms that once sought to uphold order.

For worldwide governments escalating their efforts in crypto asset seizures, the forewarning from the NTS’s mistake is emphatic. Merely possessing assets physically is insufficient without ensuring the robust digital handling that guarantees their safety.

FAQs

What happened with the South Korean National Tax Service’s crypto seizure?

The South Korean National Tax Service mistakenly leaked the seed phrases of seized cryptocurrencies in a press release. This error allowed hackers to access and steal $4.8 million worth of PRTG Tokens.

How did the seed phrases get leaked?

The NTS published high-resolution images of the hardware wallet and a handwritten note of the mnemonic recovery phrase online. These seed phrases, visible in the photographs, allowed unauthorized access to the crypto assets.

Why is there difficulty in recovering the stolen cryptocurrencies?

The inherent nature of blockchain technology complicates retrieval because it is immutable and transactions cannot be reversed without cooperation from the entity in possession of the stolen assets.

What are the broader implications of this incident for crypto enforcement?

This incident underscores a fundamental need for enhanced procedures in handling digitally seized assets securely. It serves as a warning to other governments on the significance of operational competence and digital security.

What changes have the NTS promised following this incident?

Following this incident, the NTS has apologized and committed to revising its operational manuals to prevent such lapses in the future, underscoring the importance of robust digital handling procedures for seized assets.

The privacy-focused crypto wallet Mixin announced today the launch of its U-based perpetual contract (a derivative priced in USDT). Unlike traditional exchanges, Mixin has taken a new approach by "liberating" derivative trading from isolated matching engines and embedding it into the instant messaging environment.

Users can directly open positions within the app with leverage of up to 200x, while sharing positions, discussing strategies, and copy trading within private communities. Trading, social interaction, and asset management are integrated into the same interface.

Simplified Trading Experience: No KYC Required, Opening a Position in Five Steps

Based on its non-custodial architecture, Mixin has eliminated friction from the traditional onboarding process, allowing users to participate in perpetual contract trading without identity verification.

The trading process has been streamlined into five steps:

· Choose the trading asset

· Select long or short

· Input position size and leverage

· Confirm order details

· Confirm and open the position

The interface provides real-time visualization of price, position, and profit and loss (PnL), allowing users to complete trades without switching between multiple modules.

Social-Native Trading: Strategy and Execution Completed in the Same Context

Mixin has directly integrated social features into the derivative trading environment. Users can create private trading communities and interact around real-time positions:

· End-to-end encrypted private groups supporting up to 1024 members

· End-to-end encrypted voice communication

· One-click position sharing

· One-click trade copying

On the execution side, Mixin aggregates liquidity from multiple sources and accesses decentralized protocol and external market liquidity through a unified trading interface.

By combining social interaction with trade execution, Mixin enables users to collaborate, share, and execute trading strategies instantly within the same environment.

Referral Mechanism: Non-institutional users can receive up to 60% fee split

Mixin has also introduced a referral incentive system based on trading behavior:

· Users can join with an invite code

· Up to 60% of trading fees as referral rewards

· Incentive mechanism designed for long-term, sustainable earnings

This model aims to drive user-driven network expansion and organic growth.

Self-Custody Architecture and Built-in Privacy Mechanism

Mixin's derivative transactions are built on top of its existing self-custody wallet infrastructure, with core features including:

· Separation of transaction account and asset storage

· User full control over assets

· Platform does not custody user funds

· Built-in privacy mechanisms to reduce data exposure

The system aims to strike a balance between transaction efficiency, asset security, and privacy protection.

A New Path for On-Chain Derivatives

Against the background of perpetual contracts becoming a mainstream trading tool, Mixin is exploring a different development direction by lowering barriers, enhancing social and privacy attributes.

The platform does not only view transactions as execution actions but positions them as a networked activity: transactions have social attributes, strategies can be shared, and relationships between individuals also become part of the financial system.

Regulatory Background

Mixin's design is based on a user-initiated, user-controlled model. The platform neither custodies assets nor executes transactions on behalf of users.

This model aligns with a statement issued by the U.S. Securities and Exchange Commission (SEC) on April 13, 2026, titled "Staff Statement on Whether Partial User Interface Used in Preparing Cryptocurrency Securities Transactions May Require Broker-Dealer Registration."

The statement indicates that, under the premise where transactions are entirely initiated and controlled by users, non-custodial service providers that offer neutral interfaces may not need to register as broker-dealers or exchanges.

About Mixin

Mixin is a decentralized, self-custodial privacy wallet designed to provide secure and efficient digital asset management services.

Its core capabilities include:

· Aggregation: integrating multi-chain assets and routing between different transaction paths to simplify user operations

· High liquidity access: connecting to various liquidity sources, including decentralized protocols and external markets

· Decentralization: achieving full user control over assets without relying on custodial intermediaries

· Privacy protection: safeguarding assets and data through MPC, CryptoNote, and end-to-end encrypted communication

Mixin has been in operation for over 8 years, supporting over 40 blockchains and more than 10,000 assets, with a global user base exceeding 10 million and an on-chain self-custodied asset scale of over $1 billion.

$600 million stolen in 20 days, ushering in the era of AI hackers in the crypto world

Ethereum's biggest enemy is actually AI hackers

Vitalik's 2026 Hong Kong Web3 Summit Speech: Ethereum's Ultimate Vision as the "World Computer" and Future Roadmap

Ethereum's Two Core Tenets: A "World Computer" + Global Broadcast Channel.

On the same day Aave introduced rsETH, why did Spark decide to exit?

The results of two decision-making philosophies have now been quantified

Full Post-Mortem of the KelpDAO Incident: Why Did Aave, Which Was Not Compromised, End Up in Crisis Situation?

Bad Debt, Liquidity Crisis, and DeFi Risk Reassessment

After a $290 million DeFi liquidation, is the security promise still there?

Replacing intermediary credit with code does not automatically equate to greater security

ZachXBT's post ignites RAVE nearing zero, what is the truth behind the insider control?

Perhaps what the cryptocurrency market truly needs is to transform what ZachXBT has done into institutional arrangements: stricter listing review standards, more transparent token distribution information disclosure, and more binding continuous monitoring mechanisms for exchanges.

Vitalik 2026 Hong Kong Web3 Carnival Speech Transcript: We do not compete on speed; security and decentralization are the core

Vitalik Buterin reveals the ultimate vision of Ethereum as a "world computer," announcing a hardcore roadmap for the next five years focusing on scalability, zkEVM, and quantum resistance.

Consumer-grade Crypto Global Survey: Users, Revenue, and Track Distribution

The number of active users of consumer-grade encryption has long reached tens of millions, but it is not in the sight of Silicon Valley and New York.

Prediction Markets Under Bias

Why do authoritative narratives always exclude prediction markets?

Stolen: $290 million, Three Parties Refusing to Acknowledge, Who Should Foot the Bill for the KelpDAO Incident Resolution?

The most dangerous scenario right now is that if ETH suddenly drops, Aave's bad debt could snowball even further.

ASTEROID Pumped 10,000x in Three Days, Is Meme Season Back on Ethereum?

「Space Dog」 Triggers ETH Mainnet Price Surge, Sparking SOL Community Anxiety

ChainCatcher Hong Kong Themed Forum Highlights: Decoding the Growth Engine Under the Integration of Crypto Assets and Smart Economy

Why can this institution still grow by 150% when the scale of leading crypto VCs has shrunk significantly?

The merger of the two major payment companies, Bridge and BVNK, establishes their industry position and revenue scale.