Cybersecurity

Cyber: $4.8m In Crypto Stolen After Korean Tax Agency Exposes Wallet Seed

2026-02-28 0 views admin
Cyber: $4.8m In Crypto Stolen After Korean Tax Agency Exposes Wallet Seed

Someone jumped at the opportunity to steal $4.4 million in crypto assets after South Korea’s National Tax Service exposed publicly the mnemonic recovery phrase of a seized cryptocurrency wallet.

The funds were stored in a Ledger cold wallet seized in law enforcement raids at 124 high-value tax evaders that resulted in confiscating digital assets worth 8.1 billion won (currently approximately $5.6 million).

When announcing the success of the operation, the agency released photos of a Ledger device, a popular hardware wallet for crypto storage and management.

However, the images also showed a handwritten note of the wallet recovery phrase, which serves as the master key that allows restoring the assets to another device.

The authorities failed to redact that info, allowing anyone to transfer into their account the assets in the cold wallet.

Reportedly, shortly after the press release was published, 4 million Pre-Retogeum (PRTG) tokens, worth approximately $4.8 million at the time, were transferred out of the confiscated wallet to a new address.

“On-chain data (Etherscan) analysis shows that the attacker first deposited a small amount of Ethereum (ETH) into the wallet to pay transaction fees (gas fees), and then meticulously transferred the 4 million PRTG tokens to their own wallet in three separate transactions,” reports Korean media.

Blockchain data analysis expert Cho Jae-woo, a professor at Hansung University in Seoul who observed the transfer, commented on the authorities’ blunder by comparing it to leaving a wallet open and advertising it to the entire nation for people to take the money.

The professor attributed the mistake to the tax authorities’ “lack of basic understanding of virtual assets,” which effectively cost the national treasury tens of billions of won that had been successfully confiscated.

The press release has now been removed from the NTS website, and it is unclear if authorities started an investigation to determine where the stolen funds ended.

Source: BleepingComputer

🏷️ Tags

attack

More from Cybersecurity

Cyber: Thousands Of Public Google Cloud API Keys Exposed With Gemini...

Cyber: Thousands Of Public Google Cloud API Keys Exposed With Gemini...

2026-02-28 0
Cyber: Pentagon Designates Anthropic Supply Chain Risk Over AI Military...

Cyber: Pentagon Designates Anthropic Supply Chain Risk Over AI Military...

2026-02-28 0
Cyber: Life Mirrors Art: Ransomware Hits Hospitals On Tv & Irl 2026

Cyber: Life Mirrors Art: Ransomware Hits Hospitals On Tv & Irl 2026

2026-02-27 0
Cyber: Cities Hosting Major Events Need More Focus On Wireless, Drone Defense

Cyber: Cities Hosting Major Events Need More Focus On Wireless, Drone Defense

2026-02-27 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views