South Korean authorities lose over $4.8 million in crypto after posting mnemonic recovery phrase online — stolen PRTG tokens part of funds seized by National Tax Service from high-value tax evaders

South Korea’s National Tax Service just lost over US$4.8 million in crypto after it posted a photo of a hardware wallet that stored the private keys controlling over 4 million Pre-Retogeum (PRTG) tokens alongside a handwritten note containing the wallet’s mnemonic recovery phrase. According to Maeil Business Newspaper [machine translated], the image was included in its press release to promote the agency’s push to go after “high value and habitual delinquents,” saying that it has seized KRW 8.1 billion or around US$5.4 million worth of assets during the raid. ‘

Hardware wallets do not store the crypto — instead, they keep the private keys that control blockchain addresses, ensuring that only the person who knows the PIN can access the token. But if you lose the hardware wallet and have no backup of these keys, you could potentially lose permanent access to the blockchain address that holds your tokens. Because of this, many of these devices generate a mnemonic seed phrase during setup that lets you recreate all your private keys and addresses, even without the physical wallet.

Unfortunately, it seems that the investigators had no idea of the significance of the mnemonic recovery phrase, as they published it without redacting the information written on the piece of paper. This is like posting the number, expiry date, and security code of your credit card online before the days of multi-factor authentication or sharing your social security number on Reddit. Because of this, the first person who realized and took advantage of that mistake was able to transfer the 4 million PRTG to another wallet (presumably their own) with basically zero issues. According to blockchain analysis, the thief first deposited some Ethereum (ETH) to pay for the transaction fees, then proceeded to withdraw the huge amount in four transactions.

This isn’t the first major gaffe involving cryptocurrency and South Korean authorities. Just last month, the National Police Agency realized that 22 Bitcoin (BTC) worth over US$1.5 million had been missing for several years after the investigating agency neglected to transfer the seized BTC to its own wallet. The authorities thought the amount was safe because it had physical custody of the hardware wallet, but the original owner of the device apparently gave its mnemonic seed phrase to a hacker after it needed some cash, resulting in the loss of the cryptocurrency.

Cryptocurrencies aren’t exactly new, with BTC launching in 2009, but it arguably only went mainstream around 2017 when it surged to about $20,000. Because of that, many public agencies are still grappling with the concept of virtual assets. Even though South Korean authorities have already implemented policies on how to deal with these, it seems that government employees are still struggling to catch up. Hopefully, each painfully expensive misstep is a lesson learned so that everyone avoids making these mistakes in the future.

Follow 3DTested on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.