South Korea’s National Tax Service published an unredacted photograph of a Ledger hardware wallet and its full handwritten seed phrase in an official press release, allowing an unidentified actor to drain the wallet of 4 million Pre-Retogeum (PRTG) tokens within hours.
The tokens were returned approximately 20 hours later – but the incident exposed a significant custody gap in how government agencies handle seized digital assets.
The press release covered an enforcement campaign against tax delinquents and was intended to demonstrate the agency’s seizure activity. No part of the seed phrase was masked or blurred in the image.
An unidentified actor deposited a small amount of ETH to cover gas fees and then moved 4 million PRTG tokens out in three separate transactions, according to on-chain data reviewed by Hansung University blockchain researcher Jaewoo Cho.
The $4.8M Headline vs. Actual Liquidity
The nominal valuation of $4.8 million is based on PRTG’s listed price, but the figure is largely notional.
The token is listed only on MEXC, recorded just $332 in 24-hour trading volume at the time of the incident, has no decentralized exchange trading pairs, and the 4 million tokens moved represented 40% of the total supply.
The perpetrator would have been unable to convert anywhere near face value. Cho noted on X that “the actual damage is at a negligible level” and that other exposed mnemonics from the same release did not appear likely to cause further issues.
A Pattern of Custody Failures
The episode is the third significant cryptocurrency custody lapse for South Korean authorities in a matter of weeks.
Earlier in February, Seoul’s Gangnam district police confirmed that 22 Bitcoin (BTC) seized in a 2021 hacking investigation had been drained from a cold wallet stored in a police vault; two suspects were arrested after investigators determined the coins were moved using a mnemonic the police had never controlled.
In a separate matter, exchange Bithumb briefly credited users with approximately 620,000 BTC – roughly $43 billion in non-existent balances – due to an internal system error in early February. South Korea’s Financial Services Commission extended its review of that incident after criticism that regulators failed to detect serious control weaknesses earlier.
Cho said he hoped the NTS incident would serve as a prompt for South Korean public institutions to establish proper digital asset custody standards.