Cyber-crime South Korea’s tax office apologizes for leaking seed phrase to seized crypto Went from triumph at having busted tax dodgers to embarrassment at losing the proceeds Simon Sharwood Mon 2 Mar 2026 // 00:51 UTC South Korea’s National Tax Service has apologized after it leaked passwords to a stash of stolen crypto, which parties unknown used to make off with the digi-cash. This strange story starts on February 26th when the Tax Service triumphantly announced it had busted 124 high-value tax delinquents and seized ₩8.1 billion ($5.6 million) worth of cash and luxury goods. As is often the case with seizures of this sort, the Tax Service shared photos of its haul with the media. As the Service explained in its apology, it intended that those photos would “provide more vivid information to the public.” Instead, they provided vivid information to crooks who recognized the photos included a seed phrase – a credential used to recover access to a cryptocurrency wallet if passwords and other means of logging in are lost. It appears that someone spotted the seed phrase in the Tax Service’s images, because within hours of the agency publicizing its raids, funds drained from one of the crypto wallets its agents seized. Korean cops charge teens over bike hire breach that exposed data on 4.62M riders South Korea enlists AI to spot pump and dump schemes on social media, or in Spam Korean telco failed at femtocell security, exposed customers to snooping and fraud Four arrested in South Korea over massive IP camera snooping spree The stolen tokens – Pre-Retogeum, aka PRTG – were apparently worth $4.8 million, or the majority of the Tax Service’s haul. The one tiny upside in this whole mess is that the heist was of course recorded on a blockchain, so the Tax Service has asked Korea’s National Police Agency to track down whoever emptied the wallet. Despite blockchain advocates often promoting the tech as a more private way to conduct transactions, law enforcement authorities regularly identify those who conduct cryptocurrency trades so perhaps this will still end in a win for the Tax Service. The agency is nonetheless suitably contrite, and has promised to strengthen its internal controls to stop exposing credentials in public. Indeed, its apology states it has already revisited the manual it uses when seizing, storing, and disposing of virtual assets, and will ensure its team is trained on those new procedures. ® Share More about Cryptocurrency Security South Korea More like these × More about Cryptocurrency Security South Korea Tax Narrower topics 2FA Advanced persistent threat Application Delivery Controller Authentication BEC Bitcoin Black Hat BSides Bug Bounty Center for Internet Security CHERI CISO Coinbase Common Vulnerability Scoring System Crypto.com Cybercrime Cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Data Breach Data Protection Data Theft DDoS DEF CON Digital certificate Digital Services Tax Encryption End Point Protection Ethereum Exploit Firewall FTX Google Project Zero Hacker Hacking Hacktivism Identity Theft Incident response Infosec Infrastructure Security IR35 Kakao Kenna Security NAVER NCSAM NCSC Palo Alto Networks Password Personally Identifiable Information Phishing Quantum key distribution Ransomware Remote Access Trojan REvil RSA Conference Software Bill of Materials Spamming Spyware Surveillance TLS Trojan Trusted Platform Module Umbrella Firm Vulnerability Wannacry Zero trust Broader topics APAC More about Share POST A COMMENT More about Cryptocurrency Security South Korea More like these × More about Cryptocurrency Security South Korea Tax Narrower topics 2FA Advanced persistent threat Application Delivery Controller Authentication BEC Bitcoin Black Hat BSides Bug Bounty Center for Internet Security CHERI CISO Coinbase Common Vulnerability Scoring System Crypto.com Cybercrime Cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Data Breach Data Protection Data Theft DDoS DEF CON Digital certificate Digital Services Tax Encryption End Point Protection Ethereum Exploit Firewall FTX Google Project Zero Hacker Hacking Hacktivism Identity Theft Incident response Infosec Infrastructure Security IR35 Kakao Kenna Security NAVER NCSAM NCSC Palo Alto Networks Password Personally Identifiable Information Phishing Quantum key distribution Ransomware Remote Access Trojan REvil RSA Conference Software Bill of Materials Spamming Spyware Surveillance TLS Trojan Trusted Platform Module Umbrella Firm Vulnerability Wannacry Zero trust Broader topics APAC TIP US OFF Send us news