Last updated 1 month ago
South Korea's National Tax Service, a government tax collection agency, experienced a significant cryptocurrency theft following the public disclosure of a seized wallet's recovery phrase. The breach occurred when the agency inadvertently included the mnemonic phrase in an official press release, enabling unauthorized actors to access and drain the wallet. The incident resulted in the theft of 6.4 billion won ($4.8 million) worth of cryptocurrency from the government-controlled wallet.
The attack chain began with the National Tax Service's failure to properly redact sensitive cryptographic material from a public-facing document. The exposed mnemonic recovery phrase provided direct access to the cryptocurrency wallet containing seized assets. Attackers utilized the compromised seed phrase to gain full control of the wallet and transfer its contents, exfiltrating the entire cryptocurrency balance without requiring traditional network intrusion or system compromise.
This incident represents a significant operational security failure within a government financial enforcement agency. The breach highlights critical gaps in sensitive information handling procedures for digital assets under government control, with immediate financial impact measured in millions of dollars of lost public funds.
Accidental exposure of a cryptocurrency wallet mnemonic recovery phrase in an official press release
Article provides new specific details about the incident including the exact amount stolen ($4.8M), the specific mechanism (exposed mnemonic phrase in press release photo), and confirms the theft occurred rather than just exposure.
The National Tax Service publicly apologized for the cryptocurrency theft incident and confirmed the leak involved seed phrases/passwords that allowed unauthorized parties to access seized crypto assets.
Government agencies handling digital assets must implement rigorous cryptographic material handling procedures, including mandatory multi-person verification for any public disclosure of sensitive financial information. The incident demonstrates that traditional document review processes are insufficient for protecting cryptographic secrets, requiring specialized technical controls for seed phrases and private keys in financial enforcement operations.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector