Home > Security > Security News

South Korea Tax Office Leaks Cryptocurrency Assets, Critical Failure Leads to Wallet Breach

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Crypto Theft - South Korea Flag - Wallet - Hacker
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • Operational Failure: The National Tax Service inadvertently published a seed phrase in press materials, compromising a seized wallet.
  • Asset Theft: Unauthorized actors exploited the leak and drained approximately $4.8 million in Pre-Retogeum tokens.
  • Procedural Review: The agency has issued an apology and is overhauling its digital asset handling protocols.

A security failure at South Korea's National Tax Service resulted in the theft of seized digital assets. On February 26, the agency announced a successful raid on tax delinquents, seizing â‚©8.1 billion ($5.6 million) in assets, and released press materials to publicize the enforcement action.

However, they included unredacted photographs showing a cryptocurrency wallet's recovery credentials, which gave external actors the keys needed to access and control the seized funds.

Seed Phrase Exposure Facilitates Heist

This South Korean tax office leak reportedly included the recovery access key of a wallet containing Pre-Retogeum (PRTG) tokens. 

Within hours of the press release, threat actors identified the credentials in the media images and executed a blockchain heist, transferring approximately $4.8 million worth of tokens to external addresses. 

While the immutable nature of the blockchain enables tracking of these transactions, the anonymity of unhosted wallets makes recovering the stolen assets a complex forensic challenge for authorities.

Agency Response and Protocol Overhaul

In the aftermath of the cryptocurrency wallet breach, reports say the National Tax Service has apologized and engaged the National Police Agency to investigate the theft, which suggests the agency may have already revised manuals regarding the seizure, custody, and disposal of virtual assets. 

In December 2025, a KMSAuto clipper malware-linked hacker was arrested, and a €700 million crypto fraud and laundering network was dismantled in an international operation. In another leak incident, the Abu Dhabi Finance Week exposed passport information for global figures due to a lapse in cloud server security.

Add a Comment
Related
Claude Code Weaponized in Mexican Government Cyberattack, Exposing Roughly 195 Million Identities
Hacked Prayer App Sends Surrender Messages to Iranians, Scammers in the UAE Exploit Crisis to Steal IDs
Cyber Job Moves March 02 - 2026
Cyber Job Moves: New Leadership Across AI, Identity and Global Security
Global Crackdowns, Major Arrests, and AI Security Fixes Mark February’s Close
Telecom Tower - Server - Data
Odido Data Breach Exposes Almost 690,000 Telecom Customer Accounts
Skull formed by binary code in a red background with floating binary code
UAT-10027 Leverages ‘Dohdoor’ Backdoor and Cobalt Strike Against US Education and Healthcare
Most Popular
Claude Code Weaponized in Mexican Government Cyberattack, Exposing Roughly 195 Million Identities
Hacked Prayer App Sends Surrender Messages to Iranians, Scammers in the UAE Exploit Crisis to Steal IDs
Cyber Job Moves March 02 - 2026
Cyber Job Moves: New Leadership Across AI, Identity and Global Security
Global Crackdowns, Major Arrests, and AI Security Fixes Mark February’s Close
Telecom Tower - Server - Data
Odido Data Breach Exposes Almost 690,000 Telecom Customer Accounts
Skull formed by binary code in a red background with floating binary code
UAT-10027 Leverages ‘Dohdoor’ Backdoor and Cobalt Strike Against US Education and Healthcare
Claude Code Weaponized in Mexican Government Cyberattack, Exposing Roughly 195 Million Identities
Hacked Prayer App Sends Surrender Messages to Iranians, Scammers in the UAE Exploit Crisis to Steal IDs
Cyber Job Moves: New Leadership Across AI, Identity and Global Security
Global Crackdowns, Major Arrests, and AI Security Fixes Mark February’s Close
Odido Data Breach Exposes Almost 690,000 Telecom Customer Accounts
UAT-10027 Leverages ‘Dohdoor’ Backdoor and Cobalt Strike Against US Education and Healthcare

Most Popular
Claude Code Weaponized in Mexican Government Cyberattack, Exposing Roughly 195 Million Identities
Hacked Prayer App Sends Surrender Messages to Iranians, Scammers in the UAE Exploit Crisis to Steal IDs
Cyber Job Moves March 02 - 2026
Cyber Job Moves: New Leadership Across AI, Identity and Global Security
Global Crackdowns, Major Arrests, and AI Security Fixes Mark February’s Close
Telecom Tower - Server - Data
Odido Data Breach Exposes Almost 690,000 Telecom Customer Accounts
Skull formed by binary code in a red background with floating binary code
UAT-10027 Leverages ‘Dohdoor’ Backdoor and Cobalt Strike Against US Education and Healthcare
Claude Code Weaponized in Mexican Government Cyberattack, Exposing Roughly 195 Million Identities
Hacked Prayer App Sends Surrender Messages to Iranians, Scammers in the UAE Exploit Crisis to Steal IDs
Cyber Job Moves: New Leadership Across AI, Identity and Global Security
Global Crackdowns, Major Arrests, and AI Security Fixes Mark February’s Close
Odido Data Breach Exposes Almost 690,000 Telecom Customer Accounts
UAT-10027 Leverages ‘Dohdoor’ Backdoor and Cobalt Strike Against US Education and Healthcare

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: