South Korean police leak seized crypto wallet key, $5M stolen
What's the story
In a major blunder, the South Korean police have inadvertently leaked the password of a seized cryptocurrency wallet, resulting in a theft of assets worth $4.8 million. The incident occurred when the police department issued a press release detailing their seizure of $5.6 million in cryptocurrency from 124 wealthy tax evaders. However, they mistakenly included images that allowed an unknown thief to quickly steal most of the assets.
Media response
Press release was taken down
The press release was later taken down, but not before local media outlets and tech publications had already reported on the theft. Bleeping Computer shared a screenshot of the now-removed images, which showed a handwritten note next to a Ledger device used as a "cold wallet" for crypto storage. The note contained an entire mnemonic recovery phrase that could be used as a master key to transfer assets from the cold wallet without any additional PIN or permissions required.
Theft details
Wallet contained 4 million PRTG tokens
Blockchain analysis expert Cho Jae-woo told a South Korean news site that the wallet contained four million PRTG (Pre-Retogeum) tokens worth about $4.8 million when the thief struck. The Block reported on-chain data from Etherscan showed "the party who moved the funds first deposited a small amount of ETH into the wallet to cover transaction fees, then transferred the four million PRTG tokens out in three transactions."
Apology issued
National Tax Service issues apology
The South Korean National Tax Service has since issued another press release, "deeply" apologizing for the leak that compromised the seized assets. The cops admitted they included the images to make the release more eye-catching but were careless in not redacting the crypto wallet password from them. They confirmed an investigation with national police is underway to trace the transfer and recover lost funds.
Suspect search
No clear suspects so far
As the press release was widely shared online, there are no clear suspects in this case. The National Tax Service has no easy way to recover funds either. Their best bet is if the thief tries to move stolen tokens through a regulated exchange. However, it may be difficult for them to cash out that much cryptocurrency under current market conditions.