Oops: South Korean cops lost $5M in seized crypto after leaking wallet password

Source: Ars Technica

Background

South Korea’s National Tax Service (NTS) inadvertently leaked the password to a seized cryptocurrency wallet in a press release, resulting in the loss of approximately $5 million worth of crypto. The leak occurred because images containing the mnemonic recovery phrase were posted online without redaction.

Potential Thief

The thief could be anyone who saw the press release. Gizmodo noted that the NTS has no clear suspects and that recovering the funds will be difficult. If the thief attempts to move the stolen tokens through a regulated exchange, The Block reported that converting such a large amount of cryptocurrency into cash would be challenging under current market conditions. Consequently, the thief may choose to lie low and avoid major exchanges.

Police Mistakes

• Failure to redact: Posting images with the recovery phrase is equivalent to leaving a wallet wide open.
• Best practices ignored: The original holder of the Ledger wallet had only recorded the phrase on a handwritten note and did not store it online.
• Lack of review: Police should have checked the images for sensitive information before publishing.

Cho, an expert on crypto security, warned that these oversights could cost the national treasury billions of won.

Previous Incidents

• January, Gwangju: Officials investigated the loss of a substantial quantity of seized Bitcoin. The Block reported this was believed to be linked to a phishing attack targeting Coinbase.
• Recent case, Seoul’s Gangnam district: Police launched an internal investigation after 22 seized Bitcoins disappeared. The Block noted that a cold wallet was drained without the physical device leaving police control, suggesting inadequate handling of sensitive information.

Response

In the latest press release, a National Tax Service officer stated that the agency is strengthening internal controls and providing additional job training to prevent future leaks.