South Korean prosecutors have successfully recovered approximately $21.4 million worth of Bitcoin (320.88 BTC) that was stolen from their custody in August 2025. The funds, originally seized from a gambling platform raid, were being held by the Gwangju District Prosecutors’ Office when they were compromised.
The breach occurred when investigators mistakenly accessed a phishing website and entered the recovery seed phrase for a wallet containing the confiscated assets. This single error granted the attacker full control of the wallet and the 320 BTC within it.
Upon discovering the theft, authorities moved swiftly to limit the damage by blocking transactions involving the stolen Bitcoin on centralized exchanges. This action prevented the hacker from liquidating the assets into fiat currency or stablecoins, effectively cornering the attacker. Following the freeze on exchange activity, the hacker returned the funds to wallets controlled by prosecutors.
However, blockchain forensic reports indicated that shortly after the 320 BTC were restored, the funds were transferred again to a new address, triggering additional internal review and raising questions about post-recovery custody handling. The identity of the hacker remains unknown.
This incident occurs amid a series of digital asset security challenges for South Korean authorities in early 2026. In February, police reported a separate loss of 22 BTC (worth approximately $1.5 million) from seized criminal assets due to custody failures. Around the same time, major exchange Bithumb mistakenly distributed over $40 billion in Bitcoin because of a promotional input error, though it managed to recover 99.7% of the funds.
These incidents have intensified scrutiny over digital asset custody practices in both public institutions and private exchanges. The Gwangju District Prosecutors’ Office is now reviewing its internal security protocols, particularly around seed phrase management and phishing protection, to prevent similar breaches in the future.
