In a major security breach exposing critical vulnerabilities in law enforcement's handling of digital assets, South Korean authorities have arrested two individuals for allegedly stealing 22 Bitcoin, valued at approximately $1.8 million, from the Seoul Gangnam Police Station where the cryptocurrency was being held as evidence. The incident, investigated by the Gyeonggi Bukbu Provincial Police Agency, stems from a fundamental failure to follow protocol and understand basic cryptocurrency custody principles.
The core failure was a misunderstanding of how hardware wallets work. According to reports from TV Chosun and KBS, police at the Gangnam station secured only the physical USB-type hardware wallet but were unaware that the assets could be accessed remotely by anyone possessing the wallet's 12 to 24-word recovery seed phrase. The suspects allegedly used this seed phrase to regenerate the private keys on a new device and transfer the funds in November 2021, while the physical wallet remained untouched in police custody.
The Bitcoin, worth around 2.1 billion Korean won ($1.8 million) at the time of the theft, had been voluntarily submitted to authorities in 2021 during a separate criminal probe. The theft occurred despite a March 2022 directive from the National Police Agency (NPA) mandating that all seized virtual assets be transferred to an official, centrally managed police cold wallet. The Gangnam station failed to comply with this rule, continuing to store the crypto in an external wallet. The assets were presumed lost by May 2022, though the arrests and public disclosure came later following a detailed investigation.
This case highlights a dangerous global gap between traditional evidence-handling protocols and the technical realities of securing cryptocurrency. Experts emphasize that best practice requires the immediate on-chain transfer of seized funds to a wallet controlled solely by the law enforcement agency, nullifying the value of any recovery phrase held by other parties. The failure to execute this step was the central operational error.
The incident has broad implications, potentially eroding public trust, compromising prosecutions, and serving as a cautionary tale for law enforcement worldwide. It may accelerate discussions around mandatory custody standards for institutions, including government bodies, and will likely drive the creation of standardized global protocols and specialized training for digital asset seizures.
