South Korean authorities are investigating two separate, high-profile cryptocurrency thefts involving seized assets under government custody, revealing systemic security flaws in how law enforcement and tax agencies handle digital evidence. The incidents, occurring at the Gangnam Police Station and the National Tax Service (NTS), resulted in combined losses exceeding $6 million.
The first case involves the theft of 22 Bitcoin (worth approximately $1.4 million) from evidence storage at Seoul's Gangnam Police Station. The BTC was originally surrendered in November 2021 during an investigation into a hack of a local cryptocurrency exchange. Instead of following national protocols mandating that confiscated crypto be held in police-controlled cold wallets, the assets were placed in a third-party cold wallet managed by a company involved in the original probe. Critically, the police did not possess the wallet's seed phrase, creating a custody gap.
The theft was enabled when an official with access to the third-party wallet allegedly provided the seed phrase to an individual known as "Mr. Jeong" as part of a borrowing agreement. The Gyeonggi Northern Provincial Police Agency has arrested two suspects in their 40s in connection with the crime. The breach went undetected for years and was only uncovered during a nationwide audit of law enforcement's handling of virtual assets, which was itself prompted by other incidents including a separate loss of 320 BTC by the Gwangju District Prosecutors' Office.
The second, even larger incident involves a $4.8 million (6.9 billion won) theft from the National Tax Service (NTS). The agency had seized four cold wallet USB drives from a tax delinquent. In a catastrophic procedural error, the NTS inadvertently exposed the wallet's mnemonic seed phrase in a publicly released document. This master key was subsequently used by unknown actors to drain the wallet completely.
The National Police Agency has assigned its elite Cyber Terror Response Division to lead the preliminary inquiry into the NTS breach, treating it as a serious cybercrime. Cybersecurity experts have labeled the incident a "textbook case of applying analog procedures to a digital asset world," where personnel unfamiliar with the technical gravity of a seed phrase treated it as mundane case file data.
These cases highlight profound institutional vulnerabilities. They raise urgent questions about liability, insurance for seized crypto holdings, and the adaptation of traditional evidence-gathering methods to blockchain technology. The failures could impact public confidence and accelerate calls for stricter oversight of security practices for all entities holding digital assets in South Korea, a nation positioning itself as a leader in crypto regulation.
