The Korea National Tax Service (NTS) announced on February 26th that it had seized digital assets. A photo clearly shows a Ledger hardware wallet next to a 12-word recovery seed phrase, which was immediately exploited by unknown individuals. They transferred 4 million Pre-Retogeum (PRTG) tokens, valued at approximately $4.8 million USD, out of the wallet. The tokens have since been returned to the original wallet. This incident highlights serious operational security flaws in government agencies’ management of digital assets.
Event Summary: A Chain Reaction Triggered by a Photo
The Korean NTS announced they seized about 8.1 billion KRW (around $5.6 million USD) in crypto assets from a tax evader and published photos of the seized items in their press release. The problem lies in one photo labeled “Case 3” — it clearly shows a Ledger hardware wallet and a handwritten note beside it, listing the full 12-word recovery seed phrase.
A local professor directly compared this mistake to “an open invitation for others to empty your wallet.” Once the seed phrase is leaked, anyone can restore the wallet on any device and fully control the assets — the physical security of the hardware wallet is instantly nullified.
On-chain data shows that shortly after the photo was published, an unknown person sent a small amount of ETH to the wallet to pay gas fees, then transferred 4 million PRTG tokens to a new address. This amount accounts for about 40% of the total PRTG supply.
Token Return and Liquidity Reality
Although the tokens were later sent back to the original wallet, the incident sparked widespread discussion. It remains unclear whether this was a white-hat hacker revealing a vulnerability in good faith or an attacker realizing that PRTG’s market liquidity was extremely low and difficult to cash out, leading to the return.
There is a significant gap between the nominal value of PRTG tokens and their actual market liquidity: the only active trading pair has very low volume, and even small sell orders can drastically lower the price. Large-scale cashing out is nearly impossible. This means the $4.8 million USD nominal loss does not equate to an equivalent amount of actual liquidatable assets.
Key Data at a Glance
- Leaked Information: 12-word recovery seed phrase from Ledger hardware wallet (clearly visible in the photo)
- Transferred Tokens: 4 million PRTG, valued at about $4.8 million USD (roughly 40% of total supply)
- Seized Assets Total Value: approximately 8.1 billion KRW (~$5.6 million USD)
- Event Outcome: Tokens returned to the original wallet; PRTG market liquidity is extremely low, making actual cash-out difficult
- NTS Statement: As of this report, the NTS has not issued a detailed statement
Frequently Asked Questions
What is a seed phrase (Mnemonic Phrase), and why is its leak so serious?
A seed phrase (Mnemonic Phrase) is a recovery phrase composed of 12 to 24 English words that can restore a crypto wallet. Anyone holding this phrase can fully recover and control the wallet on any device. Physical security measures of hardware wallets like Ledger cannot prevent seed phrase leaks — once exposed, all security protections are effectively nullified.
Is the $4.8 million USD loss from PRTG tokens an actual financial loss?
Nominally, yes — about $4.8 million USD. However, due to extremely low liquidity in the PRTG market, the actual cash that could be realized is much lower than the nominal value. On-chain data shows the tokens were ultimately returned to the original wallet, so no permanent financial loss occurred. Nonetheless, the security breach and operational oversight are undeniably serious.
What are the implications of this incident for future government custody of digital assets?
This incident highlights systemic risks when government agencies handle digital assets without proper technical safeguards. Key lessons include: all sensitive information (including seed phrases and private keys) must be strictly concealed when displaying seized assets; agencies should establish professional digital asset custody procedures rather than relying on traditional physical confiscation standards.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Claude code leak sparks an LLM crisis, hackers have stolen researchers’ ETH
Security research reveals that in the LLM agent ecosystem, over 20% of free API routers actively inject malicious code, leading to asset theft and credential crises. In addition, the Claude code-leak incident has enabled attackers to spread malware by exploiting developers’ curiosity. The research team proposes a three-layer defense mechanism to address supply-chain security risks.
MarketWhisper3h ago
Solayer founder issues a warning: AI agent routers face malicious injection risks, and ETH is being stolen
Solayer’s founder exposes a security vulnerability in large language model (LLM) routers; in 428 routers, more than 20% exhibit malicious behavior, such as private keys being stolen. The research recommends that developers implement a separate end-to-end integrity verification mechanism on the client side and provides three defense options to mitigate supply-chain attacks.
MarketWhisper3h ago
Giant whale “first set 10 big goals” keeps adding to BTC and ETH short positions, with a position size of up to $270 million
Gate News announcement, April 10, the whale “sets 10 big targets first” (social media account @Jason60704294) has updated its latest positions. Currently, total unrealized profit is $644k. The specific holdings include: BTC short positions of 2567.49 units, entry price $71,554.61, unrealized loss of $644k; ETH short positions of 38,465.22 units, entry price $2,248.74, unrealized profit of $1.37M.
GateNews4h ago
Ethereum’s staking rate hits a record high, with staked ETH valued at about $85 billion
Gate News message: On April 10, according to Token Terminal data, Ethereum’s staking rate hit a record high. Currently, the network is secured by staked ETH with a value of about $85.0 billion.
GateNews4h ago
Today, BTC and ETH options with a nominal value of $2.27 billion expire, and the IV index drops sharply
On April 10, 27k BTC options and 151k ETH options expired, with Put Call Ratios of 0.71 and 0.77, respectively. Bitcoin broke above $72,000 on news of a U.S.-Iran ceasefire, but the overall market is still in a correction phase, and implied volatility has fallen significantly.
GateNews4h ago
