How Did the Seed Phrase Get Exposed?

South Korea’s National Tax Service (NTS) accidentally revealed a crypto wallet seed phrase in an official press release, triggering the loss of 4 million PRTG (Pre-Retogeum) tokens valued at roughly $4.8 million, according to local media reports.

The release related to an enforcement campaign targeting tax delinquents and asset seizures. It reportedly included an image of a Ledger cold wallet alongside a sheet of paper displaying the wallet’s full mnemonic phrase without blur or masking. The disclosure allowed anyone viewing the release to reconstruct the wallet and access its contents.

Blockchain analysts later linked the leaked phrase to an Ethereum address that briefly held 4 million PRTG tokens before the entire balance was transferred out.

What Happened on Chain?

On-chain data shows three inbound transfers totaling 4 million PRTG tokens into the exposed address. Shortly afterward, a single outbound transfer moved exactly 4 million PRTG to another wallet, draining the balance in full.

Associate professor Jaewoo Cho of Hansung University’s Blockchain Research Center analyzed the flows and wrote on X: “We have confirmed that 4 million PRTG tokens, worth approximately $4.8 million, were stolen from the mnemonic that was leaked (disclosed) through a press release from the National Tax Service.”

Cho added that “fortunately, the other exposed mnemonics do not seem likely to cause any major issues,” and argued that because the stolen tokens were difficult to cash out, “the actual damage is at a negligible level.”

He said he hoped the incident would be a “blessing in disguise” that pushes public institutions to establish proper virtual asset custody systems.

Investor Takeaway

Operational security failures, not protocol flaws, remain a primary source of crypto losses — particularly when public institutions handle seized or stored digital assets without hardened custody processes.

Custody Weaknesses Under Scrutiny

The news comes as South Korean authorities face scrutiny over another custody lapse. In a separate case, police discovered in February 2026 that 22 Bitcoin seized in a 2021 hacking investigation had disappeared from a cold wallet stored in a Gangnam police vault.

Investigators later determined that the coins had been moved using a mnemonic phrase that police had never controlled. Two suspects were arrested on Thursday in connection with the incident.

Taken together, the cases highlight vulnerabilities in how public agencies manage digital assets obtained through enforcement actions. Cold storage is often presented as secure by default, but improper key handling can nullify that protection.

Regulators Already Facing Pressure

The timing adds to broader pressure on Korean regulators and market supervisors. In a separate incident, exchange Bithumb recently credited users with roughly 620,000 BTC during a promotional event due to a system error, briefly reflecting about $43 billion in non-existent Bitcoin balances.

The Financial Services Commission extended its review of the exchange after criticism that serious control weaknesses were not identified earlier.

The NTS seed phrase leak now places another spotlight on institutional crypto safeguards. While the PRTG tokens involved may be difficult to liquidate, the mechanics of the loss were straightforward: once a mnemonic phrase becomes public, control of the wallet is effectively lost.

Investor Takeaway

As governments and regulators increasingly seize and store digital assets, custody standards — including strict key management and image controls — are becoming as critical as exchange-level compliance.

The incident illustrates a basic principle of digital asset security: transparency in public communications must never extend to private keys. Once exposed, blockchain transactions are irreversible, and recovery options are limited.