Those images attached to the press release turned out to be a serious error. The high-resolution photos clearly show the mnemonic recovery phrases, which serve as master keys to access the wallet. This exposure eliminated any protection provided by offline cold storage on laser devices. Possession of the seed phrase allows full control, and anyone who knows the phrase can import it into the software or another hardware wallet and initiate transfers without the original device.
In this case, an unidentified individual who saw photos published by law enforcement first added a small amount of Ether to an address to cover the Ethereum network gas fees required for outbound transactions. From there, they executed three transfers to move approximately 4 million Pre-Retogeum, or PRTG, tokens. At the time, those tokens were valued at $4.8 million, but reporting the block This indicates that it will prove difficult to eliminate much value from the holdings due to market dynamics.
According to a local report, a professor at Hansung University said the incident reflected “tax authorities’ fundamental lack of understanding of virtual assets” and caused billions of dollars in losses to the national treasury in Korean won.
Since the seed phrase appeared in a widely distributed press release, investigators have no clear suspects. The theft may have been committed by a supervisor. Additionally, crypto lacks a central authority that is able to withdraw assets in most cases. Recovery options primarily exist when stablecoins are involved or if the money reaches a regulated exchange that can cooperate with law enforcement.
Notably, this is not the first time that there has been an accident with crypto funds previously seized by law enforcement in South Korea. In November 2021, the Gangnam Police Station seized 22 Bitcoins while investigating a hacking complaint involving the A Coin Foundation. The department stored the coins in a wallet provided by the Foundation, and the recovery phrase was later passed to a third party. Last week, police arrested two individuals associated with the foundation on suspicion of using that phrase to eliminate Bitcoin from evidence storage. 22 Bitcoins are now worth about $1.5 million.
As these cases show, full self-custody in crypto places significant responsibility on individuals. This freedom comes with new vulnerabilities, and criminals have turned to home invasions and violence against people known to hold crypto on a large scale. A recent incident in Scottsdale, Arizona, involved two California teenagers who traveled more than 600 miles to a residence hall. The pair posed as delivery drivers, forced their way inside a home, and used duct tape to restrain a couple while demanding crypto assets they believed were worth $66 million. The police caught and arrested the suspects shortly after.
Employees, government officials, and other individuals with access to personal information of crypto users is also emerging as a major security hole. A former staff member at Revolut allegedly tried to blackmail a customer by threatening to reveal details unless a crypto ransom was paid. Separately, a French tax official allegedly leaked personal data on crypto users to a criminal network in exchange for payment.
Online and over-the-phone scammers also often exploit the finality of blockchain payments by instructing victims to send money through crypto ATMs, after which recovery becomes nearly impossible. This strategy has hit elderly targets particularly hard in the United States. In Minnesota, state lawmakers and local police departments are supporting a complete ban on these kiosks, and similar concerns have emerged in Maine, Massachusetts, Kansas, and several other states. The FBI previously estimated that the nationwide impact of these types of scams last year was $333 million, and that data did not even include December.
<a href