South Korea: Authority leaks mnemonic phrase for crypto wallet – and gets robbed

South Korea's tax authority has extensively apologized for accidentally making the associated seed phrase public after securing a hardware wallet for cryptocurrency. The digital money was then stolen twice.

This is according to a report by the Korean daily newspaper Chosun and an apology from the National Tax Service. According to the report, the mishap occurred last Thursday when the authority announced its actions against a tax evader at a press conference. A phrase was legible on a photo, which allowed access to the digital assets. This was then done immediately, but the first person even transferred the cryptocurrency back. However, the next access did not end so amicably.

Debacle after success report

As The Chosun Daily reports, the tax authority actually wanted to announce a success against tax fraud on Thursday, stating that, among other things, 6.9 billion won (about 4.03 million euros) in cryptocurrency had been seized. As is customary on such occasions, photos of the seized assets were made public; one shows a hardware wallet with several written notes. The information visible on it was enough to access the cryptocurrency and transfer it. One person reportedly did this but then reversed the transfer. “I did it out of curiosity,” the daily quoted them as saying. A few hours later, another person stole the cryptocurrency again. The police were then called in.

Hardware wallets for cryptocurrency are intended to protect digital assets: They allow the necessary keys to be stored securely offline. Only those who possess these private keys can spend or transfer bitcoins and the like. Because they store them physically offline on an external device, such hardware wallets minimize the risk of hacker attacks or malware. However, the loss or defect of such a device does not mean a loss of assets if the private keys can be regenerated using a seed. So-called mnemonic phrases, easy-to-remember word sequences as memory aids, help with this. In the case of the tax authority, it was precisely this that allowed the cryptocurrency to be stolen.

In the statement from yesterday, Sunday, the National Tax Service regrets the unforgivable mistake. They wanted to inform the public about the success against tax fraud without noticing that sensitive information was being passed on through the illustrative information. They immediately tried to get the cryptocurrency back and commissioned the police with investigations. However, there are apparently no results yet. Furthermore, they will use the incident as an opportunity to strengthen internal controls to prevent a recurrence. Employees should also be better trained.

Read also

Bitcoin & Co.: Polizei stellt Kryptogeld im Wert von zehn Millionen Euro sicher

(mho)