In a concerning incident highlighting the vulnerabilities in digital asset management, South Korea's National Tax Service inadvertently disclosed the mnemonic recovery phrase for a seized cryptocurrency wallet during a press announcement. This breach enabled a hacker to steal approximately $4.4 million in crypto assets from the wallet, which had been confiscated as part of a crackdown on high-value tax evaders. The wallet, secured using a Ledger device, was part of a larger seizure that included digital assets worth approximately $5.6 million, raising questions about the security protocols in place for sensitive information.
For businesses operating in the cryptocurrency space, this incident underscores the critical importance of safeguarding recovery phrases and sensitive information from public exposure. Organizations should prioritize robust security measures, including training employees on the implications of sharing operational details publicly, and implementing strict protocols for handling sensitive data. This breach not only poses significant financial risks but also impacts trust in law enforcement's ability to manage and secure digital assets. As cybersecurity threats continue to evolve, this incident serves as a reminder of the intricate relationship between law enforcement, cryptocurrency management, and the necessity for stringent cybersecurity practices.
---
*Originally reported by [Schneier on Security](https://www.schneier.com/blog/archives/2026/03/south-korean-police-accidentally-post-cryptocurrency-wallet-password.html)*