惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

G
GRAHAM CLULEY
V
V2EX
WordPress大学
WordPress大学
博客园 - Franky
Last Week in AI
Last Week in AI
博客园 - 司徒正美
有赞技术团队
有赞技术团队
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
博客园 - 【当耐特】
V
Visual Studio Blog
C
CERT Recently Published Vulnerability Notes
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Jina AI
Jina AI
Attack and Defense Labs
Attack and Defense Labs
腾讯CDC
The Hacker News
The Hacker News
Hugging Face - Blog
Hugging Face - Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
J
Java Code Geeks
人人都是产品经理
人人都是产品经理
阮一峰的网络日志
阮一峰的网络日志
T
Tailwind CSS Blog
S
SegmentFault 最新的问题
大猫的无限游戏
大猫的无限游戏
小众软件
小众软件
A
Arctic Wolf
量子位
博客园 - 聂微东
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
N
News and Events Feed by Topic
雷峰网
雷峰网
博客园_首页
Google Online Security Blog
Google Online Security Blog
Spread Privacy
Spread Privacy
罗磊的独立博客
H
Hacker News: Front Page
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
月光博客
月光博客
TaoSecurity Blog
TaoSecurity Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 三生石上(FineUI控件)
宝玉的分享
宝玉的分享
IT之家
IT之家
The Cloudflare Blog
爱范儿
爱范儿
博客园 - 叶小钗
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Apple Machine Learning Research
Apple Machine Learning Research
酷 壳 – CoolShell
酷 壳 – CoolShell

GRAHAM CLULEY

The ransomware negotiator who was working for the other side Invited to a "job interview" with Netflix or OpenAI? Beware! Your Google password could be at risk Smashing Security podcast #475: JadePuffer - the AI that ran a ransomware attack all by itself Two arrested over credit card phishing - as the Netherlands is named Europe's worst for payment fraud The Gentlemen ransomware: what you need to know Smashing Security podcast #474: Polymarket can predict the future. So how did it miss this hack? Scammers race to cash in on Venezuelan earthquake disaster USB drives carrying China-linked malware infected Japanese military networks for nearly a year Smashing Security podcast #473: How a hacker could have Rickrolled the entire World Cup Hacker hijacks Brazil's national alert system, sending "misanthropy" to millions of phones Apple's Hide My Email tweak leaves privacy fans fuming Imposter scams cost Americans $3.5 billion in 2025 – and it’s getting worse Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed Maine forced to take down data breach portal after fake notices filed with authorities Privacy own-goal: World Cup blunder leaks Lionel Messi's passport details Silent Ransom Group: what you need to know Smashing Security podcast #471: This AI worm just rewrote its own rules Why schools remain one of cybercriminals' favourite targets Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5 Meta’s own AI chatbot to blame for Instagram accounts being stolen in seconds Smashing Security podcast #470: This AI security flaw might be impossible to fix Police arrest man following hack of Ajax football club MyPillow listed on ransomware gang's leak site, but denies it has been breached Smashing Security podcast #469: What your Oura ring won’t tell you FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts — no password required Defenders fall behind, as AI rewrites the rules of a data breach Smashing Security podcast #468: High-speed train hacks and homicidal lawnmowers FBI warns students and staff that ShinyHunters may come knocking after Canvas breach Suspected Dream Market kingpin arrested after gold bars sent to his home address When ransomware gets physical: cybercriminals turn to threats of violence Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities One in eight UK workers has sold their company passwords, and bosses think it’s fine Inside Department 4: Russia's secret school for hackers Sri Lanka makes 37 arrests as it raids another scam centre Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions Alleged Silk Typhoon hacker extradited to the United States to face charges French police arrest 21-year-old "HexDex" hacker over 100 alleged data breaches Smashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were not Singer loses life savings to fake wallet downloaded from the Apple App Store Sometimes changing the password on your email mailbox isn’t enough 108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 users AI and cryptocurrency scams are costing Americans billions, FBI reports Life imprisonment for Cambodian scam compound operators - but will it make a difference? Nigerian romance scammer jailed after being caught out by fellow fraudster Alleged RedLine malware developer extradited to United States Iranian hackers breach FBI director's personal email, and post his CV and photos online World Leaks data extortion: What you need to know How one man used 10,000 bots to steal $8,000,000 from music artists Denver's crosswalks hacked to broadcast anti-Trump messages LeakNet ransomware: what you need to know Free parking in Russia after Distributed Denial-of-Service attack knocks city's parking system offline Fraudsters are using public planning records to target permit applicants Your Signal account is safe - unless you fall for this trick Twitter suspended 800 million accounts last year — so why does manipulation remain so rampant? How hackers bypassed MFA with a $120 phishing kit - until a global takedown shut it down
They seized $4.8m in crypto... then gave the master key to the internet
2026-03-03 · via GRAHAM CLULEY

South Korea's National Tax Service (NTS) has found itself in the middle of a deeply embarrassing — and costly — blunder after accidentally handing thieves the master key to a seized cryptocurrency wallet.

The method? Publishing the access key in a press release, in plain sight for the entire world to see.

Last Thursday, the NTS issued a triumphant press release to the media detailing how it had taken action against 124 high-value tax evaders, and boasting about the seizure of digital assets worth 8.1 billion won — roughly US $5.6 million.

And in that press release, officials included photographs of some of the confiscated hardware: including a Ledger cold wallet device and, sitting right next to it, a handwritten note clearly displaying the wallet's mnemonic recovery phrase.

This seed phrase is the 12-to-24 word sequence that functions as the master key for a cryptocurrency wallet. And as everyone who possesses a hardware cold wallet should know, you are never ever supposed to share with anyone, let alone broadcast to the entire internet in an official press release, that seed phrase.

By dawn the following morning, someone had emptied the wallet of all of its cryptocurrency.

For those unfamiliar with how hardware wallets work, the mnemonic (or seed) phrase is essentially your wallet's ultimate password. Anyone who possesses the phrase can restore access to that wallet on any device, anywhere in the world. And then they can transfer every last cryptocurrency token out — with no need for physical access to device, no PIN required, no further authentication of any kind.

Hardware wallets like Ledger are built around the assumption that the seed phrase is kept secret. The whole point of "cold storage" is that the private keys to the wallet never touch the internet. The moment a seed phrase is exposed, the offline protection is weaker than tissue paper.

The NTS officials later explained that they had included the images in their press release to make it "more eye-catching." Unfortunately for them, the press release certain did catch some people's attention.

The confiscated wallet in question belonged to a tax evader identified only by the authorities as "Mr. C," who had had four cryptocurrency storage devices seized from his home. The hardware wallet contained approximately 4 million Pre-Retogeum (PRTG) tokens, worth around US $4.8 million (approximately 6.4 billion won) at the time.

According to a blockchain analysis by Professor Cho Jae-woo, director of the Blockchain Research Institute at Hansung University in Seoul, the theft took place in the early hours of February 27th — shortly after the press release was published.

Professor Cho pointed out that the original owner of the Ledger device had actually been following best practice — recording the seed phrase only on a handwritten note, rather than storing it digitally. The irony, of course, is that while the tax evader took proper precautions to protect his crypto fortune, the authorities tasked with safeguarding the seized assets did not.

So, a win for the crypto thief - yes?

Well, maybe not.

Because the thief may find it considerably harder to actually spend their US $4.8 million worth of cryptocurrency than it was to steal.

As The Block reports, PRTG is an obscure token, that is rarely used. According to CoinMarketCap data, it recorded a volume of just US $332 in 24 hours of trading at the time of the incident and is listed on only a single exchange — MEXC.

Furthermore the 4 million stolen tokens represent approximately 40% of PRTG's entire total supply. Attempting to convert that quantity of crypto into cash would almost certainly impact the token's value long before the full transaction was done.

Furthermore, if the stolen tokens eventually move through a regulated platform with know-your-customer requirements, there is at least a chance of identifying who is trying to capitalise on the theft.

The NTS eventually removed the offending press release from its website, and issued a follow-up statement offering a "deep" apology for what had happened.

South Korea's National Tax Service found out the hard way. One can only hope that law enforcement agencies seizing digital assets around the world are paying attention.

After all, "don't photograph your passwords and publish them on the internet" is a lesson most of us managed to learn years ago.