Someone jumped at the opportunity to steal $4.4 million in crypto assets after South Korea’s National Tax Service exposed publicly the mnemonic recovery phrase of a seized cryptocurrency wallet.

The funds were stored in a Ledger cold wallet seized in law enforcement raids at 124 high-value tax evaders that resulted in confiscating digital assets worth 8.1 billion won (currently approximately $5.6 million).

When announcing the success of the operation, the agency released photos of a Ledger device, a popular hardware wallet for crypto storage and management. 

However, the images also showed a handwritten note of the wallet recovery phrase, which serves as the master key that allows restoring the assets to another device.

The authorities failed to redact that info, allowing anyone to transfer into their account the assets in the cold wallet.

Reportedly, shortly after the press release was published, 4 million Pre-Retogeum (PRTG) tokens, worth approximately $4.8 million at the time, were transferred out of the confiscated wallet to a new address.

“On-chain data (Etherscan) analysis shows that the attacker first deposited a small amount of Ethereum (ETH) into the wallet to pay transaction fees (gas fees), and then meticulously transferred the 4 million PRTG tokens to their own wallet in three separate transactions,” reports Korean media.

Blockchain data analysis expert Cho Jae-woo, a professor at Hansung University in Seoul who observed the transfer, commented on the authorities’ blunder by comparing it to leaving a wallet open and advertising it to the entire nation for people to take the money.

The professor attributed the mistake to the tax authorities’ “lack of basic understanding of virtual assets,” which effectively cost the national treasury tens of billions of won that had been successfully confiscated.

The press release has now been removed from the NTS website, and it is unclear if authorities started an investigation to determine where the stolen funds ended.

The case is a reminder for hardware wallet owners that their seed phrase gives complete access to their wallet without any additional protections. Anyone who has it can recreate the wallet anywhere without their device, PIN, or permission.

It is recommended to avoid digitizing seed phrases, store them in electronic notes, photos, in email messages, cloud storage, or send them over messaging apps. If a seed is exposed, all funds should be moved to a new wallet as soon as possible.