"As the Service explained in its apology, it intended that those photos would 'provide more vivid information to the public.' Instead, they provided vivid information to crooks who recognized the photos included a seed phrase - a credential used to recover access to a cryptocurrency wallet if passwords and other means of logging in are lost."
"It appears that someone spotted the seed phrase in the Tax Service's images, because within hours of the agency publicizing its raids, funds drained from one of the crypto wallets its agents seized. The stolen tokens - Pre-Retogeum, aka PRTG - were apparently worth $4.8 million, or the majority of the Tax Service's haul."
"The agency is nonetheless suitably contrite, and has promised to strengthen its internal controls to stop exposing credentials in public. Indeed, its apology states it has already revisited the manual it uses when seizing, storing, and disposing of virtual assets, and will ensure its team is trained on those new procedures."
South Korea's National Tax Service seized ₩8.1 billion in assets from 124 tax delinquents and released photos to the media for public information. However, the photos inadvertently contained a seed phrase—a credential for recovering cryptocurrency wallet access. Criminals identified this credential and drained approximately $4.8 million in Pre-Retogeum tokens from one of the seized wallets. The National Tax Service apologized for the security breach and committed to strengthening internal controls. The agency has requested the National Police Agency to track the perpetrators using blockchain records. The Tax Service has revised its manual for seizing, storing, and disposing of virtual assets and plans to retrain its team on new procedures.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]