South Korean prosecutors have successfully recovered approximately $21.4 million worth of Bitcoin that was stolen from government custody last year, according to local media reports.
The unexpected return of funds follows a high-profile security lapse that exposed weaknesses in how seized digital assets were being handled by investigative agencies.
Phishing Error Led to Major Loss
The breach was first discovered in December when the Gwangju District Prosecutors’ Office realized that Bitcoin previously confiscated during a gambling platform raid had disappeared.
An internal investigation revealed that the loss occurred in August after investigators mistakenly accessed a phishing website and entered sensitive recovery seed phrases tied to the seized wallet. By exposing the seed phrase, authorities inadvertently handed full control of the Bitcoin to the attacker.
The stolen amount totaled 320.8 BTC, valued at roughly $21.4 million at current prices.
Hacker Sends Funds Back
In a surprising twist, the hacker returned the entire 320.8 BTC to the prosecutors’ wallet earlier this week, according to reports from local outlet Digital Asset.
Officials stated that they had taken steps to block centralized exchange transactions linked to the hacker’s wallet, effectively making it difficult for the attacker to liquidate or move the funds through major trading platforms.
That pressure may have contributed to the decision to return the assets. The identity of the hacker remains unknown.
Following the recovery, prosecutors transferred the returned Bitcoin to a local cryptocurrency exchange for enhanced safekeeping while continuing efforts to identify the individual responsible.
Wider Audit of Seized Crypto Management
The incident has sparked broader concerns about how South Korean law enforcement agencies manage confiscated digital assets.
In a related development, it was revealed last week that the Seoul Gangnam Police Station has reportedly lost track of 22 BTC stored in a cold wallet since 2021. That discovery triggered additional scrutiny across agencies handling crypto evidence.
The Gyeonggi Bukbu Provincial Police Agency confirmed it has launched its own internal investigation to determine the circumstances surrounding the loss and assess whether internal misconduct played any role.
Security Lessons for Authorities
The case highlights a recurring challenge in crypto enforcement: while governments are increasingly seizing digital assets from criminal operations, secure custody practices remain uneven.
Unlike traditional bank accounts, cryptocurrency wallets rely entirely on private keys and recovery seed phrases. Once those credentials are exposed, control of the assets is effectively transferred.
The phishing incident underscores the importance of operational security, especially for public agencies managing high-value digital holdings.
Although the funds have now been restored, the breach has exposed vulnerabilities that could prompt tighter protocols for digital asset custody across South Korea’s investigative bodies.
For now, authorities have recovered the Bitcoin - but the investigation into how the breach occurred, and who was behind it, remains ongoing.
