South Korean authorities are facing intense scrutiny after nearly $48 million worth of seized Bitcoin disappeared from government custody, allegedly due to a phishing attack that compromised access credentials.
Bitcoin Missing During Routine Inspection
The incident came to light when officials at the Gwangju District Prosecutors’ Office conducted a routine inspection of seized financial assets. During the review, prosecutors reportedly discovered that approximately 70 billion won ($47.7 million) in Bitcoin was missing.
Local media reports indicate the Bitcoin had been confiscated as part of a prior criminal case, though authorities have not disclosed when the assets were seized or how long the funds had been missing. The lack of transparency has fueled public concern over how digital assets are safeguarded once they fall under state control.
Phishing Attack Blamed for the Loss
According to reporting from The Chosun Daily, the loss occurred after a password was leaked externally, with officials pointing to a phishing attack as the root cause. A prosecutor’s office employee allegedly accessed a malicious website, allowing attackers to obtain credentials tied to the seized Bitcoin wallet.
Phishing attacks remain one of the most common threats in crypto, relying on spoofed websites or emails that trick users into revealing private keys or login details. Once access is obtained, attackers can drain wallets almost instantly, leaving little chance of recovery.
Investigation Underway, Details Withheld
South Korean prosecutors have confirmed that an investigation is ongoing but declined to provide specifics.
Authorities have not clarified whether the Bitcoin was stored in a hot wallet, cold storage, or through a third-party custodian, an omission that has reignited debate around government-level crypto custody standards.
Phishing Losses Are Falling - But Risks Remain
Ironically, the theft comes at a time when global phishing-related crypto losses are declining. Blockchain security firm Scam Sniffer reported earlier this month that phishing losses fell more than 80% in 2025, dropping to $83.85 million, while the number of victims declined nearly 70% to around 106,000.
Despite those improvements, the South Korean case highlights that institutional holders-including governments-are not immune. As crypto adoption spreads, attackers are increasingly targeting high-value, centralized custodians, where a single breach can result in massive losses.
Governments Hold Billions in Seized Crypto
South Korea is far from alone in holding large crypto reserves tied to criminal investigations. Around the world, law enforcement agencies are sitting on billions of dollars in seized digital assets, often with limited public disclosure around storage methods.
In the United States, Coinbase revealed last June that it assisted the US Secret Service in seizing $225 million in crypto, marking the agency’s largest-ever crypto seizure tied to scam activity.
In the UK, authorities were reported last October to be debating whether to retain $6.4 billion worth of seized Bitcoin, originally confiscated in 2018 from scammers who defrauded more than 128,000 investors in China, rather than returning funds to victims.
A Wake-Up Call for Crypto Custody
The South Korean Bitcoin loss underscores a growing concern: as governments accumulate crypto, custody practices are becoming a systemic risk. Without clear standards around key management, cold storage, access controls, and staff training, even seized assets meant to serve justice can become prime targets for cybercriminals.
For now, investigators are racing to determine whether any of the missing Bitcoin can be recovered. Regardless of the outcome, the case is already being seen as a cautionary tale-one that may force governments worldwide to rethink how they secure digital assets in an increasingly hostile cyber environment.
