South Korea's National Tax Service apologized on Sunday for a security breach that exposed cryptocurrency data, calling the incident an inexcusable mistake.
"We deeply apologize to the public," the agency said in a statement. "During a briefing on the seizure of delinquent taxpayers' assets on January 26, an accident occurred in which virtual asset information was leaked."
The tax agency had distributed a press release announcing the seizure of four cold wallet USB devices containing a tax delinquent's cryptocurrency. The release inadvertently included images showing the "mnemonic code"—a master key that enables access to digital wallets.
Shortly after the exposure, allegations emerged that approximately $4.8 million (about 6.9 billion won) in cryptocurrency had been stolen from the compromised wallets. However, authorities have since determined that the leaked assets were inactive tokens traded only on specific exchanges, suggesting actual losses may amount to just several thousand dollars.
"This accident resulted from carelessly providing original photographs to the media without recognizing they contained sensitive virtual asset information, while trying to deliver more vivid information to the public," the agency said. "There is no excuse—this is the National Tax Service's fault."
The agency said it is making all-out efforts to recover the stolen assets. Upon confirming the coin outflow, officials immediately began tracking the funds through internal cryptocurrency tracing software and requested a police investigation.
The National Tax Service pledged to conduct an external review of its entire security system, strengthen internal controls including pre-release screening procedures, overhaul protocols for seizing, storing, and selling virtual assets, and enhance security training for staff.
Finance Minister Koo Yun-cheol said on X that the government would work with the Financial Services Commission and Financial Supervisory Service to review digital asset holdings and management practices across government and public institutions.
"We will promptly establish and implement measures to prevent recurrence, including strengthening digital asset security management," Koo said.
Police have launched a preliminary investigation following the tax agency's referral. If suspects are identified, they could face charges including violations of the Information and Communications Network Act and aggravated computer fraud under the Act on the Aggravated Punishment of Specific Economic Crimes.