South Korea Prosecutors Lose Seized Bitcoin in Suspected Phishing Attack

South Korea’s Gwangju District Prosecutors’ Office is facing intense scrutiny after reports revealed that a large amount of Bitcoin seized during a criminal investigation has gone missing. According to multiple local media outlets on Jan. 22, the disappearance likely occurred around mid-2025 and is believed to be the result of a phishing attack, raising serious concerns about cryptocurrency custody practices within law enforcement.

Investigators suspect that prosecutors may have accidentally accessed a scam website while conducting a routine inspection of seized digital assets, allowing attackers to drain the Bitcoin under custody. While officials have declined to confirm the exact amount lost, internal estimates cited by local sources suggest losses could be as high as 70 billion won, or approximately $48 million. A prosecution official stated that an internal investigation is underway to determine how the loss occurred and to trace the missing assets.

The incident has highlighted critical weaknesses in how seized cryptocurrency is handled. One major question is whether proper seizure protocols were followed. If authorities merely confiscated physical storage devices, such as USB drives containing wallet credentials, without transferring the Bitcoin to a secure custody wallet, the original owner may have retained access through backup private keys. In such a scenario, the seizure itself would have been fundamentally flawed.

Security practices surrounding wallet creation and key management are also under scrutiny. Creating custody wallets on internet-connected devices can expose private keys from the outset, while best practices require using air-gapped systems isolated from any network. Similarly, storing private keys on connected devices or cloud services significantly increases the risk of hacking, compared to offline physical storage methods.

Beyond the immediate financial loss, the case underscores broader challenges facing law enforcement agencies as cryptocurrencies become more common in criminal investigations. Traditional evidence storage methods are ill-suited for digital assets, which require continuous and specialized security controls. As the investigation continues, the Gwangju case serves as a cautionary example of the risks institutions face when handling crypto assets without robust safeguards and specialized training.