Key Insights:
- The confiscated Bitcoin was lost in custody due to an alleged phishing attack.
- The password leak enabled unauthorized access and fund transfers.
- Probe focuses on storage processes and internal procedures.
South Korean prosecutors are examining the loss of a significant portion of Bitcoin seized as a result of criminal activity, after an internal audit found that the funds may have gone missing while under state control.
Suspected Phishing Attack in the Asset Management period
The Chosun Daily reported that the Gwangju District Prosecutors’ Office is investigating the case as a suspected phishing operation and is looking into how the digital assets were stored and handled at the time of the Seizure last year.
According to an official, the loss occurred after an agency employee accessed a fraudulent site, revealing a wallet password to third parties. However, law enforcement agents are still trying to ascertain the whereabouts of the confiscated digital property and have not yet provided any further information.
The South Korean prosecutors suspect that the disappearance took place during the management process of the confiscated assets, which were associated with an illicit gambling case.
Additionally, Bitcoin was reportedly classified as illegal property and confiscated during criminal proceedings before it was lost.
Phishing attacks are typically carried out through spoofed emails or websites, intended to trick users into revealing personal keys or passwords. It is assumed that the wallet password in the case has been disclosed, allowing illegal access to the seized funds, which may be transferred without even being noticed at the moment.
In addition, it has been reported locally that the wallet password was revealed to a third party during a standard check of the items seized, i.e., a routine inspection of the confiscated goods. One could argue that an entry point was created to gain access unlawfully.
Cases of South Korean Prosecutors and Past Cargo Seizure
One of the biggest cases, which the Gwangju District Prosecutors have already addressed, is seizure of digital assets.
In March 2024, the office attempted to seize approximately 170 billion won worth of Bitcoin linked to another unlawful gambling enterprise, valued at approximately 127 million dollars at the time.
Seizure and administration of digital properties in South Korea have become more institutionalized due to several Supreme Court decisions.
In 2018, the Supreme Court held that cryptocurrencies are intangible assets of economic value, providing a legal basis for Seizure under the Criminal Procedure Act in relation to criminal activity.
Regulatory Background and Asset Freeze Requirements
Recently, financial regulators have also announced they intend to test a payment freeze system that allows investigators to temporarily freeze crypto-related accounts before alleged illicit funds can be withdrawn or transferred offshore.
The effort is aimed at enhancing enforcement powers and minimizing the number of assets that flee during investigations.
The ongoing inquiry by South Korean prosecutors is accompanied by regulatory action. However, the authorities have not provided further details on the controls applied to protect the seized digital assets in this case.
The token confiscation practices are usually not publicly disclosed, though law enforcement agencies worldwide store massive amounts of confiscated cryptocurrencies.
Cryptocurrency Phishing Trends and Reported Losses
Phishing is a widespread method of accessing digital wallets that relies on deception rather than technical expertise. According to Scam Sniffer, total losses decreased to 83.85 million, and the number of crypto losses from phishing attacks decreased by more than 80% in 2025.
The number of victims also reportedly dropped by nearly 70% to 106,000 during the same period. Despite the decline, the current case highlights that phishing incidents can affect both institutional settings and individual users.
Storage Procedures and Custodial Issues
The seized Bitcoin in this case was on a portable USB device, according to domestic reports, unlike more resilient custody systems typically implemented by institutional parties.
The adoption of these types of storage has raised concerns about internal procedures for handling seized digital assets, though the investigators have not explicitly stated specific custody procedures.
The mentioned leakage of the wallet password during a routine checkup further underscores the importance of operational practices in securing digital resources.
