- Due to how crypto works, it’s unlikely the authorities can ever get the money back.
Cybersecurity is no joke. You should use long and complex passwords, ensure your devices are free of malware and viruses, and monitor your ID and payment methods for unauthorized use.
And you certainly should not post your online wallet’s password publicly — like the South Korean police just did.
Recently, the country’s tax authorities cracked down on more than 100 people evading taxes through digital assets. The operation was very successful, and the authorities confiscated more than $5 million in cryptocurrency.
Such an achievement is worth celebrating. So, the tax authority posted a public press release with pictures of the device used to store the digital cash.
Unfortunately, the cops overlooked a small detail. The high-resolution images clearly showed the key codes necessary to access the crypto wallet.
The whole thing ended pretty much how you’d expect. The vast majority of the seized money is now gone, the cops have no idea who stole it, and they’re certainly not sure how to get it back.
Back to square one, we suppose.
Successful Crackdown
The series of unfortunate events begins with a recent anti-tax evasion operation launched by South Korea’s National Tax Service (NTS). The crackdown targeted a reported 124 high-value tax evaders, who had been skirting their dues through various online assets.
Most commonly, they had channeled their income into various cryptocurrencies. It’s that electronic money that the NTS went after.
It seems the operation was nothing short of successful. According to Korean news reports, the NTS confiscated 8.1 billion won in cryptocurrency.
In U.S. money, that’s around $5.5 million — not an insignificant sum by any measure.
To highlight the results of the crackdown (and probably to send a message that tax evaders will be caught), the NTS published a press release celebrating the achievement. That press release included high-resolution photographs of the Ledger devices holding the confiscated money.
Hot or Cold
Before we go any further, we should explain what a Ledger device is. To make things very simple, it’s an electronic gadget that serves as a wallet holding your crypto assets.
In case you’re not too familiar with crypto, you can store your digital coins in two kinds of wallets: hot or cold.
Hot wallets are always connected to the internet and are typically provided through a web service. They work just fine, but since they’re always online, they are vulnerable to hacking, data leaks, and anything else that comes with online services.
Cold wallets, meanwhile, are standalone devices that hold the data needed to access your cryptocurrency. They could be as simple as a string of codes on paper, or something like the Ledger devices that the NTS used.
Such hardware wallets can only be accessed through key codes. As long as you keep the master key phrase secret, no one can access your money.
Yoink!
The NTS, however, failed to keep its master key secret. Papers in the background of the photos they published clearly showed the access codes to the Ledger devices in black and white.
It didn’t take long for people to take notice of the codes. And it took an even shorter time before someone used them.
An unknown individual or individuals gained complete access to the NTS crypto wallet by using the master key code. They deposited a small amount of Ethereum coins into the wallet to check if they had access — and to cover future transfer fees.
And oh boy, was there a transfer. Out of the $5.5 million on the Ledger wallet, $4.8 million disappeared overnight.
No Way Back
You might imagine the NHS would be able to easily find out who took the money and get it back. However, that might prove next to impossible.
First, there’s no suspect. Or, more precisely, there are too many suspects. Anyone who saw the pictures could’ve potentially used the included codes, so there’s no way to start narrowing the field down.
Additionally, one of the defining features of cryptocurrencies is that there’s no central authority governing them. Unlike with regular bank transfers, the NHS can’t ask somebody who accessed their wallet and where they sent the money.
They simply have no paper trail whatsoever.
The NHS has pulled the hazardous press release from their website, not that it does any good at this point.
So, if you’re a crypto investor, let this be a cautionary tale for you. Don’t digitize your wallet’s master key. Write it on a piece of paper, keep that paper under lock and key, and — above all — don’t post a picture of it online.