The South Korean National Tax Service (NTS) faced a significant breach of security when the password for its cold wallet containing seized cryptocurrency was leaked in a press release. Contrary to initial reports of a single incident, investigations have revealed that the seized assets were not only stolen once but were re-stolen after being returned. The police have initiated a formal investigation into the newfound suspects who may be involved in these thefts.

On January 2, the Cyber Terror Response Team of the National Police Agency confirmed that there were indeed two separate incidents of theft involving the NTS's confiscated cryptocurrency. The situation escalated when a thief, driven by curiosity after seeing the leaked mnemonic code used for wallet recovery, initially stole the cryptocurrency but returned it the next day. However, it has now come to light that another individual managed to steal the assets a second time after they were returned.

The estimated size of the stolen cryptocurrency, known as PRTG coins, amounts to around 4 million coins, valued at approximately $480,000. The NTS has expressed concerns regarding the further liquidity of these assets, indicating that due to the minimal trading activity of such coins, cashing them out may not be straightforward. Police are currently investigating the legitimacy of the claims made by the initial thief who reported their actions and are actively pursuing the person responsible for the second theft, indicating the ongoing nature of the investigation.