South Korean authorities have come under scrutiny after a large stash of seized Bitcoin went missing during a routine check. The loss was discovered when officials found that some of the wallets that had been held as criminal evidence were empty.

According to multiple reports, the value of the missing Bitcoin is about 70 billion won — roughly $47.7–$48 million.

How Officials Found The Theft

Reports say the gap showed up during a routine audit of confiscated digital assets at the Gwangju District Prosecutors’ Office.

An internal check flagged transfers from wallets that had been marked as evidence, and investigators traced the movement back to external addresses. The office immediately opened an inquiry to determine how access was lost and whether any recovery is possible.

Initial findings point to a phishing scam as the trigger. According to local coverage, a staff member accessed a fraudulent website that impersonated a legitimate service, and that interaction exposed passwords and private keys.

Once the credentials were captured, the Bitcoin was moved out in transactions that cannot be reversed.

Security Lapses And USB Storage

Reports note that some of the access details for the seized assets were kept on portable drives rather than in hardened custody systems.

That practice appears to have made it easier for attackers to grab the keys once the phishing trap was sprung. Simple mistakes can cost millions when the asset is bearer-like and transfers are final.

The theft has raised hard questions about how state agencies handle crypto. Some experts say that the tools used by prosecutors were more suited to personal use than to government-level custody.

There are calls for stricter rules, multi-signature setups, and cold storage protocols that do not rely on easily copied passwords.

Tracing The Bitcoin

Blockchain records show the funds moving through several wallets after the initial transfer. That public trail gives investigators leads, but tracing tokens to a final cash-out point is often slow and requires cooperation from foreign exchanges and on-chain analytics firms. Reports say authorities are working with outside specialists to map the flow.

What Prosecutors Are Doing Next

The Gwangju prosecutors’ office has vowed a full probe, and officials are trying to reconstruct events step by step.

There are also signs that the incident will trigger a review of national procedures for holding seized digital property. Some lawmakers and legal experts have already called for clearer standards and oversight.

Featured image from Pexels, chart from TradingView

Resecurity has identified PDFSIDER malware that exploits the legitimate PDF24 App to covertly steal data and allow remote access. Learn how this APT-level campaign targets corporate networks through spear-phishing and encrypted communications.

Hackread.com exclusive: Scammers are using verified PayPal invoices to launch callback phishing attacks. Learn how the "Alexzander" invoice bypasses Google filters.

Ledger confirms data breach via Global-e partner. Customer info exposed, phishing attacks active. No passwords or crypto recovery phrases leaked.

Phishing in 2026 is harder to detect and verify. Learn how CISOs can speed up investigations, reduce noise, and respond with confidence.

Check Point researchers found a phishing scam abusing Google Cloud to target organisations worldwide. Scammers use official domains to steal logins. Read the full details in this exclusive report.

Phishing campaign: Scammers sent over 40,000 spoofed SharePoint, DocuSign and e-sign emails to companies, hiding malicious links behind trusted redirect services.

SimpleX Chat’s X account hacked to promote fake crypto site urging users to connect wallets. Site mimicked official design to steal funds.

Infoblox Threat Intel reports a campaign that used the Evilginx phishing kit to bypass Multi-Factor Authentication (MFA) and steal credentials from 18 US universities between April and November 2025.