A Hacker Stole $21.5M in Bitcoin From South Korean Prosecutors. Then Gave It Back

BitcoinCryptocurrency
By Samuel Edyme
A Hacker Stole -21.5M in Bitcoin From South Korean
A Hacker Stole -21.5M in Bitcoin From South Korean
0 420

The Gwangju District Prosecutors’ Office in South Korea has completed the sale of 320.8 Bitcoin (BTC), worth approximately $21.5 million, that were originally seized from operators of an illegal online gambling platform that handled an estimated 390 billion Korean won (around $285 million) in wagers between 2018 and 2021. 

Operators had converted their proceeds into Bitcoin to conceal them. Prosecutors sold the holdings in small batches across 11 days, from February 24 to March 6, a staged approach intended to avoid disrupting the market. The 31.6 billion won in proceeds was transferred to the national treasury.

What makes the case unusual is the route those coins took before reaching a government exchange wallet. In August 2025, a staff member at the Gwangju office was tricked by a phishing website, a fake platform designed to impersonate a legitimate cryptocurrency custody interface, during a routine custody verification procedure. 

The staffer unknowingly exposed the wallet’s seed phrase, the master password that grants irreversible control over a crypto wallet, and the 320 BTC were drained shortly after. The theft went entirely unnoticed for nearly five months. It was not discovered until January 23, 2026, during a scheduled audit of seized assets.

The Hacker Gave It Back

What happened next is rare. Rather than laundering the funds, the near-universal response to a successful large-scale theft, the hacker returned the Bitcoin voluntarily. On February 17, prosecutors reported the funds had moved to a government-controlled wallet; on February 19, the Gwangju office confirmed receipt of 320.88 BTC. 

Before the return, authorities had asked exchanges to freeze the hacker’s wallet address, blocking any attempt to liquidate the coins. Whether that freeze was decisive, or whether the hacker had other reasons to comply, has not been established. 

No suspects have been identified and the investigation remains open. Voluntary full returns of stolen crypto at this scale are, by most industry estimates, nearly unheard of.

Not an Isolated Failure

The Gwangju incident is one of at least three cryptocurrency custody failures by South Korean government agencies to surface in recent months.

A nationwide internal audit, triggered in part by the phishing case, found that Seoul’s Gangnam Police Station had lost track of 22 BTC on a USB cold wallet, an offline storage device, submitted as evidence in a 2021 investigation. 

The device was never reported stolen, raising questions about internal access. Separately, the National Tax Service faced criticism after a government report inadvertently exposed a wallet recovery phrase. 

All these incidents have prompted calls for standardized digital asset custody protocols across South Korean law enforcement and tax agencies, none of which currently operate under a unified framework for securing seized cryptocurrency.

Samuel Edyme

Samuel Edyme is a cryptocurrency and Web3 writer who covers breaking news and market developments. He focuses on turning complex topics into clear, easy-to-read stories that help readers understand what’s happening and why it matters.

Alexander Leusenko
Reviewed by expert:
Alexander Leusenko

Blockchain expert and editor at Altcoinlog. Regular participant in international IT, blockchain, and crypto industry conferences.

You might also like More from author

Leave A Reply

Your email address will not be published.