South Korean prosecutors have sold seized Bitcoin worth $21.5 million after the cryptocurrency was unexpectedly returned by a hacker months after a phishing incident.
Key Takeaways
- South Koreaβs Gwangju District Prosecutorsβ Office sold 320.8 Bitcoin worth about $21.5 million and transferred the proceeds to the national treasury.
- The Bitcoin had been temporarily lost in August 2025 after officials managing the assets were tricked by a phishing website.
- The hacker unexpectedly returned the cryptocurrency in February, allowing authorities to liquidate the funds in controlled batches.
- The incident has renewed concerns about security practices for digital assets held by government agencies in South Korea.
What Happened?
South Korean prosecutors sold 320.8 Bitcoin over an eleven day period after the cryptocurrency was returned to authorities following a phishing related custody breach. The proceeds, worth about 31.6 billion Korean won or $21.5 million, were transferred to the national treasury.
The Bitcoin was originally seized from operators of an illegal international gambling platform that allegedly processed hundreds of billions of won in wagers between 2018 and 2021.
South Korean prosecutors sell $21.5 million in seized bitcoin once lost to phishing attack https://t.co/mgyYTKoR4r
β The Block (@TheBlockCo) March 10, 2026
Prosecutors Sell Recovered Bitcoin in Phases
The Gwangju District Prosecutorsβ Office carried out the sale in small batches between Feb. 24 and March 6, according to local media reports including Chosun Ilbo. Authorities said the phased liquidation helped prevent potential disruption to the cryptocurrency market.
Officials confirmed that the funds were converted at market prices, with the final proceeds totaling approximately 31.59 billion Korean won. The entire amount has now been transferred to the national treasury.
The Bitcoin had originally been confiscated during an investigation into an international gambling operation that allegedly handled around 390 billion won or about $285 million in bets from 2018 through 2021. Prosecutors said the operators attempted to hide criminal proceeds by converting them into cryptocurrency.
Phishing Attack Temporarily Removed Bitcoin From Custody
The case took a dramatic turn in August 2025 when prosecutors temporarily lost control of the seized cryptocurrency.
According to authorities, officials responsible for managing the assets were tricked by a phishing website, allowing the funds to be transferred out of government controlled custody. The loss was not immediately detected and was only discovered several months later in December 2025.
Investigators later traced the stolen funds to a wallet controlled by a hacker. In response, prosecutors worked with domestic and overseas cryptocurrency exchanges to restrict the movement of the stolen Bitcoin by blocking potential liquidation routes.
These restrictions appear to have played a role in what happened next.
Hacker Unexpectedly Returns 320 Bitcoin
In a surprising development, the hacker returned 320.8 Bitcoin to a wallet controlled by authorities on Feb. 17.
Reports indicate the hacker sent back the funds after the walletβs ability to convert or withdraw the cryptocurrency had been significantly restricted by investigators. Authorities later transferred the returned Bitcoin to a secure exchange wallet before beginning the liquidation process.
Despite the return of the funds, officials confirmed that the hacker remains unidentified and at large, and the investigation into the breach is still ongoing.
Wider Concerns About Crypto Security in Government Agencies
The incident has also drawn attention to broader security issues surrounding digital assets held by South Korean government agencies.
A recent nationwide internal review reportedly found that Seoulβs Gangnam Police Station lost 22 Bitcoin that had been stored in a USB-based cold wallet since 2021. Investigators noted that the storage device itself was never reported stolen, raising the possibility of internal involvement.
In another case, the National Tax Service faced criticism after a report allegedly exposed a crypto wallet recovery phrase. Following the disclosure, about 4 million Pre Retogeum tokens, theoretically valued at around $4.8 million, were moved from the wallet to an unidentified address.
These incidents have fueled public criticism regarding technical expertise and security protocols for digital asset management within law enforcement and tax agencies.
CoinLaw’s Takeaway
In my experience covering the crypto industry, custody mistakes often cause more damage than hackers themselves. What stands out in this case is that authorities actually managed to recover the funds after a phishing attack, which is extremely rare in crypto related thefts.
I also found it striking that the hacker eventually returned the Bitcoin once liquidation options were restricted. That suggests stronger cooperation between exchanges and investigators can sometimes force bad actors into a corner. Still, the repeated security lapses across different agencies highlight a serious gap in digital asset management expertise. Governments dealing with seized crypto must treat custody security with the same seriousness as traditional financial evidence.
