South Korean Prosecutors Lose $47M Bitcoin in Phishing Scam

The Gwangju District Prosecutors’ Office discovered the massive loss during a routine internal inspection of seized financial assets. The inspection process, which involves checking passwords and access information stored on removable devices like USB drives, revealed that the Bitcoin—confiscated in a prior criminal case—was no longer accessible. While initial reports estimated losses in the “hundreds of billions of won,” local media outlet The Chosun Daily specified the missing amount at roughly 70 billion won, or about $47.7 million.

Authorities are investigating the circumstances but have not disclosed specifics publicly. A prosecution official cited in local coverage suggested the loss may have occurred after someone accidentally accessed a “fake site” during the inspection. This points to a phishing attack where wallet passwords or access credentials were exposed externally, enabling attackers to drain the seized Bitcoin holdings, rather than a direct breach of a secured internal system.

This incident at a South Korean government agency starkly illustrates that phishing remains one of the most common and effective tactics for stealing cryptocurrency. These scams rely on spoofed websites or deceptive messages designed to trick victims into surrendering sensitive information like private keys or login details. The threat is universal, targeting individual holders and large institutions alike.

Earlier this year, users of Ledger, the prominent France-based crypto hardware wallet company, were targeted in a sophisticated phishing campaign. Following a data breach at Ledger’s e-commerce partner, scammers sent personalized emails claiming a fake merger between Ledger and competitor Trezor. The messages instructed users to “migrate” their wallets by entering their 24-word recovery phrases on a fraudulent website, a classic phishing ploy.

Industry leaders continue to warn of evolving tactics. In December, Bitget CEO Gracy Chen highlighted a rise in phishing scams using fake Zoom and Microsoft Teams meetings. Hackers distribute bogus links via platforms like Telegram, then claim technical issues during calls to trick victims into downloading malware. Chen urged users to rigorously verify meeting links and avoid installing unsolicited software.

The loss of such a significant sum from official government custody raises serious questions about the protocols for handling seized digital assets. If a prosecutorial office can fall victim to a phishing scam, it highlights a potentially widespread lack of specialized security training and hardened procedures for managing crypto within traditional institutions.

The incident underscores a fundamental tension in cryptocurrency: the balance between security and accessibility. The very features that make Bitcoin a resilient digital asset—user-controlled private keys, irreversible transactions—also mean that a single security lapse, like exposed credentials, can lead to permanent, untraceable loss. For government agencies becoming de facto crypto custodians, developing and enforcing enterprise-grade security standards is now an urgent imperative.

As authorities work to trace the whereabouts of the stolen Bitcoin, the case serves as a costly reminder. In the digital asset ecosystem, security is not just a technical challenge but a human one. Continuous education on threats like phishing, coupled with robust, multi-layered custody solutions, is essential for protecting value—whether held by an individual, a corporation, or the state.