The prosecutor’s office in South Korea’s Gwangju region launched an internal audit after approximately 320 Bitcoins seized from a criminal organization in 2021 were lost as a result of a phishing attack. Digital assets worth approximately 40 billion won were among the proceeds of crime held in judicial escrow.
Fake Wallet Site Access and Security Vulnerability
The internal audit revealed that during a handover in August 2025, officials logged into a fake crypto wallet website to control the cold wallet stored on the USB device. The assets were accessed because the officers mistakenly entered their credentials on this site, which appeared to be a legitimate platform. The transfer of Bitcoins seized by phishing method was noticed for the first time recently, during the final investigations before the transfer of judicial money to the treasury.
Suspicious Movements in Bitcoin Tracking
At first, the prosecutor’s office claimed that digital assets were compromised by an external cyber attack. However, blockchain data dated February 19, 2026 showed that 320 Bitcoins briefly returned to the prosecutor’s office’s original wallet address and were then transferred to two separate addresses. These unusual on-chain movements raised suspicion among experts working on the case of insider fraud or an advanced attempt at concealment.
Deepening the investigation, the Gwangju prosecutor’s office placed the mobile phones of five officials under digital scrutiny. Additionally, it was stated that the stolen Bitcoins have not been converted into cash so far.
Digital Asset Security Concern in Institutions
The incident highlighted the need for strong cybersecurity protocols in institutions’ digital asset management. This loss experienced at the corporate level showed that large organizations are not fully protected against social engineering techniques.
The fact that users were warned about voting security after the recent hyperlink attack by Curve Finance shows that security vulnerabilities are frequently discussed in the sector. The view that institutions should develop multi-layered protection measures comes to the fore.
The Gwangju prosecutor’s office announced that efforts to recover the assets are continuing. In addition, it was stated that all relevant transfer movements were examined in detail.
Authorities pointed out that the assets were not converted into cash on any crypto exchange at this stage and stated that recovery operations were ongoing.
Such an incident has increased criticism and concerns about how blockchain-based assets are managed and stored in public institutions.
