South Korean Police’s Bitcoin Custody Lapse Costs 22 BTC; Two Arrested as Probe Expands

Seized Bitcoin doesn’t vanish because blockchains are opaque—it disappears when key control is outsourced. In Seoul’s Gangnam district, officers forfeited practical ownership of 22 BTC—about $1.4 million at today’s prices—by parking confiscated funds with a third-party custodian and never holding the seed phrase themselves. Two suspects have now been arrested as investigators trace how the coins left custody and why basic safeguards were bypassed.

The timeline is straightforward and damning. Police seized 22 BTC in 2021 from a hacked company. Guidance required transferring assets into an agency-controlled hardware wallet stored in a secure safe, but the coins remained in a wallet administered by an outside firm. In 2022, that firm “borrowed” Bitcoin from the wallet and handed the secret recovery phrase to an individual identified as Jeong, effectively surrendering control. The gap wasn’t surfaced until this year, during a review tied to a separate matter that uncovered 320 missing BTC—roughly $21 million—prompting deeper checks. In the Gangnam case, the Gyeonggi Northern Provincial Police Agency made two arrests and has said it is examining exactly how the Bitcoin left official custody.

Complicating the picture, a member of the original hacking investigation team was indicted on bribery charges last year, and the outside firm is reported to have offered payments to shape the investigation in its favor. The episode lands as confidence in local oversight is already strained: financial regulators recently failed to catch an internal system flaw that triggered roughly $43 billion in erroneous Bitcoin distributions at a major exchange. A promotion intended to send 2,000 won—about $1.40—was misconfigured and sent up to 2,000 BTC, around $135 million at current prices, to hundreds of users.

The throughline isn’t “crypto risk”; it’s key-management discipline. Whoever controls signing authority controls the asset. Handing custody to a vendor without retaining the seed phrase nullifies any legal seizure in practice. This is a governance error masquerading as a technical one.

The remedy is operational, not rhetorical: - Use threshold custody (e.g., 2-of-3 or 3-of-5) with keys split across independent government units—investigators, internal audit, and a separate supervisory body—to enforce separation of duties. - Keep signing devices air-gapped; store shards in sealed, access-logged safes; enforce dual control for retrieval. - Sweep seized funds immediately to whitelisted agency addresses with deterministic labeling, and verify receipt on-chain before closing field operations. - Implement time-locked vaults for large balances to slow illicit outflows, plus rule-based policies that block transfers to unsanctioned destinations. - Maintain immutable, human-readable chain-of-custody logs hashed to a public chain; reconcile wallet balances daily and auto-alert any deviation. - Prohibit “borrowing” or rehypothecation by policy and contract; any third-party support should be non-custodial and monitored.

Human factors are the real risk surface: convenience, misplaced trust, and misaligned incentives. When a single seed phrase can unwind an entire case, bribery becomes cheap leverage. Split control raises the cost of collusion and creates observable footprints—access logs, approvals, and on-chain delays—that deter tampering.

There’s also a trust cost. Victims of hacks cooperate when they believe assets will be preserved and evidence handled cleanly. Incidents like this, especially alongside high-profile operational failures at exchanges, erode that confidence and make recoveries harder. The tools to avoid repetition already exist in the industry; what’s needed is enforcement-grade implementation and routine audits rather than ad hoc vendor reliance.

This was not a sophisticated exploit. It was a preventable collapse of custody hygiene. Fix the controls—keys, process, and oversight—and the narrative shifts from loss and arrests to recoveries and deterrence.