As debates over crypto custody and cyber risk intensify, the South Korea incident has put public-sector handling of seized digital assets under a harsh spotlight. The roughly 320 BTC in custody became the center of both a criminal investigation and a wider discussion about institutional storage procedures after the funds vanished and later resurfaced.
2021: Seized Bitcoin Placed Under Prosecutorial Custody
The case traces back to 2021, when investigators took control of crypto assets linked to an ongoing probe. Records referenced a balance of around 320 BTC, held as a custody asset intended for formal transfer into state inventory. In the months that followed, the structure and safeguards used to manage that custody became a key point of scrutiny.
August 2025: Phishing Attack Pushes Funds Out of Official Control
The turning point came in August 2025. During a custody check, personnel were reportedly redirected to a wallet interface designed to imitate a legitimate access screen. Once critical access information was captured through the spoofed interface, the wallet was drained. Roughly 320 BTC was then sent to attacker-controlled addresses, moving beyond prosecutorial control.
This phase triggered two immediate fault lines in the public debate. The first was the scale of phishing risk even inside state institutions. The second was how layered and resilient the access and verification process truly was for seized crypto custody.
January 2026: Loss Confirmed, Crypto Investigation Expands
Once the missing funds were confirmed, legal and administrative tracks moved in parallel. Investigators began tracing the transfers on-chain while internal reviews focused on the operational window in which the breach occurred. Prosecutors also targeted the exit routes most likely to convert the Bitcoin into cash, leaning on exchange-facing measures to narrow liquidation channels and contain the damage.
The investigation’s priorities crystallized around three core steps:
-
On-chain monitoring to map the transfer path and endpoints
-
Restricting exchange off-ramps to reduce the ability to liquidate the funds
-
Internal review to identify procedural weaknesses in custody and access workflows
February 2026: Bitcoin Returned to the Prosecutors’ Wallet
In February 2026, the case shifted again as the missing Bitcoin was transferred back into the prosecutors’ wallet. Assessments centered on a practical pressure point. As converting the funds through exchanges became harder, returning the assets emerged as a likely outcome. The reappearance of roughly 320 BTC suggested that measures aimed at tightening off-ramps can be as consequential as technical tracing in high-profile crypto cases.
Post-Return On-Chain Transfers: New Questions Surface
After the funds re-entered the official wallet, further on-chain movement was observed. The quick transfer of Bitcoin to other addresses introduced two competing interpretations.
-
The possibility of continued unauthorized access raised concerns that the assets could have been exposed again.
-
The scenario of security-driven relocation pointed to the funds being moved into a safer storage structure, such as a different wallet or an institutional custody setup.
The destination addresses and authorization trail are expected to determine how the case evolves from here.
Why the Dollar Figures Varied: One BTC Amount, Multiple Valuations
The case also produced shifting headline valuations. Crypto price volatility meant the same custody balance was described at different points in widely different dollar terms. The quantity remained near 320 BTC, while the estimated value fluctuated with market conditions, appearing around the 21 million dollar range in some calculations and higher in others.
Crypto Security and Public Custody Protocols Back in Focus in South Korea
The Gwangju case underlined how fragile crypto custody can be when operational workflows and cybersecurity safeguards fail to align. The phishing breach exposed vulnerabilities that go beyond pure technology and into process control. The February 2026 return, meanwhile, highlighted how exchange off-ramp restrictions can influence outcomes in stolen-funds cases. With post-return transfers still under the microscope, the incident is likely to remain central to South Korea’s debate on seized-asset storage, institutional custody standards, and crypto security.
