Hey, I saw a story that’s basically a manual of what NOT to do in digital security. South Korea’s National Revenue Service had a spectacular leak last week, and the worst part is that it was completely avoidable.

Basically, they seized cryptocurrency hardware wallets in an operation against delinquent taxpayers. All normal so far. The problem? When they released the press materials about the operation, they included a clear photo showing the complete mnemonic phrase from the wallet next to the Ledger devices. No blurring, nothing—just a screenshot.

And guess what happened? Hackers saw that exposed mnemonic phrase and did exactly what anyone with basic knowledge of cryptography would do: they accessed the wallet. It didn’t even take a day. In the early hours of the 27th, they began transferring the assets. First, they sent small amounts of ETH as gas fees, and then withdrew about 4 million PRTG tokens in three transactions to unknown addresses.

The total value of what they took? Approximately 4.8 million dollars. That’s 6.4 billion Korean won. It’s not exactly pocket change.

The most absurd part is that experts are criticizing the act as equivalent to “publishing the wallet’s key.” Basically, the National Revenue Service showed a very basic understanding even of digital asset security. It’s like leaving your bank password written on a sticky note on the refrigerator door.

This story should be mandatory in any training on security protocols. It’s not just about cryptography—it’s about the basics: never expose sensitive information, even if it seems harmless.