Soon after South Korean police posted a press release boasting about seizing $5.6 million worth of cryptocurrency from 124 wealthy tax evaders, cops realized that they had mistakenly posted images that made it possible for a thief to quickly steal most of the seized assets.
Eventually, the press release was removed, but not before it was grabbed by local media outlets and tech publications covering the theft.
Bleeping Computer shared a screenshot of the retracted images, which showed a handwritten note next to a Ledger device that’s used as a so-called “cold wallet” to store crypto out of reach of online threats. Clearly legible in the photo, the note contained a complete mnemonic recovery phrase that anyone can use as a master key to move assets off the cold wallet to a new wallet without any additional PIN or permissions required.
From Ars Technica - All content via this RSS feed