韓国の税務当局が、脱税案件で差し押さえた仮想通貨(約480万ドル相当)を内部のアクセス管理ミスによって失ってしまったという報道が出ています。
何が起きたのか
差し押さえた仮想通貨を保管していたウォレットへのアクセスキー(秘密鍵)の管理が適切でなく、担当者の異動や組織変更のタイミングで引き継ぎが正しく行われませんでした。結果として、ウォレットにアクセスできる情報が失われ、資産が事実上「取り出せない状態」になりました。
No, wait, this is a seriously insane incident!
You know how I've been super concerned about gadget security and managing cryptocurrencies lately? So, I was digging through overseas news and found an unbelievable article.
[kira]韓国の税務当局が差し押さえた仮想通貨を管理ミスで丸ごと失ってしまったんですか![jito]約480万ドル(7億円規模)を、アクセス権の管理ミスで失うとは……笑えない事件ですよね。[kira]仮想通貨の管理リスクを改めて実感させられます。[normal]
仮想通貨の特性上、秘密鍵を失うと本人(この場合は国)であっても資産にアクセスする方法はありません。銀行口座では考えられない事態です。
なぜこういう事態が起きるのか
仮想通貨を「安全に保管する」ためには、ウォレットの種類(ホットウォレット・コールドウォレット)の選択と、秘密鍵のバックアップ体制が不可欠です。特に組織での運用では、担当者1人だけが鍵を持つ構造は致命的なリスクになります。
マルチシグ(複数の鍵が必要な承認方式)やHSM(ハードウェアセキュリティモジュール)を活用した管理体制が、機関投資家や政府機関には求められます。
個人への教訓
仮想通貨を個人で管理している場合も、シードフレーズ(復元用の単語列)を安全な場所に複数バックアップしておくことが基本です。スクリーンショットやクラウド保存は危険で、紙に書いて物理的に保管するのが今でもベストプラクティスです。
South Korean Tax Authorities Lose a Staggering 480 Million Yen!
Apparently, the South Korean tax authorities completely lost virtual currency worth about 4.8 million dollars (around 700 million Japanese yen? Depends on the exchange rate!) that they had seized from high-value tax evaders, all due to a certain mistake! This is seriously no laughing matter. As it says in the original article, the circumstances are just unbelievable.
In short, the tax authorities issued a press release saying, "Look, we've seized this much!" But within that release, there was a photo of the hardware wallet where the cryptocurrency was stored.
And here's the main point: in that photo, the "mnemonic seed phrase" was apparently clearly visible!
What is a Mnemonic Seed Phrase?
You, who just thought, "What is a mnemonic seed phrase?" Don't worry, Yuuki will explain it in an easy-to-understand way.
Basically, it's like, you know in online games, when you forget your password, there are "secret questions" or "backup codes," right? For example, "What was the name of your first pet?" or "What's your birthday?"
In the world of cryptocurrency, this "mnemonic seed phrase" is like a super-enhanced version of those secret questions or backup codes! And it's like a really long spell, with 12 or 24 random English words lined up.
If you know this, even if your hardware wallet (like a USB stick specifically for cryptocurrency) breaks, you can enter this spell into a new wallet, and "Voila, all your assets are back to normal!" It's like a magic word.
In other words, if you know that phrase, anyone can freely move the cryptocurrency in that wallet to their own wallet!
A Public Execution!?
So, what happened this time is that the tax authorities published this "magic spell" to the whole world in a photo in their press release!
It's like saying, "I've seized this super rare item hidden in this dungeon! And here's a hint for the treasure chest key: 'Apple, Gorilla, Trumpet, Papa, Panda,...'" It's like revealing the key's code to all players worldwide! No, it's even more direct than that.
Naturally, someone who saw this immediately used that spell and drained all the cryptocurrency from the wallet. Of course they would! It's like having the treasure chest key lying right in front of you and saying, "Please take it freely."
Seriously, this is just a lack of security awareness, or rather... (sweat). I guess even government agencies make these kinds of mistakes. It made me realize again that I need to be careful too.
If you have cryptocurrency, you absolutely must not tell anyone this "mnemonic seed phrase"! And taking a photo is out of the question! It seems best to write it down on paper and store it securely.
Haa, seriously, you never know what's going to happen in the world.
[jito]公的機関が押収した資産をこういう形で失うのは、制度への信頼が揺らぐ事件ですよね。[kira]ウォレットのアクセス管理は、コールドウォレットか否かに関わらず鍵の保管体制が全てだと痛感させられます。[smile](私の夢のガジェット資金を仮想通貨で管理するのは、この話を読んでちょっと二の足を踏むようになりました)[normal]
