It was found that virtual assets forcibly collected by the government increased 100-fold over the past three years. The government said on the 10th that it has drawn up and will implement a "virtual asset management guidelines" requiring authorities to immediately move held virtual assets to wallets under institutional names or to freeze the account if the assets are at a virtual asset exchange. The move marks the first government-level guidelines after incidents in which virtual assets seized from criminal and tax evasion suspects by police, prosecutors, and the National Tax Service were stolen.
That day, the government said it held the Emergency Economic Headquarters Meeting and Ministers' Meeting on Economic Affairs and discussed plans to improve the public-sector virtual asset holding and management system. Earlier in Feb., the National Tax Service accidentally exposed the "mnemonic code," the master key to virtual assets seized from a high-amount delinquent taxpayer, leading to theft by a third party. Since Aug. last year, there have been similar virtual asset theft incidents at the police and the prosecution.
According to the Ministry of Economy and Finance, the volume of virtual assets forcibly collected by central and local governments and public institutions was 63.9 billion won last year. It rose 100-fold in three years from 600 million won in 2022. Most were seized or attached during investigations and tax collection by the police, prosecution, National Tax Service, and Korea Customs Service. Most government and public institutions reportedly managed virtual assets in line with existing procedures for managing seized and attached items without crafting separate guidelines for virtual asset management.
The government set up a four-step management system covering acquisition, storage, management, and incident response for virtual assets. Government and public institutions mostly seize or attach virtual assets in personal wallets or in accounts at virtual asset exchanges such as Upbit and Bithumb. Going forward, if virtual assets in a personal wallet are seized or attached, they must be transferred immediately to a wallet under the institution's name.
Virtual assets will also be stored in the form of a cold wallet (an offline virtual currency wallet not connected online). Passwords (private keys) and mnemonic codes required for virtual asset transactions will be split and managed by two or more people. For example, if the password is 1234, one person would hold 12 and another would keep 34.
If virtual assets are in accounts at virtual asset exchanges such as Upbit and Bithumb, the account must be frozen so transactions cannot occur. Some public institutions, including Seoul National University Hospital, hold virtual assets received as donations, and in such cases they decided to dispose of them immediately upon receipt. If direct management of virtual assets is difficult, they plan to entrust management to exchanges and the like.
A basis was also established to discipline those responsible if a virtual asset outflow occurs due to failure to follow the government guidelines. Each government and public institution will set internal rules requiring immediate notification to the Korean National Police Agency and the Korea Internet & Security Agency (KISA) if the damage exceeds a certain threshold or an external hack is confirmed, and to report to the Ministry of Economy and Finance and the Ministry of the Interior and Safety.
The government also included in the guidelines that institutions with large virtual asset holdings must create dedicated units or designate dedicated personnel. The dedicated unit and personnel will regularly review virtual asset holdings and transaction histories and manage institutional wallets. In addition, they will conduct at least one simulation drill per year to prepare for virtual asset outflow incidents.