The South Korean government has announced comprehensive reforms to strengthen the management and security of virtual assets held by public sector agencies. This policy comes in response to several recent incidents involving the loss or theft of government-seized virtual assets. The reforms were developed through inter-agency collaboration and were presented at a meeting led by Deputy Prime Minister and Minister of Economy and Finance, Koo Yun-cheol, on June 10, 2025. The main objective is to establish a systematic approach covering acquisition, storage, management, and incident response for public sector virtual assets.
The new guidelines impact agencies such as the Prosecutors’ Office, National Police Agency, National Tax Service, and Korea Customs Service, which collectively held approximately KRW 78 billion in virtual assets as of June 6, 2025. Key requirements include storing seized or confiscated virtual assets in internet-isolated cold wallets and mandating that access information, such as private keys and recovery phrases, be split and managed by at least two individuals. Exchanges must cooperate to immediately freeze accounts holding government assets, and agencies must designate dedicated teams or personnel based on asset volume.
Implementation began with the June 10, 2025 announcement, following a series of incidents including the theft of 320 BTC from the Prosecutors’ Office and the loss of 22 BTC by the National Police Agency. The government now requires immediate transfer of assets to agency-controlled wallets at the point of seizure and instant freezing of exchange accounts. Donated virtual assets are to be converted to cash upon receipt. Regular training, annual incident response drills, and strict disciplinary measures for guideline violations are also mandated.
Frequently asked questions include: What happens if there is a security breach? In the event of hacking or theft, agencies must create new wallets, transfer remaining assets, and notify relevant authorities such as the police and National Intelligence Service. Who is responsible for managing access keys? At least two designated staff members must separately manage portions of the private key and recovery phrase to prevent single-point failures. What are the consequences of non-compliance? Violations may result in disciplinary action or criminal charges for responsible personnel.
The South Korean government’s policy overhaul is a direct response to recent high-profile losses of public sector virtual assets. By instituting cold wallet storage, split key management, and mandatory incident response protocols, the government is addressing critical security gaps. The requirement for regular training and clear disciplinary consequences demonstrates a commitment to operational rigor. These measures are likely to improve asset security and public trust, while providing a model for other governments managing digital assets.