Hackers attempt to deceive the owner of a dormant Mt. Gox-linked Bitcoin wallet by embedding phishing messages in blockchain transactions.
Phishing Attempt on Dormant Mt. Gox Wallet
Hackers have launched a targeted phishing attack against a Bitcoin wallet linked to the notorious 2014 Mt. Gox exchange hack. The address, holding 79,956 BTC, currently valued at approximately $8.7 billion, was the recipient of deceptive blockchain transactions designed to trick the wallet's owner into revealing personal information.
According to findings from BitMEX Research, the attackers exploited Bitcoin’s OP_RETURN function to deliver fraudulent messages embedded within a transaction sent to the wallet. The message directed the wallet owner to a malicious website posing as a legitimate financial institution.
A New Twist on OP_RETURN Exploitation
The OP_RETURN opcode allows Bitcoin users to store small pieces of data directly on the blockchain, a feature often used for verifying information or recording timestamps. However, this same mechanism has become a tool for bad actors seeking to distribute phishing links in an immutable, decentralized environment.
In this incident, the scam message embedded in the transaction directed users to a fake website impersonating Salomon Brothers. This once-prominent Wall Street investment bank ceased operations years ago.
The phishing page falsely claimed,
"This digital wallet appears to be lost or abandoned. Our client has taken constructive possession of it and seeks to determine if there is a bona fide owner."
Security researchers immediately flagged the site as a scam, warning that it was specifically designed to harvest sensitive data from anyone attempting to claim ownership of the wallet.
Dormant Wallets Remain Prime Targets
The wallet under attack is one of several long-dormant Bitcoin addresses associated with the collapse of Mt. Gox, once the world’s largest cryptocurrency exchange. In total, around 850,000 BTC were stolen in the 2014 breach, an amount now worth over $92 billion. While authorities have since recovered roughly 140,000 BTC, the remaining coins have remained untouched for over a decade.
These dormant addresses continue to attract scammers, who capitalize on the hope that some rightful owners might attempt to access their lost holdings. BitMEX Research noted that similar phishing attempts targeting legacy wallets have surfaced in recent years.
Ongoing Security Risks in an Evolving Market
This latest incident underscores the persistent security challenges facing the cryptocurrency sector, particularly for wallets holding large, inactive balances. The creative misuse of blockchain functions, like OP_RETURN for phishing campaigns, reflects the evolving tactics of cybercriminals.
As the industry continues to mature, cybersecurity experts stress the importance of vigilance and public awareness. Dormant wallet holders, in particular, are advised to exercise extreme caution when approached by unsolicited messages or transaction data embedded with external links.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice
