🔍 Attack Details
$
$BTCThe embedded message claims:
“This digital wallet appears to be lost or abandoned…our client…seeks to determine if there is a bona fide owner.” protos.com
The spoofed site, salomonbros [.]com/owner_notice, pretends to be affiliated with Salomon Brothers but includes grammatical errors—an obvious red flag Binance+3protos.com+3AInvest+3.
💡 Why It Matters
A dormant address tied to one of the largest BTC thefts in history is now being actively targeted Decrypt+8AInvest+8Eblock Media+8.
Embedding links via blockchain transactions is a novel phishing method—and it demonstrates attackers’ evolving tactics .
The scam underscores the importance of vigilance among early crypto holders and Mt. Gox creditors: dense history ≠ safety.
🛡️ What You Should Do
If you control old, high-value addresses, never follow unsolicited blockchain embedded links.
Use cold storage, hardware wallets, and verified recovery channels only.
Mt. Gox creditors should follow official trustee communications, not strange OP_RETURN messages.
🧭 Bottom Line
This phishing attack highlights how attackers exploit legacy assets and trust in blockchain to craft new scam vectors. It’s a reminder: no vault is too old or too secure once publicized on-chain.
