Mt. Gox hacker wallet receives spoof transactions

Old BTC held in wallets linked to Mt. Gox have been targeted with scam messages. Hackers are abusing the op_return function to embed messages in transactions, creating a new form of phishing. As BTC trades near record levels, old wallets are looking ever more attractive. Attackers are attempting a new type of phishing by abusing the op_return function on Bitcoin. Using op_return allows the embedding of information in each BTC transaction. This function was also used to create Bitcoin-based NFTs. Scammers are generating messages that spoof official-looking sites, claiming ownership of the wallet. The message can do nothing to move the coins, but it can urge some users to take action. Some messages embedded in transactions point to sites or forms. Others attempt to claim ownership of the wallet, as in previous cases that tried to exploit older whales. The attempts at scamming owners mostly targeted whale wallets from the 2011 era. Mt. Gox hacker wallet receives spoof transactions One of the most targeted wallets belongs to the Mt. Gox Hacker, containing 79.95K BTC valued at over $8B. The wallet was last dusted on July 5, 2025, though it received additional tracing transactions or messages in the past. None of the coins in the wallet has been moved. One of the transactions from July 3, 2025, contained an op_return message pointing to an ‘owner notice’. The notice, when decoded, called the wallet holder to visit a site claiming to be linked to Salomon Brothers, a known Wall Street firm that was acquired by Citigroup in 2003 and no longer exists as a legal entity. Since July 3, the spoof site has been taken down. But before that, the message suggested that a third party attempted to claim possession of the wallet in legal terms. The claim via op_return, sent to the wallet, resembled the attempts of Calvin Ayre to prove ownership of old wallets. Scammers gather data or attempt pseudo-legal claims Some of the links sent in the op_return message attempt to gather personal data or connect a wallet to a real identity. So far, legal claims against inactive wallets have been unsuccessful, as BTC ownership hinges on holding private keys. Neither miners nor developers can claw back the BTC from idle wallets, despite claims of ownership. However, knowing the identity of old whales, if extracted through phishing, could lead to other types of attacks, such as kidnapping or attempting to steal private keys. Interest in old wallets increased after a whale with coins from 2011 moved 80,000 BTC to new addresses in a single day. Some of the initial whale wallets immediately received dust transactions containing spoofed op_return messages with pseudo-legal language. A recently emptied whale wallet received an op_return message claiming ownership over the wallet, embedded in a dust transaction. | Source: Blockchain.com One of the messages read ‘ LEGAL NOTICE: We have taken possession of this wallet and its contents ’. However, the actual wallet was emptied, and the coins were controlled by a new owner, with no further need for a legal claim. The cluster of dormant whale wallets also revealed that op_return attacks came in coordinated waves, potentially linked to a handful of bad actors making attempts to gather data or deploy other phishing tools. Attacks via op_return messages may stop after a Bitcoin upgrade, as there are proposals to limit the data threshold to just 80 bytes, not allowing even short messages. Cryptopolitan Academy: Coming Soon - A New Way to Earn Passive Income with DeFi in 2025. Learn More