BitMEX Analysis sounded an alarm on 8 July after recognizing what it calls “an ongoing Bitcoin rip-off.” In a X submit the analytics desk described a wave of tiny “mud” transactions despatched to pre-2012 Bitcoin addresses that also comprise giant, untouched balances. Every transaction carries an OP_RETURN message that reads: “NOTICE TO OWNER: see salomonbros[.]com/owner_notice.” One of many targets is the well-known 1Feex pockets holding virtually 80,000 BTC stolen from Mt. Gox in March 2011—funds now price roughly $8.6 billion.
Bitcoin Rip-off Alert
The hyperlink embedded within the OP_RETURN string resolves to a slick web site branded “Salomon Brothers,” full with an “advisory board” of real Eighties bond-trading luminaries. The location claims to have taken “constructive possession” of the dormant wallets and provides any “bona fide proprietor” ninety days—till 5 October 2025—to show possession or forfeit all rights. Proof, it says, could be offered both by signing an on-chain transaction or by submitting private info by means of an internet type.
BitMEX Analysis calls the set-up “a Calvin Ayre-style authorized rip-off,” echoing previous makes an attempt by Craig Wright and associates to grab the Mt. Gox cash through artistic authorized theories. Impartial investigators agree: safety analyst @0xZilayo labelled the OP_RETURN notices “most positively phishing makes an attempt and don’t have any legitimacy.”
The rip-off coincides with a burst of coordinated exercise uncovered by blockchain sleuths. On 4 July—a US vacation that noticed record-breaking on-chain motion—80,000 BTC have been transferred out of eight decade-old wallets inside minutes of one another, every pockets having first acquired a trio of OP_RETURN messages culminating within the “Salomon Brothers” discover.
Researchers imagine the scammers are exploiting OP_RETURN as a result of the opcode lets them “graffiti” arbitrary textual content onto the blockchain with out spending vital funds, guaranteeing that any future proprietor—or curious on-chain watcher—will see the discover.
BitMEX’s recommendation is blunt: “Do NOT fill on this type.” Anybody holding cash in an handle that receives one in all these messages can show management safely by transferring funds to a contemporary pockets; anybody with out the non-public key has nothing to realize and far to lose by responding. Legislation-enforcement businesses have been notified, however no jurisdiction has but introduced an investigation.
The episode underscores a rising development: attackers are reaching again into Bitcoin’s early historical past, exploiting each technical primitives (OP_RETURN messaging) and authorized gray areas to monetize dormant or stolen cash. It additionally highlights the enduring magnetism of the Mt. Gox saga, which—greater than a decade after the hack—nonetheless tempts opportunists to stake spurious claims on the trade’s lacking treasure.
For now, the most secure course is to deal with any unsolicited authorized discover broadcast through the blockchain with excessive skepticism. In Bitcoin, possession of the non-public key stays the one proof of possession that issues—it doesn’t matter what an OP_RETURN string or a shiny web site would possibly say.
At press time, BTC traded at $108,811.
Featured picture created with DALL.E, chart from TradingView.com
Editorial Course of for bitcoinist is centered on delivering completely researched, correct, and unbiased content material. We uphold strict sourcing requirements, and every web page undergoes diligent evaluation by our crew of high expertise specialists and seasoned editors. This course of ensures the integrity, relevance, and worth of our content material for our readers.