As Bitcoin's price rises, old wallets become attractive targets for hackers using the op_return function to embed scam messages.
Phishing Tactics Using op_return
Cybercriminals have started exploiting the op_return function in Bitcoin to create a new form of phishing. This function allows them to embed information within each BTC transaction, which has also been used for creating Bitcoin-based NFTs. Spoof messages mimic official sites and urge wallet holders to take action.
Targeted Wallets and Attack Examples
One of the most targeted wallets is that of the Mt. Gox hacker, containing 79.95K BTC valued at over $8 billion. As of late June 2025, transactions containing op_return messages were recorded, pointing to an 'owner notice' urging wallet holders to visit a website supposedly linked to Salomon Brothers. Some messages attempted to claim legal ownership of the wallets.
Future Outlook and Warnings
While legal claims against inactive wallets have been unsuccessful, as ownership of BTC depends on controlling private keys, phishing attacks could lead to severe consequences. Knowing the identities of old holders may provoke other types of attacks. Increased interest in dormant wallets following the movement of 80,000 BTC has prompted hackers to intensify their efforts.
The situation surrounding phishing attacks on old Bitcoin wallets underscores the need for increased vigilance among their holders. Future Bitcoin upgrades may limit the use of the op_return function.
