9-7-2025 – Hackers are attempting to exploit a Bitcoin wallet holding 79,956 BTC, valued at $8.7 billion, stolen from the collapsed Mt. Gox exchange in 2011, according to BitMEX Research. The attackers used an OP_RETURN transaction, a Bitcoin blockchain feature that embeds data, to send a message directing the wallet owner to a fraudulent website posing as Saloman Brothers, a defunct investment bank.
The site, flagged as illegitimate, seeks to harvest personal information from the wallet’s owner.The targeted address, 1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF, is one of several dormant 2011 wallets linked to the Mt. Gox hack, where 850,000 BTC—now worth over $92 billion—were stolen.
There appears to be an ongoing Bitcoin scam occurring. Someone is sending old 2011 era Bitcoin addresses with balances, transactions with an OP_Return output. For instance the 1Feex… address, with c80,000 BTC stolen from MtGox. The OP_Return message is as follows
“NOTICE TO… pic.twitter.com/lAT5ONPD4f
— BitMEX Research (@BitMEXResearch) July 8, 2025
Mt. Gox, once the world’s largest Bitcoin exchange, shut down in 2014 after multiple breaches. A 2021 rehabilitation plan aims to repay creditors 90% of their losses, with law enforcement recovering 140,000 BTC. However, many stolen coins remain untouched in wallets like this one, making them prime targets for scammers.
BitMEX Research noted on X that the phishing attempt is part of an ongoing scam targeting multiple 2011-era addresses. The use of OP_RETURN for phishing is a novel tactic, exploiting a feature typically used for legitimate purposes like metadata storage.
This incident underscores the persistent risks to dormant crypto assets and the need for heightened vigilance. Authorities and exchanges are expected to monitor these wallets closely as scammers continue to exploit the Mt. Gox legacy.