Cybercriminals attempt a phishing attack against a Bitcoin address holding funds stolen from the infamous Japanese exchange.
A group of hackers is orchestrating a phishing attempt targeting an address containing over $8.7 billion worth of bitcoin — funds originally stolen from the now-defunct Mt. Gox exchange more than a decade ago.
According to a report from BitMEX Research, the attackers targeted Bitcoin address 1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF, sending a transaction via the OP_RETURN function. The address currently holds exactly 79,956 bitcoins, received in 2011 following the Mt. Gox hack.
The scammers’ technique exploits OP_RETURN, a mechanism that allows information to be embedded directly into the Bitcoin blockchain, to insert a text message redirecting users to a fraudulent website.
The link contained in the transaction leads to a web page impersonating the official site of Salomon Brothers, the historic Wall Street investment bank now long closed. The site displays a deceptive message reading:
“This digital wallet appears to be lost or abandoned. Our client has taken constructive possession of it and is seeks to determine if there is a bona fide owner.”
BitMEX experts identified the site as illegitimate, classifying it as part of an “ongoing Bitcoin scam” designed to steal personal information from wallet owners. The researchers also revealed that numerous Bitcoin addresses dating back to 2011 have been targeted by similar attacks.
The collapse of Mt. Gox in 2014 resulted in the loss of 850,000 bitcoins, a fortune that today would be worth over $92 billion. Most of those funds remain dormant in addresses like the one currently being targeted by cybercriminals. Authorities managed to recover 140,000 bitcoins for creditor repayments, while the remainder remains scattered in wallets inaccessible to the exchange.
