BitMEX Research sounded an alarm on 8 July after spotting what it calls “an ongoing Bitcoin scam.” In a X post the analytics desk described a wave of tiny “dust” transactions sent to pre-2012 Bitcoin addresses that still contain large, untouched balances. Each transaction carries an OP_RETURN message that reads: “NOTICE TO OWNER: see salomonbros[.]com/owner_notice.” One of the targets is the famous 1Feex wallet holding almost 80,000 BTC stolen from Mt. Gox in March 2011—funds now worth roughly $8.6 billion.
Bitcoin Scam Alert
The link embedded in the OP_RETURN string resolves to a slick website branded “Salomon Brothers,” complete with an “advisory board” of genuine 1980s bond-trading luminaries. The site claims to have taken “constructive possession” of the dormant wallets and gives any “bona fide owner” ninety days—until 5 October 2025—to prove ownership or forfeit all rights. Proof, it says, can be provided either by signing an on-chain transaction or by submitting personal information through a web form.
BitMEX Research calls the set-up “a Calvin Ayre-style legal scam,” echoing past attempts by Craig Wright and associates to seize the Mt. Gox coins via creative legal theories. Independent investigators agree: security analyst @0xZilayo labelled the OP_RETURN notices “most definitely phishing attempts and have no legitimacy.”
The scam coincides with a burst of coordinated activity uncovered by blockchain sleuths. On 4 July—a US holiday that saw record-breaking on-chain movement—80,000 BTC were transferred out of eight decade-old wallets within minutes of each other, each wallet having first received a trio of OP_RETURN messages culminating in the “Salomon Brothers” notice.
Researchers believe the scammers are exploiting OP_RETURN because the opcode lets them “graffiti” arbitrary text onto the blockchain without spending significant funds, guaranteeing that any future owner—or curious on-chain watcher—will see the notice.
BitMEX’s advice is blunt: “Do NOT fill in this form.” Anyone holding coins in an address that receives one of these messages can prove control safely by moving funds to a fresh wallet; anyone without the private key has nothing to gain and much to lose by responding. Law-enforcement agencies have been notified, but no jurisdiction has yet announced an investigation.
The episode underscores a growing trend: attackers are reaching back into Bitcoin’s early history, exploiting both technical primitives (OP_RETURN messaging) and legal grey areas to monetize dormant or stolen coins. It also highlights the enduring magnetism of the Mt. Gox saga, which—more than a decade after the hack—still tempts opportunists to stake spurious claims on the exchange’s missing treasure.
For now, the safest course is to treat any unsolicited legal notice broadcast via the blockchain with extreme skepticism. In Bitcoin, possession of the private key remains the only proof of ownership that matters—no matter what an OP_RETURN string or a glossy website might say.
At press time, BTC traded at $108,811.
Featured image created with DALL.E, chart from TradingView.com
Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.
Leave a Comment