An Mt. Gox-era BTC wallet has become the target of phishing attacks using the OP_RETURN function. The attack is linked to the OG Bitcoin address 1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF, which holds around 79,956 BTC believed to have been stolen from Mt. Gox. At the current BTC price. This holding is valued roughly $8.7 billion based on the current BTC price.
On the Bitcoin blockchain, OP_RETURN is an operation code that lets users embed data into transactions. In this case, attackers seem to be using it to send messages by including small amounts of BTC with links or bait messages—likely trying to lure the wallet owner into visiting a malicious site.

The messages are sent in different formats but all lead to a website impersonating Salomon Brothers, a defunct Wall Street investment bank.
This scam scheme has also been flagged by BitMEX, which reported that the webpage displays the message, “This digital wallet appears to be lost or abandoned. Our client has taken constructive possession of it and is seeks to determine if there is a bona fide owner”. The site then presents a web form asking the user to submit personal information.
The goal appears to be to extract personal information from the wallet’s owner by pretending to be a legitimate financial platform.
Regarding the authenticity of the phishing website attached to the OP_RETURN message, Salomon Brothers is no longer active under that name, after it merged with Citicorp to form Citigroup.
However, there have been past attempts to revive the “Salomon Brothers” brand—for example, some alumni tried to rebrand it as Salomon Encore, although Citigroup retained the rights to the original name, as reported by Bloomberg. The rebranded firm used the domain salomonencore[.]com, which now redirects to salomonbros[.]com. Despite this, there has been no official confirmation that Salomon Encore has reverted to using the “Salomon Brothers” name.
Attempts to verify the ownership of the subpage /owner_notice on salomonbros[.]com have been unsuccessful. All signs suggest that the webpage is fraudulent.
The crypto space has seen several attacks over the years, resulting in the loss of massive amounts of digital assets. One of the most infamous is the Mt. Gox incident.
Mt. Gox was a major crypto exchange that operated from 2010 to 2014. It collapsed after claiming it had been hacked, with over $400 million worth of BTC lost. This left thousands of users stranded without access to their funds—until recently, when over 200,000 BTC was recovered from a “forgotten” wallet that was previously assumed to have been emptied by the hackers.
Events like this highlight just how important it is for crypto holders to stay vigilant. Phishing may seem like an old trick, but it still works, especially when it’s dressed up in new tactics like this.
Also Read: Feds Charge Two Men in $650M Global Crypto Fraud Scheme
