Bitcoin Scam Targets 80,000 BTC from Mt. Gox, Worth $8.6 Billion

BitMEX Research issued a warning on 8 July after detecting an ongoing Bitcoin scam. The analytics desk reported a series of small "dust" transactions sent to pre-2012 Bitcoin addresses that still hold large, untouched balances. Each transaction includes an OP_RETURN message directing recipients to a website, salomonbros[.]com/owner_notice. One of the targeted wallets is the infamous 1Feex wallet, which holds nearly 80,000 BTC stolen from Mt. Gox in March 2011, now valued at approximately $8.6 billion.

The website linked in the OP_RETURN message is professionally designed and branded as "Salomon Brothers," featuring an "advisory board" of genuine 1980s bond-trading figures. The site claims to have taken "constructive possession" of the dormant wallets and gives any "bona fide owner" ninety days—until 5 October 2025—to prove ownership or forfeit all rights. Proof of ownership can be provided by signing an on-chain transaction or submitting personal information through a web form.

BitMEX Research describes the setup as "a Calvin Ayre-style legal scam," similar to past attempts by Craig Wright and associates to seize Mt. Gox coins through creative legal theories. Independent investigators concur, with security analyst @0xZilayo labeling the OP_RETURN notices as "most definitely phishing attempts and have no legitimacy."

The scam coincides with a surge of coordinated activity discovered by blockchain analysts. On 4 July, 80,000 BTC were transferred out of eight decade-old wallets within minutes of each other, each wallet having first received a trio of OP_RETURN messages culminating in the "Salomon Brothers" notice. Researchers believe the scammers are exploiting OP_RETURN because it allows them to embed arbitrary text onto the blockchain without spending significant funds, ensuring that any future owner or curious on-chain watcher will see the notice.

BitMEX advises against filling out the form on the website. Anyone holding coins in an address that receives one of these messages can safely prove control by moving funds to a fresh wallet. Those without the private key have nothing to gain and much to lose by responding. Law-enforcement agencies have been notified, but no jurisdiction has yet announced an investigation.

This incident highlights a growing trend: attackers are delving into Bitcoin’s early history, exploiting both technical primitives and legal grey areas to monetize dormant or stolen coins. It also underscores the enduring allure of the Mt. Gox saga, which continues to attract opportunists more than a decade after the hack.

For now, the safest approach is to treat any unsolicited legal notice broadcast via the blockchain with extreme caution. In Bitcoin, possession of the private key remains the only proof of ownership that matters, regardless of what an OP_RETURN string or a glossy website might claim.