Cybercriminals are exploiting Bitcoin’s OP_RETURN function to embed phishing URLs in transactions linked to Mt. Gox’s dormant wallet, which holds approximately $8.7 billion worth of Bitcoin. This wallet contains funds recovered from the exchange’s infamous 2014 collapse that resulted in the loss of 850,000 BTC.
Despite the trustee’s recovery of about 140,000 BTC and plans to compensate creditors with roughly 90% of lost funds, the majority of assets remain inactive. The scammers’ tactic leverages the wallet’s historical notoriety to lure victims into fraudulent schemes through blockchain-embedded malicious links.
Security experts urge cryptocurrency holders to exercise extreme caution with any unsolicited messages or embedded URLs in transactions. Recommended protective measures include verifying all communication sources, utilizing hardware wallets for storage, and implementing multi-factor authentication.
This incident underscores persistent vulnerabilities associated with dormant cryptocurrency wallets and highlights how blockchain features like OP_RETURN can be weaponized for sophisticated scams targeting both new and experienced users.