What Is OP_RETURN and Why Scammers Are Using It to Target Old Bitcoin Wallets

If you have been following cryptocurrency news on July 8, 2025, you may have seen reports about scammers targeting a Bitcoin wallet holding $8.7 billion worth of BTC stolen from the Mt. Gox exchange. The attack used something called OP_RETURN — a feature built into Bitcoin that most everyday users have never heard of. Understanding what OP_RETURN is, how it works, and why scammers are now using it is essential knowledge for anyone holding or planning to hold Bitcoin. This guide breaks it all down in plain language.

The Basics

OP_RETURN is a special instruction in the Bitcoin scripting language that allows users to attach a small amount of custom data to a Bitcoin transaction. Think of it like writing a note on the back of a check — except this note gets permanently recorded on the Bitcoin blockchain, where it can never be erased or changed. Each OP_RETURN can carry up to 80 bytes of data, which is roughly 80 characters of text.

Bitcoin transactions normally move value from one address to another, but OP_RETURN allows the transaction to also carry a piece of arbitrary information. When Bitcoin miners confirm a transaction containing OP_RETURN, the data becomes part of the permanent blockchain record. Anyone who looks up that transaction on a block explorer can read the embedded message.

This feature was originally designed for legitimate purposes. Developers have used OP_RETURN to anchor documents to the blockchain, create timestamped proofs of existence for digital files, and build simple token protocols. Some projects use it to store hashes of important data, creating an immutable record that proves the data existed at a specific point in time. The feature is a legitimate part of Bitcoin’s technical design, included intentionally by the protocol’s developers.

Why It Matters

The reason OP_RETURN matters for everyday cryptocurrency users became alarmingly clear on July 8, 2025. BitMEX Research, a respected blockchain analytics firm, discovered that scammers were sending tiny “dust” transactions to old Bitcoin addresses — including the famous 1Feex wallet containing approximately 80,000 BTC stolen from Mt. Gox in 2011. These dust transactions each carried an OP_RETURN message that read: “NOTICE TO OWNER: see salomonbros[.]com/owner_notice.”

Anyone examining these addresses on a block explorer would see these messages, which appeared to be official legal notices. The linked website was designed to look like a legitimate financial institution called “Salomon Brothers,” complete with references to real historical figures from the financial world. The site claimed to have taken “constructive possession” of the dormant wallets and demanded that the rightful owners prove their ownership within 90 days — by either signing an on-chain transaction or, critically, submitting personal information through a web form.

This matters because it represents a new type of attack vector. Traditional phishing attacks arrive via email or text message and can be filtered, blocked, or ignored. OP_RETURN-based phishing is baked directly into the blockchain itself. It cannot be deleted, filtered, or removed. It exists as long as Bitcoin exists. This permanence makes it a uniquely powerful tool for scammers who want their fraudulent messages to be seen by anyone who ever looks up the targeted address.

Getting Started Guide

Protecting yourself from OP_RETURN-based scams starts with understanding how to identify them. Here are the key steps every Bitcoin user should follow.

Step 1: Understand what dust transactions look like. Dust transactions are extremely small Bitcoin transfers — often worth less than a dollar — sent to your address. They serve no practical purpose for the recipient. If you notice tiny, unexplained incoming transactions in your wallet, especially if they appear to come from unfamiliar addresses, this should raise a flag.

Step 2: Check for OP_RETURN data. When you examine a transaction on a block explorer like mempool.space or blockchain.com, look for outputs labeled “OP_RETURN” or “Data.” These outputs will show the embedded text or hexadecimal data. If the text contains a URL or a legal-sounding notice, treat it with extreme suspicion.

Step 3: Never trust URLs in on-chain messages. Just because a URL appears on the blockchain does not mean it is legitimate. Anyone can embed any URL in an OP_RETURN transaction for a few cents worth of transaction fees. The blockchain guarantees that the data is permanent — not that it is trustworthy.

Step 4: Verify through independent channels. If you receive what appears to be a legitimate legal notice related to your Bitcoin holdings, verify it independently. Contact the relevant authorities or legal professionals directly through their official websites or phone numbers — never through links provided in the notice itself.

Step 5: Move your funds if concerned. The simplest and most effective response to any suspicious on-chain activity is to move your Bitcoin to a new address that you control. If you have the private key, you have the Bitcoin — and moving it to a fresh address eliminates any concerns about the old address being targeted by scammers.

Common Pitfalls

The most dangerous pitfall is assuming that on-chain data is inherently trustworthy. The blockchain is a record-keeping system, not a verification system. It records whatever someone pays to put on it, including lies, scams, and misinformation. Just because you can see a message on the blockchain does not mean it has any legal or technical validity.

Another common mistake is responding to urgency. Scammers deliberately create time pressure — in the Mt. Gox case, they demanded a response within 90 days. This urgency is designed to prevent you from thinking clearly or seeking independent advice. Any legitimate legal process provides adequate time for response and does not require you to submit personal information through an unfamiliar website.

A third pitfall is confusing blockchain immutability with authority. The fact that a message is permanently recorded on the blockchain does not give it legal weight. A fraudulent claim written into an OP_RETURN transaction has exactly the same legal standing as a fraudulent claim written on a napkin — which is to say, none at all.

Next Steps

Now that you understand OP_RETURN and how scammers are using it, take action to protect yourself. Review your Bitcoin wallet for any unexplained dust transactions. If you hold significant amounts of Bitcoin in long-term storage, consider whether your current address setup makes you a potential target. Hardware wallets combined with fresh receive addresses for each transaction provide the strongest protection.

Stay informed about emerging scam techniques by following reputable blockchain security researchers and analytics firms. BitMEX Research, which uncovered the July 8 scam, regularly publishes alerts about new attack vectors. The cryptocurrency security landscape evolves rapidly, and awareness is your first line of defense.

Finally, share this knowledge with others in the crypto community. The more users understand about OP_RETURN-based scams, the less effective these attacks become. Scammers rely on ignorance — and in a community built on the principle of “don’t trust, verify,” knowledge is the most powerful tool we have.

Disclaimer: This article is for educational purposes only and does not constitute financial or security advice. Always conduct your own research and consult with qualified professionals regarding cryptocurrency security.