In an anonymous environment, on-chain messages can serve as an effective tool for establishing initial dialogue, laying the groundwork for subsequent fund recovery.
**Author:** Lisa
**Editor:** Sherry
**Background**
On-chain messaging, as a unique communication method in the blockchain world, has been frequently used in various security incidents in recent years. For example, SlowMist recently assisted KiloEx in engaging in multiple rounds of communication with the attacker through on-chain messaging, ultimately successfully facilitating the return of the entire stolen funds of $8.44 million. In an anonymous environment, on-chain messages can serve as an effective tool for establishing initial dialogue, laying the groundwork for subsequent fund recovery.
In our previously published article "Theft Emergency Guide: On-Chain Messaging", we detailed the messaging methods on Ethereum. The Bitcoin network also supports on-chain messaging, though with slightly different implementation. The core tool for Bitcoin on-chain messaging is the OP_RETURN instruction. It allows users to embed 80 bytes of custom data in a transaction, which will not be used by nodes for transaction verification, nor will it affect the UTXO state. It is purely for recording information and will be fully recorded on the blockchain.
**How to Use OP_RETURN for On-Chain Messaging**
**Step One: Encode the Message Content**
First, convert the text message to be sent into hexadecimal (HEX) format. The OP_RETURN instruction on the Bitcoin chain only accepts HEX format data.
For example, if the message is:
This is a test.
The converted HEX is:
54686973206973206120746573742e
You can use online format conversion tools or a Python script.
The message content must be less than 160 hexadecimal characters, or 80 bytes. When exceeding this length, it is recommended to simplify the message or send it across multiple transactions.
**Step Two: Construct a Transaction with OP_RETURN**
Next, you need to use a Bitcoin wallet or tool that supports custom transactions to create a transaction containing an OP_RETURN output.
**Step Three: Broadcast the Transaction**
Broadcast the signed transaction through the Bitcoin network. Since OP_RETURN transactions do not actually transfer funds, they must include a miner fee to be processed, waiting for a miner to package it into a block. Once confirmed, the message is permanently stored on the Bitcoin blockchain.
**Step Four: View the Message Content**
After completing the transaction, you will obtain a TXID, which can be viewed through a block explorer. The explorer will typically automatically decode the OP_RETURN hexadecimal data back to ASCII.
**OP_RETURN Applications**
In security incidents, some attackers use OP_RETURN to message on-chain, actively expressing their intention to return funds, or project teams and white hat groups use this method to communicate with attackers, attempting to establish contact. Beyond negotiation scenarios, OP_RETURN is also used for "marking" operations.
Summary
On-chain messages, especially OP_RETURN in the Bitcoin network, provide an anonymous, public, and tamper-proof communication method, widely used for initial contact and information transmission in fund recovery. However, it is important to note that on-chain messages may also be used by attackers to guide victims to malicious links or perform risky operations (such as entering private keys for decryption), so it is crucial to remain vigilant and avoid viewing and handling suspicious information on untrusted devices. When encountering a security incident, it is recommended to contact a professional security team for assistance in analysis to improve the success rate of fund recovery. At the same time, users and project parties should continuously strengthen security awareness to avoid becoming targets of attacks.
Disclaimer: As a blockchain information platform, the articles published on this site only represent the personal views of the authors and guests, and are not related to the position of Web3Caff. The information in the article is for reference only and does not constitute any investment advice or offer. Please comply with the relevant laws and regulations of your country or region.
