使用op_return将消息留在比特币区块链上

近年来，在各种安全事件中经常使用链上的链链信息作为区块链世界中一种特殊的通信方法。

Author:Lisa

作者：丽莎

Editor: Sherry

编辑：雪利酒

Recently, blockchain security incidents have frequently occurred, and attackers often leave messages on-chain to communicate with the victims or the white hat team. On-chain messages, as a special communication method in the blockchain world, have been used in various security incidents in recent years. For example, SlowMist recently assisted KiloEx in conducting multiple rounds of communication with the attacker through on-chain messages, and finally successfully facilitated the return of all stolen funds of US$8.44 million. In an anonymous environment, on-chain messages can be used as an effective tool to establish initial dialogues and lay the foundation for subsequent fund recovery.

最近，区块链安全事件经常发生，攻击者经常在链上留言，与受害者或白帽团队进行交流。近年来，在各种安全事件中使用了链链消息，作为区块链世界中的一种特殊通信方法。例如，Slowmist最近通过链消息协助Kiloex与攻击者进行了多轮沟通，并最终成功地促进了所有被盗资金844万美元的资金。在匿名环境中，链上消息可以用作建立初始对话并为后续基金恢复奠定基础的有效工具。

In our previous article "First aid guide for stolen funds: On-chain messages", we introduced in detail the message method on Ethereum. The Bitcoin network also supports on-chain messages, but the implementation methods of the two are slightly different. The core tool for Bitcoin on-chain messages is the OP_RETURN instruction. It allows users to embed 80 bytes of custom data in transactions. This part of data will not be used by nodes for transaction verification, nor will it affect the status of UTXO. It is purely used to record information and will be fully recorded in the blockchain.

在上一篇文章“被盗资金的急救指南：链链消息”中，我们详细介绍了以太坊的消息方法。比特币网络还支持链上消息，但是两者的实现方法略有不同。比特币上链消息的核心工具是OP_Return指令。它允许用户在交易中嵌入80个字节的自定义数据。节点不会使用该部分数据来进行交易验证，也不会影响UTXO的状态。它纯粹用于记录信息，并将完全记录在区块链中。

How to use OP_RETURN to leave messages on the chain

如何使用op_return将消息留在链上

Step 1: Encode the message content

步骤1：编码消息内容

First, convert the text information to be sent into hexadecimal (HEX) format. The OP_RETURN instruction on the Bitcoin chain only accepts HEX format data.

首先，将文本信息转换为发送到十六进制（十六进制）格式。比特币链上的OP_Return指令仅接受HEX格式数据。

For example, if you want to leave a message:

例如，如果您想留言：

This is a test.

这是一个测试。

The converted HEX is:

转换后的十六进制是：

54686973206973206120746573742e

54686973206973206120746573742E

This can be done using an online format conversion tool or via a Python script:

可以使用在线格式转换工具或通过Python脚本完成此操作：

text = "Hello, this is a test."hex_text = text.encode("utf-8").hex()print(hex_text)

text =“你好，这是一个测试。” hex_text = text.encode（“ utf-8”）。hex（）print（hex_text）

The message content must be less than 160 hexadecimal characters, or 80 bytes. If the length exceeds this limit, it is recommended to simplify the message or send it in multiple messages.

消息内容必须小于160个十六进制字符或80个字节。如果长度超过此限制，建议简化消息或将其发送到多个消息中。

Step 2: Construct a transaction with OP_RETURN

步骤2：使用op_return构建交易

Next, you need to use a Bitcoin wallet or tool that supports custom transactions to create a transaction with an OP_RETURN output.

接下来，您需要使用支持自定义交易的比特币钱包或工具，以创建使用OP_Return输出的交易。

Taking Bitcoin Core as an example, use createrawtransaction to manually add OP_RETURN output:

以比特币核心为例，使用CreaterawTransaction手动添加OP_Return输出：

bitcoin-cli createrawtransaction '[{"txid":"your_input_txid","vout":0}]' '[{"data":"54686973206973206120746573742e"}]'

比特币-CLI createrawtransaction'[{“ txid”：“ your_input_txid”，“ vout”：0}]''[{“ data”：“ 54686869732069732061207465746573742E”}

The transaction constructed in this way will not actually transfer the money, but will only write the message on the chain.

以这种方式构建的交易实际上不会转移钱，而只会在链条上写下消息。

Take the imToken wallet as an example. Enter the BTC wallet transfer interface and turn on "Advanced Mode". Enter the hexadecimal information in the "OP_RETURN" input box. Click "Next" to complete the transaction information confirmation. Enter the transaction password to successfully send the transaction with OP_RETURN information. Please make sure that "Input amount = Output amount + Miner's fee".

以Imtoken钱包为例。输入BTC钱包传输接口，然后打开“高级模式”。在“ OP_Return”输入框中输入十六进制信息。单击“下一步”以完成交易信息确认。输入交易密码，以成功地发送交易，并使用op_return信息。请确保“输入金额=输出金额 +矿工的费用”。

Step 3: Broadcast the transaction

步骤3：广播交易

The signed transaction is broadcasted through the Bitcoin network. Since OP_RETURN transactions do not actually transfer funds, they must include mining fees to be processed and wait for miners to pack them into blocks. Once the transaction is confirmed, the message will be permanently stored in the Bitcoin blockchain.

签名交易是通过比特币网络广播的。由于OP_Return Transactions实际上并未转移资金，因此必须包括进行处理的采矿费，并等待矿工将其包装成块。一旦确认交易，该消息将永久存储在比特币区块链中。

Step 4: View the message content

步骤4：查看消息内容

After completing the transaction, you will get a TXID, which can be viewed through the block browser. The browser will usually automatically decode the OP_RETURN hexadecimal data back to ASCII, for example:

完成交易后，您将获得一个TXID，可以通过块浏览器查看。浏览器通常会自动将OP_Return十六进制数据解码回ASCII，例如：

When this user posted these warnings, he did not just leave a message, but also burned a large amount of Bitcoin. Due to the characteristics of OP_RETURN output, any Bitcoin sent to such transactions will be burned and cannot be used. According to statistics, this user burned more than $300,000 worth of Bitcoin in this series of operations.

当该用户发布这些警告时，他不仅留言了消息，而且还烧毁了大量比特币。由于OP_Return输出的特性，将燃烧到此类交易的任何比特币都将被烧毁，无法使用。根据统计数据，该用户在这一系列的操作中燃烧了价值超过300,000美元的比特币。

Summarize

总结

On-chain messages, especially OP_RETURN in the Bitcoin network, provide an anonymous, public and tamper-proof communication method, which is frequently used in the initial contact and information transmission of fund recovery. However, it should be noted that on-chain messages may also be used by attackers to guide victims to visit malicious links or perform risky operations (such as entering private key decryption, etc.), so be sure to remain vigilant and avoid viewing and processing suspicious information on untrusted devices. When encountering a security incident, it is recommended to contact a professional security team as soon as possible to assist in analysis and improve the success rate of fund recovery. At the same time, users and project parties should

链上消息，尤其是比特币网络中的OP_Return，提供了一种匿名，公共和防篡改的通信方法，该方法经常用于基金回收的初始联系和信息传输。但是，应该指出的是，攻击者还可以使用链链消息来指导受害者访问恶意链接或执行风险操作（例如输入私钥解密等），因此请务必保持警惕，避免在不受欢迎的设备上查看和处理可疑信息。遇到安全事件时，建议尽快与专业安全团队联系，以协助分析和提高基金恢复的成功率。同时，用户和项目各方应