FYI.

This story is over 5 years old.

Tech

The Satoshi Nakamoto Email Hacker Says He's Negotiating with the Bitcoin Founder

We spoke to two people in control of Nakamoto's email, the hacker and a person the hacker claims is Nakamoto himself.
Nakamoto's original Bitcoin white paper. Image: Derek Mead

Last night, an anonymous poster published a ransom note on Pastebin, saying he or she would release the identity of Bitcoin's mysterious creator, the pseudonymous Satoshi Nakamoto, in exchange for 25 bitcoins.

The poster said he or she had learned of Nakamoto's identity by gaining access to satoshin@gmx.com, the email account Nakamoto used to communicate with the Bitcoin community before he went silent in 2010.

Advertisement

Motherboard was able to communicate with two individuals who have access to Nakamoto's old email address. The first said he was only browsing Nakamoto's for fun. The second not only claimed to be the real hacker of the account, but also said the first person we spoke with was Nakamoto himself.

The allegation that the first person was actually Nakamoto seems outlandish, but the first person's insistence that he simply found the password is equally strange. Regardless, it's clear that multiple people have access to the account. What's not yet clear is what they plan on doing with it.

Related: Why Satoshi Nakamoto's Identity Doesn't Matter

Nakamoto vanished without a trace once Bitcoin got off the ground, leading to a consistent stream of theories as to who he actually is. This, however, is a particularly interesting case: The author of the Pastebin note has proven to have control of Satoshi's old email address, satoshin@gmx.com, and has sent a wave of confusion through the cryptocurrency community.

Fans of internet money have long been curious as to who really penned the original white paper that laid the groundwork for Bitcoin's creation by explaining the core concepts of the virtual currency. After Newsweek's cover story earlier in the year (purporting to reveal the true identity of Satoshi Nakamoto) was largely regarded as flimsy at best, the desire to figure out who initially developed Bitcoin has only grown.

Advertisement

The author of the Pastebin ransom note has claimed that if a sum of 25 bitcoins, which is currently valued at around $12,000 USD, is sent to a particular Bitcoin address, then Satoshi will be "doxed," meaning his or her identity will be publicly revealed if someone is willing to pay for it.

Previous colleagues and penpals of Satoshi Nakomoto have been receiving emails from Satoshi's old account, one of which threatened to "hitman" the recipient if bitcoins were not sent the Pastebin author's way.

After reaching out to satoshin@gmx.com for an interview, I was contacted by a someone almost immediately, who helped to clear up some of the details surrounding the hack. Much of the speculation—primarily on the BitcoinTalk forum—about this email heist surrounds the question of how the attacker got access to Satoshi's old account in the first place.

One theory is that the GMX.com email address simply expired from inactivity, so an attacking troll was able to register the account, and subsequently began contacting those who knew Satoshi when he was still active online.

A screenshot of Satoshi's alleged inbox.

But a screenshot posted by someone with access to the GMX.com account shows that over 11,000 messages are in its inbox. There's a chance that it could be Photoshopped, but suggests the hijackers were able to access Nakamoto's intact email archive.

During a back-and-forth conversation with the first person Motherboard spoke with, we were told that "hackers cracked the password," which implies that this person was not one of the hackers. It also implies that Satoshi's old email address was taken over with all of its original content intact. This individual also provided Motherboard with the password to the email account, which was not tested for authenticity due to legal concerns.

Advertisement

When asked if the information within the GMX.com account did in fact point to Nakamoto's true identity, this person told us "[n]ot certain. 80% sure it's him though. People are saying all sorts of different people are SN."

The Hacker told us that the first individual we were speaking to was in fact Satoshi Nakamoto

That lack of 100 percent certainty was attributed to the cunning that Nakamoto, in all of his mysterious legend, has become associated with. "Satoshi is smart and will have tried to put the people looking for him on the wrong path," said the hacker. "This is why I can't be sure."

Despite having access, and writing emails from, Nakamoto's old email account, the first person Motherboard corresponded with claimed to not be the same individual who published the ransom note on Pastebin. This claim is impossible to independently verify, but our source did say that the Pastebin author is a "cool guy," while adding, "I like his style. :)"

This person explained why they were even bothering to make use of Nakamoto's old account, saying "I just like to read through things I'm not supposed to see. It's already been hacked by other people anyway. I don't see any harm in doing this."

Satoshi's scrubbed CardReaderFactory.com receipt.

Along with the screenshot showing over 11,000 emails sitting in the GMX.com account, a screenshot of an email showing a receipt for a purchase made on CardReaderFactory.com was linked in the original Pastebin document. The name of the purchaser was blurred out, but the poster clearly intended to show that Nakamoto had made an ecommerce purchase using his GMX.com account, and the receipt contained his real identity. A Reddit thread cropped up quickly after that claiming to have deciphered the real name that was censored in the original screenshot.

Advertisement

The first person with access to Nakamoto's email account told us that lead was "bullshit." Adding that the email was from "a random guy who decided to use Nakamoto's email when ordering some mining equipment." This Nakamoto fan insisted that "the real Satoshi isn't retarded enough to make a mistake like that."

When Motherboard questioned the person who had access to Nakamoto's old account if the 25 BTC ransom offer was all a hoax, in light of the claim that the CardReaderFactory receipt was a red herring, we were told that, "Yes," it is a hoax.

That said, someone who goes by Jeffrey, who had access to the account as well, told WIRED that the GMX.com account is associated to Nakamoto's full name, meaning that the first person Motherboard spoke to may just be trying to throw us off the scent.

Along with the email account, a Sourceforge account belonging to Satoshi was edited so that Bitcoin read "Buttcoin," with the tagline "Buttcoin is a peer-to-peer butt." Posts were also made from a message board account that is associated with Nakamoto and that has long been inactive, save for a post made earlier this year that simply read "not Dorian," in reference to Newsweek's assertion that Satoshi Nakamoto is a man named Dorian Nakamoto.

The newest post reads:

Dear Satoshi. Your dox, passwords and IP addresses are being sold on the darknet. Apparently you didn't configure Tor properly and your IP leaked when you used your email account sometime in 2010. You are not safe. You need to get out of where you are as soon as possible before these people harm you. Thank you for inventing Bitcoin.

Advertisement

After our conversation petered off with the first individual who had access to Nakamoto's account, Motherboard was quickly contacted again from Nakamoto's old email account, in a letter addressed to myself and a WIRED journalist. It read, "First one to contact me on Skype gets the interview" and included a Skype handle.

Motherboard made contact with this individual via Skype, and evidently we were first out the gate. This person told us that the first individual we were speaking to was in fact Satoshi Nakamoto.

This second person told us that he was the hacker who cracked into the email account, and that he had been wrestling back-and-forth with the real Nakamoto to maintain access to the account. According to this self-proclaimed hacker, who goes by Savaged, Nakamoto "added his alternate email" to the GMX account that was compromised in order to regain access to his rightful account.

Savaged was very vague regarding the details of how he got access to Nakamoto's email account and what it was that he was able to pull from it, but he insisted throughout our conversation that he is 100 percent sure he has discovered Nakamoto's identity. He also dismissed our first source's claim that multiple hackers broke into the account.

"It wasn't a cracking team, it was me by myself," said the hacker, reiterating that I was in fact speaking to Satoshi Nakamoto earlier in the night.

Savaged also provided us with screenshots showing that he had access to Satoshi's old account on the Bitcoin exchange platform BTC-E. While that account didn't contain Satoshi's sought-after, Scrooge McDuck-esque Bitcoin fortune, the hacker's access to the account provides further evidence that he has infiltrated Satoshi's online footprint.

Advertisement

The hacker claims he is in touch with the real Nakamoto, and that he has already identified him, but hasn't publicized it. When I asked if he was the person who authored the Pastebin document, he refused to answer, but did provide me with a Bitcoin address for "donations" that did not match the address in the Pastebin.

Regarding his Bitcoin address, Savaged said, "Maybe Satoshi will decide to donate some BTC to make me vanish in thin air and have no traces of his information anywhere."

When I asked why Savaged was targeting Nakamoto, he told me "Because I can." After inquiring what he was trying to get out of all this, he said "Bitcoins, obviously… [But] don't forget the lulz."

He went on to say that he was first looking to steal Nakamoto's gigantic stash of Bitcoins, but then "realized I could just collect bounty or blackmail." When I asked if he was currently blackmailing Nakamoto, he refused to answer.

Savaged also seemed to be well aware of the power he wielded by initially taking control of the account. Given that Nakamoto is Bitcoin user #1, who was able to generate coins very easily during its infancy, it's estimated that Satoshi has as many as one million bitcoins, which are worth over $460 million at today's prices. Those coins have remained unspent for years, but any movement of those coins could shift the fragile Bitcoin market drastically.

While the publicity around the hack will likely change things, the ability to impersonate Nakamoto offered Savaged a large chance to manipulate the price of Bitcoin. He told me that he was well aware he could have come "out of the woodwork saying I'm going to be dumping BTC, and before that could have sold my coins and profited from cheap coins."

While Savaged says he is certain he has uncovered the identity of Satoshi Nakamoto, he told me he has "no plans yet" to release his identity to the public. And while Motherboard cannot verify whether or not the first person we spoke with is, in fact, Nakamoto, Savaged insists he has not shared the password with anyone else.

Because of the difficulty in truly verifying anyone's identity, especially if multiple people have access to Nakamoto's account, the hack has produced a truly bizarre scenario, and it may only be the beginning.

If this security breach has, in fact, led to a hacker gaining the identity of Satoshi Nakamoto, it could have a massive impact on the cryptocurrency economy. If not, it only adds to the mystery of Satoshi. How could a hacker get access to 11,000 emails in one individual's inbox and not discover his true identity?

Only a genius, one who could program their own virtual currency, could be that careful. But then again, nobody's perfect.

Update 9/11/14: This story was updated to correct the hacker's name to Savaged after initially using a throwaway Twitter handle to identify him. Apologies for any confusion.