After e-mail takeover, copycats demand cash to expose Bitcoin’s creator
Messages demanding payment in order to out details about mysterious Bitcoin creator “Satoshi Nakamoto” have proliferated in the few days since an unknown person took control of the e-mail address historically used by the reclusive cryptographer.
By Friday, at least seven messages on Pastebin threatened to release information, or “dox,” taken from Satoshi Nakamoto’s e-mail account on gmx.com, the address used in Nakamoto’s original Bitcoin paper. The messages used at least five different Bitcoin addresses and demanded varying amounts of Bitcoin in order to reveal Nakamoto’s true identity.
“Satoshis [sic] dox, passwords and IP addresses will be published when this address has reached 25 BTC,” stated one demand.
The identity of Satoshi Nakamoto, who might well be a group of people, is a mystery that many have tried to solve. In March 2014, for instance, Newsweek identified California man Dorian Satoshi Nakamoto as the creator of Bitcoin, but he denied having any connection with the protocol, calling the article a “false report.”
The offers to out Nakamato began on September 8, when a person who appeared to have control of Nakamoto’s [email protected] address posted an offer on Pastebin to publish any information from the e-mail box if his Bitcoin address reached 25 BTC. (A Bitcoin address is a code that represents a payment destination, routing bitcoins to one or more wallets.) Using the same address, the person repeated the offer on September 11.
“Releasing the so called ‘gods’ dox if my address hits 25 BTC,” the Pastebin post read. “And no, this is not a scam, you can see the below screenshots for proof of inbox ownership and a little teaser.”
At least two other posts included the same message but used different Bitcoin addresses.
Two images linked from the original post and from some of the copycat posts included apparent screenshots of the [email protected] inbox, including message headers. Some of the messages were from journalists seeking information about the alleged breach. None of the messages, however, appeared to be private content related to Nakamoto.
Some have speculated that Nakamoto’s disuse of the old e-mail address allowed an unknown attacker to register the address and take control of the e-mail box. Doing so would give the person the ability to recover accounts, such as Nakamoto’s P2P Foundation account and another one on Sourceforge. Indeed, the new owner of the [email protected] e-mail address posted to the P2P Foundation’s forum after using the e-mail address to take over Nakamoto’s account there.
“Dear Satoshi. Your dox, passwords and IP addresses are being sold on the darknet,” the message on the P2P Foundation forum stated. “Apparently you didn’t configure Tor properly and your IP leaked when you used your email account sometime in 2010. You are not safe. You need to get out of where you are as soon as possible before these people harm you. Thank you for inventing Bitcoin.”
The gmx.com address was also used to e-mail an administrator of the Bitcoin Forum.
“The email was not spoofed in any way,” the administrator, who uses the handle “theymos,” stated in a post. “It seems very likely that either Satoshi’s email account in particular or gmx.com in general was compromised, and the email account is now under the control of someone else. Perhaps [email protected] expired and then someone else registered it.”
Following the initial post to Pastebin, messages using at least four other Bitcoin addresses have appeared. While a single person could create a variety of addresses for payment—using different addresses for each payment is a recommended practice—a single address is often used as a general destination for multiple payments.