Hackers have changed bitcoin's description to read:
Buttcoin is a peer-to-peer butt. Peer-to-peer means that no central authority issues new butts or tracks butts. These tasks are managed collectively by the network. It’s like a bitcoin, but with butts instead.
Buttcoin.org is also a satirical blog that mocks the extremely vested segments of the Bitcoin community: http://buttcoin.org/
I used to read it at one time, and it was actually often the voice of reason in a sea of anarcho-capitalist pipe dreams, but I don't know about its present state.
It was bought by a straw purchaser on behalf of BFL, a Bitcoin mining hardware manufacturer with an aversion to shipping in a timely fashion, as a reputation management ploy. They edited some pointed posts about BFL and left the rest of the blog up.
The buttcoiners seem to make light of the BFL purchase, since in their mind, the former owner has done something that many Bitcoin investors have not - made a profit off of Bitcoin.
Satoshi's account on p2pfoundation.ning.com also made the first comment since he said "I am not Dorian Nakamoto." back in March. It says:
"Dear Satoshi. Your dox, passwords and IP addresses are being sold on the darknet. Apparently you didn't configure Tor properly and your IP leaked when you used your email account sometime in 2010. You are not safe. You need to get out of where you are as soon as possible before these people harm you. Thank you for inventing Bitcoin."
So could someone explain how an IP address would leak when using an email account? I suppose potentially in the SMTP header, but this would assume he was using a email server running on his own personal ip, right?
So is the guess here (assuming this is even true) that he had an email server running at home, leaked the ip, and then was attacked when someone found it?
Not if the webmail implementation passes-on your IP, which it should if you believe Spam is a bigger issue than email sender privacy.
Basically, if a webmail service doesn't pass along your IP, there would be no way for recipient networks to ever block a flood of unwanted email because they could never blacklist, say, yahoo.com.
I read something about this lately... maybe from Paul Buchheit?
There was a line in that long post on here the other day about Gmail, encryption, and the spam fight that mentioned how what's-his-name explicitly ignored the RFC by scrubbing the IP address out of Gamil headers, so I think you do recall correctly...
Many (most) people connecting to an SMTP server will be doing so from behind nat. Finding out the users "real" ip address is 10.x.x.x isn't so exciting.
Actually you will usually find BOTH the private IP address behind the NAT and the public IP address of the router in the headers. Check out a few mails you've received from a few different sources, see for yourself.
I just picked the two latest I got (and redacted them) as an example.
The first one sent through GMail (SMTP I guess, not webmail) :
Return-Path: <xyz@gmail.com>
Received: from [192.168.1.18] (123-123-123-123...bbox.fr. [123.123.123.123])
by mx.google.com with ESMTPSA id ...
for <multiple recipients>
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
and another one, through OVH this time :
Received: from unknown (HELO ?192.168.0.23?) (xyz@abc.fr@123.123.123.123)
by ns0.ovh.net with SMTP;
Both "123.123.123.123" were the public IP address from their DSL connections. In both cases as you can see, I could know both IP addresses.
Good point.
Looks like google doesn't add these headers if you're using their web interface and apparently the majority of people I email with don't leak this either, however once I started looking there's a surprising amount of emails in my inbox that do.
I'm now trying to remember if I deliberately disabled this when I set up our new mail server or not...
You're wrong. Most SMTP requires IP in the header, gmail does not. This causes contempt between certain groups, as while it's a boon for personal privacy, it often hinders investigations.
Here's a video with Mike Hearn giving a talk about spam. At the end and middle are mentions about gmail's lack of IP from sent emails, the end specifically from a network admin expressing his grievances about Google's efforts being a hindrance to law enforcement.
Interesting. The link I posted above must not be the one I read a few days ago on HN (or somewhere else?), cause it was actually posted several years ago on HN. Let me find what I read recently...
As others have already written, many webmail providers send the user's IP address in the SMTP header.
GMX ("satoshin@gmx.com") definitely sends the user's IP address in the header (Source: GMX user myself).
Why is every mention of possible disclosure of Satoshi's identity fraught with heavy overtones of "Your Life Is In Grave Danger"? We have many people who are much richer whose identities are not secret and we don't need to freak out constantly and warn them that They Are In Grave Danger. AFAIK he's not been accused of any crime either.
Is it maybe because Bitcoin enthusiasts have a large overlap with monatery cranks who tend to be conspiracy theorists?
While you're 95% right, you could also argue that irreversible hundred million dollar transactions are a feature unique to bitcoin. That could appeal to kidnappers.
If you were very paranoid would you rely exclusively on security through obscurity?
It might also occur to you to diversify out of the thing that puts you at risk. Maybe there's even some sort of establishment that can hold funds more securely. He should look into that.
"Security through obscurity" being bad only applies to cryptography, and have no bearing whatsoever to the concept of security in real life.
To answer your question, actually, yes, it's almost proven to be the most effective measurement for one's safety: don't want to get hurt? Don't let people find you: get in a forest/ mountain range and hide.
Now First Blood is an underrated movie but I'm not sure it, or anything else, supports your claims. Hiding in the mountains has been a proven way of lowering life expectancy for millennia.
On HN I've seen that pattern and sometimes it was a well-respected poster, hammering on something pedantic and off-topic, derailing the thread. Point being, sometimes someone can be right, really knowledgeable and a (thread-localised) k00k.
added: then again, there's also something about HN's discussion structure (mainly lack of collapsing comments like Reddit has) that makes these derails get in the way much more than necessary. Reddit even has place for strings of puns without them significantly derailing the discussion.
> "Security through obscurity" being bad only applies to cryptography, and have no bearing whatsoever to the concept of security in real life.
Why do you believe this? The concept predates widespread use of encryption and originally applied to things like physical locks. Their "security through obscurity" approach was custom mechanisms which were easily defeated shortly after development by determined thieves. This race between security experts (in their various incarnations) and security breakers (again, in their various incarnations) has been going on since the first person tried to secure some property with something more complex than a crossbar on a door. And this race continues, even in the information age, to occur in both the physical and information realms.
That statement, read alone, sounds a bit more stronger than I intended for it to be. I agree with what you said. Although I should note that we aren't allowed to run around in top secret building to draw out the floor plan ;).
Thinking about it, I guess "security through obscurity" wasn't the correct term to use in the case. What I meant was simply that: there are completely valid reasons to keep your name and/ or location unknown, both for your safety, and otherwise convenience of life.
Kill occupants of building, move 1.3 cubic meters of gold in 30 trips with transport van. Now you have a few other problems, such as making sure that you're not going to end up in the same way. Besides surveillance cam footage recording your whereabout during part of your trip and the distance being fairly easily estimated if you do two trips in quick succession leading to a possible ID and or location of the stash.
But getting it out of there is fairly easy if you lack a conscience and have a van. If you had access to a slightly larger truck it would be easier still.
15 minutes frittered reading up on that one. Seems the guys set up in the same warehouse so they could have trucks coming and going for a year or so and set up a Maple Syrup dealers in a neighbouring state to ship it to.
They claim they do but there's never been any 3rd party auditing or verification of this that I know of. In the gold business every reliable business has auditing and insurance while so far Bitcoin businesses are run like a regular startup with open offices. Who's cleaning the offices after hours with access to the workstations or servers, who are the hired developers and are they smuggling wallet stealing software inside to transfer to themselves while on a flight to Brazil, who is writing their custom wallet and is it robust, how do we know they didn't copy every address to themselves. Lot's of security questions I've never seen addressed by any of the big exchanges. There was a payment processor startup that posted their office to bitcointalk.org which was floor to ceiling open glass windows with laptops facing the outside. How many binoculars are trained on those laptops across the street to get logins.
Some friends of mine trade large amounts of Bitcoin on a regular basis and there's never been much of a delay withdrawing. I doubt they are going to a bank to physically take out printed keys everyday for every transaction over $10,000 or phoning 5 people to combine keys. I bet the backups are kept in a safe deposit box, the cold wallet is likely an offline system anybody can walk up to with some kind of feeble authentication judging by past Bitcoin exchange incompetence.
Many of the smaller exchanges are using Blockchain.info wallets as their hot wallet too but won't admit it.
>There's never been any 3rd party auditing or verification of this that I know of.
I think that's intended to be a feature and not a bug. With Bitcoin 'third party verification' means other people no longer use a service after you've generously sacrificed your money to demonstrate their incompetence or malice.
Not at all, you can freely walk into most exchange offices. Theoretically an armed robbery of exchanges and payment processors would be the perfect crime. Commit private address to memory or tattoo it on yourself in code, after the robbery forcing them to transfer to your public address and waiting out confirmations turn yourself in to the police and do the 5 yrs. Walk out with millions worth of bitcoins on your arm. (Penalty here is 5yrs, unsure anywhere else). Blockchain.info would prob nickname that address "Hans Grueber"
IANAL, but in the US, the 5th amendment still protects combination locks, and as far as I can tell, passwords.
Prosecutors can be as intimidating as they wish, the government is free to use their magical NSA powers to recover the bitcoin. They can't compel someone to incriminate themselves. giving the wallet address to the prosecutor is effectively admitting to a crime, perhaps just conspiracy, but nonetheless that's self incrimination.
They can compel you to enter the passphrase to decrypt your computer so long as there is sufficient evidence that you are capable of doing so.
What they can't do is say "only the person who committed this crime knows the password" and then force you to enter the password (since doing so would be self incrimination). It's when it's already known that you could enter the password that you can be compelled to.
I'm not familiar with the American legal system. Ignoring bitcoin entirely, if you rob a bank and hide the money do you get to keep the money after your release from jail?
"In Chadwick v. Janecka (3d Cir. 2002), a U.S. court of appeals held that H. Beatty Chadwick could be held indefinitely under federal law, for his failure to produce US$ 2.5 million as state court ordered in a civil trial. Chadwick had been imprisoned for nine years at that time and continued to be held in prison until 2009, when a state court set him free after 14 years, making his imprisonment the longest on a contempt charge to date."
>But if you have a billion dollars of gold in your basement, you should be very, very paranoid.
If i had so many bitcoins as Satoshi Nakamoto i would certainly not store them in my basement. I'd split my private key using n:m scheme and store them in secure deposit boxes in banks.
If I'd have a billion dollars of worth gold in my Basement I'd be impressed if somebody managed to steal it. Since 1bn USD in gold would weigh 22603KG...
If I were rational enough to plan that far ahead, I'd probably be rational enough to realize that the guy who invented bitcoin isn't responsible for anything and everything that happens with it, particularly events to which he has no connection other than having been the inventor.
Like if someone steals my expensive Android phone, I'm not going to find Andy Rubin and punch him. Because that ... just wouldn't make any sense.
> Why is every mention of possible disclosure of Satoshi's identity fraught with heavy overtones of "Your Life Is In Grave Danger"? We have many people who are much richer whose identities are not secret and we don't need to freak out constantly and warn them that They Are In Grave Danger.
I think they probably know already. At least if the body guards are anything to go by.
Keep in mind, the IRS can audit you out of what amounts to mere curiosity. Having your net worth go up by half a billion or whatever is the sort of thing that might raise some flags and cause someone to want to verify that you haven't realized any of those capital gains, gifted any of them to someone else off the record, or some other thing.
On the bright side, Satoshi Nakamoto should be able to afford a good tax attorney. He'd be a bit nutty not to have one already, honestly.
The euphemism known as an IRS audit would interfere in his life if an exchange into or out of USD took place. Anyone can attribute value to anything. That doesn't make it valuable. Taxation here would require provable gains or losses, as with USD. The transactions of people exchanging only in [bitcoins, metal, coffee beans, rocks, fancy/worthless paper], not in USD, do not imply that any taxable "gains" or "losses" occurred. If it implied this, there would equally be a lot of losses claimed.
I think the implication he is trying to make is this:
If it was a collective of people it is(might be) more likely that one of them is incompetent(and didn't configure TOR properly) where-as if it was a single competent/careful individual there's a smaller chance of a TOR mis-configuration and resulting IP-address leak.
I don't think it lends much credence to the 'multiple entities' theory at all personally, but that's the best I could come up with. Feel free to correct.
Please excuse my ignorance here, but how does one track a persons location by their IP? Any time I have tried to look up an IP, I get a really vague result. ie "Somewhere in this city". Is it possible to get very specific results?
IP locations are kept in databases that have many limitations. Some examples of the limitations I found here in France:
- at best your ISP links your IP with the DSLAM location or simply the city for the most lazy. Sometimes there are mistakes: one of my friend living in the north of France has his IP "geolocated" in the south of France...
- lots of big corporations only give the address of their headquarters
- IP location from 3G/4G network is completely wrong 90% of the time
It would be difficult to track a person with just their IP address, but used in conjunction with other information it could be useful. E.g. if you worked out the ISP someone was using, and then used some social engineering on the ISP's customer service rep to get a name or address.
Could this be a government posing as a hacker in order to discredit the threat to mainstream currencies? I don't think so, but I do think conspiracy theories will be abound!
SourceForge in general seems terrible. i tried to filter by 1 star reviews and at first it selected the wrong filter because i didn't click right on the star and reloaded the page... went back and clicked right on the star, "star=1" showed in the URL, but it still only showed 5 star reviews. it was made by the halfwits at slashdot, so i wouldn't trust sourceforge for anything.
nycgoat on September 08, 2014, 11:49:43 PM
Is it possible that he deleted the e-mail address @gmx when he left the project and that it has been recycled? Someone else may have been able to sign up, then use the reset password feature on these other sites. It is likely that the @gmx address would have been destroyed at the conclusion of his participation in the project, as all relevant information and e-mails have been public from the beginning.
1) Satoshi finishes with Bitcoin and deletes GMX account
2) He does not delete other accounts (sourceforge, i2p, etc)
3) GMX account is recycled after x period of time
4) Person signs up for @gmx account after it is recycled
5) Passwords for other sites are reset because they still point to the @gmx e-mail address as a recovery
6) Person tries to profit by extortion and fails
This is probably the most likely scenario... and they probably don't have any of Satoshi's information because it is unlikely that any e-mails were still in the box when he re-set up the @gmx address.
The behavior of the p2pfoundation "resurfacing" of Satoshi is different than the sourceforge one, possibly indicating 2 people with some of Satoshi's credentials, so in my mind that lends some credibility to the explanation on the p2pfoundation post (Satoshi's info being sold to various buyers) as being more likely.
That does not contradict shlorn's hypothesis. One hacker gains access to Satoshi's accounts through @gmx recycling. Then he sells those accounts separately.
The screenshots in the text file supposedly show evidence that the attacker gained access to the actual GMX account, not a recycled one, since a) there are still messages in there and b) it seems that the account owner has been active, judging from the "replied to" icons in the inbox.
Interesting link. I'm sure there's a lot more to come if what they have is true. But the comment about the popcorn doesn't seem right. Is it entertaining to watch him get dox'ed? Shall we encourage hackers holding info for ransom?
Assuming it's not doctored, I'm very surprised he would order something from a random company to his real name/address using his Satoshi e-mail...presumably he has other e-mails, and that seems like pretty horrendous op sec. Unless he bought it for a friend?
edit: the item he ordered was a FPGA in mid 2013. He's really bothering with a single $400 miner in 2013...? He doesn't have enough BTC?
I agree. The email in the screenshot smells like a hoax (assuming your level stuff is legitimate; I haven't played with the source image in GIMP myself).
63101 is the downtown area (right by the Arch) – not really a place most people live, but the kind of place you might get if you Googled "St Louis zip code".
Also amusingly, "198 Bruce Ave" (not Street as in the email) is right in the center of the area Google labels Ferguson, MO.
Or somebody created the order and used that email address as a joke. Most online stores don't make you confirm an email address when you place an order.
Now, after this much time since that order, that person will be the star of the next Newsweek article because they didn't want to use their real address when buying a miner.
The hacker probably thought it was real. That website lets you pay cash (locally in China). You can enter any name/address/email/phone number you want, there is zero validation, and you can submit as 'cash', so no payment required at that time. You will get a confirmation e-mail like Satoshi did. So someone was probably just messing around and submitted a fake order in 2013, for whatever reason.
Bumping the shadows/black levels so that they are brighter. Literally just moving a single slider all the way to the right in photoshop or lightroom. Just google 'levels', or here's a decent intro:
http://www.cambridgeincolour.com/tutorials/levels.htm
It's fascinating to see that the account seems to be active, if we are to trust the "replied" icons to G.M. (Bitcoin developer?) and R.M. (Wired reporter that wrote the article on this leak?).
EDIT: From the Wired article, it seems like the hacker corresponded with the Wired reporter via the email address (to prove authenticity?) and may have done the same with the Bitcoin developer as well, judging from timestamps.
So we're looking at the gmx.com account being legitimately hacked -- but Satoshi had good enough opsec to not leak anything interesting from the account.
The hacker gained access to the gmx.com mailbox - resets all of the third party accounts and still comes out with nothing of value?!!
1) So he has to fake an invoice to gain media buzz? I don't buy it.
If the BTC creator is from St. Louis, I would suspect it being a project of the St. Louis Federal Reserve Bank. They've been a proponent of the technology (releasing whitepapers, articles, Q&A's, tweets) even during times of outrage amongst politicians.
I won't post a working link to the images but I did view them and the top-most email says it was sent 12/6/22, a date that has not occurred yet. So this is either a bug in GMX that doesn't validate timestamps or he didn't finish his otherwise convincing photoshop job :-)
I wonder if this could be Satoshi creating an additional layer of complexity in the hunt for his/her identity. By compromising his email address and web properties he can basically direct the masses in any direction he/she wants to. While ensuring that they have false bits of information seeded within them.
Creating a myth and story around the creator is brilliant to ensuring future relevance. I doubt this is a planned event; however, if the Satoshi did plan it... Wow tip my hat to you sir/ma'am
One of the comments on the Wired post[1] shows that the email from CardReaderFactory is a hoax: you can see the person's name using the Levels tool in Photoshop.
Confirmed with Photoshop myself using the imgur image links I got from this HN post.
191 comments
[ 5.0 ms ] story [ 232 ms ] threadButtcoin is a peer-to-peer butt. Peer-to-peer means that no central authority issues new butts or tracks butts. These tasks are managed collectively by the network. It’s like a bitcoin, but with butts instead.
I used to read it at one time, and it was actually often the voice of reason in a sea of anarcho-capitalist pipe dreams, but I don't know about its present state.
Just another day in the Bitcoin economy.
The buttcoiners seem to make light of the BFL purchase, since in their mind, the former owner has done something that many Bitcoin investors have not - made a profit off of Bitcoin.
https://bitcointalk.org/index.php?topic=775174.0
"Dear Satoshi. Your dox, passwords and IP addresses are being sold on the darknet. Apparently you didn't configure Tor properly and your IP leaked when you used your email account sometime in 2010. You are not safe. You need to get out of where you are as soon as possible before these people harm you. Thank you for inventing Bitcoin."
http://p2pfoundation.ning.com/forum/topic/listForContributor...
So is the guess here (assuming this is even true) that he had an email server running at home, leaked the ip, and then was attacked when someone found it?
Basically, if a webmail service doesn't pass along your IP, there would be no way for recipient networks to ever block a flood of unwanted email because they could never blacklist, say, yahoo.com.
I read something about this lately... maybe from Paul Buchheit?
I just picked the two latest I got (and redacted them) as an example.
The first one sent through GMail (SMTP I guess, not webmail) :
and another one, through OVH this time : Both "123.123.123.123" were the public IP address from their DSL connections. In both cases as you can see, I could know both IP addresses.I learned this myself recently from an article here on HN, https://news.ycombinator.com/item?id=2083798
Haven't checked it myself, just reported there by a former gmail engineer in the context of their anti-spammer efforts.
Here's a video with Mike Hearn giving a talk about spam. At the end and middle are mentions about gmail's lack of IP from sent emails, the end specifically from a network admin expressing his grievances about Google's efforts being a hindrance to law enforcement.
https://ripe64.ripe.net/archives/video/25/
It is , however, standard practice for most SMTP providers to do this.
Aha, it was on reddit, and is here: https://moderncrypto.org/mail-archive/messaging/2014/000780....
Ah, and you're right, I misremembered what it said about that, indeed it says gmail does not do that. okay!
Obviously it _could_ if it wanted to, and other webmail might. But gmail does not, okay!
I don't really buy the theory, but that isn't really a counter argument...
Is it maybe because Bitcoin enthusiasts have a large overlap with monatery cranks who tend to be conspiracy theorists?
But if you have a billion dollars of gold in your basement, you should be very, very paranoid.
Even with perfect security, you'd still be a ransom target.
It might also occur to you to diversify out of the thing that puts you at risk. Maybe there's even some sort of establishment that can hold funds more securely. He should look into that.
To answer your question, actually, yes, it's almost proven to be the most effective measurement for one's safety: don't want to get hurt? Don't let people find you: get in a forest/ mountain range and hide.
"Or he's really right and everyone else is wrong."
added: then again, there's also something about HN's discussion structure (mainly lack of collapsing comments like Reddit has) that makes these derails get in the way much more than necessary. Reddit even has place for strings of puns without them significantly derailing the discussion.
Oh sorry what were we talking about? I thought this was the weekly "Where you should move to/away from" thread.
Why do you believe this? The concept predates widespread use of encryption and originally applied to things like physical locks. Their "security through obscurity" approach was custom mechanisms which were easily defeated shortly after development by determined thieves. This race between security experts (in their various incarnations) and security breakers (again, in their various incarnations) has been going on since the first person tried to secure some property with something more complex than a crossbar on a door. And this race continues, even in the information age, to occur in both the physical and information realms.
Thinking about it, I guess "security through obscurity" wasn't the correct term to use in the case. What I meant was simply that: there are completely valid reasons to keep your name and/ or location unknown, both for your safety, and otherwise convenience of life.
At close to 25 tonnes, and ~1.3m³, I'd like to see the engineering behind such a heist
But getting it out of there is fairly easy if you lack a conscience and have a van. If you had access to a slightly larger truck it would be easier still.
new favorite HN quote
I'm sure moving a couple cubic meters of gold isn't a problem if you're motivated.
http://www.nytimes.com/2012/12/20/business/arrests-made-in-m...
Are they heavily guarded?
Just wondering...
Some friends of mine trade large amounts of Bitcoin on a regular basis and there's never been much of a delay withdrawing. I doubt they are going to a bank to physically take out printed keys everyday for every transaction over $10,000 or phoning 5 people to combine keys. I bet the backups are kept in a safe deposit box, the cold wallet is likely an offline system anybody can walk up to with some kind of feeble authentication judging by past Bitcoin exchange incompetence.
Many of the smaller exchanges are using Blockchain.info wallets as their hot wallet too but won't admit it.
I think that's intended to be a feature and not a bug. With Bitcoin 'third party verification' means other people no longer use a service after you've generously sacrificed your money to demonstrate their incompetence or malice.
Prosecutors can be as intimidating as they wish, the government is free to use their magical NSA powers to recover the bitcoin. They can't compel someone to incriminate themselves. giving the wallet address to the prosecutor is effectively admitting to a crime, perhaps just conspiracy, but nonetheless that's self incrimination.
Go for memorization over tattooing.
What they can't do is say "only the person who committed this crime knows the password" and then force you to enter the password (since doing so would be self incrimination). It's when it's already known that you could enter the password that you can be compelled to.
http://en.wikipedia.org/wiki/Contempt_of_court#United_States
If i had so many bitcoins as Satoshi Nakamoto i would certainly not store them in my basement. I'd split my private key using n:m scheme and store them in secure deposit boxes in banks.
Like if someone steals my expensive Android phone, I'm not going to find Andy Rubin and punch him. Because that ... just wouldn't make any sense.
I think they probably know already. At least if the body guards are anything to go by.
I imagine the IRS really would like to audit him if he's an American citizen, however.
Keep in mind, the IRS can audit you out of what amounts to mere curiosity. Having your net worth go up by half a billion or whatever is the sort of thing that might raise some flags and cause someone to want to verify that you haven't realized any of those capital gains, gifted any of them to someone else off the record, or some other thing.
On the bright side, Satoshi Nakamoto should be able to afford a good tax attorney. He'd be a bit nutty not to have one already, honestly.
http://www.irs.gov/taxtopics/tc420.html
If it was a collective of people it is(might be) more likely that one of them is incompetent(and didn't configure TOR properly) where-as if it was a single competent/careful individual there's a smaller chance of a TOR mis-configuration and resulting IP-address leak.
I don't think it lends much credence to the 'multiple entities' theory at all personally, but that's the best I could come up with. Feel free to correct.
IP locations are kept in databases that have many limitations. Some examples of the limitations I found here in France:
- at best your ISP links your IP with the DSLAM location or simply the city for the most lazy. Sometimes there are mistakes: one of my friend living in the north of France has his IP "geolocated" in the south of France...
- lots of big corporations only give the address of their headquarters
- IP location from 3G/4G network is completely wrong 90% of the time
Hanlon's Razor is instructive here.
https://blockchain.info/address/19pta6x1hXzV9F5hHnhMARYbRjux...
http://p2pfoundation.ning.com/profile/SatoshiNakamoto
Satoshi Nakamoto posted a status:
"Tip Jar: 19pta6x1hXzV9F5hHnhMARYbRjuxF6xbbV"
[Quote]
nycgoat on September 08, 2014, 11:49:43 PM Is it possible that he deleted the e-mail address @gmx when he left the project and that it has been recycled? Someone else may have been able to sign up, then use the reset password feature on these other sites. It is likely that the @gmx address would have been destroyed at the conclusion of his participation in the project, as all relevant information and e-mails have been public from the beginning.
1) Satoshi finishes with Bitcoin and deletes GMX account 2) He does not delete other accounts (sourceforge, i2p, etc) 3) GMX account is recycled after x period of time 4) Person signs up for @gmx account after it is recycled 5) Passwords for other sites are reset because they still point to the @gmx e-mail address as a recovery 6) Person tries to profit by extortion and fails
This is probably the most likely scenario... and they probably don't have any of Satoshi's information because it is unlikely that any e-mails were still in the box when he re-set up the @gmx address.
[/Quote]
Peter Todd @petertoddbtc
"Interesting, got another forwarded email from "satoshi", from 2011 - indicates this was a hijacked account, not expired and re-registered."
----
Going to grab some popcorn, this might get pretty entertaining...
uh... yes, of course it is?
I'm not saying it is necessarily a good thing, especially for him personally, but it is undeniably interesting.
Why is Jack the Ripper still making headlines? Because the unknown breeds mystery, which is inherently entertaining to people.
He is Aaron Kosminski according to DNA probably.
1) A pastebin threating to dox Satoshi for 25 BTC: http://pastebin.com/7gbPi8Qr. Address has received less than .02 BTC thus far: https://blockchain.info/address/19pta6x1hXzV9F5hHnhMARYbRjux...
2) The GMX screenshots show 11k+ emails in the inbox, with one from as far back as June 2013
http://i.imgur.com/McgiZwb.png
http://i.imgur.com/lfCJeBI.png
Edit: To respond to https://news.ycombinator.com/item?id=8288579
Looks like "Phone 31x" under the email address, which is consistent with St Louis area code of 314.
edit: the item he ordered was a FPGA in mid 2013. He's really bothering with a single $400 miner in 2013...? He doesn't have enough BTC?
That's further evidence that someone placed an order on his email with a fake address for giggles.
We're being lied to. This is fake. The street address doesn't match the post code.
My assessment: The hacker created the order himself, with fake ID, fake address and doctored the timestamp.
63101 is the downtown area (right by the Arch) – not really a place most people live, but the kind of place you might get if you Googled "St Louis zip code".
Also amusingly, "198 Bruce Ave" (not Street as in the email) is right in the center of the area Google labels Ferguson, MO.
Now, after this much time since that order, that person will be the star of the next Newsweek article because they didn't want to use their real address when buying a miner.
Care to explain?
https://www.cardreaderfactory.com/download/documentation/lan...
EDIT: From the Wired article, it seems like the hacker corresponded with the Wired reporter via the email address (to prove authenticity?) and may have done the same with the Bitcoin developer as well, judging from timestamps.
The hacker gained access to the gmx.com mailbox - resets all of the third party accounts and still comes out with nothing of value?!!
1) So he has to fake an invoice to gain media buzz? I don't buy it.
2) What's in the outbox?
Except is St Louis Missouri street address and telephone number.
See also: "spam chinese emails from the future?" http://forums.androidcentral.com/samsung-galaxy-s3/278777-sp...
Creating a myth and story around the creator is brilliant to ensuring future relevance. I doubt this is a planned event; however, if the Satoshi did plan it... Wow tip my hat to you sir/ma'am
..... or is it....
https://blockchain.info/address/19pta6x1hXzV9F5hHnhMARYbRjux...
Confirmed with Photoshop myself using the imgur image links I got from this HN post.
[1]: http://www.wired.com/2014/09/satoshi/#comment-1580438754
- You can lookup orders tied to the e-mail address shatoshin@gmx.de - You cannot lookup order tied to gibberish accounts, like odn2n489n4@gmail.com
Proof: http://imgur.com/a/22z72