Back on September 8, 2014 Satoshi’s first email address, [email protected], was hacked. A great synopsis and investigation relating to that can be found on the Bitmex blog. However, it and other internet sleuths missed some key clues as to what it revealed with the leaked screenshot of the alleged e-commerce order (which many people have incorrectly concluded was fake). I go through this specifically here and then offer a more compelling explanation for what took place.
1. The leaked screenshot of Satoshi’s alleged e-commerce order:
A Lancelot was a type of bitcoin mining device at the time. Naturally, online researchers worked to find out what was under the black digital paint applied to the invoice to hopefully reveal Satoshi’s identity. The method used, increasing exposure using Photoshop or Gimp was something I was able to independently reproduce. The result was a name that looked like Anthony Geary at ?198 Bruce Street.
2. Exposure applied to the screenshot
The main problem with the contents underneath is that there is no Bruce Street in St. Louis, MO 63101. A name can be faked but one cannot ship items to a fake address. The name Anthony Geary also reflects the name of a famous actor while the phone number looks like it either starts with 310 (Los Angeles) or 314 (St. Louis). Aside from the street address being invalid, any prankster could have used Satoshi’s email address when placing an order from a shady international site. And it was definitely shady because the owner of the site was later arrested for bank and ATM fraud.
So case closed, right?
Not so fast. Prior to this evidence being re-considered at all, I had already concluded that Satoshi Nakamoto’s true identity is probably Jack Dorsey, co-founder of Twitter and Block (f/k/a/ Square). Considering Dorsey is from St. Louis, his family lives there, his co-founders of Block live and work there (Jim McKelvey, Robert E. Morley Jr.), and Block touts itself as being a native St. Louis-born company, it’s uncanny that this leaked screenshot that was used to try and blackmail Satoshi would plainly state that the recipient was located in St. Louis. In all the cities on planet Earth that someone would use as a goof, the odds that they’d pick St. Louis is 1/10,000, a .01% chance that it would match up, and at a time (2014) when no one on Earth suspected Jack Dorsey. I should note that FIVE people in the St. Louis Bitcoin community had just gotten together 2 weeks earlier. It was put together by Ryan Dickherber, aka Astrohacker, an attorney and Bitcoin enthusiast. So for full disclosure, Dorsey and co weren’t the only St. Louis natives interested in Bitcoin.
While the hacker obviously used the black paintbrush feature to cover the address, they probably erased the original contents first and replaced them with something else prior to doing that. That’s because the only way to have leverage over Satoshi would be to reveal just enough (St. Louis) without risking that any more identifiable information would lead others to figure it out on their own.
Here’s what you need to know about this order:
ONE: Users had to pay CardReaderFactory first and then wait for the equipment to arrive in the mail after. That means that if this is a real order, they already paid. The company accepted bitcoin at the time so even though it says cash, it was probably bitcoin.
TWO: The Lancelot price matches the price on the site at the time. See proof here.
THREE: Lancelot shipments were confirmed on June 14, 2013 and stated that they had gone out by DHL. We know this because the Lancelot was built and marketed on the Bitcointalk forum by Blackarrow and he confirmed to forum users that they had finally shipped all pending orders out around June 14, 2013 by DHL.
That means that even if the image was doctored, it was from a real Lancelot order that went out around June 14, 2013, which would’ve been to a very small number of people who used the Bitcointalk forum. And of those people, a prankster would’ve had only a .01% chance of doctoring the photo with the random city of St. Louis. And that brings me to the next point. In what context was this order used as blackmail?
After the hacker gained access to the email account, they were able to access old conversations that Satoshi had in 2011, which can be found here. The hacker then posted this threat to Satoshi on the P2P Foundation Forum:
“Dear Satoshi. Your dox, passwords and IP addresses are being sold on the darknet. Apparently you didn`t configure Tor properly and your IP leaked when you used your email account sometime in 2010. You are not safe. You need to get out of where you are as soon as possible before these people harm you. Thank you for inventing Bitcoin.”
Releasing the so called “gods” dox if my address hits 25 BTC.
And no, this is not a scam, you can see the below screenshots for proof of inbox ownership and a little teaser.
BTC: 19pta6x1hXzV9F5hHnhMARYbRjuxF6xbbV
Same one posted on p2pfoundation^
Teasers:
https://www.anonimg.com/img/09f6cc92952dc4d539b21cad8daa2adf.png
https://www.anonimg.com/img/045d00e4624fb3c3ffc7056af07317d0.png
The blackmail was the 2nd image, the e-commerce order showing St. Louis. Oddly, TWO people with access to Satoshi’s email then did an interview with Vice. Vice asked the first hacker if he was certain about Satoshi’s true identity.
“[n]ot certain. 80% sure it’s him though. People are saying all sorts of different people are SN,” the hacker wrote to Vice. “Satoshi is smart and will have tried to put the people looking for him on the wrong path. This is why I can’t be sure.”
When asking about the Lancelot order, this hacker said it was “bullshit” and just ended up in the inbox through “a random guy who decided to use Nakamoto’s email when ordering some mining equipment…the real Satoshi isn’t retarded enough to make a mistake like that.”
The second hacker, named Savaged aka Nitrous aka Clerk, who is notorious on the internet because he previously hacked Roger Ver and swatted Hal Finney (allegedly), claimed that the emails he accessed allowed him to be 100% sure of Nakamoto’s identity, that he had already reached out to the real Satoshi, and that the first hacker Vice interviewed was Satoshi pretending to be a hacker to throw Vice off the scent.
“Maybe Satoshi will decide to donate some BTC to make me vanish in thin air and have no traces of his information anywhere,” he said, adding that he “realized I could just collect bounty or blackmail.”
Given the first hacker’s odd defensive posture over Satoshi, the second hacker’s claim (Savaged) seems fairly credible. Both hackers, as it was, were able to prove to Vice that they could email from the account, but Savaged had previously managed to obtain Roger Ver’s Social Security number, passport number, and other personal information while also being known as a terror in the gaming community for his reign of sim swapping, doxxing, and swatting. To suggest that he would be so befuddled by the contents of an inbox that a “bullshit” invoice would completely fool him is a leap.
Further, Savaged also did an interview with Wired where he said that “The fool used a primary gmx under his full name and had aliases set up underneath it. He’s also alive.”
While it is true that anyone on the entire internet could have placed an order online using Satoshi’s email address even if they had no access to it whatsoever, one must contend with the odds that they would have used Jack Dorsey’s hometown as the delivery address or that an experienced hacker would later be so confident in its authenticity that he’d rely on it to publicly try and blackmail Satoshi into paying a ransom.
An additional quirk in the story is that the ransom was never paid and yet Savaged never delivered further on his threat.
It should be noted that the person who authored the 2024 blog post (Jonathan Bier) re-exploring the 2014 hack admitted to also accessing Satoshi’s email account back in September 2014. Of that experience, he wrote:
On the Monday 8th September or Tuesday 9th September 2014 I was at work in London. My account relates to a very short period of time, perhaps around two minutes. I saw the news that Satoshi’s email account was hacked and I was keen to read as much as possible, another exciting drama day in Bitcoin. I quickly saw that not only was the account hacked, but Satoshi’s password had been leaked. I was then able to find the password, perhaps from text on a Pastebin link. Without thinking, I then went to the GMX website, entered the credentials and logged in. It worked! Somehow I had access to Satoshi’s email account.
– Jonathan Bier, April 2, 2024
Bier is a public figure in crypto and an author on the subject. He alludes in the blog post that he somehow did not know how to sort emails by oldest and as such was unable to look so far back in the account’s history.
I then noticed some emails for what appeared to be e-commerce related orders for consumer electronics. No way, I thought, Satoshi wouldn’t do that! That would reveal Satoshi’s address and payment details! Then it quickly dawned on me that these were very recent emails. These were probably either fake orders or perhaps real orders, where for some reason the customer used Satoshi’s email.
What’s unique to Bier’s account is that he indicated that there were multiple recent orders for consumer electronics, not just one. In any case, interest in the hack died down with the population at large concluding that Satoshi’s identity had not actually been released. And the only piece of information left out there for people to ponder about is why a legendary notorious hacker was so sure that Satoshi Nakamoto was connected to St. Louis, Missouri.
One speculative explanation for the above is that if Savaged was telling the truth when he said that “Satoshi used a primary gmx under his full name” then it would serve as a basis for why he’d be so confident in using St. Louis to taunt Satoshi into being blackmailed. While it might sound absurd to suggest that Satoshi would be that reckless, the evidence fingering Jack Dorsey as Satoshi also indicates that he was not so secretive about being Satoshi at all. For example, there are 2 novels published around the same time period (Hacktivist 1 – 2013 and Hacktivist 2 – 2015) that were authored by his best friend that openly feature a main character based on Jack that appear to intentionally doxx him as Satoshi. Jack authored the Note that sits inside the first book.
If one were to examine Jack Dorsey’s attachment to the Satoshi identity today, for example, they’d find that he has made wearing a shirt that says “Satoshi” on it his personal brand. You be the judge.