Back on September 8, 2014 Satoshi’s first email address, [email protected], was hacked. A great synopsis and investigation relating to that can be found on the Bitmex blog. However, it and other internet sleuths missed some key clues as to what it revealed with the leaked screenshot of the alleged e-commerce order (which many people have incorrectly concluded was fake). I go through this specifically here.
1. The leaked screenshot of Satoshi’s alleged e-commerce order:
A Lancelot was a type of bitcoin mining device at the time. Naturally, internet sleuths worked to find out what was under the black digital paint applied to the invoice to hopefully reveal Satoshi’s identity. The method used, increasing exposure using Photoshop or Gimp was something I was able to independently reproduce. The result was a name that looked like Anthony Geary at ?198 Bruce Street.
2. Exposure applied to the screenshot
The main problem with the contents underneath is that there is no Bruce Street in St. Louis, MO 63101. A name can be faked but one cannot ship items to a fake address. The name Anthony Geary also reflects the name of a famous actor while the phone number looks like it either starts with 310 (Los Angeles) or 314 (St. Louis). Aside from the street address being invalid, any prankster could have used Satoshi’s email address when placing an order from a shady international site. And it was definitely shady because the owner of the site was later arrested for bank and ATM fraud.
So case closed, right?
Not so fast. Prior to this evidence being re-considered at all, I had already concluded that Satoshi Nakamoto’s true identity is probably Jack Dorsey, co-founder of Twitter and Block (f/k/a/ Square). Considering Dorsey is from St. Louis, his family lives there, his co-founders of Block live and work there (Jim McKelvey, Robert E. Morley Jr.), and Block touts itself as being a native St. Louis-born company, it’s uncanny that this leaked screenshot that was used to try and blackmail Satoshi would plainly state that the recipient was located in St. Louis. In all the cities on planet Earth that someone would use as a goof, the odds that they’d pick St. Louis is 1/10,000, a .01% chance that it would match up, and at a time (2014) when no one on Earth suspected Jack Dorsey. I should note that FIVE people in the St. Louis Bitcoin community had just gotten together 2 weeks earlier. It was put together by Ryan Dickherber, aka Astrohacker, an attorney and Bitcoin enthusiast. Clearly, Dorsey and co weren’t the only St. Louis natives interested in Bitcoin.
While the hacker obviously used the black paintbrush feature to cover the address, they probably erased the original contents first and replaced them with something else prior to doing that. That’s because the only way to have leverage over Satoshi would be to reveal just enough (St. Louis) without risking that any more identifiable information would lead others to figure it out on their own.
Here’s what you need to know about this order:
ONE: Users had to pay CardReaderFactory first and then wait for the equipment to arrive in the mail after. That means that if this is a real order, they already paid. The company accepted bitcoin at the time so even though it says cash, it was probably bitcoin.
TWO: The Lancelot price matches the price on the site at the time. See proof here.
THREE: Lancelot shipments were confirmed on June 14, 2013 and stated that they had gone out by DHL. We know this because the Lancelot was built and marketed on the Bitcointalkforum by Blackarrow and he confirmed to forum users that they had finally shipped all pending orders out around June 14, 2013 by DHL.
That means that even if the image was doctored, it was from a real Lancelot order that went out around June 14, 2013, which would’ve been to a very small number of people who used the Bitcointalkforum. And of those people, a prankster would’ve had only a .01% chance of doctoring the photo with the random city of St. Louis. And that brings me to the next point. In what context was this order used as blackmail?
After the hacker gained access to the email account, they were able to access old conversations that Satoshi had in 2011, which can be found here. The hacker then posted this threat to Satoshi on the P2P Foundation Forum:
“Dear Satoshi. Your dox, passwords and IP addresses are being sold on the darknet. Apparently you didn`t configure Tor properly and your IP leaked when you used your email account sometime in 2010. You are not safe. You need to get out of where you are as soon as possible before these people harm you. Thank you for inventing Bitcoin.”
Releasing the so called “gods” dox if my address hits 25 BTC.
And no, this is not a scam, you can see the below screenshots for proof of inbox ownership and a little teaser.
BTC: 19pta6x1hXzV9F5hHnhMARYbRjuxF6xbbV
Same one posted on p2pfoundation^
Teasers:
https://www.anonimg.com/img/09f6cc92952dc4d539b21cad8daa2adf.png
https://www.anonimg.com/img/045d00e4624fb3c3ffc7056af07317d0.png
The blackmail was the 2nd image, the e-commerce order showing St. Louis.
Oddly, TWO people with access to Satoshi’s email then did an interview with Vice. Vice asked the first hacker if he was certain about Satoshi’s true identity.
“[n]ot certain. 80% sure it’s him though. People are saying all sorts of different people are SN,” the hacker wrote to Vice. “Satoshi is smart and will have tried to put the people looking for him on the wrong path. This is why I can’t be sure.”
When asking about the Lancelot order, this hacker said it was “bullshit” and just ended up in the inbox through “a random guy who decided to use Nakamoto’s email when ordering some mining equipment…the real Satoshi isn’t retarded enough to make a mistake like that.”
The second hacker, who is rather infamous on the internet, named Savaged, claimed that the emails he accessed allowed him to be 100% sure of Nakamoto’s identity, that he had already reached out to the real Satoshi, and that the first hacker Vice interviewed was Satoshi pretending to be a hacker to throw Vice off the scent. Savage was confident this was the case.
“Maybe Satoshi will decide to donate some BTC to make me vanish in thin air and have no traces of his information anywhere,” he said, adding that he “realized I could just collect bounty or blackmail.”
In retrospect, it is indeed unusual that the first hacker would be so defensive about the invoice or Satoshi’s intelligence. Both hackers were able to prove to Vice that they could email from the account. If Savaged was telling the truth, that the first “hacker” was really Satoshi, then it would have made more sense to cast the e-commerce order as possibly genuine rather than to call it bullshit. Besides, what kind of hacker says their victim that they easily hacked wouldn’t be “retarded enough to make a mistake like that” when obviously he made such a huge mistake that he was hacked.
Furthermore, the second hacker had a huge reputation for being a genuine hacker. He was already known for attempting to blackmail Roger Ver. He stole Ver’s Hotmail account and used it to obtain his Social Security number, passport number, and other personal information. Savaged was also known to terrorize the Call of Duty gaming community and would allegedly sim swap them, dox them, and swat them. Suffice to say that his track record indicates he would be intelligent enough to figure out Satoshi’s real identity from hacking his email and at the same time realize that it would be easy for ANYONE to place an order online using Satoshi’s email address. Nevertheless, the hacker chose St. Louis specifically as a locale belonging to Satoshi in an attempt to blackmail him.
Additionally, the first “hacker” alleged to really be Satoshi used a curious word choice (“retarded”) while trying to immitate an immature hacker, something that wouldn’t stand out until ten years later when new information about the real Satoshi came to light. That’s because it’s a word that Satoshi himself used in a comfortable setting with Marti Malmi in an email exchange between them in 2009.
“I know this sounds really retarded, but I still haven’t been able to get the sourceforge login page to load, so I haven’t been able to read it either.”
– Satoshi Nakamoto, July 21, 2009
So, putting into context that the renowned hacker (Savaged) had access to Satoshi’s emails going back to 2011, was 100% confident that he had figured out Satoshi’s identity, that he put out a teaser saying that Satoshi had equipment delivered to St. Louis as part of his blackmail campaign, and a 2nd “hacker” saying that Satoshi would never be that dumb, it stands to reason that the order with a St. Louis address was legitimate, the question is really whether or not it was Satoshi who placed the order or someone else in St. Louis that just used Satoshi’s email address. If it’s the latter, it would be a very narrow group of suspects. And for a purchase that many on the forum were debating as expensive, it would stand to reason that the downside to using Satoshi’s email as a joke would mean they had no paper trail confirmation that the order was being shipped. Perhaps that’s the pain they could bear considering the equipment in question and the origin of where it was coming from. One could see why the buyer of a bitcoin mining device purchased in bitcoin from a website overseas run by a criminal might want the added protection of using a phony email address. At the same time, why risk sending this confirmation to an email that every intelligence agency in the world probably had eyes on? That’s a huge gamble!
Lastly, the person who authored the 2024 blog post (Jonathan Bier) re-exploring the 2014 hack admitted to also accessing Satoshi’s email account back in September 2014. He wrote:
On the Monday 8th September or Tuesday 9th September 2014 I was at work in London. My account relates to a very short period of time, perhaps around two minutes. I saw the news that Satoshi’s email account was hacked and I was keen to read as much as possible, another exciting drama day in Bitcoin. I quickly saw that not only was the account hacked, but Satoshi’s password had been leaked. I was then able to find the password, perhaps from text on a Pastebin link. Without thinking, I then went to the GMX website, entered the credentials and logged in. It worked! Somehow I had access to Satoshi’s email account.
– Jonathan Bier, April 2, 2024
Bier is a public figure in crypto and an author on the subject. He alludes in the blog post that he somehow did not know how to sort emails by oldest and as such was unable to look so far back in the account’s history.
I then noticed some emails for what appeared to be e-commerce related orders for consumer electronics. No way, I thought, Satoshi wouldn’t do that! That would reveal Satoshi’s address and payment details! Then it quickly dawned on me that these were very recent emails. These were probably either fake orders or perhaps real orders, where for some reason the customer used Satoshi’s email.
He was then purportedly logged out with no way to get back in.
Did the real Satoshi Nakamoto have an address in St. Louis? A real hacker already known to dox and blackmail high profile figures seemed 100% confident that he had him dead to rights. I guess we’ll never know for sure.