It appears that Satoshi Nakamoto’s GMX email account, which he originally used to announce Bitcoin in the P2P Foundation’s Ning forum, has been hacked. The hacker has used the account to post a warning to Satoshi in our forum. The following article, written by Robert McMillan, was originally published at Wired.com.
“Dear Satoshi. Your dox, passwords and IP addresses are being sold on the darknet. Apparently you didn’t configure Tor properly and your IP leaked when you used your email account sometime in 2010. You are not safe. You need to get out of where you are as soon as possible before these people harm you. Thank you for inventing Bitcoin.”
Someone has taken over the email account belonging to bitcoin’s secretive creator, Satoshi Nakamoto, saying he will sell Nakamoto’s secrets for money.
The hacker, who told WIRED his name is “Jeffrey,” claims to have also obtained information on Nakamoto that could be used to unmask his identity. Jeffrey didn’t tell us much, but when we asked him how he managed to take control over the [email protected] email address that Nakamoto had used for some of his correspondence, he wrote: “The fool used a primary gmx under his full name and had aliases set up underneath it. He’s also alive.”
In a Pastebin post, Jeffrey said he will release Satoshi’s secrets if someone pays 25 bitcoins—about $12,000 to his bitcoin address. He says he has email messages dating back to 2011. A programmer (or group of programmers) going by the name Satoshi Nakamoto released the open source software that drives the bitcoin digital currency in 2009. Ever since, as has bitcoin expanded into a worldwide phenomenon, people have tried to unmask its creator, but his true identity has never been sufficiently proven.
Jeffrey wouldn’t say how he took over Nakamoto’s account, and he didn’t respond to many of our questions. But it looks like he leveraged the gmx.com address to take over other Nakamoto accounts. One was used Monday to post a message to the P2P Foundation website. Another to deface an old bitcoin developer page on the Sourceforge open-source coding site.
In his P2P Foundation message, Jeffrey claimed that information about Nakamoto was already being sold online. “Apparently, you didn’t configure Tor properly and your IP leaked when you used your email account sometime in 2010. You are not safe. You need to get out of where you are as soon as possible before these people harm you.”
But Jeffrey didn’t provide any evidence to substantiate this claims. And it’s not clear what information he really has on bitcoin’s creator.
Satoshi Nakamoto disappeared from the public eye back in 2010, so it’s possible that after a few years of disuse, the webmail provider that runs Nakamoto’s account, GMX.com, simply allowed somebody new to register the [email protected] address. Based in the U.K., GMX.com couldn’t immediately be reached for comment.
A more intriguing possibility, however, is that the account was hacked. If that’s true, Jeffrey could have access to a treasure trove of private Satoshi Nakamoto emails. And that information could help unmask Nakamoto’s true identity.
Michael Marquardt, the head administrator of the Bitcointalk.org discussion forum, says that Jeffrey sent him an excerpt of an email he’d sent to Nakamoto back in March of this year. “So either the email account was compromised since March,” he says, “or the attacker gained access to old emails when he compromised the account.”
“I’m pretty sure,” Marquardt says, “that this is just some troll in it for the laughs.”
Andy Greenberg contributed to this story.