
The Satoshi Nakamoto SourceForge account has been hacked - jordhy
http://sourceforge.net/projects/bitcoin/
======
croddin
Satoshi's account on p2pfoundation.ning.com also made the first comment since
he said "I am not Dorian Nakamoto." back in March. It says:

"Dear Satoshi. Your dox, passwords and IP addresses are being sold on the
darknet. Apparently you didn't configure Tor properly and your IP leaked when
you used your email account sometime in 2010. You are not safe. You need to
get out of where you are as soon as possible before these people harm you.
Thank you for inventing Bitcoin."

[http://p2pfoundation.ning.com/forum/topic/listForContributor...](http://p2pfoundation.ning.com/forum/topic/listForContributor?user=0ye0gncqg772o)

~~~
rufugee
So could someone explain how an IP address would leak when using an email
account? I suppose potentially in the SMTP header, but this would assume he
was using a email server running on his own personal ip, right?

So is the guess here (assuming this is even true) that he had an email server
running at home, leaked the ip, and then was attacked when someone found it?

~~~
jrochkind1
gmail, for instance, includes the client IP address in mail headers.

I learned this myself recently from an article here on HN,
[https://news.ycombinator.com/item?id=2083798](https://news.ycombinator.com/item?id=2083798)

Haven't checked it myself, just reported there by a former gmail engineer in
the context of their anti-spammer efforts.

~~~
verroq
Gmail has NEVER included the IP in headers (you can easily check this
yourself). Hotmail/Outlook on the other hand ...

~~~
kijin
Depends on how you access Gmail. Webmail doesn't include your IP in the
headers. SMTP does.

~~~
verroq
Ah ok. I've only ever used webmail, it makes sense SMTP would include the IP.

------
shlorn
Intresting theory from
[https://bitcointalk.org/index.php?topic=775174.80](https://bitcointalk.org/index.php?topic=775174.80)

[Quote]

nycgoat on September 08, 2014, 11:49:43 PM Is it possible that he deleted the
e-mail address @gmx when he left the project and that it has been recycled?
Someone else may have been able to sign up, then use the reset password
feature on these other sites. It is likely that the @gmx address would have
been destroyed at the conclusion of his participation in the project, as all
relevant information and e-mails have been public from the beginning.

1) Satoshi finishes with Bitcoin and deletes GMX account 2) He does not delete
other accounts (sourceforge, i2p, etc) 3) GMX account is recycled after x
period of time 4) Person signs up for @gmx account after it is recycled 5)
Passwords for other sites are reset because they still point to the @gmx
e-mail address as a recovery 6) Person tries to profit by extortion and fails

This is probably the most likely scenario... and they probably don't have any
of Satoshi's information because it is unlikely that any e-mails were still in
the box when he re-set up the @gmx address.

[/Quote]

~~~
torgoguys
The behavior of the p2pfoundation "resurfacing" of Satoshi is different than
the sourceforge one, possibly indicating 2 people with some of Satoshi's
credentials, so in my mind that lends some credibility to the explanation on
the p2pfoundation post (Satoshi's info being sold to various buyers) as being
more likely.

~~~
Hermel
That does not contradict shlorn's hypothesis. One hacker gains access to
Satoshi's accounts through @gmx recycling. Then he sells those accounts
separately.

------
georgemcbay
[https://twitter.com/petertoddbtc/status/509145414008725504](https://twitter.com/petertoddbtc/status/509145414008725504)

Peter Todd ‏ @petertoddbtc

"Interesting, got another forwarded email from "satoshi", from 2011 -
indicates this was a hijacked account, not expired and re-registered."

\----

Going to grab some popcorn, this might get pretty entertaining...

~~~
unreal37
Interesting link. I'm sure there's a lot more to come if what they have is
true. But the comment about the popcorn doesn't seem right. Is it entertaining
to watch him get dox'ed? Shall we encourage hackers holding info for ransom?

~~~
georgemcbay
"Is it entertaining to watch him get dox'ed?"

uh... yes, of course it is?

I'm not saying it is necessarily a good thing, especially for him personally,
but it is undeniably interesting.

Why is Jack the Ripper still making headlines? Because the unknown breeds
mystery, which is inherently entertaining to people.

~~~
dredwerker
Apparently we know who Jack the ripper is now.
[http://www.nbcnews.com/science/science-news/was-it-aaron-
kos...](http://www.nbcnews.com/science/science-news/was-it-aaron-kosminski-
jack-ripper-dna-claims-get-ripped-n198506)

He is Aaron Kosminski according to DNA probably.

~~~
codezero
Will be vetted after his book has sold out. :)

------
berberous
More details via Wired:
[http://www.wired.com/2014/09/satoshi/](http://www.wired.com/2014/09/satoshi/)

1) A pastebin threating to dox Satoshi for 25 BTC:
[http://pastebin.com/7gbPi8Qr](http://pastebin.com/7gbPi8Qr). Address has
received less than .02 BTC thus far:
[https://blockchain.info/address/19pta6x1hXzV9F5hHnhMARYbRjux...](https://blockchain.info/address/19pta6x1hXzV9F5hHnhMARYbRjuxF6xbbV)

2) The GMX screenshots show 11k+ emails in the inbox, with one from as far
back as June 2013

~~~
8ig8
Mirrored screenshots here:

[http://i.imgur.com/McgiZwb.png](http://i.imgur.com/McgiZwb.png)

[http://i.imgur.com/lfCJeBI.png](http://i.imgur.com/lfCJeBI.png)

Edit: To respond to
[https://news.ycombinator.com/item?id=8288579](https://news.ycombinator.com/item?id=8288579)

Looks like "Phone 31x" under the email address, which is consistent with St
Louis area code of 314.

~~~
3rd3
That guy did a really bad job of blacking out sensitive information. It
probably nails the receiver down to only a couple of hundred people.

~~~
verroq
With a bit of levels adjustment and
[http://i.imgur.com/y0Ee8cl.png](http://i.imgur.com/y0Ee8cl.png)

We're being lied to. This is fake. The street address doesn't match the post
code.

My assessment: The hacker created the order himself, with fake ID, fake
address and doctored the timestamp.

~~~
reitanqild
> With a bit of levels adjustment

Care to explain?

~~~
berberous
Bumping the shadows/black levels so that they are brighter. Literally just
moving a single slider all the way to the right in photoshop or lightroom.
Just google 'levels', or here's a decent intro:
[http://www.cambridgeincolour.com/tutorials/levels.htm](http://www.cambridgeincolour.com/tutorials/levels.htm)

------
galoppini
Greetings,

We suspended s_nakamoto's account 2 hours and 17 minutes after the attacker
gained access to that account.

After generating a list of changes made, confirming method of attack, and
identifying no serious changes to project content, the project was restored to
its pre-attack state, and the compromised user account was removed from the
project.

Risk to the community is believed to be low, as file content wasn't modified.

Regards,

Roberto Galoppini, SourceForge.net

See [https://sourceforge.net/p/forge/site-
support/8512/](https://sourceforge.net/p/forge/site-support/8512/)

------
patio11
It's looking like his email address got recycled, and someone is using that to
request password resets on accounts associated with it.

~~~
3pt14159
Actually it doesn't:
[https://twitter.com/petertoddbtc/status/509145414008725504](https://twitter.com/petertoddbtc/status/509145414008725504)

------
jordhy
Hackers have changed bitcoin's description to read:

Buttcoin is a peer-to-peer butt. Peer-to-peer means that no central authority
issues new butts or tracks butts. These tasks are managed collectively by the
network. It’s like a bitcoin, but with butts instead.

~~~
80ProofPudding
Starting to wish these guys would hire writers. So much more exposure for
saying something clever or funny... but no. Butts.

~~~
snorrah
Butts are always funny

------
r721
theymos: "satoshin@gmx.com is compromised"

[https://bitcointalk.org/index.php?topic=775174.0](https://bitcointalk.org/index.php?topic=775174.0)

------
austinheap
If you take the screenshot showing the leaked e-mail from an order 'he' placed
at CardReaderFactory, you get an interesting data point:

\- You can lookup orders tied to the e-mail address shatoshin@gmx.de \- You
_cannot_ lookup order tied to gibberish accounts, like odn2n489n4@gmail.com

Proof: [http://imgur.com/a/22z72](http://imgur.com/a/22z72)

~~~
sktrdie
And what does this say?

~~~
tomwilde
That a legitimate order exists and has been placed using satoshi's email
address.

~~~
3rd3
The address is invalid.

------
kintamanimatt
Seems to have been reverted now.

------
thejj
A bitcoin address appeared on satoshi's profile page:

[https://blockchain.info/address/19pta6x1hXzV9F5hHnhMARYbRjux...](https://blockchain.info/address/19pta6x1hXzV9F5hHnhMARYbRjuxF6xbbV)

[http://p2pfoundation.ning.com/profile/SatoshiNakamoto](http://p2pfoundation.ning.com/profile/SatoshiNakamoto)

Satoshi Nakamoto posted a status:

"Tip Jar: 19pta6x1hXzV9F5hHnhMARYbRjuxF6xbbV"

------
jonalmeida
One of the comments on the Wired post[1] shows that the email from
CardReaderFactory is a hoax: you can see the person's name using the Levels
tool in Photoshop.

Confirmed with Photoshop myself using the imgur image links I got from this HN
post.

[1]:
[http://www.wired.com/2014/09/satoshi/#comment-1580438754](http://www.wired.com/2014/09/satoshi/#comment-1580438754)

~~~
vincentkriek
What makes this a hoax? Couldn't that person be Satoshi?

~~~
maximumoverload
Apparently, that address does not exist.

------
chj
How can you blackmail a person for digital information you steal? Who knows if
you won't blackmail again?

~~~
eru
How's that different from non-digital information?

~~~
chj
There is at least an original copy.

~~~
eru
Yes, but a very slight degradation in making an analog copy of some pictures
or records won't degrade their blackmail value.

------
Aqueous
I won't post a working link to the images but I did view them and the top-most
email says it was sent 12/6/22, a date that has not occurred yet. So this is
either a bug in GMX that doesn't validate timestamps or he didn't finish his
otherwise convincing photoshop job :-)

~~~
markbao
The email in question looks like a Chinese spam email, which are often sent
with dates in the future to show up at the top of date-sorted inboxes.

See also: "spam chinese emails from the future?"
[http://forums.androidcentral.com/samsung-
galaxy-s3/278777-sp...](http://forums.androidcentral.com/samsung-
galaxy-s3/278777-spam-chinese-emails-future.html)

~~~
Aqueous
Strange. I've never noticed such an email in my inbox. I would have thought
that a future timestamp would be flagged by their spam heuristics.

------
nogridbag
I believe Satoshi Nakamoto is zohar002. This is my belief... At least for now!

[http://www.destructoid.com/blogs/Hyper+Lemon+Buster+Cannon/t...](http://www.destructoid.com/blogs/Hyper+Lemon+Buster+Cannon/the-
legend-of-zohar002-244052.phtml)

------
sktrdie
This makes me wonder whether the "I am not Dorian Nakamoto" message left on
p2pfoundation is also a fake. It did seem weird back then that instead of
signing a message using his well known public key, he decided to use a p2p
forum to announce the fact.

------
artursapek
Heh, so far this guy has earned about 10 bucks.

[https://blockchain.info/address/19pta6x1hXzV9F5hHnhMARYbRjux...](https://blockchain.info/address/19pta6x1hXzV9F5hHnhMARYbRjuxF6xbbV)

------
return0
Whoever satoshi is/are, it's a good opportunity to step forward and become the
public face of bitcoin without this stupid hide-and-seek.

------
aburan28
Couldn't this person who has Satoshi's GMX email then reset the passwords on
any of Satoshi's existing accounts?

------
jokoon
if he has a lot of bitcoins, wouldn't it be smarter for him to just sell them
right now ?

I mean it's much safer to have real money in a bank account than to have
bitcoins.

~~~
fiatjaf
If he sell any of them it will be easy to track him down.

~~~
jokoon
why track him down ?

------
mzs
What was there? It is just the bitcoin SF page now.

~~~
raphman
Someone apparently defaced the project description replacing "Bitcoin" with
"Buttcoin" and so on. Someone else apparently restored the original version.

~~~
mzs
Thanks

------
mykhal
more relevant link: [https://archive.today/odPyB](https://archive.today/odPyB)

------
sartrt
[http://pastebin.com/vAwmBBpC](http://pastebin.com/vAwmBBpC)

------
tripzilch
I just ploughed through the thread on the bitcointalk forum. (disclaimer: a
lot of the following summary is based on hearsay and lacks evidence)

Some kid hacked the satoshin@gmx.net mailbox, by guessing the birthdate
forgot-password check on gmx.net (yes, it sounds kind of unbelievable to me as
well).

He probably used this email to gain access to the SourceForge account, and
wrote some juvenile texts about "buttcoin" (everything seems to have been
reverted now, see
[https://news.ycombinator.com/item?id=8293062](https://news.ycombinator.com/item?id=8293062)
).

He also used the mailbox to gain access to Satoshi's account on
p2pfoundation.ning.com, which is the same place where the "Dorian is not
Satoshi" message was posted a while back when some news media thought they
found SN. Then he used this account to try and pull off a "give me 25BTC or
I'll release SN's dox" scam. Nobody in the bitcointalk thread seems to believe
the kid actually has SN's dox, because Satoshi was clever enough not to leave
personal info in that mailbox.

The kid also used the email to try and threaten the bitcointalk forum admin
("send me some coins before I hitman you" ...). The forum admin seems fine to
just let it be, because no real damage has been done, it was just a kid and by
now the kid and his family have been doxed, who's probably scared shitless
right now realizing what sort of serious business he's been messing with.

Adrian Chen tried to mail satoshin@gmx.net with some questions, and in
response got a screenshot of the mailbox, "proving" it was indeed under
someone else's control:
[https://twitter.com/AdrianChen/status/509162847130370048/pho...](https://twitter.com/AdrianChen/status/509162847130370048/photo/1)
. There's a second screenshot of some invoice of someone ordering a bitcoin-
mining device, with the address info photoshopped out--which was done badly
because someone on Reddit quickly revealed part of the name and address. But
that order seems partially fake, just some guy that thought it was funny to
enter Satoshi's email when ordering the device.

It's assumed the kid no longer has access to the satoshin@gmx.net mailbox.
Again I didn't see these claims substantiated either.

All in all, someone smarter could have done a LOT more damage with this hack.
But whoever did this really screwed it up. There might be some unintended
clues about Satoshi's identity in that mailbox, but it seems like whoever got
access isn't clever enough to string all that together (tying it with the
research done into his identity so far). So unless the whole mailbox gets
dumped somewhere, that's it, case closed?

------
notastartup
What are the signs that it has been hacked, the sourceforge page looks
correct, has it been recovered?

~~~
berberous
They changed the description to "buttcoin" (which has now been reverted), made
some private information public, and removed the administrators. See:
[http://www.reddit.com/r/Bitcoin/comments/2fuuzf/the_old_now_...](http://www.reddit.com/r/Bitcoin/comments/2fuuzf/the_old_now_unused_bitcoin_sourceforge_project/)

------
WoodenChair
Could this be a government posing as a hacker in order to discredit the threat
to mainstream currencies? I don't think so, but I do think conspiracy theories
will be abound!

~~~
programmarchy
I'll play. My conspiracy theory is that this is a PR stunt by gmx.com to
advertise their email service. Motive and opportunity!

~~~
fredoliveira
Funny theory, but then again, it wouldn't be great advertising considering the
gmx account was compromised. Which maybe makes it funnier.

------
k0dog
I wonder if this could be Satoshi creating an additional layer of complexity
in the hunt for his/her identity. By compromising his email address and web
properties he can basically direct the masses in any direction he/she wants
to. While ensuring that they have false bits of information seeded within
them.

Creating a myth and story around the creator is brilliant to ensuring future
relevance. I doubt this is a planned event; however, if the Satoshi did plan
it... Wow tip my hat to you sir/ma'am

~~~
mparlane
And what if you are Satoshi, and you created this account to create a third
dimension of complexity.

~~~
k0dog
What if I created a 2nd account to make my first comment seem absurd?

~~~
mrfabbri
"It's Satoshi all the way down"

~~~
joncrocks
Nah. For example, this isn't Santoshi.

..... or is it....

