Hacker News new | past | comments | ask | show | jobs | submit login
The Well Deserved Fortune of Satoshi Nakamoto, Bitcoin creator (bitslog.wordpress.com)
273 points by aurelianito on Apr 18, 2013 | hide | past | web | favorite | 180 comments

There's an interesting point in the bitcoin forums that someone basically had to mine the entire first year or two, just to ensure the network even existed. If someone downloaded a client to play around with it and there was no network to connect to, the project would never take off.

So it's possible Satoshi ran a client or two for that purpose, which had the side-effect of mining coins.

To me, this seems like a very likely scenario. Almost required, even.

Another interesting comment- if enough miners agreed, coins from the Satoshi blocks could just be blacklisted from the network. Some irony there, eh?

> "if enough miners agreed, coins from the Satoshi blocks could just be blacklisted from the network. Some irony there, eh?"

Well, if enough miners agreed, anything can happen, but I doubt you'd get the required majority. It would undermine the entire system.

There's previously been talk supporting blacklists for stolen coins.

I suspect it's the sort of thing that will increase in pressure if bitcoin grows much further. It wouldn't surprise me if blacklisting eventually happens in some form or another.

Sometimes listening to BitCoin proponants is hilarious. They point out all the disadvantage of current money transfer systems and how BitCoin will solve them ("No chargebacks! No transaction fees! No-one can take your money!"). Then when you quiz them, they'll admit people'll probably build systems like that on top of bitcoins ("Well people'll probably use escrow services on top of bitcoin to prevent dishonest merchants, and eventually there'll be transaction fees from the miners"). It looks like they are even talking about removing the "no-one can take your money" aspect!

This theme occurs often in software development. Someone sees a system that is very complex, old, difficult to understand, and has some known bugs. They implement a simpler, cleaner, new system with fewer known bugs and a handful of missing features. If it takes off, the missing features are added, often by people less intimately familiar and more likely to introduce a few bugs. The cycle repeats.

You're right, of course, but it's worth noting that the current system of national fiat currencies with floating exchange rates isn't very old at all. Commodity currencies (especially metallic standards), in which the money supply is bound to a good of fixed supply, are much older and more thoroughly debugged. Bitcoin, as a virtual fixed-supply commodity, is thus built on a firm theoretical foundation.

What? Commodity currencies are not fool proof. If you find more of the commodity, your currency suffers. This happened to Spain after they started colonizing the Americas. They found lots of silver, and their economy tanked.

As a Bitcoin enthusiast, I am just as annoyed at those people. The lack of chargebacks has its ups and downs, and for cases when the ups outweigh the down, you'll want to layer protocols on top that allow for escrow-like services (including chargebacks), which bitcoin allows, and which people already do with other currencies.

> "Well people'll probably use escrow services on top of bitcoin to prevent dishonest merchants..."

Probably? There are already escrow services for Bitcoin that heavily used.

One would think that people on Hacker News, of all places, would appreciate the distinction between "opt-in" and "opt-out".

You havent been listening to them closely enough then. There are transaction fees in bitcoin, and always have been. The point is that they should stay low because the system as a whole does not carry the burden of chargebacks and establishing trust.

Oh yes, bitcoin has always had the option of transaction fees, i think it's 0 now? But when promoting bitcoin, people often claim there will be none, or money can be tranfered for free.

There can and there are. When you start using bitcoin (with exchangers like Mt.Gox and with the satoshi client, and community in #bitcoin-otc) you learn quickly that paying a fee is a way to get more miners to pay attention to your block, but that your tx will likely go through without any fee.

Some day it's possible that you will have to mine a block to publish your own transactions! Not likely though, there will always be people willing to take less money to do it for you. And you're both right, if you start taking away the features then it undermines the advantages that generally bring users to bitcoin. Who knows what will happen. It's a software system with majority rules.

Default fees differ between clients, but most let you override. Note typically fees are per kb of data in the transaction.


This lets you predict how long your transaction will take based on the amount sent and the fee attached. It does not consider coin age, minimum transaction fees, or kb transaction size.

I've made this comment here before, but the possibility of this happening concerns me. The 51% attack is a known potential issue of Bitcoin, but the more subtle problem is that Bitcoin is essentially a sort of democracy where voting power is proportional to computing power. The miners collectively have the power to change the way Bitcoin works, and it's up to them to not abuse that power (although Bitcoin would quickly drop in value if that power was abused).

This matters for decisions like blacklisting stolen Bitcoins, because it causes deflationary pressure, making all future Bitcoins mined more valuable. Note that about half of all Bitcoins are yet to be mined, and they will all start out in the wallets of miners.

But the same attack is available on other forms of currency.

Take gold, for instance. If a majority of the people who find gold to be valuable were to agree that they should value Palladium instead and stop using gold, then gold would drop in value and palladium would take over. The people who own palladium could even go around to the gold users and bribe them with some palladium to get them to go along.

Now, there is one important difference between my "gold" example and bitcoins. With bitcoin, there are two populations: the users of bitcoin and the subset of those who are miners. For a change to bitcoin, only miners need to agree -- but that's not as much of a limitation as it seems. For instance, if all the miners formed a secret cabal and agreed to blacklist all existing bitcoins and value only FUTURE mined bitcoins, then what would REALLY happen is that someone else would step in and start mining without that policy, forming a fork in the blockchain. The entire community would wind up deciding which fork to follow. So really, what you need is a strong enough majority of the miners (and those qualified to set up as miners if they wanted to) to ensure that there is no blockchain fork. This is not all that different from my "all users of gold" example.

Gold dropped 9.4% a few days ago. That had little to do with what the majority thought instead people wanted to sell slightly more gold than people wanted to buy and the price dropped.

Ass to messing with the block chain, the real problem is a 51% attack is one that people don't know for a while, start randomly seeding bad transactions and there is no obvious point as to which where good transactions and which where bad ones. People my suggest reversing all transactions but if you traded bit-coins for stuff your now out your bit-coins and your stuff. Net result Bitcoin's probably dies.

Absolutely true. "Introduction of double-spend and other corrupt transactions because you control a significant fraction (perhaps LESS than 51%) of the mining power" is a vulnerability for bitcoin that is NOT present in other forms of value.

But "a majority of the users could redefine what is considered valuable" is a vulnerability (mentioned in the post I was replying to) of EVERY representation of value, and not a particularly interesting or realistic one.

"Cornering a market" in a commodity is a lot like a bit coin 51% attack -- it gives a lot control over the price of the commodity.

The miners or the exchanges? If you have nowhere to sell your BTC, why bother mining?

What would then prevent a small number of players with a large (near majority?) number of coins going from miner to miner requesting a "buy-in" to prevent them from being blacklisted? It seems like this sort of behavior (unless totally abhorred by the community) could very quickly poison it.

If one party controls half of any currency, the system is already broken.

if they blacklist coins, eventually, there would be no coins left because there is a fixed numbers of allowed bitcoins to exist apparently

That simply isn't true, it is a mathematical fallacy people often fall into when dealing with infinity.

To take an extreme example, imagine that ALL bitcoins have already been mined, and there are no more bitcoins to be found. Then imagine that they start blacklisting bitcoins at an incredible rate: HALF of all bitcoins in existence are blacklisted each year. Remembering that it is possible to subdivide bitcoins (and arbitrarily far, given minor changes to the protocol), in what year will there be no coins left?

Zeno's paradox is very clearly not the way things work in the real world, or we wouldn't be able to physically move anywhere.

You falsely assume there'd be a fixed rate of coins lost to theft. When there's 100k coins left, though, it's entirely possible that someone goes and steals all of them.

The ability to steal all of them would imply they were all in one place or a small number of places to be stolen, modulo true protocol hacks. That seems unlikely. As they get subdivided, they spread finer and finer on a per-coin basis. It would be no different than trying to steal the entire set of BitCoins today. If you think that can be done, go for it.

Keep in mind that the coins can be distributed in very minute amounts. So with 100k coins remaining in circulation, that could be billions of people that all hold .00005 of a bitcoin.

The real world has Planck's constant. Exponents can be increased indefinitely, and eventually re numbered, like the New Israeli Skekel = 1000 old Israeli Shekel.

i have a bad feeling about that.

The interesting thing about it is that if he sells those coins on the exchange, the value will substantially drop, so it's not $100mln in the bank. However, he could buy 100mln worth of items from vendors that use btc, and the vendors will sell off the 1mln btc but won't be able to get the price of the purchases back. That's assuming that if there was a big order of items and paid in btc that the vendor would sell immediately.

"if enough miners agreed" so there will be a committee deciding on which coins are valid? That defeats the purpose of anonymous, peer-to-peer nature of things.

Yes, all BTC transactions are approved by majority vote of miners.

Personally, I don't find 5% ownership of a currency as a justifiable "deserved" fortune to any one person. That's trillions on the scale of existing currencies. That's enough to buy a world power.

Is the idea so novel that it can't be re-booted in a manner that has better protection of anonymity and which isn't amenable to being mined for years by just a handful of people (to the point that they own a huge % of all available coins)?

The guy who owns all of the gold mines is more than happy to back gold as a currency, after all.

Total dollar M0 is about $1 trillion (as of 2009), so if Bitcoin were to match it then 5% would be a Bill Gates-level fortune.

MO seems the appropriate measure since it's the hard currency, without the multipliers of fractional reserve. M2 is around $10 trillion.

If you consider PayPal or a bank transfer as valid payment (and I suspect you do), then M0 is not an accurate representation of money supply. M2 or M3 would be more accurate, as most payments and deposits are electronic these days.

I agree but I'm thinking more in terms of what share Satoshi (or whoever) would end up with. If Bitcoin were to reach the dollar's market value, it seems to me there's a good chance that we'd still have fractional-reserve banking, so the extra $9 trillion would be made from bitcoin-denominated loans instead of being actual bitcoins. In that case Satoshi would still have $50 billion.

But maybe we'll go down a different path. Maybe an economy based on equity instead of debt, backed by colored coins. Then Satoshi becomes the richest human in history, if he hasn't diversified before then.

(Or maybe another cryptocurrency takes over and Bitcoin goes back to ten cents a coin, who knows.)

Welcome to the endemic problem of deflationary currencies! People get undue credit just for being there first.

You could say the same thing about land or real estate in big cities.

Yes you can! Consider Manhattan: young people cannot today afford the same kind of house in the city that their parents could afford doing the exact same job at the same age. Their standard of living is lower (either living in the city and living in a much smaller place, or commuting in from outside the city) than their parents, in the area of housing, simply by virtue of the fact that their parents go there first.

Imagine extrapolating the injustices of the NYC housing market to the whole economy...

* People get undue credit just for being there first*

simply by virtue of the fact that their parents go there first

Lots of parents didn't choose to go there at all. Some parents chose to buy residences in better parts of Manhattan, some in worse. Some chose better buildings, some chose worse. Some parents took out big loans betting on their future to own real estate, some preferred to spend that money on vacations.

In your mind, what investments that appreciate over time are not "undue credit"? Do you have a certain amount of gain that we can all know is fair, deserved, or not lucky?

> In your mind, what investments that appreciate over time are not "undue credit"? Do you have a certain amount of gain that we can all know is fair, deserved, or not lucky?

Investments generally appreciate over time because they create increased value. If your Apple stock goes up, it's because Apple is making more money each year. That's due credit. Investments that appreciate simply by virtue of fixed supply result in undue credit to older generations.

Apple stock is a limited commodity as well. If they split their stock 20 times, then the value would be much lower.

Your statement of "undue credit" is unfounded and arbitrary. Following your logic, all appreciating investments are "undue credit".

You're conflating two different things. Real property has intrinsic value, and being a limited commodity means that prices for it will rise by virtue of the fact that it is a limited commodity. Stock is limited as well, but because it has no intrinsic value its price doesn't increase imply by virtue of its being a limited commodity.

Forget about price for a second and look at intrinsic value. What is the underlying asset represented by ownership of property? It's the right to exclusively use some land and accompanying buildings. What is the underlying asset represented by stock? Leaving aside different kinds of stock, it's generally the right to receive a certain percentage of the profits of a company over time. Now, look at how price changes in the two assets are correlated with changes in the intrinsic value of the assets. A plot on the UES might appreciate 50% between 2000 and 2013, even though the neighborhood hasn't really changed in that time. The use and enjoyment a given person gets from that property is the same in 2000 and 2013. Now, compare to a stock. If the price of a stock appreciates 50% between 2000 and 2013, it's generally because the company has increased profits. Your enjoyment of the $150 in stock in 2013 is higher than your enjoyment of the $100 in stock in 2000 because it represents the same percentage of the right to receive a larger amount of profits.

It's the right to exclusively use some land and accompanying buildings even though the neighborhood hasn't really changed in that time

I have no idea where you get that notion. Are you suggesting that Manhattan and the surrounding area hasn't changed? It's the very changes that have driven the rise in value for living there.

it's generally the right to receive a certain percentage of the profits of a company over time

Not even close. Most equities these days don't distribute dividends.

As another responder said, you're not understanding how people value assets - whether they be property or stocks.

Value is inherently fluid but ultimately only what someone will pay for it. Your arguments for the limited nature of property vs stocks are tortured. You're working extremely hard to call gains from property value "undue". Gains from speculation are fundamentally the same whether they come from stocks, currency, property, commodities, collectors items, whatever.

You are making a bunch of unwarranted and incorrect assumptions about how owners value both real estate and stock. Both follow bubbles, and both also track underlying value.

> Their standard of living is lower than their parents

From a purely $/sqft perspective.

No. Given a fixed inflation adjusted income ($), they have less square feet, less nice neighborhoods, longer commutes, etc.

Better entertainment, more varied food, high speed internet, free knowledge at our fingertips, mobile phones, more interesting jobs...

It's all rather subjective. I would not trade my current living situation with that of my parents at my age.

I should have clarified that I was only talking about housing in big cities, not generally.

To a significang extent, the communities are also improving, as parent said.

Detroit is still cheap.

Aggregate demand is a (imperfect) proxy for value.

Well no one is making anyone use or accept bitcoin if they don't like it. It's not like you need it to pay your taxes in it or anything. That's why people advocate for competing currencies. And with the internet the idea is more feasible, with instant exchanges and price conversions.

Reboot? Anonymity (and liquidity!) seems more feasible with multiple viable cryptocurrencies coexisting.

e.g. using an exchange site (which has legitimate reason to exist), sell Bitcoins for Litecoins, then sell Litecoins for Bitcoins of different provenance.

Money laundering. National governments will not tolerate this unregulated. This might work for a little while on Tor, but not on Time Warner internet.

* justifiable "deserved" fortune to any one person*

Very disappointing to see those kind of entitlement discussions around here. Who are you to tell others what they deserve? If he/she/it founded a project that is so solid, so engaging, so successful, h/s/i absolutely deserves whatever others are willing to pay.

And deserved just as much if then majority of miners decide to void the first million bitcoins. That would be a beautiful anarchocapitalism.

Trillions? I think you're being just a little over optimistic about the future of bitcoin here.

It's the stated hope of some in the bitcoin community that bitcoin become one of the top 3 currencies in the world.

I don't think it's realistic to expect that to happen any time soon.

Nobody said anything about soon.

Some context:

This blog post is written by Sergio Demian Lerner who has found a number of minor security vulnerabilities in bitcoin's source code.

His method of associating blocks to Satoshi's identity has been disputed by several developers of bitcoin.

No "developers of bitcoin" have disputed Sergio's findings.

The 2 persons who are disputing Sergio's findings (gmaxwell and DeathAndTaxes) are the minority. I personally agree with Sergio, I understand his analysis technique, and I have read his previous supporting arguments.

gmaxwell was for example making incorrect claims, saying you would need 50+ computers to mine at ~5 Mhash/s (average hashrate throughout 2009) because CPU and code at the time was not optimized. I proved gmaxwell wrong by benchmarking an early version of Bitcoin and showing a 5-year old $200 4-core Phenom was able to do 5 Mhash/s. This validates Sergio's theory that Satoshi could have very well represented the majority of the mining hashrate with a single computer throughout 2009.


Gregory Maxwell is listed as a developer. He also has contributed a lot of code to the project.

My bad. I forgot his status. It does not change my opinion though (that his criticism is invalid).

Can you detail some of the criticism please? I understand what he's doing and it makes sense to me - and I too believe those blocks identified probably belongs to Satoshi or someone very close to them.

If Satoshi attempts to spend his coins, this might reveal his identity. Which in turn would increase a risk of kidnapping/blackmailing/torture/etc from anyone willing to get a share of his stash. Same applies to his heirs in the future. My guess is that he may have deleted all the keys to early coins traceable back to him, just to avoid temptation.

He could have mined a lot of cheap coins in 2010-2011, though, so he's probably not without a big reward.

I'm thinking of how is this any different from your standard "hey I got rich suddenly" situations (startup exit, a large contract as an athlete, etc)? Bitcoins themselves are hard to trace / anonymous, but once they are "out of the system", they will be in a regular financial institution and the situation is analogous to your regular internet millionaire.

I guess the thing is that he ows such a large fraction of the Bitcoins out there that he can't conceivable liquidate all his Bitcoins in a reasonable amount of time, thus exposing himself to a certain time period where he is known to have a large sum of Bitcoins that are by nature anonymously transferable to a kidnapper?

IMO such threats depend largely on where he lives. If he lives in highly affluent areas, then the typical security precautions and rich neighborhood surroundings used by fellow millionaires should be sufficient protection. There are plenty of "rich people" in the world who get by just fine without being kidnapped. Just wander over to your neighborhood Silicon Valley rich neighborhood, and you'll bump into plenty of 8~10 figure people.

As time goes by and Bitcoin becomes more widespread, it gets more expensive. Can you imagine a guy today with 5% of economy in wealth? Also, even if it is not economical to steal from him, there is usual level of paranoia that many crypto folks share.

> Can you imagine a guy today with 5% of economy in wealth?

Ah, how easy it is to forget history. A few examples from http://en.wikipedia.org/wiki/List_of_wealthiest_historical_f...

Cornelius Vanderbilt: 1.15% of US GDP

John D. Rockefeller: 1.53% of US GDP

Carlos Slim, 8% of Mexico's GDP.


""it's hard to spend a day in Mexico and not put money in [Slim's] pocket." You can barely make a call without doing so: Slim's phone company Telmex — snapped up on the cheap in 1990 — controls 80 percent of the landlines; its subsidiary América Móvil handles 70 percent of the cell service. "

"For Bill Gates to have the same grip on the U.S. economy, says Brian Winter in Foreign Policy, he would have to be worth "909 billion" and own "Alcoa, Phillip Morris, Sears, Best Buy, TGIFriday's, Dunkin' Donuts, Marriott, Citibank, and JetBlue.""

Wow, that is more that plenty to motivate a socialist revolution.

The units aren't comparable in the sense of wealth. He has $X million, just like Paul Graham.

> My guess is that he may have deleted all the keys to early coins traceable back to him, just to avoid temptation.

If he did that, he was, for once, very stupid. You don't want to delete the keys, since no one will believe you. ('Sure you did, pal, sure you did. You took all those careful precautions to remain completely pseudonymous and you expect me to believe that?')

What you want to do is publicly, verifiably, irreversibly destroy coins. This is perfectly doable and there are at least two ways to do it: you can send bitcoins to invalid addresses where no corresponding key can possibly exist, and you send the coins with a transaction where the scripting language will never evaluate to true and release the coins (something along the lines of 'release coins iff 1==2'). As the inventor of Bitcoin, one would expect Satoshi to know of these methods and other approaches I don't know of.

Very good point.

Transactions have a scripting language? What is that for?

Didn't he just gave an example?

"If Satoshi attempts to spend his coins"

I recommend Satoshi to spend his coins by depositing them to a Bitcoin ATM and withdrawing cash - this should be completely anonymous :) http://www.youtube.com/watch?v=fU3vht4LTZI

Edit: Or he can use one of the bitcoin "mixer" services. Or send a fraction of them to an online wallet, and withdraw (most online wallets just mix all their users' coins). Or he can create transactions moving coins around, pretending they are being spent from user to user, until he spends them one time (and the recipient sees a chain of 100 transactions between a block presumably originating from Satoshi, he would simply claim he received them through someone else). Etc.

There's no way those ATMs are stocked with enough cash for him to withdraw even a small percentage. I guess he could withdraw some every day, and probably live quite well on that income; but coming back to an ATM over and over wouldn't be so great for anonymity.

Of course. He would travel around the world, from city to city, to hit all the ATMs worldwide over his lifetime without ever running out :)

Ah! The problems of having too much money.

I would watch this movie.

Wouldn't there be a high chance to be caught on camera?

Or you know, more likely - completely tank the market since the current price is incredibly unstable, but still represents an assumption that no one individual has a large stash of coins that might become liquid suddenly.

He probably created a new wallet each time he restarted the miner. If he found a large enough investor (e.g. the Winklevoss brothers), he could just transfer a number of his wallet files to the investor. The investor could do a transaction himself to transfer the coins into a wallet he is sure to own, and Satoshi's real identity would never be involved in any transaction.

How would the investor pay him?

With Google Checkout.

Wait, you write "If Satoshi attempts to spend his coins, this might reveal his identity", but, would that now contradict the claim of anonymity in bitcoin transaction?

There is no anonymity in Bitcoin. There are ways to go about this, such as selling BTC for LTC and then back to BTC, and there's been a suggested modification to Bitcoin called zerocoin that would make it anonymous, but by itself, Bitcoin is not anonymous.

I think US paper currency, aka the Dollar, provides for anonymity. If one pays with paper bills and coins rather than by electronic means, anonymity can be fairly effected.

It can, if you are careful. I would expect Satoshi to know how to do it.

Could he sell (I'm ignorant of BTC details) to John Doe like I could sell a chunk of Citibank stock to someone? Presumably some known and trustworthy investor says he's looking to buy $xx Million worth BTC and Satoshi responds.

Then he's just another rich person, holding cash, not BTC coins that can be taken after a serious beat down.

The 419 scams can begin!!!



Good Day!

My name is Sir Akadayo Olemobado, I am the manager of bills and exchange at the foriegn remittance department of the (Mt.Gox Exchange ). I am writting you this letter to ask for your support and co-operation to carry out this transaction. We discovered some abandoned sum $15,500,000(FIFTEEN MILLION, FIVE HUNDRED THOUSAND BTC ) in an account that belongs to one of our foriegn customer who died along-side his entire family in march this year in a terrorist train bomb blast in Spain some few months ago.Since this development,we have advertised for his next of kin or any close relation to come forward to claim this money,but nobody came yet to apply for the claim.

To this effect,i and other official in my department have decided to look for a trusted foriegn partner who can stand in as the next of kin of the deceased as we cannot do it only ourselves and claim this money.We need a foreign partner to apply for the claim on our behalf because of the fact that the customer was a foreign and we don't want this money to go into the treasury as unclaimed fund.

Every document to effect this process will emanate from my table and i will perfect every document to be in accordance with the banking law and guideline,so you have nothing to worry about and we have agreed that 30% of this money will be for you,while 10%will be for any expenses incured on both sides wihile 60% will be for my colleagues and me. If you are willing to help us,please indicate by replying this letter and putting in your name, private telephone number,fax and permanent residential address via my private email address below.I awaits your immediate response to enable us start this transaction as soon as i recieved your reply,i will send you a text application form for immediate APPLICATIION OF CLAIM.

Please contact me even if you are not intrested in my proposal to you to enable us scout for another partner in the event of non-interest on your part. Thanks for your co-operation

E-MAIL :Akadayo_Olemobado@netscape.net Mr Akadayo Olemobado

Lucky me! Someone just contacted me via email to offer just that.

Yes or probably thousands of other transactions for some or all of the value of these wallet(s), but the real question is there a secure way to get most/all of the value out without revealing enough information to leak his/her/their identity?

What if he transfers them at a huge loss, say 30%-50% cheaper with attached conditions? Or use LLCs and offshore corps? If there's a will and lots of money involved, there's a way

Now that someone's identified these coins people will watch them very closely. It's gonna be very difficult for Satoshi to ever get their millions out of the system.

Exactly. Anyone who gets a payment from Satoshi with any identifying info (including "meet at midnight on a bridge"), would be tempted to sell it to gangsters for at least $10M.

I will happily sell ídentifying info about a few dozen people with a lot more net worth than satoshi....


Many comments here discuss how easy it is to discover Satoshi if he moved any money out of these known accounts. Please point out the flaw in the following strategy:

Satoshi (the man, the woman, the government, the organization, etc) programmatically creates many wallets at random intervals over an extended period of time (months, years). Money is moved into and out of these accounts to make them appear to be 'consumers'.

Bitcoins are then moved from Satoshi's wallets into these accounts as well as some percentage "burned" by sending bitcoins to random addresses not belonging to him. The larger the burn rate, the higher the chances he won't be discovered.

(Essentially, this ends up being a self-implemented version of Bitlaundry that sends the service fee to random members of the Bitcoin community).

If Satoshi only mixes his own BTC then taint tracking will easily reveal it. He'd have to mix his BTC in with (a lot of) other people's.

This is clearly illuminating the Ponzi-like elements of Bitcoin. As in a Ponzi scheme, early arrivals to the system earn easy money, funded by later arrivals. Tales of bitcoin fortunes draw more and more entry to the system, leading to large payoffs for second stage arrivals, attracting more speculators due to the media attention and very real money that has been made by early players. This continues until, oh, wait, bitcoins aren't so easy to mine anymore and there's no new wave of incoming money to pay of the next generation of miners.

The hilarious thing is that Bitcoin is quite transparent about exactly how it works, while a real Ponzi scheme goes to great lengths to hide this dynamic. Anyone can see this dynamic in the rising price and the increasing CPU time needed to mine a new coin. And yet, brilliant, savvy investors like the Winklevosses are somehow still getting involved...

By that logic, any emerging industry has this Ponzi-like characteristics. Early players will always have a large share, almost by definition.

A more defining characteristic of a Ponzi scheme is that the early player's dividends are actually paid from the principal of late-comers. Which only works until you have a steady stream of new investors. As far as I understand Bitcoin, this is not the case there. It just gets harder and harder to "mine" new coins.

The Well Deserved Fortune of the Federal Reserve

Seriously, as the world's currency and failures of other countries to issue a reserve currency, one of the dollar's biggest threats would be a crypto-currency. Either the project succeeds and you have an enormous source of potentially hidden money in the currency to maybe overtake the dollar, or it fails and you make sure it fails with such repercussions that no other crypto-currency can be easily introduced again, either due to new laws or loss of confidence.

Additionally if they have the ability to crack SHA256 (designed by the NSA), the government could print the money. And they could probably have planned a way to sabotage bitcoins if they decided to back out before a certain point.

The financial crisis may have helped sway the final decision to execute the plan:

August 7, 2007: BNP Paribas terminated withdrawals from three hedge funds citing "a complete evaporation of liquidity".

September 6, 2008: Fannie Mae and Freddie Mac placed in conservatorship by the U.S. government.

September 15, 2008: Lehman Brothers filed for Chapter 11 bankruptcy protection.

November 1, 2008: Satoshi Nakamoto publishes first bitcoin paper.

Sources of dates:

https://en.wikipedia.org/wiki/2007%E2%80%932012_global_finan.... https://en.wikipedia.org/wiki/Subprime_mortgage_crisis http://en.wikipedia.org/wiki/Federal_takeover_of_Fannie_Mae_.... http://www.wired.com/magazine/2011/11/mf_bitcoin/all/

Yes, a ridiculous conspiracy theory is the most likely explainaition.

Its often supposed that Bitcoin arose as a reaction to the financial crisis, but that reaction is just as likely to have come from someone who was fed up with the government, as is it to come from the government. So your list of dates doesn't really count either way.

I see two main possibilities: (1) the paper was prepared anytime in advance and withheld until the dollar/US/world faced serious risk. (2) The BTC paper was started in the early stages of the crisis or later.

Both possibilities could suggest the BTC creators had an interest in the success of the dollar. The alternative would be that it was opportunism of BTC creators who were always against the dollar or turned on it in the crisis. I happen to think that if you were always against the dollar you would just release bitcoin immediately and hope for the most disruption. I'd think that someone supportive of the dollar would be more apt to release it strategically as a contingency.

In my mind that means that dollar supporters are the better chance of being behind bitcoin because they could have made it any time in the past or as the crisis progressed, whereas dollar opponents only had the time of the crisis to make it.

Assuming that, I think then the US has an above-average chance of being the authors of bitcoin.

Breaking SHA256 does not allow any party to "print bitcoin". It lets them be more successful at mining it, but the same amount per block will be generated, and the difficulty still adjusts to 1 block every 10 minutes.

All they'd be doing is screwing miners out of profits.

Depending on how much you can exploit SHA256 you could take all chance out of getting the longest block and earn the new coins or fees as often as you want. I don't know the specifics of the moving average of difficulty but you might be able to game it by backing off and letting the difficulty reset before finding the right hashes quickly again.

If you're already starting at 5% of the coins, and you're steadily gaining more, and the currency is tending to deflate, that sounds pretty close to printing money. Sure you're constrained but so is the Fed today in its abilities to print money effectively. Additionally, having so many BTCs pretty much ensures you can find a way to continue bettering your financial situation, generating interest or something more creative.

Bitcoin would break with a compromised SHA256. If pre-image attacks on SHA256 become possible, one can replace transactions in the block chain with ones own transactions. A SHA256 hash identifies each transaction, and if you can produce a transaction with the same hash, but one that pays to you instead, you can replace transactions in the block chain with ones that pay to you.

The difficulty reaches a maximum when the target hash is 0. If SHA256 is broken so badly that you can calculate a set of inputs to produce a particular output (0 in this case) then bitcoin can't make it any harder. You could mine a block as quickly as you could calculate valid inputs.

I made a comment on similar lines on my theory of the origin of bitcoin:


Sorry if this is a obvious question but I haven't read much about Bitcoin actually. This Satoshi Nakomoto, is he/them a company, person, community or even a government?

Thats the million dollar question.

Satoshi invented Bitcoin and worked on it for 3 years. Sometime in 2010, just as Bitcoin was gaining traction, he* withdrew from the project and no one has been heard from him since.

There have been many attempts to discover the real identity of this person/group/company/government but to no avail.

I believe the focus of this new analysis technique, whilst interesting in its own right, was done for the primary purpose of trying to identify Satoshi. The analysis technique purports to show that certain bitcoins were generated by the same person/computer. This information may assist the tracing of historical bitcoin transactions to their original sources. At the top of the tree is the 'genesis' block - the source of the very first bitcoins. Its reasonable to think that Satoshi mined this block considering he invented the system.

There is a thread in the Bitcoin forums[1] discussing whether the initial blocks (up to around 50) were mined by an individual or a group. There is heated debate about what, if any, facts can be concluded by analysing the early blockchain events to discover how many (and what type) of CPUs were involved in this early stage.

Satoshi appears to have political motivations (he references distain for bailouts and fiat currency): https://en.bitcoin.it/wiki/Satoshi_Nakamoto

The Bitcoin story would make a good movie script.


[1] https://bitcointalk.org/index.php?topic=175996.msg1843782#ms...

Do we have enough writing from Satoshi to try to correlate language/linguistic patterns against known actors in the field of cryptography?

Yes; we have a number of emails from the p2presearch ML, the cryptography ML, the Bitcoin ML, his Bitcoin forum posts, his whitepaper, and source code revisions & comments. This amounts to easily 80k of text, which should be more than enough to run stylometric techniques on him.

The real trouble would actually be getting enough text from all the 'known actors' you might want to compare him against (for example, one Redditor thinks Satoshi is Mike Reiter, but almost all of Reiter's papers are co-authored and he doesn't seem to have any other online presence, so what would you use as your Reiter corpus?).

Regardless of the comparison with other actors, is it possible to run an analysis over Satoshi's corpus to determine if its internally consistent or likely written by multiple individuals?

I haven't actually seen any mentions of stylometric techniques or analyses which look into that question, although I'm sure it's been done. (The only example I can think of, the Federalist papers, was known to have been done by two people with large pre-existing corpuses to go on, and so the question was simply assigning responsibility.)

I actually have read a paper once on stylometric authorship attribution, part of which was oriented at detecting whether it was a single or multiple authors. I think "authorship attribution" were keywords in the title, but that's all I remember. So I don't have anything more to go on :)

I'm not sure if a professional forensic study has been done but check out the bitcoin wiki page linked in my post. It contains links to his crypto mailing List posts and a couple of journalists who have tried tracking him down.

The original bitcoin pdf suggests a British education but some of his other writing uses American spelling. And he probably isn't Japanese. The plot thickens.

Thanks for summing up the story till now so succinctly.

What an incredible story. Money, technology, mystery, criminals. this would make a great book.

Satoshi's story is just the tip of the iceberg. In the last few years there have been many fascinating technical developments (CPU->GPU->FPGA->ASIC mining), grand heists, price manipulation schemes and even some unexplained events.*

I think the future analysis of the blockchain (all Bitcoin transactions are public record) will be a ripe area for economic research. Aside from the technical stuff, watching the growth and mistakes of the economic system is fascinating - like seeing 2000 years of banking/currency evolution packed into a few years. There is also the question of intrinsic worth and how to value a bitcoin - most online debates descend into chaos but the theoretical basis for projecting valuation is a real mind bender. There is no precedent.

I'm personally interested in what, if any, nation state involvment there has been with Bitcoin. Regardless of Bitcoin thriving or dying, the system has unequivocally demonstrated that cryptographic systems relying on decentralised trust can work. The theoretical underpinnings of Bitcoin solve the Byzantine's Generals' Problem. And it doesnt just apply to money, it can apply to anything. There is already a decentralised DNS (NameCoin) based on the same protocol.

I would have thought this type of system would be of keen interest to many nation states, as it could potentially undermine their own authority or be used as a weapon against other nation states.

So yeah, a book would be interesting :) I strongly believe the decentralisation technology underpinning Bitcoin will be a notable part of history.

*In 2011 a 'msytery miner' nearly doubled the total network's computing power for a short period only to disappear within a couple of days. The theories are this miner was a clever botnet utilising host GPUs,a supercomputer, or someone testing very early stage ASIC hardware, despite none of the known ASIC producers having working hardware at that point in time. http://bitcoin.atspace.com/mysteryminer.html

BTC doesn't solve Byzantine Generals, as it is trivially hackable by the 51% attack.

I strongly disagree.

Currently the bitcoin network is running around 70,000 Ghash/second. Are you aware of what kind of resources are required to perform this 'trivial' hack? If it was so trivial, why hasnt the 51% attack happened already? Its a $1B system - clearly the prize is worth the effort.

The beauty of Bitcoin is that if you somehow had access to such computing power to perform the attack, you'd probably be better off just being an honest node. You'd make a shiteload of legit money without all the hassle associated with splitting the block chain.

So yes, I'll stick with the argument that Bitcoin does solve the Byzantine Generals problem.

Theoretically speaking, even if the 51% attack did occur, it just reinforces that Bitcoin does solve the Byzantine Generals problem! If 51% of generals act in a certain manner in a decentralised network - you want this to be the truth! The decentralised network is correctly picking the majority vote!

So can you explain your reasoning? It seems by every criteria, Bitcoin meets the requirements of the BG problem.

From Wikipedia:

Fast Company's investigation brought up circumstantial evidence that indicated a link between an encryption patent application filed by Neal King, Vladimir Oksman and Charles Bry on 15 August 2008, and the bitcoin.org domain name which was registered 72 hours later. The patent application (#20100042841) contained networking and encryption technologies similar to bitcoin's. After textual analysis, the phrase "...computationally impractical to reverse" was found in both the patent application and bitcoin's whitepaper. All three inventors explicitly denied being Satoshi Nakamoto.


PG himself posted a question on the origin of bitcoin. You can view the responses in the comments:


No person actually named Satoshi Nakomoto, apparently, exists. Beyond that, nobody knows.

Who Is Satoshi Nakamoto?

Who Is John Galt?

Considering the pseudonymous nature of Bitcoin, the people it attracts and who most likely funded the creation of it, this inevitable question and its alluding nature is a laugh riot.

If this one person/entity really owns 63% of the market and their currently hoarding it, I imagine that anything they do with their coins could have a huge impact. It might be worth ~100M USD but if they tried to cash out it would likely collapse the market. Even if they start circulating those coins, if not done properly could cause huge inflation.

You misread, it's not 63% of the market. Its about 10% of the market - 1148800 BTC

I was looking at this part: >Note that from the 1814400 BTC awarded, 1148800 BTC has never been spent (63%). I suppose (but have not checked it yet) that these are exactly the segments that belong to the mystery entity

So I guess I'm confused the market bigger than the 1,814,400 that have been awarded somehow? I'm not that familiar with bitcoins so that's very possible, but the author seems to imply that Nakamoto has 63%.

The chart stops at 2010, many more bitcoins have been mined since.

Ah that makes sense, thanks. In that case I wonder how many more BTC Nakamoto may have mined since then.

Since everyone's saying Satoshi can't spend any of these bitcoins without revealing him/her/itself, my question is why can't Satoshi convert the bitcoin to USD in a numbered swiss bank account? Is there no way to make a sale like that today? And if not, then what's stopping there from being a way to do that in the next few years?

How would you convert bitcoin to USD? You need a buyer. If you go through an exchange, you have to prove your identity to the exchange. If you go through an individual, there's a risk of not receiving your money if you make the transaction online, and if you do it in person, you risk your identity again.

There's no guarantee for either party that the transaction will be completed successfully. Either party can take the money and run. So you risk your money or your identity either way.

You can do things like deposit a physical incarnation of the stuff somewhere, or several locations, locked in a series of locks, and exchange geo coordinates and keys in a series of trades

Is there no way to make a sale like that today?


There are not enough people who want to buy bitcoins. If those 1M bitcoin were put on the market, the price would plummet.

Well you don't have to sell them all at once. Just slowly sell them in small chunks. The interesting point is that it seems Satoshi hasn't sold _any_ of them.

Allowing him to buy more of them for a very cheap price.

Err... Suppose that works. Take it to the logical conclusion: Satoshi drives out every buyer and buys up all outstanding bitcoins. Now what? Bitcoin has become worthless. What does he do with 10m worthless bitcoins to cash out? This is the classic question in attempts to corner a market: how do you bury the body?

When you hold as many bitcoins as does Satoshi, you will profit far more from not selling and trying to help out the entire Bitcoin economy and make it grow.

I'm thinking it is more of a DeBeers situation. Keep tight control over the supply.

BitCoin already has a hard limit hard-coded into the design. You don't need to hoard 5→10% to achieve scarcity.

That requires convincing people they want BTC. And BTC users are male, whereas diamond consumers are women, so differing marketing strategies are needed...

Why wouldn't he just reveal his identity, and become a minor internet celebrity (as well as rich)? It's not as if he's in any real danger.


Bear in mind that these court cases were taking place as the Bitcoin protocol and client were likely being developed (2007 and 2008).

How is that vaguely superficially similar fraud relevant?

I highlighted the conclusion of Lerner's analysis here https://tldr.io/tldrs/516f951cc8cb5249260002c5/the-well-dese.... This looks pretty convincing even tough one might think that Satoshi would own multiple wallets.

Satoshi is a smart. I would assume that if he/they wanted to remain anonymous and still get some money out of bitcoin later on then he/they are probably mining to multiple wallets.

Not sure what the motive is to continuously mine with the wallet linked to block 0, but assuming there are multiple Satoshi wallets in the picture it may be to divert attention away from the wallet he/they are actually spending money with.

Satoshi Nakamoto is a pseudonym of Keyser Söze.

I believe its not difficult to find Satoshi Nakamoto. However admitting that you found this person/entity would likely put you in danger. So there is no motivation for the people who might know to speak up.

I believe that most large governments do know the identity.

Why would finding him put you in danger?

Because anyone motivated sufficiently to find him now knows that you know who/where he is, and can likely be coerced in unsavory ways to divulge that information.

Wouldn't Satoshi have spent at least some Bitcoins? Testing the system, or encouraging early economic activity?

Although maybe this entity represents just one of the mining machines controlled by Satoshi.

The first transaction was to Hal Finney, as a test. But if he tries to buy something pointing to his physical address, it would help a lot revealing his identity. Even buying drugs on Silk Road, since they are delivered by mail to your door.

Satoshi seems to have been offering bitcoins to play with to a lot of people early on; a hacker of my acquaintance mentioned sending Satoshi 'hate mail' (he was annoyed by Satoshi contributing to the babel of half-baked P2P networks at the time) and Satoshi replied with some links explaining Bitcoin and an offer of some coins to try out. So false alarms are perfectly possible in tracking early bitcoins' movements.

Let's assume Satoshi (the entity) is insanely patient, decides to wait until say 2015, by then BTC is trading around $1000/BTC (theoretical). He is then sitting on BILLIONS of dollars in value. If he feels the market can bear it, he starts liquidating and reveals himself. Assuming the market doesn't collapse and he isn't kidnapped, he would quickly become one of the wealthiest people on the planet (top 20).

Is there enough liquidity (I'm not even sure if this is the right word) in the standard exchanges to move $100M USD of BTC?

Sort of.

Selling 1,000,000 coins on MtGox right now would take the price down to $0.10, with an average price of $19.64, so you'd net $19 million.

Of course, what would really happen is that everyone would see it happening and cancel their bids before the wave reached them, so you'd likely not be able to actually sell them all at once.

Leaking them out a few thousand a day, though, would be completely possible. And if done correctly need not move the market at all.

I disagree that 1M coins could not be sold very quickly on MtGox. Yes, the price would go way down, but there are plenty of interested buyers who would be happy to "cash Satoshi out" to take some profits; he would certainly get serveral millions of dollars for his coins.

The bigger problem is that selling on MtGox requires identifying himself to create an account (not to mention the current $1,000 per day withdrawal limit for USD).

What's stopping someone with a really fast computer from corner the bitcoin market? I'm probably being naive here as I don't know the details of bitcoin, just that it's a digital currency that can only be mined to come into being. Anyways, a good explanation from the HN community would be really helpful. thnx.

(Opportunity) cost. Right now bitcoin mining is starting to require custom ASICs/FPGAs to be worthwhile (although the increasing price offsets that, obviously), because mining bitcoins becomes harder the more bitcoins there are found, so the costs of hardware and electricity start to get very large.

If you had a supercomputer with tens of thousands of CPUs it's probably being put to more scientific use than trying to corner the bitcoin market, which is basically still a gamble at this stage.

good answer and thank you. I was thinking of it more as an accepted currency. Because if it's seen as being such, then it would be worth it to mine as much as possible. And what happens when they run out? It's pretty confusing to me...

I dont think Satoshi owns a single bitcoin. Never did he write anywhere that Bitcoins should be hoarded as a shady get rich scheme and all his writings clearly are for Bitcoin to be used for pseudo anon payments.

He also gave thousands of them away to Hal and other people on the cryptography mailing list.

Is there any particular reason Satoshi Nakamoto would want their identity hidden, other than personal preference? If I had $100M USD then I probably would care a lot less about who knew it.

Perhaps the person (or persons) is concerned that bitcoin will become even more successful and will threaten powerful institutions like major world governments. I wouldn't want to be Julian Assange right now, and that is a perfectly sensible reason for the inventor of bitcoin to wish to remain anonymous.

A different reason might be a fear that if a single inventor were known that bitcoin would become vulnerable to "change it this way because the founder says so" attacks, weakening the decentralized, P2P nature of the currency. (This is a less plausible reason, but still valid.)

it's to avoid bias in the system

Really? I'm not too bothered about my identity right now, as just another face in the crowd. If I had $100M, I'd care a lot more about who knew it.

Someone should verify the 'large entity' discovered by Shamir is distinct: http://eprint.iacr.org/2012/584

Maybe Satoshi Nakamoto died before bitcoins got popular ...


L Ron Hubbard

When it comes to Bitcoin and Satoshi Nakamoto, the first character comes to my mind: Kira from 'Death Note'

Someone wanted to get rich so they invented their own money and suckered a bunch of people into a "cult" with a bunch of hippie ideas.

Nothing new here. Do you know how many cults have done this throughout history?

What Satoshi did is easy, right? You could do it tomorrow, it's just that you're too ethical, right?

Not everybody wants to be L Ron Hubbard? Granted, I don't think BTC is as much of a "cult" as that poster is stating, but I don't think your counterargument is very convincing. Critics of the social aspects of technology (let's use Google Glasses as another example, only slightly less polarizing than BTC) aren't hating on technology, just implementation and the less technical predictions/assumptions/evangelism surrounding the technology.

except this hippie idea is based on sound mathematical proofs and concepts, and not some flying spaghetti monster god.

The technical operation is not the ideology behind Bitcoin, and it certainly isn't the whole of how Bitcoin is used.

There's plenty of utopian fantasy surrounding it and a fascinating social dynamic that has absolutely nothing to do with "sound mathematical proofs and concepts" but more intangible qualities assigned to it by its proponents.

"this hippie idea is based on sound mathematical proofs and concepts"

What proofs? There is not even a formal security definition for Bitcoin.

Why is everyone here completely forgetting about the recent Zerocoin development? It's a system that could one day piggyback on the Bitcoin blockchain, and it pretty effectively wipes BTC of any prints that might be on them through a system not unlike an anonymous exchange (based heavily on zero knowledge proof of work concepts). Once Zerocoin becomes a "thing" in the BTC community, the Satoshis can spend as many of their coins as they want with zero fear of being tracked down through transactions.

I found this on bitcointalk re: zerocoin:

"Zerocoin would give you this incredible privacy guarantee, then we could add on some features which let the police, for instance, to be able to track money laundering. A back door."

From http://www.newscientist.com/blogs/onepercent/2013/03/bitcoin...

Zerocoin is interesting, definitely, but it turns out there are a lot of problems with it. I started a thread on bitcointalk.org about it, and a lot of developers chimed in with their opinion on it: https://bitcointalk.org/index.php?topic=175156.0;all

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact