satoshin@gmx.com is compromised

[freedombit]

Can we have a quick update:

Was the hacker caught? If so, who was it?

Are all of the accounts secure again, or does the hacker still have control?

[betterchoice]

does the hacker still have control？    of course not.

[iron man]

Today I received an email from satoshin@gmx.com (Satoshi's old email address), the contents of which make me almost certain that the email account is compromised. The email was not spoofed in any way. It seems very likely that either Satoshi's email account in particular or gmx.com in general was compromised, and the email account is now under the control of someone else. Perhaps satoshin@gmx.com expired and then someone else registered it.

Don't trust any email sent from satoshin@gmx.com unless it is signed by Satoshi. (Everyone should have done this even without my warning, of course.)

I wonder when the email was compromised, and whether it could have been used to make the post on p2pfoundation.ning.com. (Edit: I was referring here to the Dorian Nakamoto post. After I posted this, there was another p2pfoundation.ning.com post.)

wow, that's weird.may be this email haven't been used for a long time, so the system recognized it as non-use.

[Remember remember the 5th of November]

Today I received an email from satoshin@gmx.com (Satoshi's old email address), the contents of which make me almost certain that the email account is compromised. The email was not spoofed in any way. It seems very likely that either Satoshi's email account in particular or gmx.com in general was compromised, and the email account is now under the control of someone else. Perhaps satoshin@gmx.com expired and then someone else registered it.

Don't trust any email sent from satoshin@gmx.com unless it is signed by Satoshi. (Everyone should have done this even without my warning, of course.)

I wonder when the email was compromised, and whether it could have been used to make the post on p2pfoundation.ning.com. (Edit: I was referring here to the Dorian Nakamoto post. After I posted this, there was another p2pfoundation.ning.com post.)

wow, that's weird.may be this email haven't been used for a long time, so the system recognized it as non-use.

Did you even try to read the thread?

[AGD]

Administrators and mods, etc... please pm me ip addresses.   I've also had some extortion attempts on ninjatech and I have collected quite a bit of evidence.   I also have real names, ip address and physical address to go look for.  A background about myself I have network and security experience and I've been tracking down internet criminals for 14+ years.  I am also working on CHFI, CEH, MSIA  ...I will volunteer my time for free.

and

http://pastebin.de/125559

the alleged hacker is a high school kid.

The problem with black hat people is they are usually misguided script kiddies who lack discipline.

Lastly, they are usually loudmouths who boast about committing crimes

http://bitcoinbountyhunter.com/satoshi.html

Dos this mean, that the guy who was doxxed is NOT the hacker that hacked Ver and Satoshi?

[Cryddit]

FWIW, I used to have five different email addys for Satoshi. 

As of today, every last one of them except the one referred to in the OP of this thread is bouncing.  And as others have already noted, nothing coming from that one appears to have a signature that would indicate that the user behind it is the same user who used to be Satoshi.

It appears that Satoshi is no longer keeping ANY of his old addresses. 

[Cryddit]

Okay, I have something useful which will not further degrade whatever privacy Satoshi still has.

I have prepared by putting each of my known addresses for Satoshi into a file by itself.  Each file has the email address and a single newline character followed by end of file.

Here is a paste from my command line.

$ sha512sum addy
2e8099af77cb42acd4263883ee95753013197dfec0af49ddfe7f2f57eb518f834bccbec19bea1a4 ff3dfaa359c1d4cf788e5a21dfd7243f163eaa846c43356a2

$ sha512sum addy2
f198ad5999ece1373f2d3a23791b9276f882d3151ad9fc46b5bde316cc91980c78300907854c3d0 93fd8367e8308cf3256e318ca226e4e87b282260c82414448  addy2

$ sha512sum addy3
4cd4bdb33ec840e218725233d1818ed16c078599e07b18c002a82ed65ef9398733d6275e6b56249 9508e6b40e7382589e8e946432d76be06a2242eb1f8c5b97c  addy3

$ sha512sum addy4
caaf36ea511e3766fe5f9fd4602bee109d2f60615e2aa89634c0fa1209ccb13b0c729c7796eb29d 91321eca9691ba4176c7d254ee50be6f1d84c9a2926c87399  addy4

$ sha512sum addy5
abf31b3179bcc6ef9827bc01c422a330927e9078fcf212b2db378dee94ace5c81113c8388cd4d0b 3f9968098b2787961d582b3953eaea35b5ff85460ce3f308c addy5


These hashes are for email accounts that used to be Satoshi's, but now are definitely NOT SATOSHI ANYMORE.  If you recieve any email that purports to be from Satoshi, but the address matches one of these hashes, it is DEFINITELY NOT SATOSHI. 

[franky1]

DO YOUR RESEARCH GUYS

even theymos had the right instincts right at the start, shame too many people make assumptions rather then researching facts

It seems very likely that either Satoshi's email account in particular or gmx.com in general was compromised, and the email account is now under the control of someone else. Perhaps satoshin@gmx.com expired and then someone else registered it.

satoshi had sole access of the gmx account from 2009 to 2014. but due to inactivity he did not log in to agree to the new terms of service, thus upto march 2014 his account was intact and under his control.

the new terms of service for 2014 of GMX is that after 6 months of inactivity the dormant account can be deleted, where messaged will be archived. allowing for other people to then register the name. simply put. if the bitcoin creator never logged in, to then access the forum to say "i am not dorian". he would still be bound by the old terms of service which would mean that the account wont have been deleted. to then get easily activated 6 months later.

also even when the account has been deleted, the messages have been archived and GMX admits that if someone else reactivates the account they can get the old archived emails back.

now DO YOUR RESEARCH. i wont spoon feed you the proof as you will shout that i produced it. so go find it yourselves as its one google search away and researched by a reputable media outlet. i will give you 1 hint google 'Thomas Plünnecke satoshi'.. then go forth and from that, dig deeper and get second third and forth opinions from other sources.

happy hunting

[OmegaStarScream]

The hacker or whatever still have control on his email ?   

[franky1]

The hacker or whatever still have control on his email ?   

nope, u just get a auto response now saying email not recognised. and gmx confirms the email address has be deactivated. give it 6 months and someone else will reactivate it

[X7]

Satoshi does what he wants (Cartmans voice)

[jwcastle]

Could be the real Satoshi anonymizing himself even more attempting to make people believe that the current Satoshi isn't him.

I can't think of any plausible reason for a hacker to take over Satoshi's email and not do any kind of damage. The writing style and jokes are at a juvenile level. This is not typical of a hacker who could have done a lot of damage or gained massive amounts of money.

[jwcastle]

Also possible that SN has been killed years ago and his email account was compromised since then. Years later they tried to hide their tracks by acting like SN was still alive at that time, when they posted "I am not Dorian Nakamoto". They didn't extract the PGP key from SN, so they weren't able to sign the message as a proof, but at least it looks kinda legit using his p2pf account to post this.
 
6 month later they make up a story about an idiot hacker who is trying to make money with the identity of SN, because he somehow hacked satoshin@gmx.com and even was able to send emails to long time members of bitcointalk.org and others as a proof that Nakamotos email account has indeed been compromised. Hacker makes a screenshot of the incoming folder of SN email account and states that "Satoshi Nakamoto is still alive and his identity is going to be revealed after the payment of 25 BTC"
He fails to get the big money (only 1.5 BTC) and even was doxxed by greaterninja another bitcoitalk.org hero member.
Hacker then vanishes. with his knowledge of who is SN and his gmx account gets finally closed.

This makes a good movie...

I like it!
Or the Cuckoo's Egg from many years ago:  http://books.google.com/books/about/CUCKOO_S_EGG.html?id=0q1_5QkqV8EC

[franky1]

Could be the real Satoshi anonymizing himself even more attempting to make people believe that the current Satoshi isn't him.

I can't think of any plausible reason for a hacker to take over Satoshi's email and not do any kind of damage. The writing style and jokes are at a juvenile level. This is not typical of a hacker who could have done a lot of damage or gained massive amounts of money.

the email account was not hacked by smart code knowledge. even a script kiddy could have got into satoshi's email. it was all about timing, not code skills

[awesome31312]

Okay since the game is up. I will announce I am Satoshi. Please send me coin, after I get 1000 BTC, I will tell you my story in full.

thanks.

18FfoR7NnsVkSR6scPnsJ1EJJoNYYnjE8

If you're really satoshi how come you have 0 BTC

[KingOfTrolls]

DO YOUR RESEARCH GUYS

even theymos had the right instincts right at the start, shame too many people make assumptions rather then researching facts

It seems very likely that either Satoshi's email account in particular or gmx.com in general was compromised, and the email account is now under the control of someone else. Perhaps satoshin@gmx.com expired and then someone else registered it.

satoshi had sole access of the gmx account from 2009 to 2014. but due to inactivity he did not log in to agree to the new terms of service, thus upto march 2014 his account was intact and under his control.

the new terms of service for 2014 of GMX is that after 6 months of inactivity the dormant account can be deleted, where messaged will be archived. allowing for other people to then register the name. simply put. if the bitcoin creator never logged in, to then access the forum to say "i am not dorian". he would still be bound by the old terms of service which would mean that the account wont have been deleted. to then get easily activated 6 months later.

also even when the account has been deleted, the messages have been archived and GMX admits that if someone else reactivates the account they can get the old archived emails back.

now DO YOUR RESEARCH. i wont spoon feed you the proof as you will shout that i produced it. so go find it yourselves as its one google search away and researched by a reputable media outlet. i will give you 1 hint google 'Thomas Plünnecke satoshi'.. then go forth and from that, dig deeper and get second third and forth opinions from other sources.

happy hunting

You seem to suppose that Satoshi logged in to the GMX account in March.

However, why would Satoshi need to log in to GMX if all they want to do is to post a message at P2P foundation??
They could've logged in to P2P foundation directly. It just doesn't add up.



This rather points to the "two hackers story":

At some time in 2012 or 2013, a hacker bruteforced the GMX account's password reset question (birthday), claimed the GMX account, and then silently kept it, as a valueable asset.
The hacker thought that this asset will rise in value over time, and thus didn't blunder it away too early.

In March 2014, the hacker sees a unique opportunity to estimate the asset's value, i.e. how much credibility a message would have, without raising any suspicion. In the process he logs in to the GMX account as this is needed for P2P foundation's password reset. He unintentionally triggers the 6-months-expiry count-down thereby.
The hacker feels satisfied that so many people believe the message to be legit, and continues to keep onto his assets (GMX & P2P foundation accounts), expecting them to rise in value.

6 months later there comes the second "hacker", who is actually just a stupid kid re-registering the account after expiry, and requesting restoration of "his" old mails from the support staff.
The second "hacker" (the stupid kid) then blunders away his opportunity to make a shitload of money (via shorting and creating panic) by coming up with his cheap "I'll dox Satoshi" story.



I know that this story sounds rather complicated, but it matches all known facts, and seems plausible (at least to me).

[kingscrown]

since this topic is great and Billbags allowed me i made a mashup and posted this to my blog with loads of followers, lets see if somebody drops more light on this research
http://fuk.io/who-is-satoshi-nakamoto-the-truth/

heres reddits to vote up if you want this spread:
http://www.reddit.com/r/Bitcoin/comments/2h385g/personal_research_on_satoshi_nakamoto/
http://www.reddit.com/r/BitcoinMarkets/comments/2h386u/personal_research_on_satoshi_nakamoto/
http://www.reddit.com/r/CryptoCurrency/comments/2h388u/personal_research_on_satoshi_nakamoto/

[KingOfTrolls]

since this topic is great ...

That's a boring topic. I don't care about Satoshi's real-life identity at all. Nor their other identities.
Satoshi is the name they chose for themselves, and we know they exist. That's enough for me.

Also, if Satoshi ever wanted their real-life identity to be revealed, then they would just reveal it themselves.
But since they don't reveal their real-life identity, we should assume they want us to respect their privacy.



What actually is a topic of interest to me is Satoshi's last message to the public. Due to the recent hacks (let's get back on-topic here) this is more mysterious than ever.

So, my question again, do you think the "Not Dorian" message is legit?
I think it is not. But I could be convinced of the opposite if there's reasonable evidence.

[AGD]

since this topic is great ...

That's a boring topic. I don't care about Satoshi's real-life identity at all. Nor their other identities.
Satoshi is the name they chose for themselves, and we know they exist. That's enough for me.

Also, if Satoshi ever wanted their real-life identity to be revealed, then they would just reveal it themselves.
But since they don't reveal their real-life identity, we should assume they want us to respect their privacy.



What actually is a topic of interest to me is Satoshi's last message to the public. Due to the recent hacks (let's get back on-topic here) this is more mysterious than ever.

So, my question again, do you think the "Not Dorian" message is legit?
I think it is not. But I could be convinced of the opposite if there's reasonable evidence.

This thread is not about the identity of SN, but about his email address beeing "hacked".

Anyway I don't believe the "Dorian" message was legit esp because is was not signed. I think the email account was compromised for years. Also looks like the hacker who was doxxed by greaterninja is NOT the one who either hacked Satoshi or Roger Ver. Correct me if I'm wrong, but the bounty for the hacker is still available.

[Cryddit]

If Satoshi wants to go public, he will sign a message with the key of one of the unspent coinbases known to belong to Satoshi.

But I am very confident that will never happen.