Slashdot Mirror

← Back to Stories (view on slashdot.org)

Satoshi Nakamoto's Email Address Compromised

Posted by Soulskill on from the or-as-he-likes-to-be-called,-bitcoin-batman dept.

ASDFnz writes: Satoshi Nakamoto, the respected (and currently missing) inventor of Bitcoin, seems to have had his email address compromised by an unknown agent. Satoshi exclusively used one email address when he was active in the Bitcoin community: satoshin@gmx.com. If you have a look at the original Bitcoin whitepaper (PDF), you will find it there at the top just under the title. He also usually signed his correspondence with his PGP signature. Earlier today, the head administrator of Bitcointalk, Theymos, received an email from Satoshi's email address that appeared to originate from GMX's servers. Theymos made a post on the Bitcointalk forums saying he had received an email from the address without Satoshi's PGP signature. Later, the unknown agent posted to other Satoshi accounts.

8 of 65 comments (clear)

  1. WRONG! by Anonymous Coward · · Score: 4, Insightful

    His address expired and someone re-created it.

    Nothing to see here, move along...

    1. Re:WRONG! by ASDFnz · · Score: 5, Informative

      His address expired and someone re-created it.

      Nothing to see here, move along...

      Even if that is true (and I am not saying it is) it has lead to a host of his other accounts being compromised.

      Hardly nothing to see, it is actually quite big. One of the bitcoin download sites (SourceForge) was compromised;-

      http://mineforeman.com/2014/09...

    2. Re:WRONG! by Anonymous Coward · · Score: 5, Insightful
      You're essentially saying "systems that rely on a key item are problematic. The attacker need only that key thing."

      But all systems rely on a key thing. So you're not really saying anything at all.

    3. Re:WRONG! by neokushan · · Score: 4, Insightful

      Don't allow password recovery.

      That is absolutely not a solution. That's braindead idiocy at best. The result is that people will use one password for everything and probably write it down in a few places because if they forget it, they're fucked. Yes, people do that anyway but not allowing a password reset makes the situation much worse.

      If your problem is with that "one key system", then perhaps you need to secure that "one key system" better. Twofactor auth on email hardens that single point and makes it very difficult to compromise. If an attacker is still able to compromise it, then I'd wager they'd be able to compromise those other systems anyway.

      --
      +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
    4. Re:WRONG! by Richard_at_work · · Score: 4, Insightful

      Why is it negligence on part of the email provider? What obligation do they have to take out email addresses permanently just because you can't be arsed to log into the account?

      Does your logic carry over to domain names? Company names? Phone numbers? Addresses?

      Your post shows an all too common insistence that third parties should protect you, rather than you protecting yourself.

  2. Re:If true, it should be changed. by pushing-robot · · Score: 3, Funny

    "Ancient of Numbers" is my new title, thanks.

    --
    How can I believe you when you tell me what I don't want to hear?
  3. That is not proof of compromise by Anonymous Coward · · Score: 3, Insightful

    An email was received from that address without Satoshi's PGP signature. That does not mean that the email account has been compromised. It is trivial to forge an email, thus the need for cryptographic signatures in the first place.

  4. Re:There are a couple of updates in the article by Jesrad · · Score: 3, Interesting

    Unfortunately Satoshi's wallet is worth a mega-fortune, and it's never been quite established that Satoshi destroyed the private key. All kinds of people would give a try and shake it out of him/her, for that much money.

    --
    Maybe we deserve this world ?