"Faketoshi" as he's known in the community always finds a new way to NOT be able to prove he has access to the early mined coins. It's honestly comical at this point the different bullshit he comes up with. My favorite so far was finding an existing signature on the blockchain from Satoshi, modifying the data, then publishing the signature with different data in an attempt to claim to be the creator of Bitcoin. Everyone called him out on his bullshit and a few months later he came up with a new scam, which is exactly what he'll do after this attempt fails.
Craig Wright will never sign a message with the original private keys or move the coins in a way that proves his involvement or ownership of the first mined coins. He is a fraud.
Here’s a video of Craig Wright being called out by an actual expert and it’s hilarious https://youtu.be/0thnCDgRJfM. He clearly has no clue how ECDSA signatures work.
He clearly knows he's talking to an actual expert who's calling him out, so he thinks faking getting angry and storming out is a good way for him to escape the situation.
He's saying you can derive the private key from a single signature made using a known nonce value (the "bad random"). You can also derive the private key from two signatures made using the same nonce value. In both cases the solution just requires trivial algebra.
That's what we did to get the PS3 signing keys. Accidentally became a bit of a citation in the ECDSA world for that one too; who knew Sony would unwittingly earn the title of "canonical example of how to screw up ECDSA in a consumer product"? :-)
It's also how lots of Bitcoin have been taken away when transactions are signed using broken random number generators. These days people are running bots to spot those keypairs and automatically take the bitcoin.
He's referring to the fact that with ECDSA signatures, if the randomness is bad on a single signature (i.e. you know the "k" value in the signature) then that is sufficient to reveal the private key used in making the signature. Similarly, if two signatures are made with the same nonce and private key, you can reveal the nonce and thus the private key. The maths is actually explained on the wiki page: https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signatu...
And this is one of the reasons why ECDSA is a poor standard: it's too easy to accidentally screw it up, and it results in the worst possible kind of compromise (private key).
There is a better way: make the nonce a hash of the message signature and the private key. That way you don't need any randomness, and the entire algorithm is deterministic. It is guaranteed (assuming the hash is good, but you need a good hash algorithm to sign things anyway) that no two messages will be signed with the same nonce, and that the nonce cannot be guessed without already having the private key. This is what EdDSA does.
"ECDSA" isn't a concrete scheme that you can use in any case. To implement ECDSA one must pick a group where the discrete log is hard, choose a message hashing function, and choose a way to serialize the values. One can optionally choose a derandomized method for generating the nonces, e.g. RFC6979 which is the approach taken by most implementations created in the last 5 years or so.
One could just as well implement something EdDSA compatible with insecure nonce generation and people have done so (for years the thing you got when you goggled for eddsa python was just such an implementation).
It's good that the eddsa paper specifies more of the system, as people have made bad choices and ruined the security-- but even it fails to completely specify the system: the exact input handling isn't specified, which has resulted in security problems.
With "ECDSA" I meant the original NIST ECDSA standard. It is, objectively, a bad standard. ECDSA as originally specified required the use of random numbers in signature generation; the RFC6979 approach may interoperate just fine and be a better idea, but it is not FIPS 186-4 compliant. If you have to break standards compliance to avoid security pitfalls, the standard is bad.
It's not just about specifying more of the standard either. EdDSA is designed to be harder to screw up an implementation of, by construction.
RFC6979 has a fairly convoluted design (and poor performance, requiring 12 invocations of the compression function when implemented with sha2 for a 256-bit curve) specifically so that it is actually a FIPS compliant DRBG with its initialization parameters set in a particular standard permitted way, so as to result in a derandomized nonce.
While I not a FIPS certification expert by any means, it was intended that implementations could implement RFC6979 without breaking the standard by simply using a standard allowed DRBG in the right way.
> EdDSA is designed to be harder to screw up an implementation of, by construction.
That's the marketing claim at least. It's debatable. Some of its choices make it easier to screw up, and widespread implementations of it have also been wrong in the varrious ways it was intended to address. It's a good idea to try, at least, for sure.
I think nonce security in particular is not at all the best example since modern ECDSA implementations are secure against in that respect. I'm also aware of some systems which have had grave security flaws because they believed the EdDSA claim of a deterministic signature meant that it was a unique signature. The promotion of EdDSA itself as magic pixie dust creates vulnerabilities.
There is just no replacement for understanding. :)
> You can recover a private key from two signatures if they reuse the same nonce.
You can, but you can also do a lot more than that. Thinking that this is the only attack is a common error, and precisely the one Wright was making in that recording.
Two signatures with different messages and the same key and message is just a special case of the fact that if you write out the signing equation as a linear system with privkey and nonce being unknown, and the message and signatures being the knows if the resulting matrix is exactly determined or over-determined, then you can solve for the unknown values.
It would also be the case that if you had two signatures with the same key and the nonces being any known multiple of each other that it's just as solvable.
There are other attack approaches, for example if you have a set of signatures where you know the leading bits of the nonce you can also recover the keys by solving a hidden number problem. (If you only know the single leading bit it'll take a few hundred signatures).
Cryptosystems are inherently fragile. The security assumptions of these schemes demand a uniformly random nonce. Deviation from the required property easily destroys security in practically exploitable ways.
The person Wright was arguing with was pointing out that if Wright had the private keys in question -- turns out he didn't-- it wouldn't be impossible that he obtained them after observing a single insecurely generated signature. Wright drove the discussion down a tangent with an argument that one couldn't recover a key with a single signature-- a false claim, but even if it were true it wouldn't really have supported his case.
Indeed; in general, if you know 1/n of the information in the nonces, you can recover the private key after n signatures. So even subtle biases in the random number generation can leak your key after a few transactions.
He did not (he even said they've recovered 10,000+ private keys!). If a nonce is reused across different signatures or just known because randomness is bad, one can compromise the private key used in making the signature.
Imagine saying your favourite thing in the world is education and then exacerbating yourself that much when the situation isn't going your way. My money is he loves being on stage "teaching" because he's in love with himself, not educating.
I AM THE KING! Why does everyone keep ignoring me and my orders?
What is sad is that anyone is even talking about this guy. From the beginning people pointed out he is lying and yet he is still somehow able to be talk about.
Most obvious con-man that is still able to stay in public spotlight.
Wright claims to own around $50 billion dollars worth of cryptocurrency which he cannot access.
Let's say he manages to convince you that he has 1% chance of success at obtaining these funds-- something you could believe even if you know he's a fraud, you just have to have a low opinion of the courts and misunderstand how Bitcoin works (which many people do, see this discussion!).
If offers you a 10% stake in his victory, what would you pay for that? Well under the 1% assumption you might be willing to pay $25 million dollars (half the expected value).
The buyers error is just in flawed reasoning about the odds of success, but people are notoriously bad at reasoning about fringe events and a lot of people don't understand Bitcoin.
For Wright, the fact that his effort cannot be successful is actually a very good property: It means that he can safely sell more than 100% of his fictional fortune: He doesn't have to worry that he'll win and then have to pay out >100%. Instead, he'll lose and tell his investors "Sorry, gave it our best shot but you always knew this was a risky deal!". In that case his income from the scheme is only limited by how many suckers he can bring in... 100 people paying 25m for a '10%' stake would yield a 2.5 billion dollar windfall.
And if you don't think there are at least 100 suckers out there with 25 million to blow you haven't been paying attention to all the defi/ico/nft noise the last couple years.
Right now we know of one major self-claimed billionaire that Wright is exploiting, but there may be many others-- particularly in Asia where language barriers make it much easier for Wright to isolate victims from discrediting information.
He's a household name in the crypto world. Sure, not in a good way, but any publicity is good publicity right?
He could offer his services to various blockchain-focused startups in which he'll fit right in considering said startups' objective is often to get money off clueless VCs by throwing the "blockchain" buzzword around (there are very little legitimate use-cases for a blockchain that can't be served by a traditional database, and a truly decentralized blockchain can't easily be monetized to the level a VC would want).
He has a bad habit of suing former business partners that don't do exactly what he wants. E.g. he's currently suing the second and third person from the left in this photo https://i.redd.it/ph8slk43st331.jpg and the person on the right is the rube that is financing most of Wright's litigation.
My favorite was him posting the fake signing and then when he was called out on it he posted a "Goodbye to the world" style message on his blog after taking it down.
If he really were Satoshi, he could literally prove it in 4 seconds beyond any shadow of a doubt. Instead he obfuscates with things like Tulip Trusts that can't be touched until January 1, 2020 and then that date comes and goes (over 2 years ago now!) and nothing happens.
And then in 2017 he got the bright idea to start filing patent after patent on anything to do with Blockchain. Why did he wait 8 years after he "invented" it?
More recently Wright & co have been paying for a lot of coverage that essentially regurgitates his press releases.
The effect is that the reporting is becoming worse. Two years ago it was common for articles to mention that Wright's supposed proof was completely discredited. Today it's common for articles to say that Wright's claims haven't been "conclusively proved yet".
There is a big difference between saying that it isn't yet totally conclusive and saying that he tried to provide proof but it was proven to be a fraud!
Unfortunately, Wright has shown that he's willing to use SLAPP lawsuits against parties that criticizes him, including journalists. So you have to have deep pockets and a huge tolerance for nonsense to risk publishing something truly critical -- at least if you have enough visibility that he'll care.
Honestly I think it would be quite funny if he wins and developers have to rewrite part of the protocol to give a specific guy money. Would really highlight who's really in control.
Ironically, some of the funds that Wright is trying to demand a backdoor to access are ones that were indirectly stolen from the developers he's suing!
If we could have just wave a magic wand and magic those coins back into our possession, we would have!
Anyone at any time-- including you or wright or anyone else-- can go and make a modified version of Bitcoin with its own consensus rules that do whatever you want, print yourself a trillion coins from nothing. Wright even did this already a few years ago.
But your modified version doesn't do anything to anyone else, the only people it has an effect on are the people who choose to run it. Your version would form a separate currency (just as Wright's has) and you can compete in the market for adoption. If your version is distinguished by stealing a bunch of coins, I'd bet that it doesn't get much adoption particularly since the whole premise of Bitcoin advanced in it's initial announcement was giving people power against being overridden by that kind of capricious change.
I don't really have a dog in this fight. I highly doubt the miners would move to that chain/protocol. There would be a hard fork of the source code and chain, possibly by people outside the reach of whatever jurisdiction this guy is in. It's just completely impossible for this to actually happen AND actually mean anything. Anyone can get access to any coins by changing the source code/protocol and hard forking the chain. But they won't be worth anything, just another orphaned side chain with nobody on it.
I think he's pinning his hopes on the assumption that if courts say his fork is Bitcoin, his chain is the one that exchanges regulated in Western countries will trade as Bitcoin, and therefore his fork is the one that dumb money that's heard Bitcoin is going to the moon and hasn't heard of Craig Wright or forks will buy. If actual cryptoenthusiasts are too disgusted to even sell off their tokens on his fork, that just helps his token sales
Nah, he already has a fork, the super sketch bitcoin knockoff "Bitcoin Satoshi's vision"... AFAIK the only US entity that will trade it is robinhood (which IMO tells you all you need to know about RH).
It's a not-particularly popular fork of Bitcoin. If they did this, I guarantee there would be a hard fork and the value of Craig's "bitcoin silver" would go to 0.
It's analogous to suing someone who makes gold jewelry to try to force them to get everyone else to start referring to lead as "gold" and paying gold prices for it.
That would be if he was asking for Bitcoin silver to take over Bitcoin. This is like someone asking the bank to give him someone else's massive but abandoned account, if more than half of its clients agree.
> This is like someone asking the bank to give him someone else's massive but abandoned account, if more than half of its clients agree.
That isn't how Bitcoin works, however. The protocol is enforced autonomously by each participant all on their own. The only voting like property in Bitcoin is the consensus used to decide the order of transactions in order to reject double-spends. Wright doesn't want to change the order of transactions-- the coins he's attempting to steal haven't moved since 2011.
If someone creates a transactions that spends some coins without the required signantures it'll just be ignored by all participants. If some participants adopt backdoored software that allow bypassing the authentication they'll just be ignored by everyone else, it doesn't matter how many do-- all automatically. Even if everyone else adopts that backdoor your own computer will just ignore them and continue the Bitcoin network with other non-backdoored participants.
So inherently what he seeks is to replace Bitcoin with an incompatible alternative. The only way that's possible is if people choose to adopt the alternative, call it bitcoin, trade it for bitcoin-prices, etc.
He's attempted it already too, he created Bitcoin Satoshi Vision-- his fork that is distributed under a proprietary software license. His conspirators and their victims go around telling people that it's the real bitcoin and that Bitcoin is an imposter. This has been mostly unsuccessful.
I remember there were records of his blog where he was "downloading java courses on security" at the time when bitcoin was being developed by Satoshi )))
What if Craig Wright is suffering from mental health problems similar to those that affected Terry Davis, the author of Temple OS?
I understand the Craig Wright is violating the norms of public behavior. I think it would be more charitable to not assume that he’s necessarily in his right mind.
Terry built templeOS and spent years working on the project. No one questioned the authenticity of that project and anyone familiar with him or his illness would likely not compare him to Craig Wright. This analogy really falls flat and makes no sense.
Then you haven't been paying attention. Wright is continually spouting literal gibberish and technobabble, he's technical inept to the point of hilarity. For example, when asked to explain some C code he claimed that the line declaring a double-type variable were doubling the values.
Beyond his ineptitude, Wright has repeatedly claimed he would provide proof, but then when his 'proof' is exposed to expert analysis it turns out to be a provable forgery. Not just once, but over and over again. Forged emails, forged pgp keys, forged digital signatures, forged invoices, forged whitepaper drafts. Not merely falsifiable but actually falsified.
It's certantly possible that Satoshi lost whatever keys he had-- but if so he isn't saying anything about it. The idea that Satoshi would lose keys and then make a clown out of himself is just not parsimonious.
What is parsimonious is that we know for a fact that Wright has been selling his "fortune" to suckers for a number of years now-- the setup of a classic Nigerian scam: I am a prince in exile but with a small advance from you I can access a vast fortune which I will gladly share with you. At first his excuse was that he couldn't touch the coins without risking the AU government seizing them (due to stealing millions from AU with fraudulent rebates), then his excuse was that the coins were secured by a "bonded courier" (think of the end of Back to the Future 2) and wouldn't be delivered until Jan 2020, and most recently he claims that in Feb 2020 hackers entered his home and hid a 'wifi pineapple' to penetrate his network and steal his coins (of course, the coins haven't moved on the blockchain)...
Yes, though wright has filed lawsuits against more or less every remaining known developer that worked with Satoshi and doesn't have a relationship with Wright in an apparent effort to create a conflict of interest to disqualify their input and intimidate them from participation (that's the subject of this article).
"They've all refused Wright's demands, though a firm called nChain Ltd is 'said to be working on a modification to the existing BSV client software, which would enable someone who owns but cannot access the BSV to regain control of them.'"
Note that Craig Wright is the Chief Science Officer of nChain[0].
It seems cryptocurrency enthusiasts love irreversible transactions until they have one of their own transactions they want reversed, although if you're high enough up the pyramid you can get yourself sorted, e.g. by rewriting the client software (as in this case) or by forking the blockchain (as per Butlerin and The DAO[1]).
In this case though the problem isn't irreversible transactions, it is that Craig Wright does not and has never owned the coins he claims to have owned.
Just to clarify, the article is about the court case where he wants some transactions on the Bitcoin SV blockchain reversed. The question relating to whether he is Satoshi, and therefore owns Satoshi's 1.1M Bitcoins on the Bitcoin Core blockchain, is a separate court case.
He does not want transactions reverted, he wants Bitcoin Core to change the rules of who can spend coins to allow him to make new transactions that are currently not allowed. He is implementing this in his own Bitcoin fork, Bitcoin SV, to demonstrate that it can be done.
A more realistic goal is probably to get the court's blessing to authorize nchain, who maintain the only BSV client (therefore the entire blockchain) , to send Satoshi's BSV coins to Craig.
This seems much easier to achieve and allows him to steal coins from all BSV holders without taking from any one BSV holder in particular. Coins previously thought lost would be reintroduced, effectively inflating the coin's supply.
That's a quick and easy ~ $83M based on today's BSV price and a conservative estimate of the number of coins held by satoshi.
He wouldn't even need the court's blessing for it though, as they already control the hash power and the reference client (which is no longer under an open license).
A court effectively ruling that he was Satoshi and a fork made to award him coins was the "original" Bitcoin and possibly even ruling other forks violate his "IP" would make it much easier for him to dump those coins on speculators though.
(I don't think the court will grant him any of those things, but it's not too difficult to imagine him hoping the court can provide him with more than just some coins on a PoC fork nobody uses)
Yes, all other "cryptos" are just products developed by companies who place themselves at the top of the pyramid.
This is one of the key properties that makes Bitcoin so important. There is no company that administrates over it. There is no CEO.
It's just a protocol.
Roughly 12k computers run this protocol around the world, helping to enforce the consensus rules which have been incredibly resilient to change over the last 13 years, despite numerous attempts.
It's this immutability of consensus on a decentralised network that makes Bitcoin (the token) so valuable.
Craig Wright is such a fraud. The ALAB Podcast episode on him is hilarious.
He's got some serious mental issues.
My favorite part about the saga is that after he claimed to be Satoshi and have access to billions of dollars, everyone involved in lawsuits with him agreed.
"Yeah, okay you've got billions of dollars. So that means you owe the plaintiff half of that, and the Australian tax authorities a chunk too."
I particularly liked the bit about him thinking he was clever denying that a printout of an email was an email. Ohh or the forged signature. There’s so much to love in this case, I would not have known half of the stupidity surrounding it if I hadn’t listened that ALAB episode
He must figure that his creditors will help him grab those 1.1 million coins, at which point he could lose 90% of them and still be wealthy... if he manages to sell them before its perceived value crashes.
Aside from the obvious, can someone at least tell me how these claims are rationalized because they make no sense:
1) If the hackers copied and deleted the private keys from his computer
2) Why does Bitcoin SV need to be modified in order for the funds to be accessed
Do people on HN even know why those statements are not reconcilable? Does TheRegister, does the judge? I don't care what Craig Wright knows or thinks, he is a troll regardless, but I'm not even sure if his incoherent claims are something slightly more coherent that everyone else messed up.
Wait, is he saying that because he doesn't have the private keys, he wants the whole Bitcoin SV network modified to give him access to funds in a specific address? lol. okay.
I feel like he could just rent some hashpower to force a confidence breaking change on the network but I guess he wants court approval.
What you said at the end is correct. He is aiming to have the courts somehow force through a Bitcoin hard fork that moves Satoshi's coins to an address controlled by himself, and he is including his Bitcoin fork, BSV, so that his team can implement the fork and show the courts it's a viable remedy.
Then he'll say to the courts "look the developers and miners for BSV made the change so it's possible; You need to go after the Bitcoin people and make them do the same."
So far I get the impression that judges are mildly amused by him, at least the one in Florida, otherwise they would commit him to an asylum or dismiss his cases outright
> Wait, is he saying that because he doesn't have the private keys, he wants the whole Bitcoin SV network modified to give him access to funds in a specific address? lol. okay.
Not just Bitcoin SV-- SV is pretty much only included because almost no one cares about it and he essentially controls it (the software for it has a proprietary license that gives him substantial control, at least when you factor in that he's threatened in public to sue anyone who makes a cleanroom version that doesn't accept his changes). He's also demanding the _bitcoin_ which is worth a lot more.
> I feel like he could just rent some hashpower to force a confidence breaking change on the network but I guess he wants court approval.
Hashpower wouldn't help him: he and his sponsor already control essentially 100% of the BSV hashpower and have for a long time.
He doesn't want to change the order of transactions-- the coins in question haven't moved since 2011 (and weren't ever owned by him in any case, weren't previously owned by him even if you believe his story). What he wants is to bypass the authentication to let coins get spent without the required signatures. No amount of hashpower can do that.
So what he wants is for everyone to adopt an alternative version of the Bitcoin protocol that contains a backdoor to allow bypassing that authentication. As to why he's suing the particular people he's suing, his arguments aren't coherent. --- but he's been going on about ruining them for years, long before the supposed theft happens, so it doesn't seem that hard to figure out. :)
With 51% hashpower, you can make illegal (by consensus) transactions on the longest chain. This will fork off the validating nodes, but most light clients won’t see an issue and will follow the malicious chain.
In practice it doesn't actually work that way. Lite clients use a semi-trusted validator, and the semi-trusted validator won't be tricked.
I say practice rather than theory because it's not just theory: There are many different forks of Bitcoin, including one created by Wright (BSV, "bitcoin satoshi vision" lol) which exist and are used and have lite clients.
For many users, the brief exposure to the wrong chain if their validator starts giving them the wrong one isn't an actual problem-- they will notice and switch eventually and only get robbed if someone pays them on the malicious chain before they notice. Though this is the reason why the Bitcoin whitepaper recommends that users that accept frequent payments should prefer to run their own node.
Thanks for your clarification nullc. I don’t quite follow:
* How will the light clients notice if they are on the malicious chain if it has the most work (for simplicity they see 1 malicious node and 1 non-malicious)? The light wallet surely goes with the malicious validator with the longest chain, when it sees it.
It’s obvious (to me) that the non-malicious validators won’t accept invalid blocks, but not so obvious to me why light wallets would follow the smaller chain.
This is at the crux of what appears to be my misunderstanding of light clients.
If you have a link, I would like to read more and it would probably save you time from repeating something you’ve likely said before.
As a context reminder: GP claimed that it wasn’t possible to spend someone else’s money, even with 100% of the mining rate.
I'm seriously curious about Craig Wright as a character and his mentality.
At one point I did some digging and found his early pre-2015 blog. As you can see here, he described himself as a "GSE-Compliance and GSE-Malware" [0]. You can also see he was working on his PhD research project in a university, and also doing some system administration at the university's HPC center [1][2]. Scrolling through the blog, the published articles included Windows commandline, Process Explorer, how shellcode works, etc. There are all basic things, not some extraordinarily creative or original works.
Thus, he was basically a regular IT security DevOps with a business, and also studies in an university for some regular research projects. I can easily imagine that the things he did was what an average user of Hacker News does.
So, what really happened in the meanwhile? What made him to metamorphose from a regular security geek into a persistent scammer who claims he's Satoshi Nakamoto? I think this is the real question to ask. There must have been some external forces come into play that made him do that.
A rumor I've heard is that Wright's business was running into debt, so somehow he made a deal with Calvin Ayre. Calvin Ayre became his financial backer, and as the condition of this transaction, Craig Wright must claim he is Satoshi Nakamoto and acts as if it's real. This is probably what happened.
> So, what really happened in the meanwhile? What made him to metamorphose from a regular security geek into a persistent scammer who claims he's Satoshi Nakamoto? I think this is the real question to ask. There must have been some external forces come into play that made him do that.
Wright's been a low grade crook for a long time. He was sentenced to 30 days in prison in 2004 for contempt after he forged documents to try to escape some non-compete he violated.
The proximal cause of his Satoshi related cosplay is a massive tax fraud. AU has a refundable tax credit for qualifying R&D where they'll pay out around 30% of the money you spent on research.
Wright spun up a bunch of companies that did nothing but claim these credits-- with an intention of claiming around 65 million dollars worth. AU paid out the first round but the next year audited him. Their first question to cut through his obfuscation was "Where did the millions you claim to have spent on research come from?". Bitcoin had just become a big thing in the news and Wright started claiming to be an early miner, pointed to coins from a bitcoin rich list and said they were his, and claimed to have received loans secured by those coins to pay for the research. [There is also a whole separate branch of fraudulent sales tax rebates that he applied for when the R&D credits started souring on him-- but most of the docs on that haven't been made public yet]
Wright created a huge number of forgeries to support his claims and kept expanding the scope until he was claiming to be Satoshi, but the AU tax office wasn't fooled, ruled against him, and demanded he return the money he took.
He'd already spent much of the money, so he basically just took the faked documents that the tax office was too smart to fall for and sought out other suckers to fall for them. Effectively the classic Nigerian prince scam, offering people a share of his fortune if they could just help him overcome his short term cashflow problems.
There is some indication that he'd been engaging in this R&D credit fraud for up to a decade before the enormous applications that got him caught-- he's recently published R&D credit applications for fake projects (basically just applying for R&D funding for concepts he saw posted on tech mailing lists) going back to 2002-ish. So either these applications are recent forgeries or he's been funding himself through fraud for at least the last 20 years.
The relatively uncertainty about the earlier possible fraud there is that for the big 2013+ tax fraud much of the tax office documentation has been made public as a result of a civil lawsuit against Wright, so for that we can be pretty sure what happened... but for things other than that we just have Wright's statements to go on, and Wright is a fantasist and pathological liar that constantly makes stuff up even when its not to any advantage to him.
From legal standpoint it is interesting case and it can bring precedent to crypto scene. We will know if person can lose coins and retrieve them back lawful way with court order. Even more interesting, that most miners are now located in USA jurisdiction.
We know, that Google and others can adjust results based on courts orders. It's interesting if miners who invested hundred millions into mining operation could follow order and implement changes to mining software.
It its a known secret, that right now, major miners do some changes and implementations, like for example blacklisting/watching big cold wallets of major exchanges for coins to be secure and not stolen by mistake.
Hell, it can bring precedent to OSS licenses. Bitcoin is MIT licensed : '[...] THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, [...]'.
If you, as a creator, can hold co-authors responsible for losses.
FWIW, in this legal action Wright expressly states that his claims of being Bitcoin's creator are irrelevant for the case.
His claimed cause of action is that as a user he negligently handled his bitcoins and lost them to hackers, and that the some random subset of the authors (e.g. the ones best able to debunk his claims of being Bitcoin's creator) owe him a fiduciary duty to make him whole.
This makes no sense to me. The court orders... who exactly, to return the coins? AFAIK a new Bitcoin fork would have to be made (by whom?) - and there's no guarantee the fork would be accepted by anyone.
Even being non-American with my necessarily flawed understanding of the US constitution, the scenario you described strikes me as a clear violation of the first amendment. First, you would have to compel someone to write new code that changes the way bitcoin fundamentally works. Assuming you manage to do so, you would then have to compel "everyone" to recognise the hard-fork as the "true" chain, again something clearly at odds with the first amendment, and I suspect the laws in many other jurisdictions as well (for obvious reasons).
It wouldn't violate the First Amendment, since the court isn't going to be a government actor for that purpose. A court absolutely could order someone to change their code to comport with the judgement--I mean, this happened to Apple in the not-too-distant past. What the court can't do is compel everybody to use the new hard fork, first for the simple reason that most of those people aren't being sued, but somewhat more fundamentally for the reason that it doesn't really remedy any judicially-cognizable harm. (That said, it's similarly hard to envision a scenario where the court orders someone to modify Bitcoin's code, especially if you're talking about something that retroactively adjusts balances).
Miners investing hundred millions dollars into operation. If court will tell them, like for example 3 biggest miners from US to make that block, they will do it to protect investment, because other way they will get sanctions from gov. Other people on non-mining nodes can fork it, but noone with millions dollars at stake will be on forked chain and only miners make blocks. Court will not be stupid and believe, that such move is legal way to disobey court.
That isn't how Bitcoin works. Miners can't violate the protocol, since the protocol decides what is and isn't mining.
Wright wants a version of Bitcoin created with a backdoor to transaction authentication that lets him take coins without presenting the required credentials. If he created such a version and convinced some miners to run it, they'd simply stop producing blocks (at least from the perspective of anyone who didn't also adopt his backdoor).
So the situation you imagine would just result in hashrate going down-- which can be a bit of an an annoyance since it slows down transaction settlement temporarily, but isn't a dire issue (e.g. Bitcoin lost on the order of half its hash power for a while after china issued a ban).
In any case, if Wright shared your theory and was acting in good faith the target of his actions would be miners and not volunteer open source developers. He's stated outright in public that he expects the ruinous cost of his litigation to destroy the lives of his targets.
In the apple case you're referring to the government dropped its case after Apple argued that the government's demand constituted unconstitutional compelled speech.
In the united states the courts only have power at the pleasure of the constitution, the constitution is binding on all actions of a court. (Now, the courts could conclude some action doesn't violate the constitution-- but that's a different matter)
Except in some narrow cases in civil matters US courts do not order specific performance -- they don't order you to perform some specific act -- instead, the award cash damages for the harm you caused the other party.
In the ninth circuit where I reside, the standing, unchallenged, and unambiguous law that the publication of source code is speech protected by the first amending as was established in Bernstein v. US.
This is also recognized by the long line of modern decisions with respect to defamation law-- it cannot be so overpowered that it abridges the publics free speech rights, even though defamation is always a civil matter.
If you adopt an interpretation that the remedies available to the courts aren't constrained by the constitution, then any imaginable abrogation of the civil rights of the public could be lawfully imposed by simply creating a civil cause of action with the otherwise unconstitutional action as a remedy, then the state can induce some private actor to take action under the law. (The idea that Wright is acting on behalf of some state actor out to undermine Bitcoin is a common conspiracy theory, but a less parsimonious explanation than him being a simple con-artist.)
You're absolutely right that Wright's demand would also require that everyone adopt the alternative version and regard it as Bitcoin--- which is akin to expecting everyone to start believing he's a good guy, something no conceivable court could order because no court can never have power over the hearts of mankind (short of someone inventing a mind control gun :P ). It also has the practical problem that many of the defendants, such as myself, haven't been Bitcoin developers for years. And defendants, even the active ones, have no more ability to take action here that Wright himself does-- it's open source software, after all--, except for the fact that the defendants have a good reputation and Wright has a reputation as a fraud.
But to even get that far wright would also need to overcome the civil rights problems with his request-- at least for the US defendants: Wright is asking the government to compel labor to author the backdoored itself, compel speech by making the defendants publish it, and restrain their speech by prohibiting them from publishing non-backdoored code. He also would have to overcome the fact that the license they offered the software under expressly requires the recipient wave liability for any cause in connection with the software. (and the fact that his claimed loss is pretty obviously nonsense)
He also has to overcome a number of procedural issues, including the fact that the lawsuit was brought in the UK by an insolvent foreign shell corporation itself owned by a web of other insolvent shell companies in different jurisdictions -- none of whom operate in the UK against developers none of whom do business in the UK. Wright prefers the UK because of its motion-by-motion loser-pays default that lets Wright extract enormous legal fees by defeating summary judgement motions by offering forgeries (summary judgements are decided by assuming the facts are in the favor of the non-movant), as well as the weak protection for people's free speech rights. Wright's hail mary to try to keep in in the jurisdiction of the UK courts is to include one of his own entities as a defendant, and of course they immediately agreed to the jurisdiction.
It's interesting that Jack Dorsey (of Twitter fame) and others are now paying for the lawyer bills of all the developers who might be sued by this fraudster [1].
Bitcoin and LN legal defense fund: Jack Dorsey, Alex Morcos, and Martin White posted to the Bitcoin-Dev mailing list the announcement of a legal defense fund for developers working on Bitcoin, LN, and related technology. The fund “is a nonprofit entity that aims to minimize legal headaches that discourage software developers from actively developing Bitcoin and related projects”.
What are the theories about why the real Satoshi doesn't just move all the coin to another wallet himself to prove that Craig Wright is just a scammer?
Possibly that they're dead, such as with the Hal Finney as Satoshi theory. Otherwise they've could've lost the private keys, be in jail, became a hermit, or plenty of options like that. If Satoshi is multiple people, perhaps they can't agree on an action. Or maybe they could just like the chaos.
Literally the only thing heard from Satoshi since he disappeared was a post from a mailing list from a known email address of his saying "I am not Craig Wright"
Because the real Satoshi might be dead and took the keys with him to grave. I, to this day don't understand why it's not obvious why Satoshi has not done anything public for over 10 years.
It makes sense that if one were CERTAIN that the real Satoshi could never claim otherwise (because you knew them to be dead), you would feel emboldened to make outrageous claims without fear of reprisal.
Wright is a conman, his analysis of risk is very different from yours. He has repeadily taken actions which were almost sure to get him caught, he got caught, and he just kept going. He would have no reason to know or care if Satoshi would rebuke him. If Satoshi did, Wright would just ignore it or claim it was a fraud.
In fact, in the Florida lawsuit Wright provided a list of thousands of addresses he claimed to control and mined bitcoin to. The document was accidentally published without redaction and shortly thereafter the owners of 145 addresses controlling over 7000 bitcoin stepped up and posted signatures saying the addresses weren't wright and that wright is a fraud.
Wright's reaction? When asked about this he claims that there were no signatures created and just moves on. When one interviewer pressed a bit he just blathered about you can't have signatures without identity and became irate and the interviewer changed subjects.
Or more specifically to this case: In a document to the ATO Wright claimed to own several high value addresses. Two of them were actually owned by known community members, one produced a signature calling Wright a fraud, the other was called as a witness against wright in Florida. ... Wright ignored that and is suing us over the ones from that same list that where the owners haven't spoken up (yet, in one case the owner appears to have robbed a bitcoin exchange so even if they're aware of the case they're not likely to speak up).
As far as Dave goes: The only material that has ever linked Dave to Bitcoin was material wright produced to support his tax fraud, most (all?) of which has been proved to be forgeries created after Dave's death. As far as anyone can tell Dave had no particular programming expertise-- he was more of a PC tech and windows IT security guy--, the only software he appears to have created was a simple visual basic windows registry checking tool.
Of course, it's not impossible that just about anyone created Bitcoin, but I would expect that more than 3/4 of the participants in any random thread on HN would be a better candidate than Dave.
Pretty sure it is the NSA (Nakamoto SAtoshi), most likely they’ve broken the underlying cryptographic primitives and now use Bitcoins as their slush fund. It also fits perfectly with their mission statement, as they can now precisely track almost all illicit transactions and they should be able to unmask both source and targets pretty easily.
Yes, but on the subject of plausible state actors -- Israel is among them. They also have a very advanced cohort of computer scientists and a booming crypto industry. There were even early cryptominers produced there, iirc.
It would not surprise me in the least if their state was behind the SN pseudonym.
Also... SN could have used any news article from any publication discussing the bailouts -- they made a choice to use a page with a massive graphic of Israeli tanks rolling into territory, rather than, say, any page from a more financially focused paper like WSJ... This could be just noise or it could be there as some form of nationalism or affinity for the image and storey.
The leading theory is that Satoshi is dead. Some think it was Hal Finney. Some think it was Dave Kleiman, the brother of the woman Craig just got out of a lawsuit with.
The only source for any claim connecting Dave to Bitcoin is Wright, it's not something Bitcoin experts believe because wrights docs connecting dave to bitcoin were proven to be forgeries made after Dave's death, and there is no evidence of Dave having computer programming expertise.
Wright actually exploits that misunderstanding, there are some people who've been taken in by Wright's scam who believe that Wright didn't create Bitcoin but dave did and that wright stole his Bitcoins. For them that's good enough.
Aside, The lawsuit you're referring to by Ira Kleiman, a man. :) And he won a hundred million dollar judgement against Wright. Wright has tried to spin this as a "win" because Ira was asking for as much as a trillion dollars (lol) on the basis of thats the correct amount if you believe all of Wright's nonsense. In reality, Wright himself has no wealth or source of income except what he's able to pull in with this fake-satoshi con, so probably the portion of any judgement beyond a few million dollars is all equally uncollectable.
If he had millions, he wouldn't have lost a security order (where the judge believes that you don't have sufficient assets to cover the other side's legal costs if you lose, you have to give the court security over some assets/funds to hold in escrow).
It's not his own money he's spending on these lawsuits. He is being bankrolled by a criminal billionaire gambling mogul.
It's an investment being made in order to get access to all of Satoshi's coins on all the bitcoin chains. Those coins are valued very conservatively at no less than 32 billion usd.
The moment someone touches them their value will tank. Part of the bitcoin speculation is that massive wallets like this one are frozen and out of the market. When people "invest" by buying hundredths of bitcoin, someone reintroducing 1.1 million will make them wary.
These wallets might as well be considered trip wired, some people monitor them constantly.
Really old never before moved coins move from time to time, including ones from Wright's list of 1.1 million coins. It sometimes generates a little noise on twitter or a throwaway news article, sometimes it goes without being noticed in the public. Nothing much happens either way.
Craig Wright is a patent troll, a narcissist, and a sociopath. It's amazing how far he has been able to take this grift. Part of it is that he has been able to adopt this unwavering character and not break it for years.... something a normal person just isn't wired to do.
But to your question - I suppose I agree. I don't think society usually tries to help malignant people whether or not it stems from mental health issues or not. We tend to focus more on punitive measures than rehabilitation if someone does something out of line.
That's not how wallets work. A wallet is the private key (some secret bytes) and as long as you have those bytes (or something that re-creates those bytes, such as a passphrase) you have the ability to sign a message that is published on the blockchain which moves/spends your coins.
That's where it gets a bit complex. There are both passwords and phrases, but usually for different purposes:
Traditional passwords are used sometimes to encrypt the secret bytes (private key) similar to how an SSH key might be encrypted and unlocked. In this usage the actual bytes are encrypted and stored somewhere (like on disk) and if you lose that file or the password you used to encrypt it, you therefore lose the private key and can no longer sign messages or "spend" the coins. This is how Bitcoin functioned in the early years.
Some people instead use what originally were called "brain wallets" and are mnemonic lists of words that then get used through a key derivation function (KDF) to turn those words into the secret bytes. In this kind of setup you don't have the secret bytes stored anywhere but rather you need to remember the phrase (list of words) which is in turn used to generate the secret bytes deterministically.
Yeah but ultimately I still need those bytes to move the coins. Doesnt matter what method I use to come up with those bytes, beit a password or a brain wallet, they are just algo's of various length and time to compute.
The 'coins' are really not the important part of the story here.
Bitcoin is open source cryptographic software developed by volunteers under the MIT license. Wright-- via a web of shady shell corporations-- has sued a dozen current and former Bitcoin contributors (including myself) demanding that they introduce a backdoor to allow him to bypass the authentication and take possession of coins without providing a digital signature, or-- if that fails to work-- pay him around $6 billion dollars in damages.
The assets he's seeking to obtain are very obviously not his (though he argues we lack standing to challenge his assertion), but that isn't the most important consideration: More critically, the remedy he seeks is simply not possible. The defendants have no more power than anyone else, including Wright, to publish an incompatible version of Bitcoin-- but any such incompatible version will just form a separate currency, and no one-- not any developer, not any court, not any human power-- can force other people to adopt this alternative version or consider it to be "bitcoin". Wright has already created one such alternative version "BSV", which essentially no one uses and it trades for less than 0.004% of bitcoin's value.
Wright is well aware that the remedy he seeks is an impossibility and that he has no real prospect of success. Given that he can't be successful, you may wonder what goals are (1) Profit: He's been selling these "inaccessible" coins at a deep discount to at least one mark, it doesn't matter that his case will be unsuccessful so long as he can find people who think it might be successful willing to buy a share in the winnings. (2) Wright is attempting to intimidate and disqualify the worlds foremost experts in Bitcoin technology from providing evidence another lawsuit about his fradulent claims of being Satoshi. (3) Wright intends to use the legal fees to financially ruin parties who have refused to aid his fraudulent schemes, particularly because the UK uses a loser-pays where the loser of each motion pays the other sides legal costs and Wright racks up astronomical costs. Wright has already bankrupted a journalist that discussed his fraudulent claims of being Satoshi with a defamation lawsuit, even though Wright hasn't won against him (the case is ongoing).
Wright effectively argues that anyone who has ever built software using bitcoin is a fiduciary which owes him a duty of care which extends even as far as compensating him at their own expenses for losses created as a result of his own negligence. His position is that this is even the case even though they offered the software under a license stipulating "IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.", even though their work was uncompensated, and even though they had no relationship with him or his entities.
He also contends that the liability continues forever and, in fact, I stopped working on Bitcoin completely several years ago long before his supposed loss occurred. (Several other defendants also stopped working on Bitcoin years ago)
Wright is attempting to improve his odds in the case by making a proxy entity which he created "Bitcoin Association for BSV" the primary defendant, already it's attempting to undermine our effort to challenge the jurisdiction of the UK courts by agreeing to the jurisdiction (normally one defendant agreeing is enough to settle the matter). Wright has used the trick of suing his sockpuppet to get a bespoke civil judgement in the past.
This lawsuit has implications far outside the realm of Bitcoin or cryptocurrency:
The case highlights apparent flaws in our legal system where a well funded party with no prospect of actually winning their case can submit flagrant lies and forgeries with near impunity and cause finical ruin for their targets with an obviously meritless case. This is particularly stark for volunteer free software developers, where even modest legal costs easily overwhelm the indirect gains of publishing free code and related pro-social activities.
Obviously free software more or less can't exist if the clear text of the license is ignored and volunteer developers are going to be hit with massive liability (or massive legal fees) for software they created without direct compensation.
The case also has substantial civil rights implications-- Wright asks governments to use their power over the defendants to compel both labor on his behalf and speech: He seeks to force us to develop backdoor code to bypass Bitcoin's transaction authentication and he seeks to force us to publish it (and presumably endorse it). He also seeks to suppress speech: he is asking the government force the defendants to remove and refrain from future publication of non-backdoored source code.
Craig Wright will never sign a message with the original private keys or move the coins in a way that proves his involvement or ownership of the first mined coins. He is a fraud.