by David Gerard
Wright had also applied for an R&D incentive scheme, where a company could receive its tax rebate in advance. His company DeMorgan claimed in 2015 that it was eligible for up to AUD$54 million for a supercomputer “dedicated to Cryptocurrency and smart contract research”.162
In June 2015, Wright got his former colleague Stefan Matthews to put him in touch with Robert MacGregor of Canadian money transmitter nTrust. Matthews told MacGregor that Wright was almost certainly Satoshi Nakamoto. MacGregor was working with Canadian gambling billionaire Calvin Ayre, who Matthews had also previously worked for.
On 29 June 2015, MacGregor and Ayre signed a deal to buy Wright’s companies and his claimed blockchain patents and clear his debts, legal fees and employees’ back wages, and form a research unit led by Wright that they could sell to a larger company. They also set out to market “Satoshi Nakamoto”’s life story, and commissioned novelist and journalist Andrew O’Hagan to write a biography. O’Hagan didn’t take their money and refused to sign a nondisclosure agreement, but instead pursued the story as an embedded but independent journalist. He eventually published a book-length article on Wright in the London Review of Books.163
(Matthews told O’Hagan that Wright had shown him the 2008 Bitcoin white paper before publication, though Wright’s February 2011 blog post makes it seem startlingly unlikely that Wright had heard of Bitcoin that early. Wright had also told Matthews he had met with Ross Ulbricht of the Silk Road in Sydney. O’Hagan notes: “MacGregor later told me he was convinced because Wright had shown Matthews the draft Satoshi white paper. ‘I always had that,’ MacGregor said.”)
In November 2015, an anonymous source began sending documents about Wright and Bitcoin to Gwern Branwen. Branwen provided the documents to Andy Greenberg at Wired.164 A similar document stash was sent to journalists at Gizmodo. “I hacked Satoshi Naklamoto [sic]. These files are all from his business account. The person is Dr Craig Wright.”165 Document drops had been sent to others, including the New York Times and Nathaniel Popper, author of Bitcoin history Digital Gold; none considered the story sufficiently credible to pursue. Leah McGrath Goodman at Newsweek noted that “it was being shopped around fairly aggressively this autumn.”166
Gizmodo speculated that Wright and Dave Kleiman – a computer security and forensics expert and author who had died in April 2013 – had together been “Satoshi”. Wright had co-authored some of Kleiman’s security study guides and claimed he had been a close friend.
As well as pointers to the earlier backdated blog entries, the “leaked” documents included:
a scanned PDF of an unsigned document with Kleiman’s name on it, dated 6 September 2011, purporting to set up a trust, the Tulip Trust, backed by 1,100,111 BTC, controlled by Kleiman and locked until 2020. (The Satoshi stash being locked in a trust answered MacGregor’s question “why isn’t he sitting on an island surrounded by piles of gold?”) The document includes the note “The amount not included will be used to show the ‘lies and fraud perpetuated by Adam Westwood of the Australian Tax Office against Dr Wright’”.167
an unverified transcript of interviews between Wright and his lawyer and the Australian Tax Office, including claims that Wright had been mining bitcoins since 2009, and how he had “1.1 million Bitcoins. There was a point in time, when he had around 10% of all the Bitcoins out there. Mr Kleiman would have had a similar amount.”168
emails purportedly from 2009 discussing cryptocurrency-related ideas with Kleiman.
a letter from supercomputer vendor SGI to Wright’s company Cloudcroft saying it would be assisting in the development of “hyper-density machines” (whatever those are; the term appears only to be used by or around Wright).169
The documents and claims were greeted with widespread skepticism, particularly given the backdated blog posts and the technical details that failed to check out. News site Fusion went so far as to assert outright that Wright had likely sent the “leak” himself.170 SGI said it had never had any contact with Cloudcroft or Wright.171 Cloudcroft’s C01N had been No. 17 on the November 2015 Top500 list of the world’s most powerful computers, although it has since been removed from that month’s list;172 Top500 declined to detail how they’d verified this entry.
A few hours after the Wired and Gizmodo stories became worldwide news, Wright’s house and office were raided by police on behalf of the ATO, though they stated the raid was “unrelated to recent mass media reporting”.173 Wright and his wife had moved out the day before; Wright told O’Hagan of skipping the country just in time to evade the police. The ATO continued investigating through the next few months; they firmly believed “Wright is not the creator of Bitcoin and that he may have created the hoax to distract from his tax issues.”174
Wright deleted his online social media presence and did not respond to media queries. Nothing more was heard from him for a few months; he was in the London office of nCrypt, the subsidiary nMoney had created for him, working on blockchain-related patents.
He spoke at length to O’Hagan at this time about his life and work; O’Hagan noted that Wright “had a habit of dissembling, of now and then lying about small things in a way that cast shade on larger things”:
Wright told me that around this time he was in correspondence with Wei Dai, with Gavin Andresen, who would go on to lead the development of bitcoin, and Mike Hearn, a Google engineer who had ideas about the direction bitcoin should take. Yet when I asked for copies of the emails between Satoshi and these men he said they had been wiped when he was running from the ATO. It seemed odd, and still does, that some emails were lost while others were not.
Allen Pedersen, who worked for Wright both in Australia and at nCrypt, told O’Hagan:
He’s sold his soul … They can’t just sign all these papers and think it’s going to be all right, that they’ll sort something out. It doesn’t work that way. They now have to go to the end and live with it. But they’re doing it on first class. When this Satoshi thing comes out I can see a lot of bad things happening, and they are not geared up for this, any of them … There’s not really a happy ending here … in Australia you could say he was in control. He’s learned absolutely nothing. He’s now in this box, he can’t move, he can’t do anything, and this box is getting smaller and smaller.
Gavin Andresen had taken over as lead Bitcoin developer when Nakamoto abandoned the project. He had communicated at length with Nakamoto in the early days. Wright convinced him he might be Nakamoto by writing emails in his usual style, and then the same content in Nakamoto’s style.
Andresen went to London to meet with Wright. Wright cryptographically signed a message as Satoshi Nakamoto on his own computer and verified it. Andresen wanted to check it on his computer, saying he had to be able to say that he’d checked it independently. Wright suddenly balked, not trusting Andresen’s hardware. A new laptop was obtained and unwrapped and Wright installed the Bitcoin Electrum wallet software.175 Wright opened the claimed Satoshi Nakamoto Bitcoin wallet on the new laptop and seemed to verify that he held a Satoshi Nakamoto private key.176 Wright performed a similar demonstration for Jon Matonis from the Bitcoin Foundation.177 None of this evidence was released for public review; Andresen said “I was not allowed to keep the message or laptop (fear it would leak before Official Announcement).”178
The PR team secured the BBC, The Economist and GQ; the journalists signed non-disclosure agreements and embargoes, and in late April Wright demonstrated use of the Satoshi key to each. O’Hagan noted how oddly convoluted all this was, given that everyone knew that all Wright had to do was send an email signed with a Satoshi PGP key or move a bitcoin from the Satoshi stash and the entire Internet would light up. “I felt distinctly that there was something missing and something wrong.”
On Monday 2 May 2016 at 8:00am, Wright posted to his blog a Jean-Paul Sartre speech claimed to be signed with a Satoshi PGP key, and Andresen posted that he believed Wright was Satoshi. Rory Cellan-Jones from the BBC, Calvin Ayre and
The Economist tweeted. A segment from Cellan-Jones aired on the BBC Radio 4 Today programme, the most important current affairs radio show in the UK. The story blanketed the media.
By midday, the Internet had analysed the evidence and was not impressed. Wright’s blog post was not signed with a Satoshi key – it was clearly faked: an old signature from the blockchain had been copied and pasted onto the message.179 Wright’s name became a punchline.
Nobody could work out what was up with Wright – he had considerable supporting evidence of being Satoshi Nakamoto, except the cryptographic evidence that would nail the proof; and the real Satoshi would know very well that that was the only thing that would nail the proof.
The money men were not pleased, but worked on how to recover the situation. “This is what we’re going to do, because he knew the next move was pack your toothbrush and get on a plane and good luck in Australia,” MacGregor told O’Hagan.
On Tuesday 3 May, Wright posted to his blog that he would move a bitcoin from the Satoshi stash. On Wednesday 4 May, the nCrypt team organised for Wright to send bitcoins from the Satoshi stash to Andresen and Cellan-Jones at the BBC. Wright said to Andresen that he was worried about a security flaw in the early blockchain that would expose him to theft if he moved an early bitcoin; Andresen said the problem had been fixed, but Wright continued to worry.
On Thursday, Wright sent around an email link to a news story from SiliconAngle: “Craig Wright faces criminal charges and serious jail time in UK” – that he would be arrested as the creator of Bitcoin for enabling terrorism. “I am the source of terrorist funds as bitcoin creator or I am a fraud to the world. At least a fraud is able to see his family. There is nothing I can do.” He closed his blog and posted a final goodbye message, apologising for disappointing everyone.
The news story turned out to be a fake, posted on an impostor site but with the design from the SiliconAngle site.180 The fake quickly disappeared; nobody knows the source.
Many noted that Wright’s story would all make sense if Dave Kleiman had been the main technical “Satoshi Nakamoto,” and Wright had started by stretching his own involvement in the creation of Bitcoin and got in over his head. But, though Kleiman, as a security expert, was familiar with cryptography, there was no evidence during his life that he had any interest in cryptocurrency or C++ programming, let alone Bitcoin – every word of such came via Wright, sources close to Wright or the Wired/Gizmodo “leaker.”
Wright disappeared from the public eye, though he did file various blockchain-related patents.181 182 He emerged again in early 2017 with nChain183 (the new name for nCrypt, originally EITC), with Robert MacGregor, Allen Pedersen184 and Jon Matonis185 in tow.
In late June 2017 he spoke at the Future of Bitcoin Conference (where he was introduced as “Bitcoin Dundee”) and threatened legal action against those who had called him a “fraud;”186 this led to a burst of people, including Bitcoin core developer Peter Todd,187 calling him a fraud. He refused to be drawn on his previous claims to be Satoshi.
Chapter 7: Spending bitcoins in 2017
The only use case for which Bitcoin even rivals conventional financial systems is illicit goods and services – mostly drugs – and computer ransoms. Illegal drugs on the darknet have been the primary non-speculation use case since the Silk Road started in January 2011, reaching an estimated $14.2 million in the month of January 2016188 (or $170 million a year). They were overtaken by ransomware some time in 2016 – the FBI estimates ransomware payments at $1 billion in 2016.189 All use cases, licit and illicit, are severely hampered by the perennial transaction backlog.
Bitcoin is full: the transaction clog
The Bitcoin block size is 1 megabyte per 10 minutes, which allows a theoretical maximum of 7 transactions per second. Transactions were cheap and fast for many years – but by mid-2015, the blocks were often full. Suddenly there were delays and increasing fees. Bitcoin had reached capacity for the few users it had.
This rapidly became the new normal. The FAQ on bitcoin.org changed from “Very low fees … no fees or extremely small fees” up to 29 July 2015 to “Low fees” on 4 August 2015 and “Choose your own fees” on 7 August 2015.190
What this means is that users are in a blind auction, where they have to guess bigger and bigger fees in the hope of getting their transaction through. Transactions are routinely delayed hours or days, so many just get lost. (Only 57% of transactions are confirmed in the first hour; 20% never get confirmed at all, and are eventually dropped.191)
It didn’t help when some people on Reddit /r/bitcoin thought they’d stress-test the blockchain in May 2015. They sent out a flood of complex chained transactions, which sent confirmation times from ten minutes up to eight hours at a cost of 2.4 BTC in fees (only a few hundred dollars at the time).192 Interestingly, this attack didn’t even fill many of the blocks – just the “mempool” (“memory pool” – the backlog of transactions to be processed).193
A July attack sent hundreds of transactions per second with a low value but a large message field, taking up space in the blocks.194 In October, an attacker sent a flood of 88,000 transactions, filling the mempool on some network nodes and knocking 16% of nodes offline.195 Attacks continued through 2016.196
These days spam attacks are largely superfluous, as clogged transactions are just part of Bitcoin. By October 2016, Bitcoin regularly had around 40,000 unconfirmed transactions in the mempool at any time, and in May 2017 it peaked at 200,000.197
The possible solutions are:
Increase the block size, which will increase centralisation even further – big blocks take longer to propagate, and the blockchain becomes even more unwieldy. (Though that ship really sailed in 2013).
Sidechains: bolt on a completely different non-Bitcoin cryptocurrency, and do all the real transactions there. (This is presently vapourware.) It is unclear why anyone would create a usable alternate cryptocurrency then peg it to Bitcoin, rather than just use it in its own right.
The Lightning Network: bolt on a completely different non-Bitcoin network, and do all the real transactions there. (This is also vapourware.)
Use a different cryptocurrency that hasn’t clogged yet. (The darknets are exploring this option.)
The Bitcoin community is now sufficiently dysfunctional that even such a simple proposal as “OK, let’s increase the block size to two megabytes” led to community schisms, code forks, retributive DDOS attacks, death threats,198 a split between the Chinese miners and the American core programmers … and plenty of other clear evidence that this and other problems in the Bitcoin protocol will never be fixed by a consensus process.
On the other hand, just increasing the block size won’t fix Bitcoin’s architecture, and the blocks will rapidly fill again – going by the trend from 2013 to 2015, blocks would be averaging around 1.6 megabytes by mid-2017 – and the blockchain will grow even faster.
Bitcoin was the cardboard-and-string proof of concept for the idea of cryptocurrency, that was then pressed into production use. It’s amazing it held up in real use as long as it did.
Bitcoin for drugs: welcome to the darknet
The darknet markets are fuelled by users who want to buy drugs without having to go to the bad part of town and talk to people from a minority, and dealers obtaining commercial quantities to sell locally. Although it’s less than 0.1% of the global drug economy,199 Bitcoin is visibly a part of contemporary drug culture. Drug paraphernalia stores even have “Buy Bitcoin here” signs.
Skunk House, Croydon, UK. Photo: ©2016 Karen Boyd.
“TBF to them, they have now taken down the Bitcoin decals as even they have decided it’s bobbins.” – Karen Boyd, 2017.
Darknet markets remain the most popular Bitcoin use case after speculation and ransomware. In 2014, darknet markets were estimated to have processed more bitcoins than all legitimate payment processors put together.200
Gwern Branwen has written extensively on the darknet markets and
has released 1.6 terabytes of screenshots from darknet sites,201 with analyses.202 The darknet markets fulfil a demand (drugs), but, despite increasingly complex escrow arrangements, they still fall to bad operational security or getting hacked, or just steal all their users’ money – “the constant wearying turmoil of exit-scams and hacks”.203 That said, reliability and quality remain surprisingly good otherwise.
However, even drug buyers avoid Bitcoin if they possibly can. Both buyers and sellers frequently complain of Bitcoin’s ridiculously volatile price messing up deals, and transactions taking hours or days to be confirmed with an unpredictable fee. Some small darknet markets allow minor cryptocurrencies like Monero. In May 2017, AlphaBay, the largest darknet market, started offering Ethereum as an option204 – because Bitcoin was failing to serve its primary consumer use case.
Ransomware
Ransomware combines computer malware, encryption and anonymous payment systems. Malicious software spreads through email spam or exploiting computer security holes; it encrypts the files on your Windows PC and any shared folders it can access, and a message pops up telling you to send Bitcoins to the hacker’s address (usually an address per victim) to get the key to unlock your system before the deadline of a few days.
Bitcoin is now the payment channel of choice, but ransomware existed for decades before Bitcoin. The first extortion malware was the “AIDS Trojan” or “PC Cyborg Trojan” in 1989, which would hide in the AUTOEXEC.BAT file on a DOS PC and, the ninetieth time it was run, encrypt all filenames on the disk and demand you send $189 to a post office box in Panama. Later payment schemes included e-Gold or Liberty Reserve, premium rate SMS messages or international phone calls, or buying particular medicines on a particular website.205 The 2011 “police virus” pretended to be from the local police force and demanded payment by credit card.206 The 2013 “FBI MoneyPak” ransomware demanded payment via online money transfer services MoneyPak or Ukash.