In mid-November, WIRED began receiving leaked material from a source close to Wright, including emails, transcripts, a trust agreement, and much more. It seemed to show a mountain of evidence that Wright, a computer security researcher and entrepreneur, had conceived of the cryptocurrency that would become bitcoin, released it with the help of his friend and confidant Dave Kleiman, and run a collection of computers to generate the more than one million coins believed to be held by Satoshi Nakamoto. (Separately, Gizmodo received its own overlapping but distinct collection of documents from a source it described as a hacker, who may or may not be the same as ours.) Those leaks led us to other independent evidence: three posts on Wright’s blog hinted at bitcoin’s creation and launch, a document on an accounting firm’s website showed Wright invested a suspiciously large sum of bitcoins into one of his companies, and another of his firms claimed ownership of two cryptocurrency-related supercomputers that were listed in the official Top 500 list of the world’s most powerful.
Since then, however, three new inconsistencies have cast doubt on that evidence, and added weight to the “hoax” side of the scale:
- Wright’s company Cloudcroft had claimed to own two supercomputers, one of which it said was built by computer-maker SGI. But in an email to WIRED, (and as reported earlier by ZDNet) SGI says that “Cloudcroft has never been an SGI customer and SGI has no relationship with Cloudcroft CEO Craig Steven Wright.” The supercomputer-ranking organization Top500, which had listed two of Wright’s computers as some of the fastest in the world—one as high as 15th place earlier this year—declined to comment on how they’d verified Wright’s entries.
- Wright had listed two PhDs on his since-deleted LinkedIn page, one from Charles Sturt University in Bathurst, Australia, in computer science. But that university now tells Forbes that it never gave Wright any PhDs, although it granted him three master’s degrees in related fields: Networking and Systems Administration, Management (Information Technology), and Information Systems Security.
- An analysis of two PGP public keys attributed to Wright but also linked to Satoshi Nakamoto—one in our story and one in Gizmodo’s—show that they were likely created more recently than the documents in which we found them. Vice’s Motherboard site came to that conclusion based on the keys’ length and types of cipher suites they used, compared with another, known public key for Satoshi Nakamoto.
The two major holes in Wright’s resume that have come to light since, however, point to a hoaxer who may have planted clues of his purported bitcoin creation, just as he seems to have misrepresented his academic credentials and supercomputing achievements. WIRED has called Wright for comment and hasn’t heard back. In fact, Wright hasn’t responded to any of our emails since the week before WIRED and Gizmodo’s stories, and on Friday the email addresses where we’d previously contacted him bounced back our messages.
If Wright is in fact faking the clues connecting him to bitcoin’s creation, plenty of questions remain. Our archived copies of the blog posts showed that their backdated changes had begun in March 2014 at the latest, meaning that any hoax would have to be a long con more than 20 months old. And the accounting firm McGrathNicol continues to host a liquidation report for one of Wright’s companies on its website showing that he invested $23 million in bitcoin in the company in 2013. At the time of the company’s incorporation, that would have represented 1.5 percent of all bitcoins, an intriguingly large amount for an unknown player.
Wright’s colleague Ian Grigg, a financial cryptographer whom Wright has cited as writing a paper that helped inspire Wright’s bitcoin work, wrote Wednesday on Twitter that he’d learned Wright had been hacked and extorted for money, and that the extortionist had given documents to the media (presumably meaning WIRED and/or Gizmodo). WIRED’s source, in addition to providing us with documents, also ranted about Wright’s character and made potentially damaging and unproven accusations that we declined to print, a seeming indication that it was not Wright himself. But the posts to Wright’s blog as well as his non-denial of writing those posts when we asked him about them last week show that any hoax would require Wright’s own involvement. To plausibly fit into a hoax theory, it seems all that alleged extortion, hacking, leaking, and venomous criticism would have to be part of Wright’s own plan.
On Wednesday, the Australian Federal Police searched Wright’s home and office in Australia in relation to a tax issue, but the AFP refused to comment on the nature of the investigation except to say that it’s “unrelated to recent media reporting regarding the digital currency Bitcoin.” The Australian Tax Office declined to comment as well.
If Wright isn’t Satoshi Nakamoto, but is hoping to take credit for bitcoin anyway, he would have had to expect that his glory would be shortlived. On Thursday, one message was already sent to a Bitcoin development mailing list from a known Satoshi Nakamoto email address reading “I am not Craig Wright. We are all Satoshi.” That email lacked the PGP signature from Satoshi’s private key that would have made it more credible, and came from the wrong IP address. Even the mailing list’s moderator dismissed it as easily spoofed.
But if the real Satoshi Nakamoto is alive and does indeed still possess his PGP private key, he could easily dash off a similar but unforgeable note to discredit any pretender. Satoshi’s signature would prove that whoever wrote the message possessed that unique, secret key.
No such signed message has appeared yet. For the moment, that leaves Craig Wright’s story as another unresolved twist in the Nakamoto mystery.
Gwern Branwen contributed reporting to this story.