9 min read

Why do people think Craig Steven Wright is Satoshi

People want there to be a hero who can light a path out of the darkness, and Craig Steven Wright has repeatedly claimed to be that hero and the only one who can carry that light.

However, when his claims are met with even a modicum of skepticism or probing, they often instead seem to be the desperate moves of a charlatan trying to keep his own lights on.

Before we get into the specifics, let’s first establish that a claim such as ‘I am Satoshi Nakamoto’ (or at least I have the private keys of Satoshi) is one that can be easily established beyond a reasonable doubt by: publicly signing a message, or sending a transaction from a known Satoshi address.  In the absence of any of this easy to do public actions, we should be very skeptical of claims.

Also during this report I use the phrase ‘coinbase’ to refer to the first transaction in a block, where the newly mined coins are distributed.

The Beginning

Craig Steven Wright was a cybersecurity entrepreneur in Australia who began to have serious difficulties with the Australian Tax Office due to some refunds they were investigating him for.  During this investigation Craig begins to claim (page 91) that he controls in excess of 1 million bitcoins.  This amount mirrors what Sergio Demian Lerner suggested was the amount Satoshi controlled.  However, one of the addresses Craig claimed to control has signed a message stating:

“Address 16cou7Ht6WjTzuFyDBnht9hmvXytg6XdVT does not belong to Satoshi or to Craig Wright. Craig is a liar and a fraud.”

With the signature:  “G39S6i4XsfQnixN5ePMjVPboWvGXdnW8xFFAXiwEriZFCclflbD7umP58u3Sl+dvvXC5BxBrRNkTMNf92O1UIXw=”.  (I am including all this detail so that you can verify the cryptographic signature yourself, this is one of the incredible things that cryptography has enabled.)  This means Craig Wright does not control this address (or at least not exclusively).  Furthermore, another address that Craig claimed to control (1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF) is one of the wallets used by the Mt. Gox hacker.  Craig Wright did not control that address either.

Craig continues in various documents to claim to control these addresses that he does not control, but it is only on February 11th 2014 that he explicitly says that he was part of Satoshi Nakamoto for the first time.  In an email to the mother of Craig’s deceased friend Dave Kleiman he tells her that he and Dave were two of the three people behind Bitcoin and asked her to recover Dave’s ‘wallet.dat’ file for him.

Craig will not claim he is Satoshi again until March of 2014 when he appears to edit a blog post from 2008 on his blog with an apparent ‘Satoshi’ PGP key.  However, the key is called out as backdated, based on the software version of the MIT keyserver.

Continuing along in his case with the Australian Tax Office, Craig begins to claim that his Bitcoin were stored in a trust(s?) offshore.  There are a variety of issues and inconsistencies surrounding these trusts, but the important part to assess his central claim of his being Satoshi is that he submits a list of addresses that he claimed were in the trust and under the control of the trust, however, 146 addresses on the list signed the message:

Craig Steven Wright is a liar and a fraud. He doesn't have the keys used to sign this message.

The Lightning Network is a significant achievement. However, we need to continue work on improving on-chain capacity.

Unfortunately, the solution is not to just change a constant in the code or to allow powerful participants to force out others.

We are all Satoshi

Thus Craig did not control at least 146 of the submitted addresses.

In early 2014 Craig’s company Hotwire goes into bankruptcy and Craig desperately needs money.  This is where we enter the second phase of Craig’s claims.

Time to go 'Public'

Luckily for Craig by the middle of 2015 he is able to negotiate a new agreement where he will receive a much needed infusion of cash most likely from indicted online gambling magnate and inside trader Calvin Ayre, in exchange for intellectual property, research, and the rights to his life story.

The life story is an important component, because the goal of this operation was described by Andrew O’ Hagan who was recruited to be the writer for the life story as: “They would complete the work on his inventions and patent applications — he appeared to have hundreds of them — and the whole lot would be sold as the work of Satoshi Nakamoto.”  It was now very financially important for Craig to convincingly show he was Satoshi.

In October and November of 2015 a variety of media outlets started to receive emails that claimed to ‘dox’ Craig Wright as Satoshi Nakamoto.  Gizmodo and Wired are sufficiently convinced to run with articles.  Bothoutlets retracted.

Craig Wright begins to do private signings to try to prove to various individuals to prove he had control of the Satoshi keys.  The testimony of people who saw these signings is perhaps the principal reason that people think Craig Steven Wright is Satoshi.

The first of these was for Andrew O’Hagan the author who was following Craig and working on what would eventually become (an excellent read) The Satoshi Affair.  He described Craig as having signed a message with the first ever mined address on Bitcoin.

The next signing was for Jon Matonis and he said that he saw Craig sign and verify for block 1 coinbase address and for block 9 coinbase address.  He also felt convinced by the more social aspects that Craig was Satoshi.

The third and most important was for Gavin Andresen, a prominent Bitcoin developer.  His endorsement is, in my mind, the one that has convinced the most others that Craig Wright is Satoshi.  He was flown to London for this proof session, and arrived with two hours of sleep to see Craig perform this momentous signing.  Finally, Craig was able to sign with the block 9 coinbase address in-front of Gavin.  However, Gavin wanted an additional level of verification of the signing and asked Craig to move the signature over and verify it on his computer, so he could be certain that Craig was actually signing with the Satoshi keys.  This would be a normal step for any verification of a cryptographic signing, but Craig balked.  He refused to use Gavin’s computer to do the verification (note: this is not the signing and does not require the key to ever touch Gavin’s computer), so they eventually decided to send one of Craig’s assistants to go get another computer.

Once they obtained the new computer, Gavin testified that it took them several hours to setup the new computer.  After which the signature was able to be verified.  Now, there are a couple of interesting points here that we will return to, but we must first address the remaining couple private signings.

There were now going to be a series of signings and interviews with the approved media outlets, with their coverage embargoed until the same time as Gavin, Jon, and Craig’s own blog posts would come out as part of this ‘reveal’.  The journalists were supposed to be sent away with a memory stick that would have the signed message, however, Craig instead filled the memory stick with ‘fake stuff’.  So without taking away the message and the signature, their only chance to verify it would be during these sessions.

The first one up was the BBC.  Craig apparently demonstrated signing for the block 9 coinbase address.

GQ was up next and they tried to bring along a lecturer in cryptology to help verify the signing, but unfortunately Craig threw out this expert.  It appears based on the audio that GQ released that it did not go well.

Next up was The Economist who again appeared to have had had a private signing, likely for the block 9 coinbase address.

Before we progress on to the public reveal it is worthwhile to discuss these private signings.

Private Signings Can Be Manipulated

Cryptographic signing is a way to verify that you control a certain private key, by allowing you to create a ‘signature’ for a message that can only be generated by a certain private key, and then allowing anyone else to use your public key and the signature to verify that the message was actually signed by that key.

However, when the verification is not allowed to be public it is possible to make it seem that a message has been verified when it actually has not.

One technique for this was described by Zectro1 on Twitter.  It involves first generating a signature from an address you control, and then making a two-line modification to the Electrum software so that when it sees the ‘fake’ address it acts as though you are verifying for the address you control.

With how simple it sounded, I wanted to verify that I could do it myself.  I was able to in the manner of a few minutes.

I signed the message:

I am not Satoshi Nakamoto-CSW

With the address: bc1qh6eey0ushmztsjm4w349nztszmjmagc5f40scs

The seed phrase for this address is (obviously do not actually use this address to send transactions, but feel free to use it to verify): rebuild sing silent hope lucky method inspire captain spray scale around rail

Which resulted in the signature: H0gU8LVecjryAhd6tqxc9oqv1HodGRXxNzwfE1TklgjpfiY/SWBGSjwjPCYNYX1PytUYUUiodzOPh6neXOnp5fc=

Using my modified version of Electrum, this signature successfully verifies for the block 9 address that received the Coinbase transaction: 12cbQLTFMXRnSzktFkuoG3eHoMeFtpTu3S

Using this technique I could perhaps convince people that I controlled the private keys for the 12cbQLTFMXRnSzktFkuoG3eHoMeFtpTu3S address despite definitively not controlling it.

You can find further details and private keys to reproduce this here.

There are other possible methods to achieve the same goal.  For example it is noted that in many of the signings that Craig added the ‘-CSW’ to the end of the message.  It would be reasonably simple to check the message to see if it contained that text and then marking it as verified if it did.

This is why it is so important that this type of cryptographic verification be done in public where many people can ensure that it was done properly.

Coordinated Media Release

On May 2nd 2016 it was finally time for the coordinated public reveal of Craig as Satoshi.  Each of the three media outlets were released from embargo with their articles along with blog posts from Jon Matonis, Gavin Andresen, and Craig Wright.

Craig’s article is the most fascinating to me.  Craig attempted to post a hash of a Sartre speech, but it quickly became clear that the signature used was inauthentic and had actually been copy and pasted from an older Nakamoto signature.  Craig claimed it was a mistake, that he would quickly correct it with a new signature, using the block 9 coinbase address private key, however, he fails to do so.

On May 3rd 2016 Craig posted a new blog post with the title ‘Extraordinary Claims Require Extraordinary Proof’.  In this post he claims that he will be laying out independently verifiable documents and evidence, and promises that he will be “transferring Bitcoin from an early block.”

The next day a plan was hatched where Jon, Gavin, and the BBC would each send a small amount to the address used in the Hal Finney transaction, and then Craig would send it back.  All three of those sent their coins, however, they never got them back and Craig has never moved coins associated with known Satoshi addresses.

At this point there is massive public backlash against the idea of Craig as Satoshi and Craig deletes his blog posts.

Craig has again allegedly signed in private for people close to him, but there has been no public signing, and certainly no public movement of coins as promised.

Craig Wright has filed suit against bitcoin.org for hosting the Bitcoin whitepaper, claiming it violated his copyright.  Craig won a default judgement because Cobra, the operator of bitcoin.org chose to not show as they would need to reveal their identity.  I host a copy of the Bitcoin whitepaper on my blog that you can find here. It was released initially in a repository that had a MIT license, and so I personally believe it is within the license rights for me to host it.

Craig has also sued others like podcaster Peter McCormack for saying that ‘Craig Wright clearly is not Satoshi Nakamoto.  He is a fraud”.

Craig Wright has also sued pseudonymous account Holdonaut for calling him a fraud.

The team surrounding Craig seems to have fully committed to the idea that if they can successfully get a libel case against one of these targets, then that will somehow prove that Craig is Satoshi.

It is not clear why he does not use any of the much simpler ways to verify his identity.

While Craig is suing people for claiming that he is a fraud, it also appears that he is under criminal investigation by the Australian Tax Office.

The Conclusion

There is no meaningful evidence that Craig Wright is Satoshi Nakamoto.  He appears by all available evidence to be a bad actor who relies on deceit in order to advance his goals.  Extraordinary claims require extraordinary proof, and he lacks even ordinary proof.  Furthermore, his use of the legal system as a cudgel is awful and should be broadly condemned.

1.     https://mylegacykit.medium.com/the-craig-wright-may-2016-signing-sessions-debacle-in-full-context-338e2b316310

2.     https://blog.wizsec.jp/2021/07/ppap.html

3.     https://www.lrb.co.uk/the-paper/v38/n13/andrew-o-hagan/the-satoshi-affair

4.     https://github.com/patio11/wrightverification

5.     https://dankaminsky.com/2016/05/03/the-cryptographically-provable-con-man/

6.     http://blog.bettercrypto.com/?p=2614

7.     https://mylegacykit.medium.com/faketoshi-the-early-years-part-1-9964fc1639e3

8.     https://medium.com/coinmonks/faketoshi-the-early-years-part-2-b671c24671bd

9.     http://web.archive.org/web/20160503060225/https://www.nikcub.com/posts/craig-wright-is-not-satoshi-nakamoto/

10.  https://mylegacykit.medium.com/faketoshi-the-early-years-part-3-5dacbfa4f1e1

11.  https://mylegacykit.medium.com/craig-wright-ordered-to-pay-100-million-in-kleiman-v-wright-lawsuit-8e263fca4d95

12.  https://mylegacykit.medium.com/the-faketoshi-fifteen-times-two-76e8060905b4

13.  https://craigwright.online

If you would like to join my Discord server to discuss this or any other article then you should be able to with this link: https://discord.gg/YpAUqNkhSC Let me know when you join so I can give you access to the exclusive FUD Letter channel and role!

If you would like a PDF of this article then you can get it here.