Dr. Craig Wright Stolen Bitcoin: Here’s what went down

With three of the defendants in Dr. Craig Wright’s Stolen Bitcoin case being formally served this week, more details about the lawsuit have emerged.

In particular, counsel for the plaintiff filed a 30-page witness statement provided by Dr. Wright in connection with the case. In it, he sheds more light on the 2020 hack which led to his losing access to 111,000 Bitcoin and the origin of the coins themselves—both matters which have been the target of speculation since news of the hack broke in 2020.

Tulip Trading’s holdings

Dr. Wright included the addresses—which he can no longer access as a result of the hack—in letters which initially went to several protocol developers in June 2020. These are the so-called 1Feex and 12ib7 addresses, and are legally owned by Tulip Trading Limited, a company owned by Dr. Wright and which is the formal plaintiff in the current lawsuit.

Speculation around Dr. Wright’s Bitcoin holdings has been rampant since being outed as Satoshi Nakamoto in 2015, so predictably these addresses drew a fair amount of public attention.

In particular, there were rumors that the 1Feex address was linked to the infamous Mt. Gox hack which came to light in 2014. These rumors were never substantiated, and it later became apparent that the sole source of the rumors is a plain-text log of an alleged Skype conversation between Mark Karpeles and Jed McCaleb which was buried in submissions for one of the many lawsuits filed against Mt. Gox over the years.

Regardless, Dr. Wright’s latest witness statement contains the same facts he set out in his June 2020 response to the Mt. Gox rumors, only with more detail.

In February 2011, Dr. Wright purchased the 1Feex coins via WMIRK, a Russian digital asset exchange, using Liberty Reserve Dollars, a defunct form of digital currency associated with the now-infamous Liberty Reserve company. Dr. Wright had received the Liberty Reserve Dollars as payment for work done for online casinos, and the amount of Bitcoin bought was determined by whatever amount he could get in exchange for those Dollars. The transaction is supported by a purchase order which will presumably form part of Wright’s case, although Dr. Wright admits that the purchase order was not created by him and contains some inaccuracies. In any case, the vast amounts of Bitcoin held by Wright, including those purchased in 2011, is referenced throughout his well-publicized interactions with the Australian Tax Office. A purchase in 2011 would place it before Mark Karpeles purchased Mt. Gox and before the company that would go on to get hacked was ever incorporated.

According to the statement, the assets contained in both addresses were purchased as an investment and as such, had not been accessed for ‘many years’ prior to the hack in February of 2020.

As Dr. Wright maintained in the June 2020 response, neither he nor his lawyers have ever been contacted by anyone from either Mt. Gox or the authorities about the 1Feex address. This has remained the case despite an open invitation by Dr. Wright and his lawyers for anyone wanting to assert ownership of the 1Feex coins to come forward.

The hack

Access to Tulip Trading’s coins was controlled using keys stored on Dr. Wright’s home computer in Surrey. The keys were contained in encrypted wallet.dat files, which were contained within a password-protected RAR file. The wallet.dat files themselves were also protected by an algorithmic masking scheme as a layer of added protection.

Dr. Wright discovered that there had been a hack on Saturday, February 8, 2020, when he noticed three transactions (‘two of them substantial’) transferring Bitcoin out of a wallet unrelated to the 1Feex and 12ib7 addresses. This led him to find that the RAR file was also missing, together with 37GB of files which had been wiped from cloud storage and which contained ‘approximately 50’ white papers and associated research data. £1.1 million worth of BSV, held in a separate wallet, had also been drained, and a further 0.333 BTC held on a popular exchange had been taken, too. Crucially, by losing the RAR file, Dr. Wright had lost any means to control the enormous holdings in the 1Feex and 12ib7 addresses.

Dr. Wright maintains that he can’t be sure how the hack happened, but intriguingly, says that he believes the hack was in part effected via a mysterious wireless router which he had subsequently found in his home and which no one in his family recognize:

“I believe that it must have been planted there by the hackers, either when tradesmen were in our home or by breaking in. This is being considered by the Police and me in the context of the ongoing investigation.”

After the hack

After discovering the hack, Dr. Wright wiped the hard drives of his computers. According to him, this was done out of caution: “My computer contained a great deal of confidential information (among other things). I wiped my hard drive in order to ensure all malware and other threats were removed from my network and it was simply not practicable to take a copy of any of these drives.”

According to the statement, Dr. Wright reported the hack to the police as soon as it was discovered. This should provide an answer for those still speculating that the hack never took place; he includes the crime reference number and the name of the investigating officer who responded to the complaint in his statement (Dr. Wright addresses the speculation briefly in the statement: “I also note the irony that I am being accused of “inventing” a hack. That is precisely what the then-BTC developers…did when they removed Gavin Andresen’s site access right after he acknowledged me as Satoshi.”

With regard to the identity of the hackers or the status of the assets themselves, we can still only speculate. Of course, everyone can see what happens to the assets contained in the 1Feex and 12ib7 addresses, and other than the assets taken from the popular exchange and Electrum wallet, the stolen coins have been left untouched. This isn’t necessarily surprising given the steps taken to protect the wallet.dat files—one might imagine hackers were able to gain possession of the files themselves but remained unable to overcome the protections in place. In addition, Dr. Wright speculates in the witness statement that the hackers might be waiting for the attention surrounding him to subside before accessing the assets, and given that Dr. Wright’s loss of access has been widely known since at least June 2020, there would be no rush for the hackers to deal with the assets.

This is a case of stolen property

As Dr. Wright has maintained since Tulip Trading began the process of launching this litigation, this is a case about recovering stolen property. The developers responsible for blockchains have the power to reassign digital assets which they know to either have been stolen or otherwise taken out of the control of their rightful owners. Possession is not ownership: this is a rudimentary point of law, and is a concept that was itself recognized in the White Paper in the context of Bitcoin. Satoshi Nakamoto did not write in terms of possession, he wrote of ownership as a distinct concept which may be indicated by possession, but not determined by it.

The only question is which responsibilities the law attributes to blockchain developers in light of those facts. Arguably, the law is already clear: those developers owe already-established legal duties toward the many people relying on them to exercise their powers appropriately. This is what is being argued by Dr. Wright and Tulip Trading, and no doubt by the uncountable number of people who, like Dr. Wright, have lost access to their digital assets.

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.

[10]
[10]
[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
['on' + event]
['on' + event]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[i]
[i]
[results[1]]
[results[1]]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]
[10]
[10]
[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
['on' + event]
['on' + event]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[i]
[i]
[results[1]]
[results[1]]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]