Poor Satoshi Nakamoto, supposedly just a pseudonym, can’t seem to catch a break. Six months ago, we was outed as the creator of the popular, or unpopular, Bitcoin, at the height of the cryptocurrency’s scandal surrounding the Mt. Gox bitcoin exchange. Now he loses control of one of the most important parts of a person’s digital lifestyle: his email address.
The incident was revealed when someone holding the firstname.lastname@example.org address, previously used by the alleged Bitcoin creator, started sending emails to former colleagues using a rather questionable and suspicious writing style. Whoever got hold of that e-mail account has also been able to gain access to other sites connected to that address, in some cases vandalizing information stored there. In one instance, that person replaced all the “bit” words in Bitcoin’s Sourceforge website with “butt”.
The initial theory was that GMX, the email service provider holding Satoshi’s account, may have just made the address available to new users after a period of inactivity on the account. The terms of service states that after 6 months of inactivity, GMX reserves the right to terminate the account. It doesn’t, however, state that it will immediately delete those and even mentions the possibility of the user getting access to his or her data as long as they have not yet been deleted. Unfortunately for Satoshi, his last e-mail activity was exactly that, six months ago.
Freeing up space from unused accounts is one thing but making an email address available to someone else, especially in such a short time, is quite questionable. That said, GMX isn’t alone in doing so. June last year, Yahoo announced that accounts that have been inactive for more than a year will get the same treatment. But whether one year or six months, that policy could have repercussions as seen here. That is, if that is really the case.
Recent developments point to the possibility that it might just be plain hacking incident. A Bitcoin developer has reported receiving private emails exchanged between him and Satoshi going back as far as 2011, implying that whoever has access to the email address also has access to the email archives. Now, GMX could very well have accidentally handed over the archive when it gave a new user the expired and re-registered email address, but that scenario is both too ridiculous and too scary to even consider.