BitCoin’s most controversial address 1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF

Following my “In Code We Trust” post from yesterday I had a rather robust and enjoyable conversation with Peachy and BJW in regards to various issues surrounding the legal case launched by Craig Wright (here after CSW) earlier this week. I don’t claim to know the outcome of the case, only tried to explain the basis under which CSW is pursuing it, and the grounds and principals by which it will be argued.

While my opinion is that he stands a good chance of winning the case and ultimately getting a legal judgement to enforce the courts finding of his ownership, Peachy and BJW had differing views – it was a series of good conversations and I encourage those with time to take a read, you may get more out of the comments than my rather long winded post that they were all in reply to.

One of the interesting things to come out of the conversation was discussion over perhaps one of Bitcoin’s most famous addresses and certainly its most controversial. After the geneses block, the Pizza block and perhaps Silk Roads address, one of the most famous and controversial addresses remaining is the address that was the recipient of 80,000 BTC from MtGox. These have long been claimed to have been hacked and stolen from the exchange, while equally claimed to be owned or controlled by a number of parties. Now finally CSW has come forward and claimed ownership over the address as a part of the legal brief he submitted to the courts earlier this week when he announced he was suing all the various developers for enforced action in regards to this address, which he claims he owns and was stolen from him as a part of a hack in February last year.

Unlike yesterday’s long winded post I’ll try to keep this one short by mainly including two links that do a good job at summarising the situation.

Firstly I’ll refer those interested to the following link, timeline of MtGox Hack which has one of the best detailed timelines and accounts of the hack of MtGox, specifically in reference to ONLY those 80,000 BTC (because I’ve been told everyone likes colourful pictures):


Timestamps use block times where applicable, so take this into account, i.e. events happened in time for transactions to get included in a block with that timestamp.

  • During January 2011, Jed McCaleb is looking for someone to take over MtGox. One of the people he is talking to is Mark Karpelès. In anticipation of this, McCaleb moves the majority of customer funds out of the main hot wallet and into a side wallet held by himself.
  • In February 2011, a sale agreement between McCaleb and Karpelès is finalized, and the two begin preparing the handover, which ends up taking several months as McCaleb gradually turns over various credentials and assets.
  • At some point on or prior to March 1, 2011, hackers gain access to the main MtGox server. The server also hosts a WordPress installation on the same machine and database, so this is a possible entry point since WordPress has historically been notorious for its many security vulnerabilities.
  • Shortly before 17:30 UTC, the hackers copy the wallet.dat of the hot wallet hosted on the server. The top of the keypool (i.e. the next “new” key that will be returned) in the wallet at this time is 1GPuT4JD1yKTEGnw2csTCqSAtS3DRiTD69.
  • At 17:30 UTC, the wallet on the server uses this key as a change address for a withdrawal transaction.
  • Almost two hours later, at 19:26 UTC, the hackers have loaded the stolen wallet.dat file into a wallet instance on their own machine and move all accessible bitcoins to the address 1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF.
  • The MtGox hot wallet manages to keep running and processing withdrawals thanks to new incoming customer deposits, but it’s running on fumes. The stolen bitcoins amount to about a third of all customer deposits at the time, with the rest being held by McCaleb.
  • On March 3, McCaleb notifies Karpelès about the theft with a now infamous “something bad happened” chat message. Karpelès helps McCaleb secure the machine and move MtGox over to new hosting.
  • The stolen coins remain in the same location unmoved to this day, prompting theories that the hackers may have lost the private keys.

So from the available evidence and timeline on basically the day after Jeb McCaleb handed over complete control to Karpelès, he calls Karpelès and say’s “something bad happened”. Jeb was already aware that he’d been hacked and lost 300,000 coins, who is going to be suspicious if another 80,000 go missing in a similar fashion. I won’t bother detailing how the hack occurred, I recommend you read the link if you haven’t already done so. Basically it was a copied wallet theft.

So that is one half of the story, the other half of the story is how did CSW claim to get those BTC and why he believes they are legally his. Once again I will point you in the direction of another CoinGeek Link that will take you to a CoinGeek article that outlines the evidence that CSW says supports his ownership claim (you may get a small pop up before hand – that is simply me earning a micropayment direct marketing payment from CoinGeek for me directing you to their website).

Interestingly CoinGeek actually makes many of the same arguements that I made yesterday in the comments to the “In Code we Trust” article (maybe they’re following me or I’ve soaked up a enough propoganda that I’m subliminally programmed to think the same way?).

One of the key assertions in this article is this one:

Dr. Wright has made a previous statement that the BTC in the 1Feex address do belong to a company connected with him—but were purchased legitimately from a Russian exchange as an OTC exchange for Liberty reserve dollars on March 1, 2011. He said there have been no claims by Mt. Gox liquidators or regulatory investigators that the 1Feex address was involved in the Mt. Gox hack, and no authorities have requested any information on the matter from Dr. Wright over the years.

Personally I have trouble with the above if that is the evidence and claim of ownership. The only Russian exchange operating at that time was BTCe which was notorious as an anonymous exchange, heavily used by hackers, fraudsters and drug dealers, and was ultimately seized by US authorities in a multinational take down. Why anyone would attempt to have conducted a legitimate transaction off that exchange is beyond me, but that is for the courts to decide.

CSW may have a lot of trouble proving that the coins were purchased legally and with proper authority from the genuine owner, which is part of the very argument that he has made in the past as to anyone receiving coins from another individual. Possible that he can say he bought them from the exchange and the exchange defrauded him, so any claimants to the MtGox hack would have to instead sue the receivers of the BTCe for their assets (which is also the exchange were the vast majority of the major BTC theft of MtGox for some 300,000 coins ultimately ended up).

Again, I don’t know the legal issues here, other than CSW may end up fighting to both prove and retain ownership of the 1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF address from two directions, to the courts in respect of the court case he launched earlier this week, and to the multitude of creditors seeking their funds back from the multiple hacks against MtGox:

While Craig might ultimately win back the 80,000 BTC he claims were stolen from him, he may have a harder time keeping hold of them.

1 1 vote
Article Rating
Newest Most Voted
Inline Feedbacks
View all comments

At some point on or prior to March 1, 2011, hackers gain access to the main MtGox server. The server also hosts a WordPress installation on the same machine and database,

OMFG you have to be kidding me, on a machine transacting millions* of dollars a day?

*Even if it’s only 10’s of thousands!


Also I think there are really 2 legal points here.

  1. who owns the coins.
  2. are the developers and miners responsible for someone losing their private key and required to do anything about it.

Regarding 2
If you forget the combination for a safe you bought can you sue the manufacturer to make them open it for you?
If you encrypt your Hard drive in windows and then proceed to destroy the account with the key can you sue microsoft for losses due to being unable to access your data?


I’d say the answer to my two examples is no in both cases and they amount to virtually and essentially exactly the same thing.


Yes it’s for the court to decide and the court might decide “yes” or “no”.

But dat dere don’ mean that dem be equal probablamility outcomes, dawg! 😊

The Traveling Wilbur

Yep. Customers ‘own’ their phone number. Staggeringly stupid decision. BTC is a ripe field for many more such to fruit.

Damn, I’m glad this is a reply to Peachy. (nothing personal Stew)