Hex-Edited Bitcoin Executable Linked to COPA's Forgery Claims

35. bitcoin.exe - hex-edited{ID_000739} / {L3/474/1}

684. This the third document relating to the Bitcoin Source Code. The document purports to be a copy of bitcoin.exe, the Windows executable bitcoin software. Its purported date is 4 January 2009, i.e. before Satoshi Nakamoto released the Bitcoin software. Within its “About Bitcoin” dialog, the software displays the purported version “Version 0.0.8 Alpha” and the purported authorship information “Copyright © 2008 Dr. Craig Wright.”

(a) COPA’s Reasons for Alleging Forgery

685. The document has been backdated. [PM12 [49-50]].

686. The document has been edited to cause changes to the text displayed within the “About Bitcoin” dialog box. The authentic “About Bitcoin” dialog box lists Satoshi Nakamoto as the author and copyright holder of the software. {ID_000739} instead lists “Dr. Craig Wright” as the author and copyright holder of the software. [PM12 [20a-b]].

687. The document has been edited to cause changes to text relating to example bitcoin addresses and IP addresses shown within the software. [PM12 [12]].

688. The document is purportedly from 4 January 2009, but contains an internal embedded timestamp indicating that it is based on software that was compiled on 10 January 2010. [PM12 [45-48]].

689. Other than differences in human-readable text, the content of the document is otherwise identical to the authentic bitcoin.exe v0.1.1 released by Satoshi Nakamoto. [PM12 [10- 12]].

690. The authentic bitcoin.exe v0.1.1 contains an internal checksum which validates that its content has not been altered. Such checksums are unique to the content of the file that bears them. The checksum of the authentic bitcoin v0.1.1 is valid. However, although {ID_000739} (purported v0.0.8) contains different content, its internal checksum is a copy of the checksum for the authentic bitcoin.exe v0.1.0. In the case of {ID_000739}, the checksum is invalid: the calculated checksum for the file does not match the static stored checksum within it. The integrity of the file has been compromised after it was compiled into EXE format. [PM12 [33 to 44 and 50]].

691. The changes are consistent with hex-editing of a binary file by hand, in particular by editing solely bytes representing strings of text content (and not bytes which involved the binary operation of the software code itself), and by replacing previous text content with new text content of precisely the same length. [PM12 [13, 24-26]].

692. No source code file has been disclosed which corresponds to the purported ‘version 0.0.8’. Certain source code files have been disclosed which purport to be contemporaneous to {ID_000739}, but which match only approximately and do not match exactly in their relevant textual content. [PM12 [28 to 32]].

(b) COPA’s Reasons for Inferring Dr Wright’s Knowledge / Responsibility

693. The document bears Dr Wright’s name.

694. Dr Wright has relied on this document as evidence in previous litigation.

695. The effect of the tampering is to make the document appear to be supportive of Dr Wright’s claim to be Satoshi Nakamoto (i.e. by presenting as a document showing Dr Wright’s authorship and/or ownership of copyright in the bitcoin.exe software prior to the date of release of the authentic software by Satoshi Nakamoto), contrary to fact.

696. Dr Wright has disclosed two other related documents in these proceedings, being screenshots corresponding to the text displayed in the “About Bitcoin” dialog box (similar to those depicted in Appendix PM12 [20a-b). {ID_003948} is a photograph sent on WhatsApp with a date of 20 January 2020, displaying the authentic information corresponding to the authentic v0.1.1 software. {ID_003951} is a photograph sent on WhatsApp with a date of 21 January 2020, one day later, displaying the inauthentic text corresponding to that of {ID_000739} [Exhibit PM15.1]. COPA infers that Dr Wright created {ID_000739} on 20 January 2020.

697. Dr Wright has not disclosed any WhatsApp chats relating to the files {ID_003948} or {ID_003951}.

698. Following receipt of the Madden1, Dr Wright responded to a request to identify all copies of the Bitcoin software by list. {ID_000739} (and all duplicates of it) have been omitted from Dr Wright’s list. Dr Wright has thus accepted that these documents are not true versions of the Bitcoin software only once their veracity has been called into question. [Wright4 [46]].

699. In his first witness statement in these proceedings, Dr Wright lists this document as a document to which he has been referred when preparing his evidence.

(c) Dr Wright’s Explanations and COPA’s Rebuttal

00. In Appendix B of Wright11, Dr Wright accepted that this is a forged document, created by hex-editing of a publicly released version of bitcoin.exe. However, he claimed that this document was forged in this way by an unidentified former employee of one of his Australian companies. He says that this person was in collaboration with Ira Kleiman. See {CSW/2/56}. He repeated this version in his oral evidence: {Day4/43:22} to {Day4/46:25}.

701. His account of why this was done is confusing, but it appears to be that this enemy created a poor-quality forgery in order to suggest that Dr Wright could not produce a more sophisticated forgery and thereby cast doubt on his computer programming abilities, apparently with the ultimate purpose of establishing that he required the assistance of David Kleiman to create the Bitcoin code. See {CSW/2/56} to {CSW/2/58}. He repeated this version in his oral evidence: {Day4/47:1} to {Day4/48:7}.

702. COPA submitted that Dr Wright’s explanation should be rejected as dishonest for the following reasons:

702.1. It posits an extremely elaborate conspiracy theory, whereby a disgruntled ex-employee went to the trouble of hex-editing a public version of the Bitcoin executable file (a process which Dr Wright claimed would have involved some effort – {Day4/53:4}) in order to create a document which appeared on its face to support Dr Wright’s claim to be Satoshi Nakamoto, but for the sinister purpose of enabling Ira Kleiman to hold it up as an unsophisticated forgery by Dr Wright (even though Mr Kleiman’s case was that Dr Wright had been involved in producing the Bitcoin code). This story is inherently outlandish and unlikely.

702.2. Dr Wright could not point to a shred of evidence in support of this story. He could not identify the ex-employee responsible or precisely why they had engaged in this dishonest activity against him. He insisted that the document had been deployed against him in the Kleiman proceedings, but he gave no reference in Appendix B to Wright11 to say when and how that was done (see {Day4/51:1} to {Day4/51:17}.

702.3. When Dr Wright gave disclosure in the present proceedings, his solicitors gave no indication to COPA that this document (which Dr Wright claims to have known all along was a fake planted to discredit him) was a forgery. It is implausible that Dr Wright was aware of such a toxic document in his disclosure but did not inform his solicitors about it. It is equally implausible that he told his solicitors and they failed to tell COPA, thus exposing their client to an allegation that a document disclosed by him had been forged to support his claim to be Satoshi Nakamoto.

702.4. Under cross-examination, Dr Wright tried to answer that point by saying that his chain of custody noted that some of his employees had been fired and that this document came from the laptop of an employee: {Day4/ 48:15} to {Day4/50:25}. However, since this was not a primary reliance document, Dr Wright’s solicitors did not provide chain of custody information for it. In any event, even if such information had been supplied, simply saying that it came from an employee laptop would plainly not have been sufficient to signal that this was a document Dr Wright knew had been forged by his enemies to discredit him.

(d) Conclusion

703. I found Dr Wright’s increasingly desperate explanations to be absurd. This is plainly a forgery created by Dr Wright.