- A paper copy of the 1Feex wallet containing $2.2 billion worth of bitcoin is apparently in a Singapore vault
- Craig Wright, who claims to own the wallet, supposedly locked it in there and shared keys with his benefactors
- Wright however claims that the private keys were stolen from his home network, suggesting he kept them the whole time
The paper wallet associated with $2.2 billion in bitcoin stolen from MtGox in 2011 is held in a Singapore bank vault, according to new evidence submitted in the Ira Kleiman vs Craig Wright lawsuit. Emails between Wright and his long-time associates Calvin Ayre and Stefan Matthews claim that Wright, who says he bought access to the wallet at the time of the theft in March 2011, infer that Wright took the paper wallet, which contains almost ₿80,000, to Singapore for verification of its contents before locking it in a Singapore bank vault with joint key custody. Wright then used this supposed holding as collateral to obtain investment from Ayre. However, the addition of this material has merely added fuel to the fire regarding doubts over Wright’s claims, which were already burning fiercely.
‘Verification Process’ May Have Involved QR Code Scan
Wright says that he bought the ‘wallet.dat’ file containing the ₿80,000 from a Russian exchange, WMIRK, in 2011, even though the exchange didn’t sell bitcoin at that time and the only proof he has offered is a purchase order handwritten by his then-wife, Lynn. Wright claimed ownership of these funds when trying to solicit investment from Ayre in 2015, producing a paper wallet that has since been debunked as a forgery:
Following up on this claim, Wright was showing around the following printed paper wallet circa mid-2015, seemingly in order to convince potential bailout investor Calvin Ayre that Wright’s claimed Bitcoin holdings were real. pic.twitter.com/hEnedozAFp
— WizSec Bitcoin Research (@wizsecurity) December 18, 2021
Nevertheless, Ayre and Matthews still bought the paper wallet story and, as the new emails show, embarked on a ‘verification process’ to confirm these funds:
Stefan (or another party of your choosing) would validate this paper wallet using a QR code and the keys. Stefan would physically validate this and the amount held/assigned to those keys. Once this is complete, the wallet is sealed in an envelope so the bank/vault does not need to know what is there.
This will require both parties or a court order based on the terms of the contract we agree.
In the next email, Matthews says that Wright has gone over the verification process and it is “relatively simple”, suggesting that Wright simply told Matthews to scan the QR code on the address to verify the contents. Of course, this in no way links the wallet to Wright – he would have to produce the private keys which Matthews would have to verify on his own in a controlled environment so Wright couldn’t tamper with the proof session, as he is suspected to have done in 2016 during his ‘signing sessions’ debacle.
However, a follow-up email from Wright suggests that all parties must be there to “validate the wallet and the keys”, which is not true. Former MtGox CEO Mark Karpeles has previously denounced Wright’s claims to own the 1Feex wallet, saying that he had to deal with the fallout from the theft in its immediate aftermath having been informed of it by founder Jed McCaleb.
Wright Would Have Kept Private Keys
The suggestion that a paper copy of the 1Feex wallet is in a bank vault in Singapore also massively impacts Wright’s story regarding the alleged pineapple hack of 2020. Wright claims that access to this wallet was lost when his home network was compromised by skilled intruders who planted a pineapple WiFi device and breached his security, stealing the private keys to the wallet in the process
This means that Wright, after going through the rigmarole of establishing a three-way meetup, proof session and shared-key bank vault system, retained the private keys to the wallet on his home network the entire time, totally undermining the purpose of the bank vault setup. It also means that, theoretically, he could have swiped the funds at any time he wanted, or at least dipped into them, and the fact that neither Ayre nor Matthews checked this first or questioned him about it reinforces the notion that they had no idea how Bitcoin worked and they were just following Wright’s lead, hoping for riches.
Didn’t Happen
Of course, the much more plausible outcome is that this never happened, that the 1Feex contents were stolen by hackers who have lost access (the coins have never moved), and that Wright defrauded Ayre and Matthews in order to obtain investment to save him from bankruptcy, using the ‘loss’ to exculpate him from ever being able to hand it over.
Wright has a history of providing evidence to try and back up his claims and then denying its authenticity when it turns out to be forged or backdated, so we will wait to see how quickly he turns on this new batch of emails if they turn out to be anything less than authentic.
