The "forgot your password" security question on Satoshi's gmx email is "what day are you born". With no lockout mechanism for brute force attempts, 36500 possible answers for anyone alive, and given a bot that can guess even 5% of the captchas shown, it's no surprise that it was compromised by anyone determined.

There is no information in the site's TOS or documentation about unused accounts expiring, so this is the likely mechanism.


The site also reveals to anyone attempting to reset that the alternate email is  s******@v********.com
This is pretty piss-poor security, since it's obvious that s****** is satoshi and there are lists of free email providers, even ones from 5 years ago that have domains now expired or parked that could be bought and tried against the reset:
vahoo.com
varbizmail.com
vcmail.com
virtualactive.com
visitweb.com
visto.com
visualcities.com
vivavelocity.com
vjmail.com
vlmail.com
vote4gop.com
votenet.com
vr9.com

The reset email shown could be set by the current hacker, if it was previously s******@g****.com it would be even more obvious what else to compromise.