How could Craig Wright obtain Satoshi Nakamoto's private key?
Wright did not obtain Nakamoto's private key.
What he did provide as evidence was a signature from one of the early bitcoin transactions. However, that signature is from the blockchain and can be looked up by anyone.
Wright was able to fool some people from the mainstream media who don't really understand the technical details, but the security community debunked it quite quickly. Security Researcher Dan Kaminsky tweeted on May 2nd:
Satoshi signed a transaction in 2009. Wright copied that specific signature and tried to pass it off as new.
Also, the official Twitter account of the Bitcoin Core Project tweeted on May 2nd:
There is currently no publicly available cryptographic proof that anyone in particular is Bitcoin's creator.
By the way, The Economist, the original news outlet who started spreading the claim, has now published a correction.
A proper proof of Nakamoto's identity would, for example, be a message reading "My real name is Craig Wright" signed with the Satoshi Nakamoto PGP key or a new bitcoin transaction from a wallet confirmed to be owned by Satoshi Nakamoto. But so far this hasn't happened.
Gavin Adresen, chief scientist at the Bitcoin Foundation, claimed to have seen such proof by Wright, but has not posted that proof publicly. Why he would make such a claim without providing any evidence whatsoever for it and expects the world to just trust his word is a mystery. Convincing people of a miracle solely by claiming very sincerely that you saw it with your own eyes might work in certain religious circles, but certainly not in the more scientifically inclined crypto community.
By the way: I am the real Satoshi Nakamoto. Prove me wrong.
He didn't.
What people are saying is that he "used a signature from early in the block chain as evidence" which still sounds like he could prove he made an early block signature, even if it wasn't the genesis block, but that's not the case. What he did, as far as I get it, was like taking an old book and taking a picture of the author's signature and go "look bros I got da sig".
The big question is why nobody caught on before the story was published and the media went haywire. This is not even remotely well done, it's the stupidest kind of copying that I'd expect a child to see through.
It might have been well done if he had brute force created key pairs that produced a signature that looks like the real thing, e.g. a signature 0f896fd7cb4
when the real one is 0f89b03fcb4
. That at least looks legit on first glance. This "proof" did not even include any form of signatures, merely a copy of an existing one, like taking a picture of a paper signature.