YouTube blogger Ian Balina, best known for reviewing cryptocurrency initial coin offerings, fell prey to hackers during a recent live-stream, losing around $2 million in tokens. During the stream, one viewer noticed that someone drained all the tokens stored in Balina’s wallet, but the comment went unnoticed. Around 15 minutes later, Balina pulled the plug on his broadcast and didn’t resume the current review until two hours later.
Afterwards, Balina said he halted the broadcast because he noticed he was forced out of his Google Sheets profile. “I’m not worried about the money. I learned my lesson. I only care about catching the hacker,” he said on Twitter.
According to Etherscan, there are 121 transactions related to Balina listed as “IanBal_Hack” followed by a single number up to four. Under the Token Transfers tab, you will find the transfer of 1 million Loom tokens, 2 million Pareto Network tokens, more than 20 million Nucleus Vision tokens, more than 75,000 Bread, and more related to IndiaHash, WaBi, Telcoin, and VIN.
So what happened? According to Balina, the hacks stems back to his old college email address. It’s listed as a recovery email address in Gmail and was apparently hacked in the past. He received an email from the college about the hack attempt and worked with the institution’s security team to resolve the issue. But they took too long and he simply gave up on the old email address.
“I kept text versions of my private keys stored in my Evernote, as encrypted text files with passwords,” he said. “I think they hacked my [Gmail] using my college email, and then hacked my Evernote.”
Viewers question the validity of the hack, wondering if this “attack” was merely a scheme to avoid paying taxes, but he says the idea is simply “ludicrous.” Others point out the problems of bragging about your wealth online, and that storing private keys in Evernote, in a Box account, within an email or Excel file is just a really bad idea.
Meanwhile, Balina is coined as the “shill guy” over on Reddit, as comments suggest that he receives one to two percent of the token supply he advises to followers. Many believe that he should disclose his possible earnings when promoting initial coin offerings during broadcasts.
“If you looked at my blog or YouTube channel, you would see that I mention the exact amount of tokens I receive,” he told Digital Trends in an email. “People follow me for my transparency. I challenge you to find any advisor in the industry more transparent than me.”
Based on the information provided by Balina account of the hack, he may use the same password for his old college email account, Gmail, and Evernote. He has more than 116,000 followers on YouTube, making him a prime target given the financial info he throws into his streams. But the actual details, for now, can’t be disclosed.
“All I can share regarding the hack is that we have identified some of the hackers thanks to the help of the FBI,” he says. “This is a current FBI investigation and I cannot share much, but will be ready to talk once it’s done.”
- Hackers steal as much as 10 percent of new cryptocurrency funds
- Japan’s Coincheck will refund $400 million in stolen cryptocurrency tokens
- Companies, lawyers probed for selling cryptocurrency initial coin offerings
- Hackers seize Atlanta’s network system, demand $51,000 in Bitcoin as ransom
- Government websites fall prey to a plugin injected with a digital coin miner