April 16, 2018, will go down as another momentous day in the crypto community as Ian Balina was hacked during a live YouTube video stream. He was streaming details about an ICO and had a Google spreadsheet open when a message appeared on the screen to say that he had been logged out. This would happen if his account credentials were changed by someone else.
Balina posted the following explanation of the hack: “This is how I think I got hacked. My college email was listed as a recovery email to my Gmail. I remember getting an email about it being compromised, and tried to follow up with my college security to get it resolved, but wasn’t able to get it handled in a fast manner and gave up on it thinking it was just an old email. I kept text versions of my private keys stored in my Evernote, as encrypted text files with passwords. I think they hacked my email using my college email, and then hacked my Evernote.”
It appears that one of the best-known crypto influencers wasn’t using a hardware wallet like a Trezor or Ledger and, instead, access details for his cryptocurrencies were all kept online. When individuals first start off in crypto the $100 to $200 investment in a hardware wallet might seem excessive, but when you have amassed millions of dollars like Balina, it’s imperative. Not only did he have a huge fortune in cryptocurrencies but the whole world knew about it, which made him a target for hackers.
Balina has suggested that his online private keys were encrypted and stored on Evernote, which might suggest he was using a generic password for his email account and the Evernote encryption. How else would the hacker be able to decrypt the text in Evernote to reveal the private keys? If this turns out to be the case, this will be the second mistake he made as even novice crypto owners know you should use a password manager to ensure you use unique passwords for everything. Password managers like LastPass, Zoho Vault, and RoboForm cost less than $30, so there is no excuse not to use one.
Questions are being asked online about 2FA, which should have protected Balina’s Gmail account from being compromised by the hacker. 2FA is another level of protection that is vital for anyone with online cryptocurrency accounts, but in Balina’s case, it was a major oversight not to be using a hardware wallet. Hopefully, the crypto community will rally round to help track down the hackers and the missing crypto.
Financial analyst, smartphone app designer, technical writer, and crypto enthusiast. Blockchain verified graduate of MOOC 9, DFIN-511: Introduction to Digital Currencies, run by the University of Nicosia.