Covering the technology, people, and culture of the cryptocurrency and blockchain world

How to have $2 million in crypto stolen from you while the whole world watches on livestream

Trading streamer Ian Balina learned not to store passwords on Evernote

crypto theft

Really hard to show a stock photo of cryptocurrency being stolen but this comes close (via Shutterstock).

A popular YouTuber was robbed of millions of dollars worth of cryptocurrency on Monday as hundreds of people watched it live.

Crypto trader Ian Balina was two hours into a livestream about the latest crypto coin offerings when a user told him that hackers stole $2 million from his account. “Ian, did you know that somebody transferred all your tokens from your account,” one user asked in the comments. “Hope that it’s controlled movement.

The popular streamer brushed it off and noted that lots of people were commenting and it was hard to keep up; anyone who reads the comment section of a livestream will find them a bit random and troll-y. But then he got logged out of his Google spreadsheet. This could only happen two ways: either he signed off in front of thousands of streaming viewers without anyone noticing, or someone changed his password in the middle of the livestream.

Unfortunately for Balina, he lost control of his Gmail account while hackers stole the equivalent of $2 million from his crypto accounts in front of thousands of viewers.

 

Video of the incident was still up on Monday morning, hours after the livestream. Modern Consensus saved several screenshots before the video was taken down. But that leaves us wondering: how did a supposed crypto expert lose so much in so little time?

On Sunday, an image uploaded to his instagram showed an impressive portfolio valued at $3.21 million.

 

But as he noted on that Instagram post, Balina took out a significant portion to invest in his own personal brand. “I took some profits on Wanchain and Nucleus Vision to fiat to raise funds to fire new people to help Diary of a Made Man Brand make big moves in Hollywood.”

Diary of a Made Man is the Entourage-esque name of Balina’s website.

Though it took thieves only a matter of seconds to steal the bulk of Balina’s fortune, the seeds of his nightmare were planted years ago when he made a simple choice with his Gmail settings.

My college email was listed as a recovery email to my Gmail.” Balina’s LinkedIn profile lists him as a student at George Washington University who graduated in 2012. ”I remember getting an email about it being compromised, and tried to follow up with my college security to get it resolved, but wasn’t able to get it handled in fast manner and gave up on it thinking it was just an old email,” Balina said to his Telegram community.

Modern Consensus checked the George Washington University directory and found that email addresses follow a simple protocol: older professors tends to be listed as lastname@gwu.edu, newer faculty and students are listed as first initial then last name at gwu.edu.

Balina did six years straight for undergrad and grad school from 2006-2012. His email would not be difficult to figure out since any other “I. Balina” would also show up in the school directory. And anyone who could guess or reset the password to his GWU account could gain control of his Gmail account. They only had to guess accurately that the two were linked. Using the cracked GWU address, any hacker could reset Balina’s gmail address.

From there, hackers could choose “Forgot my password” on hundreds of websites, and then intercept an email to reset the password. Even though it sounds easy, it is still illegal. In 2008 a hacker guessed Vice Presidential candidate Sarah Palin’s email and was sentenced to 10 months in prison for it.

Hackers would usually get found right away, so they would have to move fast. They would have to know the wallet address and they would have to know a time when he would be distracted.

Regrettably for Balina, he got sloppy. “I kept text versions of my private keys stored in my Evernote, as encrypted text files with passwords. I think they hacked my email using my college email, and then hacked my Evernote.”

Balina would not have lost $2 million in crypto if only he used another email to sign in to his crypto trading sites. He could have also used two-factor authentication instead of a 6 year old college email address to backup his email access in case of a hack.

To add insult to injury, the incident caused several people to attack Balina for how he first got rich.  He fired back against Reddit users who suggested that he earned some of this crypto from pumping coins. Early Wednesday morning—24 hours after his disastrous livestream—Balina took to Twitter to respond to defend himself: 

He also posted the addresses where his stolen crypto was sent. Much of the money seemed to end up in a Binance wallet valued at $49 million as of Wednesday morning. The wallet appears to be a Binance-owned clearinghouse where transactions sit until they are sent outside of the platform.

It’s not clear why he deleted this tweet saying that the coins were up for sale on Kucoin, but it was still up on his Instagram story early Tuesday morning

 

Emails from Modern Consensus to a new email address created to deal with information about the hack were not returned.

Balina fell into the self-congratulatory trap of the affiliate marketing world, the idea being that if anyone can do this, then he can show anyone how to do it. Unfortunately, being that open with his audience left him vulnerable to a hack.

For details, we can page through his website. One money quote from a video promising to teach you how to make six figures in your 20s really sums it up: “We’re not here to give you politically correct advice, we’re here to give you cheat codes.”

His website was tailor-made for young college grads treading the well-worn territory of the 4-hour workweek, the side hustle, and the think-like-an-entrepreneur. But then he started making cryptocurrency info videos. “My whole audience was like, all your stuff is good. But stop. Just keep making crypto stuff.”

Balina was late to the crypto game, but he has not been shy about his gains. In less than a year, he made a number of big bets and learned to share his expertise—for a price. “After four years with IBM, I retired from the corporate world to become a full-time cryptocurrency investor,” Balina previously wrote on his website.

Modern Consensus is not in the business of kicking a trader when he or she is down. We all get to commiserate together about the markets every day. One bad trade doesn’t define a person. Balina seems to be a nice guy who spends much of his free time showing young people how they can make more money.

But this week, he inadvertently taught them a more important lesson: anyone can earn money, but it can be harder to hold on to it.

Brendan Sullivan is a writer, producer, and author of the memoir Rivington Was Ours: Lady Gaga, the Lower East Side, and the Prime of Our Lives. Disclosure: he owns cryptocurrencies. Follow him on Twitter.