Ian Balina Wallet Hack and a Lesson in Crypto-security: Why Publicizing Your Portfolio Online is a Bad Idea

In an ironic development, Ian Balina – the cryptocurrency and ICO marketer known for his ‘ICO spreadsheet’ – ended a live stream on April 16 after commenters notified him about unusual fund transfers from his ETH wallet. The hack is a perfect example of how important is crypto-security, and how publicizing crypto holdings online is a poor decision indeed.

Hack Occurred During YouTube Live Stream

Speaking to viewers via live stream – which has since been taken down – Balina rang alarm bells when he realized he had to sign-in again to his Google spreadsheet – which he was editing moments ago. Soon enough, the ICO promoter abruptly left the live stream, and tweeted after a while:

However, the development quickly turned from genuine sympathy to suspicion, as Balina deleted his second tweet which stated that his missing coins were about to be sold on crypto exchange KuCoin:

“Hacker has stolen my funds and is about to sell on @kucoincom.Please help in contacting them. $ETH $BTC $KCS.”

Social Media Communities Find Discrepancies

Instantly, Reddit and Twitter communities discussed this discrepancy, with several comments suggesting the hack was an elaborate move by the promoter to avoid taxes; since the fiasco occurred only 24 hours before the tax deadlines set by US Internal Revenue Service (IRS).

Bitcoin Foundation founder Charlie Shrem was apprehensive of his claims as well:

Reddit user shanecorry commented that Balina’s tweet about KuCoin was posted when no coins had been moved to KuCoin from the alleged hackers’ wallets:

“I was more of the opinion before that happened that he was just being stupid, holding millions of $ in crypto with poor security but this points more towards the more dodgy behavior that others have suggested.”


By the nature of the blockchain’s transparent ledger, it can be seen that funds have indeed moved from several wallets.

However this is no definite proof of the hack, as cyber-thefts are quick with their movements and would never store hacked coins on an exchange – as observed from the addresses – in fact, any hacker with a basic understanding of cryptocurrencies would move the stolen coins for a privacy coin, such as Monero.

Crypto-security is a Serious Matter

Dealing with cryptocurrencies in their present state should be an elaborate, well-informed approach until highly-secure and easy-use-wallets are developed.

To avoid an Ian Balina-like situation, BTCManager notes a list of things to do, and what not to:

DO Use a Cold Wallet

Storing your portfolio almost exclusively on crypto-exchange wallets is not recommended, as the level of exchange security is unknown. Furthermore, hackers attack large organizations; which understandably are valued much higher than an average person’s crypto wallet.

In simple terms, cold wallets are offline wallets and come in both paper and hardware form.

The most famous hardware wallets are Ledger and Trezor; both provide encryption keys and haven’t been victim to huge compromises.

A lot of altcoins – especially the major ones – offer their own wallets and although they are not very user-friendly and intuitive, using a coin’s own dedicated wallet – developed by its own team – is highly recommended.

DO NOT Use Generic Cloud Services

As per claims, Ian Balina’s wallet was hacked due to his email password being stored on Evernote, a free cloud storage platform. However, such services are best used when limited to college project and general reminders and carrying around the key that holds millions of dollars is asking for trouble.

For cryptocurrencies, it is best to stay away from centralized cloud storages, until military-grade decentralized cloud security servers are launched.

DO Implement Two-factor Authentication (2FA)

Services like Google Authenticator, and the lesser known Authy, are easy to use, easy to set-up, and do not have reports of being hacked.

Without a 2FA, all that hackers need is your username and password, which makes it very simple once the password is gained.

However, with a 2FA enabled, exchange and wallet logins require the input of the six-digit code – which changes every 30 seconds – and is only available on a user’s personal phone. Hence, even if a user’s phone is hacked and remotely controlled – which is very difficult to execute – only a 30-second window exists for hackers to log in.

Also, a secure mail service is ProtonMail — it has two password layers, almost impossible to get hacked. Infinitely more secure than Gmail.

DO NOT Publicize Your Wallet/Portfolio Online

Seriously, this is asking for trouble!

Always remember – owning exchange keys isn’t a measure of security; private keys are. Cryptocurrencies are a tool for you to be your own bank, and being a bank necessarily requires basic security measures.

Source: Read Full Article

Leave a Reply