Ian Balina, a former IBM salesman who became a merchant and full-time cryptocurrency expert, is not known for his modesty. Like many YouTube personalities along the lines of motivational speaker Gary Vaynerchuk, he describes himself as a self-initiator who now wants to show you how he did it (while clarifying, of course, that his recommendations are not investment advice). . He regularly shares screenshots of his extensive portfolio, which was valued at more than $ 3 million on April 14, according to an image he posted on Twitter and Instagram. One of his videos is called "Six-Figure Slave to Crypto Millionaire".
This courage may have failed. On Sunday, during one of her live marathon broadcasts, Balina was unable to log in to the Google Spreadsheet, where she tracks the initial coin offers or ICO, which are massive sales for new cryptocurrencies. That seems to be because a hacker took control of their accounts, draining a substantial part of their properties. The Next Web estimated that the stolen total was equivalent to almost $ 2 million in paper.
Cryptocurrency vlogging has shot up on YouTube in the last two years. In the last 90 days, there were 122,000 videos in cryptocurrency or Bitcoin loaded on YouTube, obtaining 328 million visits, according to the video analysis platform Tubular Labs. As a result, YouTubers are juicy targets for hackers because they share so much information about themselves. They often share their screens as they transact, which can reveal what applications, user names and cryptocurrency addresses they use. They can even tell their followers what systems they use to protect their properties, which may end up being a plan for the attackers.
"You have to be very careful with those things like YouTuber," says Peter Saddington, the host of decentralized television on YouTube who infamously bought a Lamborghini with his Bitcoin winnings. "In my early days on YouTube, I used to show my exchanges, I learned that it was not a good idea."
Saddington was hacked at the end of 2017. He woke up one morning and discovered that his phone number had been transferred to another person, probably through a social engineering attack through Verizon's customer service. He refused to say how much money he lost, but said it was a "significant amount that was taken from me." He also lost much of his identity online. "It fundamentally changed my life," he said. "I lost everything, I lost 13 years of emails."
"It fundamentally changed my life, I lost everything, I lost 13 years of emails."
Since then, it has underpinned its operational security. He instructed his cell phone operator not to allow changes to his account unless he appeared in person with an ID. He no longer uses email or social networks on his phone. It keeps its Bitcoin in "locations that I can not easily access". Due to its high profile, it is constantly attacked by hackers trying to reset their passwords and "hack into my Wi-Fi, my printer and all that."
Saddington just blames himself for his epic hack, he told me. This is a common attitude in the world of cryptocurrencies, where many believe that there is no need for banks or governments. "YouTubers have to learn the hard way," he said. "We no longer have a bank that we can complain to and say, bank, my money was stolen, give it back to me." No. We're not in that economy anymore, if you lost your Bitcoin, it's 100% your fault. "
Most cryptocurrency theft occurs through large-scale attacks targeting one group of users at a time. Most thefts occur through exchanges, according to Chainalysis, which analyzes the public blockchain for Bitcoin and other cryptocurrencies. The "exit scam", in which a pseudonymous group collects cryptocurrencies as an investment or for a good that is never delivered, is also more common than attacks targeting individual users, ViK, the project leader for the scams site. Cryptocurrencies badbitcoin.org said in an email. "Countless Bitcoin scammers have disappeared from the face of the earth after saying 'we were hacked', and it seems to be a conventional way to quietly sneak away with the loot," said ViK. However, YouTubers users and other prominent personalities are also popular targets. "These people who make videos about how rich they are will always attract the attention of hackers," they said.
Even the simple act of speaking publicly about the possession of cryptocurrencies is enough to draw criminal attention. In May 2017, New York startup founder Cody Brown fell victim to the same type of SIM-jacking scams that trapped Saddington. His conclusion: "Do not talk about Bitcoin Club, do not speak publicly online, with your real identity, about your exchanges or exchanges".
But for YouTube users who try to create followers and excite viewers, talking about trades is often a big part of the brand.
"Ian is a perfect case of what not to do," said Kenn Bosak, host of the YouTube series Pure Blockchain Wealth. "He published his wallet publicly on Twitter, saying he had more than $ 2 million in his wallet, becoming a public target." That's like saying, "I have $ 2 million in cash under my mattress." Walking honey pot & # 39; & # 39;
Bosak was hacked in September 2017. The attackers removed their Facebook and deactivated their Twitter and YouTube accounts in addition to stealing approximately $ 20,000 in cryptocurrencies. "I closed for months," he said. "Not because I lost the money, but because of the feeling that someone just came into your house and just pulled everything out and there was nothing you could do to stop them, but in a digital sense."
"You are a pot of honey to walk."
Bosak was careless when he started on YouTube. He used his real name instead of an alias and his real email, which he used to register for social networks and other services, was public. "Some of my YouTube videos make me leave my residence and show my address," he said.
Like Saddington, he blames himself for his piracy. "The whole concept of crypto is to be your own bank," he said. "You just have to blame yourself, if the hacker exploits a way to get their funds, it's probably an educational process, most of the good education is not free." At the same time, he acknowledges that there is a financial and mental cost to him. secure their cryptocurrency assets and that even John McAfee, who created one of the most recognized computer security products of all time, had his Twitter hacked
If you want to be a personality in the cryptocurrency space, you suggested creating an alias, using non-public e-mail addresses and phone numbers to sign up for online accounts, and being discreet with personal finances.
"Talk about technology, do not talk about how much you have invested," he said. "All that aspect of wanting to be known, I want to be popular, I want to talk about this & # 39; – with this specific industry, you might want to mark that at a lower level".
Ian Balina said in a note on his Telegram channel that it has now been removed that he suspects that the hackers had compromised his university email account, which was listed as a backup email for his Google account. From there, the hackers were able to enter their Evernote account, which is where they stored their private passwords and passwords.
But while Saddington and Bosak resigned themselves to their losses, Balina says she is working with "experts and law enforcement" to find the perpetrators. Balina did not respond to a request for comment. He also eliminated the two videos broadcast live on Sunday from his YouTube channel.
"I'm not worried about money, I learned my lesson," he said on his Telegram channel. "I only care about catching the hacker." He said he had notified Binance and Kucoin, the exchanges where some of his coins were sent, and that he is "working diligently with a global team to get closer to whoever did this."
"Hoping to turn this L into a W," he said.