Ian Balina Hack of 2018: 5 Lessons to Learn

Table of Contents

  1. The Hackening
  2. The Hack
  3. One Month Rule
  4. It’s Not Cold Storage If You Keep Private Info Online
  5. Flaunting Your Wealth = A Recipe for Disaster
  6. Google 2FA is Your Friend
  7. Double-Check Everything

1. The Hackening

If you follow cryptocurrency and blockchain social media influencers and investors on Twitter or Instagram, there’s a chance you’ve heard the name Ian Balina and hack thrown around in the last twenty-four hours.

Around 4am EST, popular cryptocurrency investor, advisor, and blockchain evangelist Ian Balina posted this message on Twitter:

Ian Balina Tweets Attack

From his frequent Blockfolio snapshots – a crypto portfolio tracking application for your phone – it’s estimated he was hacked to the tune of over USD $2 million over the course of just a few hours.

Here’s just a few snapshots from his portfolio for reference – starting with the most recent.

Ian Balina Account 1 Ian Balina Account 2 Ian Balina Account 3

 

 

 

Balina came into the spotlight after turning a USD $90,000 investment into $4 million in just a few short months.

2. The Hack

So, how exactly was he hacked?

With Balina’s crypto security and storage, there were several points of failure – coupled with a lack of due care – making his crypto an easy target for hackers, specifically;

  • He backed up his main email with an old college email,
  • His college email could be used to reset his main email password, and;
  • He stored his private and public crypto keys on cloud storage app Evernote.

Once hackers accessed his college account and subsequently, his main email, it was as simple as resetting his Evernote password and voilà, the above screenshots were at the hacker’s disposal.

There’s also speculation buzzing around the internet that Balina orchestrated the hack himself in order to evade having to pay U.S. taxes. However, on 4/17/18, Balina refuted such claims in his first post since the hack on Twitter, stating, “Any suggestions that I would fabricate a hack to avoid tax evasion are [sic] flagrantly wrong and should know better.” And, not longer after, he followed that up with a Tweet about currently working with experts in law enforcement to locate the hackers.

Here are five key lessons we can learn from this unfortunate incident and apply to the storage and security of your crypto.

3. The One Month Rule

First off, you shouldn’t be investing more than you are prepared to lose – and for most people, that’s one month’s salary. If you keep more than one month’s salary of cryptocurrency on exchanges or online wallets, we at CoolWallet highly recommend you move it to cold storage. Some even go as far to say that you should online keep as much online as you would in your leather wallet or purse.

Exchanges aren’t immune – even Binance, hailed as one of the most reputable exchanges out there experienced irregular trading in early March due to phishing and the suspected accumulation of compromised accounts by hackers. Investing $100 in cold storage is worth it if you aren’t prepared to lose your crypto – no matter how small the amount.

4. It’s Not Cold Storage If You Keep Private Info Online

As was the case with Balina, it’s not actually cold storage if you use a hardware wallet but keep your private keysand other sensitive information online – it’s then considered a hot wallet, a wallet that is connected to the internet. Storing your private key or private seed on a system accessible over the internet opens you up to a handful of security issues and should be avoided at all costs.

Instead, we at CoolWallet recommend that you:

  • Write or print your key or seed on a piece of paper (or laminated piece of paper),
  • Engrave or etch them on a piece of metal,
  • Store them on a flash drive,
  • Or purchase a piece of cold storage hardware, such as CoolWallet – where your private keys are stored in the card itself.

5. Flaunting Your Wealth = A Recipe for Disaster

Just as you wouldn’t openly walk down the street in an unsavory neighborhood at 2 a.m. flashing a wad of $100 bills and your new iPhone-8, you shouldn’t be boasting of your cryptocurrency wealth and portfolio online. We even recommend when engaging in discussions on popular forums, such as Reddit and BitcoinTalk, to refrain from mentioning the quantity or total value of your holdings.

Letting it slip how much crypto you HODL could open you up to:

  • Targeted phishing attacks,
  • Social engineering,
  • Ransomware, and; even
  • Robbery attempts.

Think about it, would you really be letting people know how much money you have in your bank account? If the answer is no (which it should be), then you shouldn’t be divulging the specifics of your crypto holdings. As the old saying goes, “Loose lips sink ships.”

6. Google 2FA Authenticator is Your Friend

If you do keep crypto on an exchange, make sure to set up your two-factor authentication when logging in, also known as 2FA. When setting up 2FA, there’s a clear winner in terms of security – and that’s Google Authenticator.

Recently, it’s come to light that hackers have been able to bypass and hack a user’s SMS 2FA by exploiting known flaws in cell phone networks, and intercepting text messages – resulting in hackers seamlessly logging into users’ accounts and transferring funds.

Google Authenticator creates time limited codes for every thirty seconds when logging in, ultimately leaving a narrow window of time for hackers to access your code, and thus, account.

A word of caution, remember to back up your Google Authenticator keys (by writing it or storing it in a safe place), in case you lose or break your device.

7. Double-Check Everything

Phishing scams are the most popular method employed by malicious actors looking to steal a piece of your crypto portfolio, and the scary thing is, they’re getting more advanced – take a look at this Tron Twitter account which amassed over 250k followers and was later found out to be fake. Whether sending transactions or simply typing in an exchange or wallet’s website, double check everything.

Taking an extra second to glance over your input and the subsequent results is a simple and effective way to make sure you aren’t interacting with any malicious sites or actors. Here’s just a few tips to look for when surfing the web for crypto:

  • Look for the green ‘https’ and ‘Secure’ before a website’s URL address. Green = legitimate & trustworthy and indicates the website obtained the necessary SSL (security & trust) certificates.
Binance official URL not scam

An example of a scam posing as binance.com
Notice the two small dots under both ‘n’s in Binance? This form of Unicode character is particular tricky and hard to spot when logging in.
  • Bookmark the legitimate website to use as a short-cut. Doing so will remove typing error or misidentification.

Although the above five lessons may seem simple enough, countless investors and “HODLers” commit these faux pas every day, availing themselves to risk and ultimately, loss of their cryptocurrency. Next time you make a purchase online, make sure to keep these five tips in mind. Stay vigilant, stay secure, and happy hodling.

How Can the CoolWallet S Keep You Safe?

When you are dealing with a cold storage hardware wallet like the CoolWallet S, you will have no issues with your crypto being compromised.

This is the perfect mobile cold storage hardware wallet for your Bitcoin, Litecoin, Ethereum, Ripple, and Bitcoin Cash with ERC20 (EOS next up) tokens supported soon. It is convenient to use and your funds are kept extremely safe.

What makes it stand out from other hardware wallets, aside from its sleek design and quality security features, is that it is the very first mobile hardware wallet.

While other wallets are immobile and have a lengthy setup procedure, the CoolWallet S simplifies the entire process.

Rather than utilizing a USB port, like every other hardware wallet, transactions on the CoolWallet S are completed utilizing encrypted Bluetooth technology.

If you are serious about your crypto security, a cold storage hardware wallet is an essential purchase, saving you a lot of time, money, and stress in the process.

CoolWallet S Features:

Cold Storage

Keep You Coins Offline & Isolated

Store Your with a Common Criteria EAL5+ certified Secure Element Microchip. 

Click for More

Mobility

Take Your Cryptocurrency Anywhere

Take Your Investments Further with the World’s Only Mobile Hardware Wallet.

Click for More

Encrypted Bluetooth

Send and Receive Securely and Efficiently

No More Clunky and Confusing USBs. 100% Wireless.

Click for More

Get Security for Your Crypto Now

Buy a CoolWallet S
13 Responses
  1. It is perfect time to make some plans for the future and it is time to be
    happy. I’ve learn this publish and if I could I want to suggest you few attention-grabbing issues or advice.
    Perhaps you could write subsequent articles regarding this article.
    I wish to read more issues approximately it!

  2. I am extremely inspired together with your writing talents as well
    as with the layout for your weblog. Is this a paid subject or did you modify it your self?

    Either way keep up the nice high quality writing, it is rare to peer a great weblog like
    this one nowadays..

  3. I truly love your website.. Very nice colors & theme.
    Did you develop this web site yourself?
    Please reply back as I’m trying to create my very own site and would
    love to find out where you got this from or exactly what the theme is called.
    Cheers!

  4. My spouse and I absolutely love your blog and find many of your post’s to
    be exactly what I’m looking for. can you offer guest writers to write content for
    you personally? I wouldn’t mind writing a
    post or elaborating on most of the subjects you write regarding here.
    Again, awesome site!

  5. I’m extremely impressed with your writing abilities and also
    with the format to your weblog. Is this a paid theme or did you customize it yourself?
    Either way stay up the excellent high quality writing,
    it’s rare to look a nice blog like this one today..

Leave a Reply