Ian Balina, a former IBM salesman who became a full-time cryptocurrency trader and pundit, is not known for his modesty. Like many YouTube personalities in the vein of motivational speaker Gary Vaynerchuk, he brands himself as a self-starter-made-good who now wants to teach you how he did it (while clarifying, of course, that his recommendations are not investment advice). He regularly shares screenshots of his extensive portfolio, which was valued at more than $3 million on April 14th, according to an image he posted on Twitter and Instagram. One of his videos is called “Six-Figure Slave to Crypto Millionaire.”
This bravado may have backfired. On Sunday, during one of his marathon live streams, Balina found himself unable to log into the Google Spreadsheet where he tracks initial coin offerings or ICOs, which are crowd sales for new cryptocurrencies. That appears to be because a hacker took control of his accounts, draining a substantial portion of his holdings. The Next Web estimated that the total stolen was equal to almost $2 million on paper.
Cryptocurrency vlogging has exploded on YouTube over the last two years. In the last 90 days, there were 122,000 videos on cryptocurrency or Bitcoin uploaded to YouTube, garnering 328 million views, according to video analytics platform Tubular Labs. As it turns out, YouTubers are juicy targets for hackers because they share so much information about themselves. They often share their screens as they make trades, which can reveal what apps, usernames, and cryptocurrency addresses they use. They may even tell their followers what systems they use to secure their holdings, which can end up being a blueprint for attackers.
“You have to be very careful about that stuff as a YouTuber,” says Peter Saddington, the host of Decentralized TV on YouTube who infamously bought a Lamborghini with his Bitcoin earnings. “In my early days of YouTube, I used to show my trades. I learned that was not a good idea.”
Saddington was hacked in late 2017. He woke up one morning and discovered that his phone number had been transferred to someone else, likely through a social engineering attack via Verizon’s customer service. He declined to say how much money he lost, but said it was a “significant amount that was taken from me.” He also lost much of his online identity. “It fundamentally changed my life,” he said. “I lost everything. I lost 13 years of emails.”
Since then, he’s shored up his operational security. He instructed his cellphone carrier not to allow changes to his account unless he shows up in person with an ID. He no longer uses email or social media on his phone. He keeps his Bitcoin in “locations that I can’t access easily.” Because of his high profile, he constantly gets attacked by hackers trying to reset his passwords and “hack my Wi-Fi and my printer and all that.”
Saddington blames only himself for his epic hacking, he told me. This is a common attitude in the cryptocurrency world, where many believe there is no need for banks or governments. “YouTubers kind of have to learn the hard way,” he said. “We no longer have a bank that we can whine to and say, ‘bank, my money was stolen, give it back to me.’ No. We’re not in that economy anymore. If you lost your Bitcoin that is 100 percent your fault.”
Most cryptocurrency theft happens through larger-scale attacks that target a bunch of users at once. Most theft occurs through exchanges, according to Chainalysis, which analyzes the public blockchains for Bitcoin and other cryptocurrencies. The “exit scam,” in which a pseudonymous group collects cryptocurrency as an investment or for some good that never gets delivered, is also more common than attacks that target individual users, ViK, the project lead for the cryptocurrency scam tracking site badbitcoin.org, said in an email. “Countless Bitcoin scammers have disappeared from the face of the earth after saying ‘we were hacked,’ and it seems to be a conventional way of slipping away quietly with the loot,” ViK said. However, YouTubers and other prominent personalities are also popular targets. “These people who make videos about how rich they are, will always attract attention from hackers,” they said.
Even just talking publicly about owning cryptocurrencies is enough to draw criminal attention. In May 2017, New York startup founder Cody Brown fell victim to the same type of SIM-jacking scam that ensnared Saddington. His takeaway: “Don’t talk about Bitcoin Club. Don’t talk publicly online, with your real identity, about your trades or the exchanges.”
But for YouTubers who are trying to build a following and get viewers excited, talking about trades is often a big part of the brand.
“Ian’s a perfect case of what not to do,” said Kenn Bosak, host of the YouTube show Pure Blockchain Wealth. “He posted his portfolio publicly on Twitter, saying he had over $2 million in his portfolio, making himself a public target. That’s like saying ‘I have $2 million in cash under my mattress.’ You’re a walking honey pot.”
Bosak was hacked in September 2017. The attackers deleted his Facebook and deactivated his Twitter and YouTube accounts in addition to stealing about $20,000 worth of cryptocurrencies. “I shut down for months,” he said. “Not from losing the money, but the feeling of having somebody just walk into your house and just take everything out and there was nothing you could do to stop them, but in a digital sense.”
Bosak was sloppy when he first started out on YouTube. He used his real name instead of an alias and his real email, the one he used to register for social media and other services, was public. “Some of my YouTube videos have me walking out of my residence and showing my address,” he said.
Like Saddington, he blames himself for his hacking. “The whole concept of crypto is to be your own bank,” he said. “You have only you to blame. If the hacker exploits a way of getting your funds, it’s probably an educational process. Most good education ain’t free.” At the same time, he acknowledges that there is a financial and mental cost to securing your cryptocurrency assets and that even John McAfee, who built one of the most recognizable computer security products ever, had his Twitter hacked.
If you want to be a personality in the cryptocurrency space, he suggested creating an alias, using non-public email addresses and phone numbers to register for online accounts, and being discreet about personal finances.
“Talk about the technology, don’t talk about how much you’ve invested,” he said. “That whole aspect of wanting to be known, ‘I want to be popular, I want to talk about this’ — with this specific industry, you may want to dial that down a notch.”
Ian Balina said in a note on his Telegram channel that has now been deleted that he suspects the hackers had compromised his college email account, which was listed as a backup email for his Google account. From there, the hackers were able to crack into his Evernote account, which is where he stored his private keys and passwords.
But while Saddington and Bosak resigned themselves to their losses, in an email Balina says he is working with the FBI to find the perpetrators. “We have identified who did it and this is a lot bigger than me,” he wrote. In the meantime, he also deleted Sunday’s two live stream videos from his YouTube channel.
“I’m not worried about the money. I learned my lesson,” he said on his Telegram channel. “I only care about catching the hacker.” He said he has notified Binance and Kucoin, the exchanges where some of his coins were sent, and is “working diligently with a global team to close in on whoever did this.”
“Looking forward to turning this L into a W,” he said.