Hacker News new | more | comments | ask | show | jobs | submit login
Cryptocurrency YouTuber Ian Balina hacked out of $2M during a livestream (thenextweb.com)
69 points by FuturisticLover 10 months ago | hide | past | web | favorite | 40 comments

At the risk of sounding pedantic, can we not use the term crypto for cryptocurrency or blockchain related stuff?

Crypto already has a well defined meaning that is in common use, which is related to cryptography, not cryptocurrency.

Edit: Post title was changed to use the full word "cryptocurrency", great :)

As much as I agree (and I upvoted you), I do think that ship has sailed.

Same as hacker has different meanings when used here on HN and on most news articles.

I'm fine with it being a shibboleth for people deeply embedded in the cryptocurrency world, whereas for people in the wider world of software engineering (and hopefully the world at large) we stick with the original meaning.

It's also worth saying the prefix doesn't really make sense. "crypto"-"graphy" means hidden writing. "crypto"-"currency" means hidden currency, and nothing about Bitcoin, Ethereum, etc. is hidden.

I don't think it is going to work. Maybe in HN but as some other commenter said the ship has sailed. Most people don't know crypto and know cryptocurrencies. They associated them with that word.

At the risk of sounding pedantic too, crypto is short for both cryptography and cryptocurrency. Knowing which one it refers to is inferred from context.

I’ll go one further and call the cryptocommodities.

The livestream had nothing to do with it. Here's how he says he thinks he was hacked (from the bottom of the article):

"This is how I think I got hacked. My college email was listed as a recovery email to my Gmail. I remember getting an email about it being compromised, and tried to follow up with my college security to get it resolved, but wasn’t able to get it handled in fast manner and gave up on it thinking it was just an old email.

I kept text versions of my private keys stored in my Evernote, as encrypted text files with passwords. I think they hacked my email using my college email, and then hacked my Evernote."

The time stamps of the purported transfer took place during his livestream so the headline ("during a livestream") is correct

Yes, understood, but it seemed to me like an irrelevant and misleading detail, as if he accidentally revealed his passwords or some other security detail on camera.

It seems like a very interesting detail considering that we don't know how it was done.

Maybe the last (seemingly innocent) clue (or just confidence of previous clues) the hacker needed was present. Or maybe it was just the hacker wanting a distraction (though I could think of better ones...) or doing it for fun.

Assuming he ever types his passwords, and you can hear the key-clicks in the audio track, he did.

I thought the same, but it's still a bit of a "funny" fact

I think its an exit scam. He will not be able to sell coins without upsetting his following, because he sells and then announced it on his channels. This will be followed a major dump and his followers will lose significant value during this dump.

Perfect cover up to liquidate his assets while covering his ass. No person seriously into crypto (especially with his amounts) does not keep it in a hardware wallet.

Back in my day when we made wallets on air-blocked computers, that had the single purpose of just generating wallets.

Not sure if I would trust hardware wallets//online wallets in the same way.

The other benefit to this is if you misplace a wallet, and find it years later it’s like finding cash in your dress pants you don’t really wear all the time.

> The other benefit to this is if you misplace a wallet, and find it years later it’s like finding cash in your dress pants you don’t really wear all the time.

There were also some who accidentally threw their old computers / hard drives away.


I found some BTC change on a backup drive. Said change was now worth a few hundred dollars. Was neat!

Interesting theory. One point towards another bad behaviour that incentivized crypto-assets can lead to..

after he sells, why does he care if he upsets his following?

Because he pumped them coinz

I thought Gmail required a phone number as well when 2FA is configured and someone is trying to recover their account. Otherwise it would be to easy to bypass. But maybe the dude just likes to live dangerous by keeping his millions in a cleartext evernote file.

While they do make you add a phone number to the account first when enabling 2FA you can remove it afterwards though (iirc) you have to remember to not just remove the number as an auth method but also remove it as a recovery method.

Failing to do so opens you up to getting your phone account transferred to a different phone/sim and using that to do the recovery process to gain access to the account.

Sounds like a great marketing hack / donation scam quite honestly.

A comment on the article also raises a valid point:

>Could it be that he made it up to avoid taxes? Perhaps we'll never know

Yea I ignored that one thinking the IRS would just laugh but I suppose a naive crypto youtuber might try such a thing.

Lots of talk about this being setup and a way to get out of taxes (which are apparently due tomorrow in the US). Any chance this could be the case?

How would this affect 2017 taxes though if it happened in 2018?

Losing money in 2018 would not affect 2017 income tax.

Aren't you taxed on money you lost?

Nope. Offsetting losses is therefor a very commonly used loophole. Hence the speculation.

True. He'd just better be very careful to have an explanation when he starts cashing in the 'lost' funds... or titrate them very slowly into his lifestyle. Tax Evasion is often caught not only by transactions, but by inexplicably high lifestyle.

Definitely possible but kinda hard to know for sure.

>I kept text versions of my private keys stored in my Evernote, as encrypted text files with passwords. I think they hacked my email using my college email, and then hacked my Evernote.

>Storing private keys for wallets worth $2,000,000 online...

A fool and his money are soon parted.

Keys kept in plaintext on Evernote.

From the article: "I kept text versions of my private keys stored in my Evernote, as encrypted text files with passwords."

Don't worry he encrypted them with a winzip password

I used GnuPG, is that good enough (assuming a 16 char random password)?

If you have a lot of money in your cryptocurrency wallet you should at least consider using a hardware GnuPG "smartcard" like nitrokey or yubikey. This way even if they get your passphrase they still need access to your hardware token (and vice-versa). There are also hardware wallets specifically meant for cryptocurrencies which I suppose have the advantage of not requiring you to decrypt your wallet on your drive before you make a transaction.

I'd embed them into QR codes, print them out on high quality acid-free paper and put them in a fire safe.

I don't trust anything electronic to store data in the long term, I do trust that a QR code will be readable in 50 years even if you have to decode it by hand (or at least write a program to do it) (in a temperature controlled safe with no UV I'd expect laser toner to last 50 years).

Other methods I can think of would be etching the QR code into a stable material (glass for example).

That said I stay miles away from cryptocurrencies, I find the technology interesting but the actual 'market' hilarious.

If it's just a random string, how do you store your password?

not to lack compassion, but lolol

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact