Hey Steemians! I just want to talk about the hacking incident involving Ian Balina, a notable ICO investor, and share my thoughts. Ian Balina is a well-known crypto investor who had made millions of dollars with just under $100k capital. He gained quite a large following as a result of his success in crypto investing and he has 143k followers just on Twitter alone.
Not sure why hackers must wear hoodies 😒
Ian Balina recounted how he thought the hacker might have hacked him. Below is what he posted:
This is how I think I got hacked. My college email was listed as a recovery email to my Gmail. I remember getting an email about it being compromised, and tried to follow up with my college security to get it resolved, but wasn’t able to get it handled in a fast manner and gave up on it thinking it was just an old email. I kept text versions of my private keys stored in my Evernote, as encrypted text files with passwords. I think they hacked my email using my college email, and then hacked my Evernote.
Some key learning points here:
- Do not underestimate any compromised account. It might seem trivial to you if an old email account, which you no longer use, is hacked. But you never know what kind of information can be extracted from the account. In this case, Ian Balina had that email address listed as a recovery email and led to the compromise of his main email address.
- Use 2FA as much as possible. In this case, both Gmail and Evernote supports 2FA. If Ian Balina had that turned on, it may not be so easy for his accounts to be compromised.
- Try not to save private keys to high valued crypto accounts online. If you only have a few hundreds or thousands dollars worth of cryptocurrencies, it may not be required to use a hardware wallet. But if you have millions, please invest in a hardware wallet and have the keys stored offline.
- Password security. If you read what Ian Balina posted in detail, his keys were stored in an encrypted text file. This means that the hacker managed to decrypt the text file and access his keys. The fact that the hackers were able to decrypt the file in a short span of time indicates either a weak password or a reused password. You can refer to one of my earlier posts for some pointers to secure your passwords.
In addition, I will like to recommend this article as an additional read. Some ideas in the article might be overly paranoid but there are many practical security recommendations that I hope all my readers can learn about.
On a sidenote, there are some online speculations that Ian Balina staged this incident in an attempt to evade tax. But this sounded a little far-fetched. So I am going to give the man the benefits of doubt.
This is just a very short post. The main aim is to raise the security awareness, especially when your money is at stake. Thanks for reading! What are your thoughts on this incident? And are you keeping your keys safe?
@culgin you did recommend using 2FA for my gmail accounts, but found it quite an hassle. Now it seems the hassle is worth it!
Alternatively, I did share (offline) that we could store our private keys in a n encrypted file on our desktop (no doubt for ease of access), but omit some characters and record them on hard-copy or remember by memory.
Also buying a hardware wallet online may not be safe either. There's so many scams and deception in this age that trust is truly hard to come by. But a least we know you can be trusted. Cheers!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
2FA for everything possible my friend. It is the best defense against credentials attack.
This is a good way. It is a good balance between security and convenience.
I think at some point I will be buying a hardware wallet. Buying from Ledger or Trezor should be relatively safe I supposed? Then again, I won't be putting all my eggs into one basket. It is best to have a few wallets to spread out the potential damage if one of them is compromised.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I am afraid of hackers and those key points are very helpful.
I hope that no one will be a victim again.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Yup. The basic due diligence need to be done to protect yourself.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I do not know anything about this person, Ian Balina, but it seems quite negligent. Hardwarewallet ftw.
If you have more than 10k$ in crypto then you probably already should have one but it always depends on your wealthiness, of course. Just buy a hardwarewallet or create a paperwallet if you want to be very safe.
Because it looks bad/evil, kind of. :D
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Haha.. as usual, thanks for the support! He is indeed quite careless. But this should be a really targeted attack.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
As usual, you are welcome brother!
Yes, you are right, I think.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Alamak!!! How much did he lose? But it's ok, he can bounce back from this incident becoming stronger. Upvoted!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I think he lost over $2mil worth of cryptocurrencies. And given that the market is moving up these days, it should be worth more today.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Good perspective, weather or not the attack was a scam to avoid tax it raises awareness on security!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Yea. This kind of hack is always able to generate some attention. However, the crowd is usually quite forgetful. After some time, people tend to forget the importance of security.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I think he wrote that he thinks the perpetrators would be brought to justice.... i highly doubt so haha, all traces probably gone and spread far away to different lands and seas
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Yea man. He is trying very hard to track down the hackers. But I think it is going to be an uphill task. Although the funds seemed to be transferred into Kucoin, which potentially may disclose the hacker's identity.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit