Private Key stolen from Notes

[Stas78 1]

Hi,

I made a mistake of storing crypto wallet private key in Evernote.
Yesterday I found out that all of my funds were stolen.
The only place where I kept my private key was Evernote, and my hardware key was in a safe place.
I know of at least one more person who recently had his funds stolen in the same exact scenario.

I need help investigating how my private key was accessed, because I don't remember receiving any notifications of suspicious activities on the account.

I'd appreciate any help. Thank you!

[PinkElephant 8,077]

Upgrade to Premium, get EN support to help you on this.

All cases reported here had to do with credentials used for other services as well, and stolen from there. If you reused access data, make sure to change them everywhere to avoid more nasty surprises. Use a password manager to create strong and unique passwords for each account.

You can check if your data is circulating on the internet (without a guarantee, they can’t have all breaches) here: 

https://haveibeenpwned.com/

In addition 2FA is a good measure to make accounts even safer.

Probably won‘t help in this case, when the extracted keys were already used.

[Stas78 1]

Thank you, PinkElephant. Upgrading to Premium now so I can get some support on this.

[nmoccia79 0]

Stas, the same thing happened to me yesterday.  Did you ever resolve the issue?

[PinkElephant 8,077]

Personally I doubt that these cases can be „resolved“ after a theft has happened.

EN itself is secure, but only as secure as the users allow it to be. Just a short list of BAD ideas NOT to follow:

• Reuse passwords from other services, or use weak passwords.
  Given the power of modern GPUs (used to break passwords) even a 12 digit, fully random password is not beyond breaking and longer. If you reuse it, you are doomed anyhow as soon as a breach happens somewhere. Reusing means little variations of the same password scheme as well.
• Don’t enable 2FA because it makes access harder (that is the idea behind it, isn’t it ?)
• Use any cloud based service that is not specifically hardened to store sensitive, valuable information. When you can access it from every point in the world, the bad guys can do the same as well. But for them it is much more valuable than for yourself.

About crypto security we could fill a book here. Just for starters: Only use a cold, offline wallet as storage. Keep the keys away from any computer storage - keep them simply on a sheet of paper, maybe obscured in a way only you are able to extract them.

[DTLow 5,736]

On 5/12/2021 at 6:34 AM, Stas78 said:

I need help investigating how my private key was accessed

afaik  The only way to access your account is with the userid and password   
Hackers usually obtain passwords from less secure sites   
Do you use the same password at other sites?

[Stas78 1]

Quick answer is - No. Money is gone.

Evernote prompted me to buy Premium if I wanted to get any support. Which I did.

A guy was assigned and we went back and forth on the issue. Very slowly. Eventually we got to the point where he showed me the log of who accessed the file containing the key and it was all me from my IP. All the same IP. After that, Evernote support said they can do nothing about it and closed the case, when I asked them to do internal investigation on the matter.

I did contact FBI, but get no response from them. When I contacted private bureau that works on cyber theft, they said FBI wouldn't even look at it unless it's a much larger sum of money and/or corporate. They also said that the money is impossible to trace, because they bounce it from one currency and place to the other.

I spoke with a few people who said that the similar thing (password stolen from Evernote) happened to them or to someone they know. No trace.

I'm not here to play a blame game, but my assumption is - it was one of Evernote employees. That's my personal opinion.

I did remove all my private notes from Evernote.

[agsteele 2,942]

2 hours ago, Stas78 said:

I'm not here to play a blame game, but my assumption is - it was one of Evernote employees. That's my personal opinion.

I did remove all my private notes from Evernote.

I think you are mistaken. It is dangerous to assume.

[DTLow 5,736]

3 hours ago, Stas78 said:

I'm not here to play a blame game, but my assumption is - it was ...

I flagged your post; perhaps we'll here about internal security at Evernote   
In the meantime, before exposing sensitive data to the internet I recommend encryption

[PinkElephant 8,077]

Access to accounts for employees AFAIK is not possible. The account content is encrypted on the server. All server side action like search indexing and OCR is through bots (automatic programs), not by humans.

Here is some reading for you - which includes links to more stuff, like a description of the server side encryption in Google data centers used by EN:

https://evernote.com/intl/en/security

To check access you can go to your access history in settings any time. The listed IPs need to be taken as they are - hackers will use VPN servers or TOR to hide their true location. In these cases the exit server will show.