@Rich Tener In your Security Update message you mentioned this latest event was about searching for cryptocurrency credentials. How do you know this? Is there any reason to believe they were searching for credentials beyond cryptocurrency accounts (i.e. more of a general fishing expedition)?
I received your alert email (thank you, btw) and have since discovered my account was accessed multiple times on two separate days since January (screenshot attached). If it was specifically for cryptocurrency credentials then I'm relieved as I have no such information. However, I do have a lot of other sensitive content for which I'm now concerned is circulating across the internet.
Note, I've since changed my Evernote password and have checked all my other accounts that could have been compromised (along with changing their passwords). Thankfully, at this point nothing else appears to have been impacted.