I have some Gmail accounts, and I have Google drive. My google drive never has anything but old documents and pictures. Usually. A few months ago I had an issue with a drive and wanted to upgrade, so I got a bigger, better drive, and as a precaution I offloaded some important documents to my google drive(in case data transfer from old drive gets borked. Evertything went well, and I copied all my stuff over to the new drive. I complely forgot about the stuff I left on Google Drive.
Many months later I went to play a crypto game on discord for the coin EGEM. Except I got an error message saying I didn't have the minimum required coins to play. Which should be impossible, my wallet had thousands! I went and checked ay myetherwallet.com, and I was devastated. The entire balance of my EGEM was gone. I frantically looked around for a possible explanation. I didn't find one. I knew I didn't transfer all of it to the game server/channel, and I had no reason to move them anywhere else (No cold-stake, no Quarry Node).
I double checked all the machines on my network. Nothing unusal, everything was secure. Maybe it was my icloud account. Nope, nothing got broken there. I couldn't figure out how someone got a hold of my private key. I know they didn't have my keystore file, or anything else that would require my password, It's too complex, and since I don't ever post it anywhere, or keep it anywhere except on my encrypted laptop, in an encrypted container file, I knew it had to be something else.
Finally I decided to check my Google drive. As soon as I logged on I, I knew something was wrong. I hadn't been on there in months, but a whole bunch of files had been accessed just the day before. All of them were text files pertaining to cryptocurrencies in one way or another, including backups of some important keystore, and private key information. I thought I'd check with my google account to see how it happened. No evidence of a breach, no mysterious logins, nothing. According to Google's own security, no one had logged on to my account but me. I checked everywhere for any sign of something amiss, and I couldn't find it.
How did someone get into my account? I know I keep none of that information public, and I use ridiculously complex passwords to avoid any possible lucky guess entries. This wasn't just a random thing though, only the files that pertained to my coin was accessed. There wasn't a lot of stuff there, and much of it was stuff that was archived as it was currently very low value, and not anything I was actively mining or invesitng in, except my egem privat key was in one of those files. I checked all the other accounts and none of them were touched. I moved all the coins to new accounts anyways. So they knew which coin was valuable, because they immediately transferred it to another address, and from there right into the exchange wallet on Graviex.
I've removed any and all files from my google drive, and paused and deleted any stored chrome data, and now I m moving all of my keys, codes, seeds, and paper wallet/keystore files into an encrypted 'password manager' program as well. But it's still a bizarre occurance. No evidence of a log in from any place other than my hometown, and no logins were listed as occuring any time around the date the files were accessed. So how did they sneak in without even leaving a hint of evidence? And on a google server no less. It's funny, I changed the password on that drive account, and within seconds there was an 'urgent security alert' about activity on my drive. Nope, no email from Google as I was getting robbed, but me logging in from the same place I always do, and changing my password set off all sorts of red flags.
WTF Google? WTF?
Price paid. Lesson learned. Still wondering why I use Google products at all( I mean they work, and work incredibly well, but also are the most privacy intrusive apps in existence today. They can plan a trip for me, and even keep track of my bowel movements. But apparently they can't prevent cyber attacks.
Follow me on Twitter: https://twitter.com/CryptoKeeper0x