Do not use any note taking apps for recording your crypto keys and password

[cryptomaniac_xxx]

I'm not sure if you are familiar with the thread that I started here: The dangers and threat of using Self destruct Private Notes.

But it seems that there are still users who even don't know how to use even a "Note-taking apps",

Back in February, Cai purchased 300,900 USDT – a stablecoin linked to the price of the U.S. dollar – through the cryptocurrency exchange Binance. Cai then transferred those funds to a personal wallet co-owned and managed with Chen.

Just four minutes after Cai had transferred the tether from Binance to the personal wallet, the funds were transferred again, but without the business pair’s permission, to a wallet address ending in 8869.

Hours later the funds were split, with two-thirds (200,600 USDT) of the funds going to yet another wallet address ending in 44c2, while 100,301 USDT remained in the 8869 wallet.

Cai contacted Chen the following day attempting to uncover how the funds had been moved, learning Chen had recorded their private key, used for authorizing transfers from their wallet, in an Evernote account.

https://www.coindesk.com/tether-froze-300k-of-stablecoin-hacked-after-victims-left-wallet-keys-in-evernote

Some note taking apps are the following:

• Evernote for taking all kinds of notes
• Microsoft OneNote for a free option
• Apple Notes for Mac users
• Google Keep for Google users

So I advise newbie and advance users not to use any of them, or if you have been using them for your crypto related activities, specially involving password and private key, I advise you to stay away.

[Charles-Tim]

If we find out about these note taking apps, they will be able to synchronize online with a cloud or something, and it is advised not to use any third party to save private information like seed phrase, private keys, passphrase and passwards etc, that is the reason we do not even like custodial means of saving bitcoin and other cryptocurrencies, because they are basically online, anything online can be compromised. If we do not use such, staying offline, using paper, metals and the likes to store these information, it will be fine, nobody will be able to get through it if store in a very safe place. Be it phishing site or legit, storing data online is not advisable, be it having certain type of encryption is not my concern.

[OcTradism]

Passwords or private keys or mnemonic seeds or 2FA secret codes must be stored offline.

Use note-taking apps, online storage on the devices you connect to the Internet everyday is very risky.

Perfectly:
- Wallet creation: offline.
- Backup of passwords, private keys, mnemonic seeds, 2FA secret codes: offline.
- The device and the location are used for storages need to be keep in secret and as much safely from water, fire, landslides, etc. as possible.

[Coyster]

Your private keys, seed phrase or info about your wallet should be kept to yourself, using note-taking apps or any app whatsoever to store them is the same as giving it to a third party to store it for you. There are many secure ways to store your seed phrase and private keys, both offline and online, it's better stored offline, but even if you must store your coins online, it should not be with a third party, and should be under your full control, with an extra responsibility on how you use the device holding the funds/keys online, like not clicking random links etc.

It's more of the same with users who use apps to generate stuffs like passwords as well as to save it, if you're to be your own bank, you must also learn to do most of the things related to your funds, accounts etc all by yourself, no third party, no app, everything should be private.

[mk4]

This has probably been suggested a thousand times already, but I'm going to mention it again anyway.

For storing passwords, use open source software such as Bitwarden[1] and KeePass[2]. Just make sure to use a really secure master password for your database.

[1] https://bitwarden.com/
[2] https://keepass.info/

[samputin]

How about the built-in app in our phones? It's not Evernote or Google Keep. Shall we keep our passwords away from it too? Sorry for this seemingly dumb question. It's just it's what I use on some of my passwords (fortunately, not crypto-related). Still, crypto-related or not, our security should one of our top priorities, right?

This has probably been suggested a thousand times already, but I'm going to mention it again anyway.

For storing passwords, use open source software such as Bitwarden[1] and KeePass[2]. Just make sure to use a really secure master password for your database.

[1] https://bitwarden.com/
[2] https://keepass.info/

Might be suggested a thousand times but this is the first time I heard of those software (or maybe I know about it before but just slipped my mind). Either way, I'd still take note of this and use this instead of an app. Thanks.

[BIT-BENDER]

How about the built-in app in our phones? It's not Evernote or Google Keep. Shall we keep our passwords away from it too? Sorry for this seemingly dumb question. It's just it's what I use on some of my passwords (fortunately, not crypto-related). Still, crypto-related or not, our security should one of our top priorities, right?

Some of the in-built apps in your phone or in any of your devices may not be of red boiling hot threat -at least not yet- saving your password, private keys in them, but what you ought to know and never forget its the that they are many threat saving your private keys, password in them -no sense in using yourself as a test run- you are ahead in securing yourself by not doing that.

[oHnK]

Yup, I couldn't agree more. It is highly recommended that we write down passwords and private keys in a recording application or anything connected to the network. When we are connected to the network we must be prepared for all the risks that may occur, cyber threats are very vulnerable when our devices are connected to the internet.

Especially when it comes to crypto, that's a really, really personal thing. We have to be very careful, if we are careless with using note-taking applications or other third-party applications then big losses await you.

Like you have a safe and you give your safety pin to someone you don't even know fully, but you just trust because of the offer of security and convenience he gives you.

Hackers can work when you are connected to the internet, such as social media, email, and applications you use are cloud-based, etc. Hackers start hacking your device through cameras, Bluetooth, and even slots on your device.

The advice that I can share is if you can't work independently from your laptop, then provide your offline database laptop, don't connect your database laptop to the internet or cloud-connected applications. Cover the camera, uninstall data-sharing programs on your laptop, use double verification to close the access of irresponsible people, and work offline for data that is truly private. Because cyber threats are very vulnerable to the internet.

[skarais]

Too many threat to all crypto user whether they are aware of it or not. Crypto is such a valuable asset that users are constantly looking for the best solution to secure their asset because so far many cases have occurred due to user's own error failing to implement proper security for their asset.
OP, I think you are doing the right thing to warn us to be aware that there is an asset security risk if we store private key and other security detail in the notes application for phone or PC. But I have tried to save it offline on a pendrive which allow me to minimize a bit more risk than keeping it on my always internet connected phone.

[aioc]

Some note taking apps are the following:

• Evernote for taking all kinds of notes
• Microsoft OneNote for a free option
• Apple Notes for Mac users
• Google Keep for Google users

So I advise newbie and advance users not to use any of them, or if you have been using them for your crypto related activities, specially involving password and private key, I advise you to stay away.

Great posts I'm not using any of this but we never know other people, people love to use online application for all their basic needs and if the user is not aware of this he might write down his passwords and private keys here, once you become a Cryptocurrency holder so many things have to change like using these applications and creating passwords for all the sites and exchanges where you are trading.

[GDragon]

How about the built-in app in our phones? It's not Evernote or Google Keep. Shall we keep our passwords away from it too? Sorry for this seemingly dumb question. It's just it's what I use on some of my passwords (fortunately, not crypto-related). Still, crypto-related or not, our security should one of our top priorities, right?

Some of the in-built apps in your phone or in any of your devices may not be of red boiling hot threat -at least not yet- saving your password, private keys in them, but what you ought to know and never forget its the that they are many threat saving your private keys, password in them -no sense in using yourself as a test run- you are ahead in securing yourself by not doing that.

I think built in note isn't safe too cause in some phones, cause I once used a note which is not google keep but we can connect it to our google accounts, so if your google account has been hacked, I think your password or private keys isn't safe with it too. I just realized it when I decided to change a phone this year and then when I connect my gmail account, I got all other notes from my previous phone. I'm not sure if it's the same with other phones. Mine's an android.

I think anything that is online is kind of dangerous, I'm not good with technologies so I might as well be careful enough to not lose any important things in it.

[mersal]

Even it's better not to use any of the offline sticky note apps available on the official smartphone app market because we never know what is happening in the background of such apps. I only use notepad of my windows for any kind of password storage purpose, not even MS office. know it is not safe though but it will be helpful to store our files on offline drives like USB sticks and we can delete the one available on our device.

[cryptomaniac_xxx]

How about the built-in app in our phones? It's not Evernote or Google Keep. Shall we keep our passwords away from it too? Sorry for this seemingly dumb question. It's just it's what I use on some of my passwords (fortunately, not crypto-related). Still, crypto-related or not, our security should one of our top priorities, right?

Some of the in-built apps in your phone or in any of your devices may not be of red boiling hot threat -at least not yet- saving your password, private keys in them, but what you ought to know and never forget its the that they are many threat saving your private keys, password in them -no sense in using yourself as a test run- you are ahead in securing yourself by not doing that.

I think built in note isn't safe too cause in some phones, cause I once used a note which is not google keep but we can connect it to our google accounts, so if your google account has been hacked, I think your password or private keys isn't safe with it too. I just realized it when I decided to change a phone this year and then when I connect my gmail account, I got all other notes from my previous phone. I'm not sure if it's the same with other phones. Mine's an android.

I think anything that is online is kind of dangerous, I'm not good with technologies so I might as well be careful enough to not lose any important things in it.

Yes, it's not safe as well, anything that goes online, has the possibility that can be hacked or breach or you can unintentionally exposed it, that's why it is not safe anymore. Well, you can used it, but not for crypto related thingy. Note taking apps makes our life easier, but if you are going to look at, it has still a lot of disadvantage like any other apps right now.

[samputin]

How about the built-in app in our phones? It's not Evernote or Google Keep. Shall we keep our passwords away from it too? Sorry for this seemingly dumb question. It's just it's what I use on some of my passwords (fortunately, not crypto-related). Still, crypto-related or not, our security should one of our top priorities, right?

~

~

~

My notes app, the one built in my phone, is connected to my Gmail account. I must've synched it when my phone's new. And I agree with those you said, if my Gmail account is hacked, there's a possibility that those I keep in my notes will be accessed by the hackers as well. Well, lesson learned for me. I won't use it to store important things anymore, crypto-related or not.

[Taskford]

How about the built-in app in our phones? It's not Evernote or Google Keep. Shall we keep our passwords away from it too? Sorry for this seemingly dumb question. It's just it's what I use on some of my passwords (fortunately, not crypto-related). Still, crypto-related or not, our security should one of our top priorities, right?

~

~

~

My notes app, the one built in my phone, is connected to my Gmail account. I must've synched it when my phone's new. And I agree with those you said, if my Gmail account is hacked, there's a possibility that those I keep in my notes will be accessed by the hackers as well. Well, lesson learned for me. I won't use it to store important things anymore, crypto-related or not.

Well just separate your mails and don't use it for signing up on different websites since this is one of the reasons why Gmail got hacked.

And also I wonder if Notepad is safe? Can you give me any inputs regarding on this, I'm glad OP bring this topic since seriously this one is really important that needed to learn to avoid any problems in future.

[khaled0111]

What part of "do not store your private keys in the cloud" they don't get?
Fortunately the stolen funds were frozen.
However, what I find odd is that the coins were moved our minutes after they've been deposited!
It must be someone who already new the wallet's seed and was waiting for a big deposit to be made or a bot monitoring all the data stored into that Evernote account.

Anyway, is there any follow-up to the story as it's been more than nine months since the incident?

[hatshepsut93]

It's important to understand why the private key was stolen. First, it was stored in unencrypted format, and second, it was handled on an online machine, and third, it was stored in the cloud. All these things are huge security risks, and there are other situations where people may and did lose their coins in the past for the same reason, like for example storing private keys in email drafts.