Unauthorized Bitcoin Transaction - What happened?

[jormanob]

Thankfully the amount lost was only a small amount of BTC. After sending bitcoin to my Evercoin wallet through Coinbase, I backed up my account to an email address. Twenty or so minutes later my BTC was transferred without my authority to some random unknown public address.

      Checking through, I NEVER have copied or shared my private key, and checking my email security it is clear no one else has accessed it besides my devices and IP address.

      I have no idea where the BTC went but got a notification on my phone at the same time that I received the amount in my account that was sent to that random address. But obviously, the BTC is nowhere to be found in the applications wallet.

      Does anyone have an idea where I went wrong here? If I accidentally clicked the recovery link in my email or did something else weird would my account send the BTC somewhere to keep it safe? Or is it possible that my account was hacked and if so how could it have happened if not through email or me sharing a private key?

Thank you

[Upgrade00]

After sending bitcoin to my Evercoin wallet through Coinbase, I backed up my account to an email address. Twenty or so minutes later my BTC was transferred without my authority to some random unknown public address.

This is wrong. You should never back up your private keys online, much less trust an email service to keep it safe. They are meant to be kept in an airgapped device or written on a piece of paper where it would not be exposed to hacks.

Checking through, I NEVER have copied or shared my private key, and checking my email security it is clear no one else has accessed it besides my devices and IP address.

I have no idea where the BTC went but got a notification on my phone at the same time that I received the amount in my account that was sent to that random address. But obviously, the BTC is nowhere to be found in the applications wallet.

Have you checked the transaction history on a block explorer, like https://blockchair.com/ ? I have never heard of this 'evercoin wallet', could be a vulnerability from that end or you're using a corrupted file. Much better to use a reputable wallet like electrum and verifying the keys.

Does anyone have an idea where I went wrong here? If I accidentally clicked the recovery link in my email or did something else weird would my account send the BTC somewhere to keep it safe?

You did a couple of things wrong as I've already mentioned; storing your funds in a relatively unknown wallet and using email as a back up.
To the second question, I do not think there is any possibility of a wallet taking actions for the user like, locking accounts or sending out funds to keep them safe. Except you are using a non custodian wallet, which this appears to be.

Or is it possible that my account was hacked and if so how could it have happened if not through email or me sharing a private key?

There are different possible scenarios;
• The wallet was compromised and hackers already had access to it and sent the Bitcoins out as they were received,
• There's also the possibility that the email was hacked and your private keys leaked in the process (I assume this is less likely as it would take a bit of time for the breach, except of course your email was already compromised).

[DannyHamilton]

I haven't heard of "everwallet".  Where did you get this wallet from?  Are you sure it's trustworthy wallet software? Are you sure you didn't download it from a phishing site?  It sounds to me like the thief had access to the private keys before you even installed the wallet.

[LoyceV]

I backed up my account to an email address.
~
checking my email security it is clear no one else has accessed it besides my devices and IP address.

Email by default isn't encrypted, and it could have been read by a man in the middle. I have no idea how likely this is to actually happen, but it's a possibility.

[Charles-Tim]

Does anyone have an idea where I went wrong here?

There are many mistakes you made.

First of all, you back up unencrypted private key online, this is not right at all as online is not safe for unencrypted data backup. I do not even suggest online backup, but if you think you want it that way, at least you should encrypt the private key. Anything online is not safe.

It can also be as a result of malware, maybe you use your device the way you want online visiting any site of interest without having in mind to have online privacy and ways to avoid installing malware. Malware must be avoided to help against such occurrences.

You need to protect your wallet device from malware and online attacks, backup your seed phrase or private key offline is better, making use of paper or metalic sheet for the back up are good. If you need more protection, then encrypt it and never forget the encryption password and still backup the encryption password separately. Triplicating all backs and store it in different locations will be good in place no vulnerable to offline attackers like thrives and also damages.

[o_e_l_e_o]

I have also never heard of Evercoin, but a quick internet and Reddit search doesn't throw up any blatantly obvious scam accusations or any other users reporting similar events, so I suspect the wallet is not at fault here.

By far and away the most likely culprit is that you backed up your wallet to email. Your email might have been hacked, but it doesn't need to be for your wallet file to be accessed by someone else. Who is your email provider? When you upload a file to your email, you have no idea how many servers around the world it is being copied to, if it is being stored encrypted (which is unlikely unless you are using an email provider which specifically offers this), if it is being transferred and copied encrypted, how many employees of the email company, server provider, any of their subsidiaries, etc., can access it. Maybe your email provider automatically sent the unencrypted file for virus scanning after you uploaded. Maybe you left your email account logged on to another device without realizing it and someone else accessed it. Maybe your email was hacked months ago and set up an auto-forwarding rule which you don't know about. The possibilities are endless.

Never back up anything sensitive online.

[HCP]

I backed up my account to an email address.

What exactly did this entail? Did you upload a wallet file or did you backup a 12/24 word "recovery phrase" to your email? Also, what email provider were you using?