Now that's some serious fuckup:

https://www.generalbytes.com/en/news/general-bytes-statement-on-the-security-incident-that-occurred-on-march-18-2023

A friend of mine did a partial withdraw from a paper wallet in 2017 on an ATM. His paper wallet was emptied that night of the generalbytes hack. So they stored his private key in their cloud database unencrypted for 6 years.