I am sorry for your loss as well.

In an effort to help prevent this from happening to others I have a question:
- You mentioned "those instances were 100% using an encrypted wallet." I thought you couldn't mine with an encrypted wallet?
- On EC2 where you running windows or linux instances? I know with linux instances you can only log in with your keypair (pem) and all ports are blocked unless you open them with a custom security group config. Not sure on windows (I believe you can set a custom administrator password and clone with the same windows login ID and RPD easily to it)

As you mentioned this likely happened earlier though... This is why I do not use shared wallets. Or store my central wallets on windows =/


The problem with cold wallets is, by design, you have no access to it. Which makes it hard to "sell" coins to recoup expenses (and opens it up to being stolen via a compromised system)