My MEW got hacked and my tokens were stolen. I am very careful when putting my address on each bounty campaign and never sign up online which require any private key. I don't really know how I get phish or how hacker accessed my MEW. I learned my lesson and will never use private key again. Do you have any idea how I get phish? I got one in mind that a fake mew site does exist?
Scammers are becoming more and more refined, but this is the easiest way to crack your secrets, and you yourself are on it. So you need to be more careful and take countermeasures in advance.