I think it is a cycle. Hackers beats the security systems then the security systems improve then hackers tries to beat the improved security system and so on. I think the best move here for us consumers is to take care of our access. We should always look out for phising websites and transactions over unsecured connections to eliminate human error in our part.
I have same opinion with you. We should always carefull with phising link on our email. Most coin wallet are safe if we keep our private key and not share it to anyone. Always double check on website we visit because hackers always looking our mistake