Wallet is a software itself. So this software can be attached to your device or to the website. If a hacker get access to your wallet or your device — he has an access to everything. Hacker have total control and can see all of your actions, then copy them and transfer any amount of coins he wants.

In a software engineering the biggest weakness is humans. That’s why so many hackers use social engineering to steal your coins.

Also one more common way to trick you is to fake someone’s identity. If an administrator of the support chat or the founder of ICO writes you in direct and ask for personal information — it’s a SCAM. You should never give anyone your personal data or your wallet ID, with this information it would be easier for hackers to rob you.