Yeah if you are using a web wallet or even a mobile wallet it is very much possible to have that wallet. Its hard but if you do something wrong or you being careless about private key or pass code or phrase then it is possible. The most common hack is pissing its nothing but a advantage of your mistake. They create something which look like trusted and when you use your private key in that its just store on their storage and then they use it and hack the wallet. And there is lots of big hacks also. Like exchange wallet hacks or somethings.