Ok i just give you a small example
1. The buyer wants to buy 500btc; he provides a bank statement in the amount of 500btc
2. the buyer wants to make sure that the seller has coins in such a volume and requests a satoshi test from a wallet of at least 500 transactions and that it is not a stock wallet
The seller refuses to provide a satoshi test because he is afraid that his wallet will be hacked
from this we can conclude that either the seller does not have coins or the seller is afraid that they can actually crack his wallet
From the above-given scenario, no such hacks would ever be accomplished but the seller will be exposing his wallet which contains 500 btc (assuming he did the test) and that's basically it, although of course the risk of physical attacks to the seller can still happen if the identity of the buyer and the seller is already known to each other. Technically, even if you know the public address of a wallet, you still can't crack it by just using that. You still need the private key in order to gain full access to the wallet/address of the seller.