thanks a lot for explaining this.
So if I make a transaction, and this transaction is still in the mempool, the hacker can change it and steal it, is that what you mean?
Why does he have to know the address in that case, can't he just brute force and test all the transactions in the mempool, or is that impossible?