A bad actor from Myalgo (ran on the algorand blockchain) was crackin heads just 6 months back. If you used their tool to generate an online wallet then it was compromised on the backend of the website. Plenty of people were told to rekey and did not listen. They took everything from everybody. They are still probably draining accounts that were not rekeyed. If anybody has heard about this and knows if anyone was ever caught, it would be cool to know.