most are lost in phishing scams now

Correct, even though we discouraged them enough and they continued spamming phishing links only on Steem (see my auto-reply there for users that still use the same keys on Hive).
I'm not sure how the very last phishing wave hit, we're still investigating but most likely off chain - eg. on Discord.

Do you know if your bot has been beaten

Unfortunately (unless there's a way that I'm not aware of) I can't know in an automated way. Even if I find something that looks like a master key there's no way for me to know if it indeed was a leaked master key if it stops working even a few milliseconds before I automatically find it and try to see if it works. If I get there first I already change the keys (and send them to GP). The last week of April I plan on reviewing my code and try to optimize it even further.