It is mostly phishing attacks but also potentially web vulnerabilities. Our user base is exposing their keys to the web a lot more than many others, which increases both risks. In fact some cryptos that previously used web for wallets a lot have moved away from it.