Most users loose their crypto, because they connect their wallet to some dubious website, and some JS code will ask for access. Then a transaction pops up, paraphrasing "allow scammer to take infinite ETH from your wallet" and they approve the transaction. The website usually tells them that they will get free tokens. No amount of tents are going to protect against that.
And then they go online and tell everyone they got hacked.