Keeping funds in a hot wallet, using Windows, installing random-ass shady software. With so many OpSec holes I'm surprised it didn't happen sooner.