Most of exploits i seen were copy and paste malware or making the user type their seed words in fake websites/apps.

Never seen a remote exploit