The internet is a complex set of interconnected systems that can be attacked at many points. For example, MyEtherWallet was attacked through the DNS system, leading users to believe that a fake website was real. This resulted in the attacker walking away with $150,000 in funds. A similar attack was performed against Trezor's web wallet. Other network attacks are possible from exploiting server vulnerabilities or configuration errors to gain access to crypto keys.
Don't use services with a single point of failure that could result in a high-value honeypot for attackers.
Use sovereign key management where your keys aren't kept on networked services.
Never ignore HTTPS error messages on sensitive websites.