Nothing new with this, a lot of people had the same issues/hacks a few months ago with bitcoin.
They just downloaded a trojan or a rat, and everytime that they wanted to send tokens with their computer wallet, they were sending the coins to the hacker's wallet.
What the hell, how do people send tens of thousands worth of Eth without triple chechking the address?
But this is not a problem of the eth network, this is the fault of those who does not even check the address more than two times before sending