After the Banano Vault web-wallet was shut down, the Banano team was helping various users recover/transfer their funds from Vault to the TheBananoStand web-wallet which is actively maintained.
It was discovered that multiple users had used insecure seeds for Vault — e.g. using a ban address as the seed, which is completely insecure and exploitable by anyone to gain full access to the wallet. Vault did not have sufficient validation checks to prevent this (while other Banano wallets such as Kalium and TheBananoStand do).
As a result a number of users have had their wallets compromised and Banano taken.