Hi @xmauron3,
Thanks for passing by.   =]

As I explained in my first article about this topic, I started thinking about this when after reporting a phishing attack on steemit I started reading more about security issues on Steemit and came across this post with $ 7500 payout that gave me the idea.

I then verified that Steemit now displays an error when you accidentally paste a private key but other apps dont and future dapps may forget to as well.

Here is my latest update: https://steemit.com/steem/@gaottantacinque/the-keys-defender-bot-is-live-in-beta-mode

Right after I posted that, someone indeed accidentally leaked his private active key.. 🙈

So yes, it's quite common. Right now (with not that many active users) it happens about once a week I would say.