According to Twitter user Hacxyk., a bug was found in the NEAR Protocol wallet back in June, almost the same as the recent Solana wallet hack.
When a Near wallet user chooses email as the recovery method for the mnemonic phrase, the mnemonic phrase is leaked to a third-party website.