You give an example of an incredibly targeted attack of snooping around manually on someone's machine so you can exfiltrate yet more sensitive information like credit card numbers (how, and then what?)

But (1) how do you do that with hundreds or thousands of SSH/API keys and (2) how do you actually make money from it?

So you get a list of SSH or specific API keys and then write a crawler that can hopefully gather more secrets from them, like credit card details (how would that work btw?) and then what, you google "how to sell credentials" and register on some forum to broker a deal like they do in movies?

Sure sounds a hell of a lot more complicated and precarious than swapping out crypto addresses in flight.