You should use a passphrase with your Bitcoin signing device / hardware wallet. This would have most likely stopped this attack from being successful as the passphrase is not stored on the device.
htt...
Do consider that it will be a single point of failure. The passphrase will not be in de bip39 directory. So one character or capital letter misplaced or forgotten is all of nothing.