you can track the delivery of tokens on tx but it will be difficult to identify hackers because shipping usually leads to the Exchanger address
for the future, it is better to store the private key on the external as on the hard disk because it is safer
Not necessarily. I think it's possible that he accidentally accessed phishing domains. The best way is to visit a strange link every time, use the online virus scan tool. To secure yourself from loss.