More like a failed attempt to exit scam. The hacker would have to bypass multiple layers of security.
Access to devs personal phone to use Google Authenticator app, access to devs email to confirm fund withdrawal, wallet password would be needed to send funds to Crex and private server also had to be hacked.
Seems like a badly written Hollywood movie to me.
You are making point. Possible suspect should have been a close ally to have had access to all these info.