Ive just glimpsed through the whole Reddit thread, and it seems that the person in question:
- Did let others in his circle know he had BTCs.
- The ledger was pin password protected.
- There were two copies of his 24 word seed:
- One hidden somewhere, on paper, with the words in order.
- Another in an email draft, with allegedly 3 words jumbled, but the rest in the same order.
So it is feasible that:
- Someone acceded the 24 word seed hidden at his home (words in the right order), since people were likely aware that he had it somewhere there.
- Someone acceded the 24 word seed in his email draft, and since he only altered the position of a few words, perhaps he just swapped the first for the last (really swapping two words, not three). That would be the first option one would try, aside from reversing all words. If only 2 or 3 words were switched, the number of combinations to try is drastically reduced.
Even using a hardware wallet you must still be worried about your seed safety.
This is a serious problem and often neglected in my opinion. It's very important to hide it somewhere and a back up, where nobody could access it but you and a trusted family member (in case you die, in my situation it's important)
Inserting the seed in your Gmail is very crazy .... Even changing a few words