Now just picking a password to hack the metamask is very difficult but there are many other ways through which scammers doing this.
If you are talking about bruteforce, there's definitely no way a scammer will do such method because it'll be not worth it anymore because bruteforcing a password is not as simple as "picking a password"
I agree with cj why not having multiple way of recovering before you sent your eth. Saving your private key is a good way since you can use open it in many different wallet using private key.
I'm guessing you didn't try to reopen the wallet with your passphrase before transferring the eth balance ,thats why its happen.
Retesting the seed is a crucial part that most of people usually just skip. They don't know that there are chances error to occur and not testing the seed beforehand is really something lackeys would do.
Maybe OP need to check out the word one by one if there's any typo in it or try to rearrange the words which surely take a quite the time.