From article :
Guard Provider gets its updates through an unsecured HTTP connection, he said. This means that if an attacker was on the same Wi-Fi network as a potential victim, the hacker could insert malware in those updates through a "man-in-the-middle attack." That's when a rogue network is set up to look exactly like the one you're connected to and tricks the victim's device into connecting to the fake Wi-Fi. Using the vulnerability, a hacker could've interrupted Guard Provider's update process and added malware that would steal data, install tracking apps or plant ransomware, Makkaveev said. The attacker would have to time this to when the updates are happening and also know the file name of the update -- which is not difficult to figure out because they follow a template, said Yaniv Balmas, Check Point's head of research.
If we add to all this that Xiaomi is fix this security-flaw last year, and that OP is lives in the farm in the village, which means there probably aren't many neighbors who are capable of making man-in-the-middle attack, then such an option is not exactly the most probable reason for the loss of funds. However, this attack vector should not be neglected either, it is possible that the OP has used some public wireless network or has neighbors who are skilled in hacking.