The second attack you mentioned is impossible. You cannot extract a seed phrase from a hardware wallet (unless it is a shit one).
In fact, you can if you come into possession of a device that has a security vulnerability which makes it possible. Such a vulnerability was found some time ago in Trezor, see here ->
Trezor&Keepkey - Unfixable Seed Extraction - A practical and reliable attack!, and you obviously forgot that you post in that thread.
Of course it would be best if this security flaw could be fixed (this is not possible), but it can be prevented by adding a passphrase or by using
SD card.
I forgot that this vulnerability could not be fixed in Trezor... Good remembering it.
it requires a gigantic transaction to be sent first to someone in a trade where you get something else in return (like selling millions of dollars worth of bitcoin and receiving the fiat) then 51% attacking (that costs millions of dollars) to reverse that transaction. but the problem is that someone who has accepted such a huge transaction will demand a lot more confirmation which means the 51% attack cost goes into trillions of dollars range.
This is so true. If an exchange is worried about a transaction of 20 million USD, the exchange you just wait for 10-20 confirmations before crediting his account, making the transaction really irreversible, even with 51% processing power.