Nearly all of my logins over the years have been from my laptop at home. This past weekend I logged in to blockchain.info on my phone (updated google pixel phone) via the chrome browser.
Many chrome browser extensions are compromised. Many python libraries (upon which chrome extensions are built) contain malicious code. One of your extensions could have stolen your blockchain session cookie and forwarded it to an attacker, who utilized it to hijack your session login credentials and swipe your coins.
That seems like the easiest method for an attacker to pull that off.
Almost $5k lost.
That's a good chunk of change. Sorry. Hope you can recover it somehow.