If the thief has malware on your PC they can bypass or hijack any authentication you can perform in order to authorize a different transaction. This has long been a problem for online banking systems that attempt to employ 2-factor. The thief can use malware to change what you see on your screen and change what's happening in memory so you end up authorizing a different transaction than what you intended.

What's really needed is end-to-end transaction integrity verification on a dedicated hardware device. Trezor gets us most of the way there but the transaction is not verified end-to-end, only workstation-to-Trezor. A system like the Cronto banking hardware device is needed for Bitcoin, where a PKI implementation similar to BIP70 could be used to verify the address of the payee all the way to the secure device of the payer.