speculated scenarios based on limited stuff said:
"email notifications from kraken/coinbase"
maybe the hacker got to the coins he had on an exchange
or
he uploads binaries for his bitcoin knots node to his server from github. hacker replaced binary with compromised one. luke downloaded binary from server without checking (who actually checks their own work if you believe you were the one that uploaded it(why check the binaries twice))
and then put his keys into the compromised binary of bitcoinknots and "byebye bitcoinio"
According to an article by ZyCrypto scenario B seems to be most likely.
Dashrj had reportedly used PGP to verify whether Bitcoin Knots or Bitcoin Core downloads were infected with malware before losing control of his keys in the process. Whereas Bitcoin Core is the most popular software used to connect to the Bitcoin network and run a node, Bitcoin Knots is a software with more advanced features than Bitcoin Core, but they are not as well-tested, making it more vulnerable to attacks.
https://zycrypto.com/crypto-community-on-high-alert-as-bitcoin-core-developer-loses-over-200-btc-in-hack/So the blind spot probably was him working alone on this wallet/node software "BITCOIN KNOTS" . At least he was the responsible maintainer. By breaking his PGP they were able to mess with the source code probably and in the end even his 2FA which he introduced was comprised. Really tragic tale.