Thanks for explaining more in details what happened, quite a story. Well, panic is rarely a good advisor in crypto, but some bad things happened before you panicked already.
OK, so you use some sort of cold wallet setup where you sign a transaction on a live Linux that you boot up and which shouldn't be online to remain cold. I assume this live Linux isn't persistent or is it?
The part I don't understand and which kicked off a stream of bad events: why do you have your unencrypted seed phrase (the mnemonic recovery words as I assume) on a SD card? Likely out of convenience to re-create your wallet on the "cold" live Linux?
This is bad, especially when you apparently loose control and the SD card can become "hot" on an online system.
The next bad thing was to deviate from your usual transaction transfer and signing process.
Linux Live has no persistence, otherwise it doesn't make sense to use it. However, I’m using the same laptop to load live system and my normal system. But all the disks on it are encrypted. There is no interaction between the persistent system and the Live CD system. I’m using a Ventoy USB drive with a live ISO image. I checked it, and aside from Ventoy configs and the ISO image, there are no other files.
As for the SD card encryption, it’s a good question. SD card is typically encrypted as well. A new version of VeraCrypt was released this month after a year of development. I noticed it and decided to re-encrypt it using the new version, just to stay up-to-date in case any bugs were fixed.
For this, I temporarily copied my seed to another SD card in plain form because the full encryption process takes time. I didn’t have the time to wait for the complete formatting, so I postponed it until the night. I live alone, so no one could have touched anything in the meantime. I know...it is a stupid chain of events.
Essentially, I suffered because of my own paranoia. In my effort to keep everything protected with the most up-to-date encryption, I ended up causing a loss instead.