I know Ventoy and use it myself to easily boot various systems from ISO files. Very convenient tool.
I still don't quite see the need to store the mnemonic recovery words even on an encrypted flash medium. Your wallet and appimage files for the wallet software belong there because of the non-persistance of the live Linux you fire up.
Having the mnemonic recovery words on digital media, I think always poses the risk to mess up in some or another way.
How about Tails with an encrypted persistant partition for your cold wallet side setup? This is what I use. I have a good and fast USB3 microSD card reader and I feed it with Samsung Edurance Pro microSD cards (those are durable and last long with quite some write endurance).
Never forget to backup such important setups. No backup, no mercy!
The real question for me is how another address ended up in the transaction. If I was hacked, why wasn't the entire amount sent to that address? I tried to cancel the transaction, but the replace-by-fee attempt failed. The block explorer says it was spent as a fee—does that mean I managed to stop it from going to the hacker's address, but instead it got spent as a fee? If so, how is that even possible? I double-checked, and Sparrow Wallet doesn't allow a fee higher than 8k sats... This is what I don't understand at all.
This is (for me) the more interesting and tricky part to dissect and understand what was going on.
Agree, Ventoy is the best thing for bootable USB drives ever.
I always store it in encrypted digital form and have never encountered any issues. It also allows for multiple backup copies. I only use a Live CD for securely signing transactions. Using a persistent partition in this scenario is a bad idea. If you need one for other purposes, an SD card could wear out quickly and isn't very fast. An SSD is a much better option.