I don't think that's fisible. By just copying your wallet file the hacker would still need to input your seedphrase or keys to access your wallet. So always make sure to store your keys offline and not in your computer even if it's a cold storage..
This is wrong.
Anyone who has access to your wallet file (and know the password, if it's encrypted) can steal the fund without any need to your seed phrase.
Take note that the wallet file contains the master private keys.
Generally, for accessing your fund, you need to have the wallet file(+ password, if it's exncrypted) or the seed phrase (+ passphrase, if there's any).