From everything that can be read, the person who generated the seed claims that it was in a safe place and that it could not be the cause of the hack. If we assume that this is correct, then there are at least two options left - one of the comments says that maybe it is an interaction with a malicious contract (recently we had a case where this was the reason for hacking), or the HW was modified in a still unknown way which enables it to pass all checks by Ledger, and the hacker still gets the generated seed.

We should not rule out the possibility that someone managed to hack the Ledger recovery service and that the device is sending the seed in the wrong direction. One would conclude that this would then surely happen en masse, but some hacker who figured out how to do it would surely keep it to himself rather than share it with others - at least until he hacks enough devices and is satisfied with the loot.