...they are made in China and only assembled in France.
You just described 90% of products regardless of the industry. Most things nowadays are made in China and similar countries with cheap labor, shipped worldwide, assembled, branded, and sold with an expensive price tag.
From everything that can be read, the person who generated the seed claims that it was in a safe place and that it could not be the cause of the hack.
People don't like to admit that they did something wrong or are directly responsible for what happened to them. A user error has many times been the culprit.
If we assume that this is correct, then there are at least two options left - one of the comments says that maybe it is an interaction with a malicious contract (recently we had a case where this was the reason for hacking), or the HW was modified in a still unknown way which enables it to pass all checks by Ledger, and the hacker still gets the generated seed.
I thought the recent hacks affected ERC-20 tokens and not the underlying native assets of alternative blockchains. Maybe I am wrong.