And again, we have an unexplained case that began with a user error. In the beginning, the victim claims he did nothing wrong and didn't sign malicious transactions. The reason being that the scammer was idle for about three years and only then emptied the victim's wallet. Or perhaps the hacker only gained access to certain keys on a service three years after the victim allowed that service certain rights. It still puzzles me how this would work when each transaction needs physical confirmation without the user messing up big time. How can physical confirmation be delayed for three years?
It's a strange case that has been the subject of much speculation, but apparently no one (yet) has offered a meaningful explanation. If a hacker did something 3 years ago, and only recently succeeded in his plan, then he was probably waiting for that user to do something - although it's strange to me that he didn't do it for the whole 3 years. Whatever the case, if you store a significant amount of BTC on Ledger HW, do not play with various tokens and do not connect the device to various wallets.