Having a dedicated device for holding your wallets and always offline is the way to go, i already have an air gab device that keep my wallet and oldest sim on, this device is always off and i only power it when i want to do a transactions.
Just for the record, that's not an airgapped device. An airgapped device can't access the internet at all, like some of the airgapped hardware wallets we have or an airgapped computer with the network/WIFI card removed. What you are doing is better than having your crypto on a phone you use for everyday activities, though.
Sorry Op, I did not actually understand the story fully.
According to the story above, Alex is only in contact stage with the alleged or to-be partners. What really happened, did he disclose his private details at the course of the meeting?
Could it be that they hosted the meeting with tools like TeamViewer and he gave them unrestricted access to his computer?
He claims that interviews took place over Microsoft Teams, and that he was given an official link. Somehow I doubt it was an official link. They might have tricked him into installing a malicious extension followed by malware specifically created to find crypto wallets. What happened next is unclear. Perhaps it was drainer malware. Perhaps a keylogger that tracks and takes screenshot of everything you do. Perhaps a cookie hijacker that steals your cookies and allows you to access everything the other person does online. Who knows...
I don't understand how it was possible to empty 150 different crypto wallets with just one click on a link? What comes to mind is that this user may have protected his wallets with a password that was very simple and identical for each wallet, but again, if we take into account that someone stores so much value in hot wallets, then it is possible that he also stored his backups on the same computer in unprotected text form.
Even if he used the simplest password, how did they find all his wallets and gained access to his computer to empty all of them? It's quite an advanced scam compared to the usual phishing schemes we see on a daily basis.