No matter how informed or an expert you are, you could also be vulnerable, if not from your end, it could be from the device side or the manufacturers.
Wasn’t it just this week that we heard an expert developer from NPM got hacked through phishing, this phishing attack is usually considered one of the weakest attacks but it still got such an expert, so as long as you’re online you’re not save.
The cost of creating/buying an airgapped device is less than $100, which is much cheaper than purchasing an iPhone or any other locked-source device for absolute security.
Exactly you cannot get an iPhone with that amount except you’re going for all this lower iPhones before XR which are more likely to lose supports for upgrade too. This is even less costly than some hardware wallets, although this hardware wallets are also less expensive to an IPhone 11 now which is considered not so high again. For me I just think it’s a thing of laziness and negligence that many still have huge funds on online device. Any amount above $1k I think it is best to sacrifice $100 to get a cold wallet.
Airgapped wallet set up isn’t rocket science everyone can learn it and set up well and use it properly if they truly decide to learn, if it is tricky then there is the hardware wallet which is more convenient
For me, 2FA is also a big help, especially the type that sends text verification before you can access your account. Yeah, it’s a bit of a hassle, but if you value security more than convenience, that’s one of the best ways to protect your funds.
In as much as this certainly helps to reduce risk than a wallet without 2FA but with the attack reported by OP will the 2FA actually have any impact because this kind of attack actually usually gets information from everything on the phone or the online device, so for informations or codes sent to Gmail it can actually get access to that. For 2FA on wallet like electrum once you have the main seed phrase exposed the person break it out, so I seriously doubt if it can have much of any impact in this regard
surely 2FA is helpful!! but once your device itself is somehow compromised then the full protection may no longer apply to you again because the attacker can still access your emails, some codes & even your wallet if your seed phrase is kind of exposed. that is why relying only on 2FA is kind of not enough as well. i think the safest way is still to keep large funds on an airgapped device or a proper hardware wallet. i feel spending around $100 for extra security is worth it compared to losing thousands, i mean generally security is an expensive commodity, convenience should never be placed above security, especially when it comes to protecting your crypto portfolio.