another large site, whether it be an exchange, mining pool, etc. could be logging BTC addresses & passwords for users and attempting them at other sites the user is associated with.
That is a very good point. Don't use the same password twice. Use a password manager to generate a good strong unique password every time you sign up for a new site.
My guess is you have been infected by a key logger, stealer or RAT, they've taken your password and gotten your BTC. I recommend you use 2auth next time you play on pd or in that case any dice site.
If his machine is infected, 2FA probably won't help him.
The attacker's malware could simply change the withdrawal address on the fly right after the victim types his 2FA code and submits the withdrawal request.