You should use a passphrase with your Bitcoin signing device / hardware wallet. This would have most likely stopped this attack from being successful as the passphrase is not stored on the device.