I'm theory is he had some browser wallet for some eth thing he was doing or tested at some point.
When Google account was hacked, they were able to access said wallet to get his ledger seed information.
Rip
Any blockchain sleuths out there?
This chap had his account hacked. Nearly everyone in the comments is saying that he must have just been careless with his seed phrase, but looking at the destination address for the stolen BTC, something's up:
https://www.reddit.com/r/ledgerwallet/comments/11ypwa8/why_is_my_ledger_empty/
Discussion
But only possible if he's typed his seed into his PC at some point.