Seems a guy, Robert Forster, a some kind of hacker published his private key for a wallet of his with 1ETH balance. Someone else tried to withdraw but still was not able to ...
Forster used something called RBF ( Replace by Fee).
He signed a transaction but keep it offline, not informing the network about that. Then with the use of a listening node "watched" his wallet for any activity and when someone would try to move the funds he would sent the previous signed transaction to the network and since it would have higher fees it would replace the initial one and get propagated faster within the network.
Source link:
https://www.trustnodes.com/2020/01/04/hacker-publishes-private-key-but-no-one-can-steal-his-ethThe process sounds pretty simple and straightforward and definitely used as proof of concept.
The thing that grinds my gears is that for the signed transaction he seems to have added a fee equal to the wallet balance (at least from what I understood, to make it not profitable at all for any thief). And for any attempt to withdraw his funds he would "lose" the amount as fees for miners.