https://darkskippy.com/An attacker who corrupts a signing device watches on-chain until they spot a watermarked transaction, unblind and invert the low entropy nonces to learn the master secret seed.
I recommend watching the
short video, very interesting way retrieving the seed phrase.
A signing device could be tampered with to have malicious firmware loaded onto it.
The user could be tricked into installing malicious firmware onto their device.
The attacker could build malicious devices to sell or infiltrate supply chains.
It seems to me that the third option is something that represents the greatest danger, because most hardware wallets have protection that prevents the installation of malicious firmware. So be careful who you buy devices from, directly from the manufacturer is the best option - it is even better to convert an old laptop into cold storage - then you don't need to worry about any firmware.
On the other hand, if someone loses a seed, he can attack himself in this way in an attempt to recover it - although it is much simpler to just send coins to another address/new wallet.