I'm intrigued by why only this change address
was used that one time, and all the others have 0 transactions. It's overwhelming to think that someone with access to such a large amount of money was a victim of
You're overthinking it.
The owner is free to select which address that he will use as a paper wallet from his wallet's keys and address.
He might have selected a change address maybe because he's thinking that it's safer.
If it's not a paper wallet (
unlike the author mentioned), it could be an RBF transaction that sent the BTC back to self.
e.g.: Electrum uses its change address as a recipient when using that feature, given the relatively high fee, he may have attempted to do it in Electrum but on a compromised client/machine.
Anyways, you'll only be receiving "
educated guesses" without solid information about the case.
Is the seed phrase somehow peculiar?