"email notifications from kraken/coinbase"
maybe the hacker got to the coins he had on an exchange
or
he uploads binaries for his bitcoin knots node to his server from github. hacker replaced binary with compromised one. luke downloaded binary from server without checking (who actually checks their own work if you believe you were the one that uploaded it(why check the binaries twice))
and then put his keys into the compromised binary of bitcoinknots and "byebye bitcoinio"
According to an article by ZyCrypto scenario B seems to be most likely.
https://zycrypto.com/crypto-community-on-high-alert-as-bitcoin-core-developer-loses-over-200-btc-in-hack/
So the blind spot probably was him working alone on this wallet/node software "BITCOIN KNOTS" . At least he was the responsible maintainer. By breaking his PGP they were able to mess with the source code probably and in the end even his 2FA which he introduced was comprised. Really tragic tale.