Unless the wallet client required a one-time code to be input which requires a user-specific physical offline component to generate. MMOs have been experimenting with this kind of security for a while now and I believe it's been working out relatively well.
See: WoW authenticator
https://us.battle.net/support/en/article/battle-net-authenticator-faq
Any transaction made with the proper code would have to have been made by the person with the authentication device. I don't believe the odds of these offline authenticators getting cracked are very high, but I could be wrong.