[brndnmtthws]

If you use a hardware wallet, the private keys only exist on the device, and therefore cannot be stolen using this attack vector. The Ledger uses a secure element, which is an entirely separate MCU, and (as far as we know) can't be 'hacked' by any script kiddies.

However, if you for some reason decided to store the wallet seed on your computer, it's no longer secure.

[domenukk]

An attacker can still use the hardware wallet to transfer money as long as it's plugged in. To prevent this you need external hardware with a display and external input (that cannot be reflashed through usb (!)).

[brndnmtthws]

Wrong. The hardware wallet requires physical access to sign transactions with the private key (you have to press the button to acknowledge the transaction).

[alexeldeib]

Peer comment has hit the nail on the head: what you're describing is the functionality provided by hardware wallets -- external physical input/display.