From the article: "The website asked for permission from a Phantom wallet, and it actually drained all SOL from their wallet." It's possible that he didn't spend all his SOL on this project.
To me the craziest thing is that, on the one hand, you have Proof of Work, cryptographic security, public/private keys, the full song and dance.
On the other, you go on some website, click "enter app" and are prompted by a crappy pop-up to authorise the website spending all your money. And if it's Etherium, you have to pay like $50 just for the joy of doing that.
I do work in infosec and even I'm not sure how to make it entirely secure or trustworthy. Steps involved make whole thing rather unpractical. And might need things like pen and paper...