In a case like this, with a compromised device where the private key are already generated and known to the hacker, the victim had no chance. It is true that multi-sig could have mitigated this hack, but the tradeoff is that multi-sig adds another layer of complexity to the setup, which might not work well for non-technical users.

When it comes to buying signing devices, the source of the device is utmost important. Had the victim bought the device directly from Trezor, this hack could probably have been avoided.

Also, there should be a way to check the authenticity of the signing device with software from the vendor? Not saying something needs to do this, but something as simple as installing the wallet software from the vendor's site, plug the signing device into the computer, and have the wallet software check the device's authenticity before putting bitcoin into it.

But yea, if you're paranoid and willing to take the extra precautions, definitely do this.