...then suddenly.

Right. My first impression is this: there is something wrong if you have to enter your secret key in a device and if your device is compromised, so is your identity that you invested in. This is why PGP has subkeys and revoke certificates. Not sure if something like nostr could be made so you can resume your account with another subkey, but at least you should be able to revoke it. Oh, well. Hello world. I guess.