Thanks for the address.
From what I can see on the various scanners, the draining activity started at Dec-01-2021 08:54:54 AM +UTC with this transaction.
It is a standard-looking approval, I don’t see any problem with it, but I’m not an expert in these things. If it was your action, then that might have been what started this whole thing.
Otherwise, I would think that this was already an action of the attacker.
The attack continued on Ethereum and Polygon networks until 11 AM UTC, at which point they seem to have taken an afternoon nap, and at 3 PM UTC proceeded to start draining your BSC account, briefly coming back to add some gas and move Tether at 4 PM UTC, while continuing to drain BSC.
An hour later, at Dec-01-2021 04:42:51 PM +UTC, your accounts are almost completely drained.
The last transaction, surprisingly, is at Dec-02-2021 04:53:18 AM +UTC, so almost 12 hours later. It looks to me like the attacker got a good night’s sleep and then noticed that they forgot to drain the BNB from the BSC account, so quickly did that. Please note that at this point most of the tokens on the BSC account have been gone for over 12 hours.
To me, the attack does not look automated. There are minutes to hours between individual transactions, and they’re not happening on different networks at the same time. I would imagine that the attacker loaded your private keys into Metamask and then drained the accounts by hand, one or several tokens at a time.
I’m also seeing some unstake operations, so the attacker can do that if they want, apparently.
This gives you some hope: in your place, I would wait a couple weeks and then transfer everything out in one go, ideally at some point between 4 PM UTC and 4 AM UTC, when the attacker seems to be asleep.
Of course, I might be mistaken in any of this, so do as you see fit.
As for the reason, the most likely is (a) seed compromise, or (b) someone using your Trezor device without your knowledge. I haven’t looked too deep, but from a brief look, all the transactions can be done with a Trezor.