My Bitcoin was taken. How?

I'm trying to understand how someone got access to my wallet. I thought I was keeping it one of the more secure ways possible. I was doing self-custody, generated my key and printed it on paper on an offline computer, transferred my BTC to this offline wallet, and kept it stored in a safe that only I have the key for. Nevertheless, someone transferred all of my BTC to another wallet. I've verified the paper is still in my safe, folded without the private key exposed in a tamper-proof container. I would know if it had somehow been disturbed, so I'm 100% certain that physical access to my private key was uncompromised. In any case, the wallet my money was transferred to received funds from 20 wallets at the same time, so it really doesn't fit the profile of a singular break in involving my safe. My wallet, for reference: https://www.blockchain.com/explorer/addresses/btc/1A3aXSjyw1YYiyeRZDbpAZWxccT5xevjeF

So how could someone have accessed my wallet? I'm not super on top of BTC in specific, and I've not really been keeping close tabs on this particular wallet, since it was my intent to safely store this BTC and forget about it for a few years. But I've got a reasonable understanding of asymmetric encryption, and would've thought my BTC would be safe until someone opened that paper and used the private key, which should exist nowhere else but on that paper. I'm not devastated, as it wasn't a huge amount of money, but I'm feeling pretty deflated, and my confidence in BTC as a store of value may not recover. Any clues on how the fuck they got me?

Edit: Since lots of the replies are asking, I'll add it here in an edit. I generated the wallet using the https://www.walletgenerator.net/ JavaScript wallet generator client. It has been over a year since I generated it, but if I recall correctly I loaded the page with the client, disconnected my computer from the internet, generated the wallet and exported to a pdf, closed browser, cleared history/cache, then reconnected to the network and sent the pdf to my network printer. I suppose the printer spooler could be one compromise vector, but I wonder why they would bother to wait over a year to take advantage of the compromise.

Edit 2: I want to stress that last point from my previous edit. If there were some vulnerability over a year ago via the generator software, or the printer spooler, or some other weak link in the chain of generation to paper print, why would they wait that long to take advantage of the compromised key? There's been no activity on the wallet since it was generated and initially funded. Seems weird they wouldn't just grab the funds as soon as they landed in the wallet.