I really do sorry for your lost Lexicon, i know that you are also a programer, and have much better skill, experience, and knowleedge than me, this really made me think about the security of my own wallet and passphrase
regarding the pasphrase, have you use it anywhere outside your safe environment?
have you made any connection to a public wifi?
did you store the pasphrase on your smartphone?
which OS are you using to login to your main account?
as you said earlier, i think it would take centuries to bruteforce that 222 characters..
can we trace the ip of that stolen funds?
can we involve the authority/police/cyber crime investigators into this?
let's add another functionality for Burst, let's called it "safe", the funds/tokens/assets inside this safe is locked for minimal n blocks, which could not be spent, i think a smart contract should be adequate here.