Will the thief have a copy of the private nostr key then.

It's things like this why protocols based on cryptographic identity need to support ephemeral keys and certificates. The nostr key on the phone used to sign notes will be rotated every week or so. Each new key will be signed by a master key kept in cold storage with a declared validity of a week or so.