It depends what the attacker want to do with your key. For example he could just change your lighting address in the profile to forward himself your zaps. You can also use some tools to list all your events, included those that are not notes, but unfortunately it's not easy to detect if an event was signed by someone else,l. You have to take care of your key in advance.