Oddbean new post about | logout
 So ya I’d say that if there are ZERO logs of any kind at the exact time of attack, that’s definitely suspicious. MacOS is extremely verbose, so I can’t see that happening. 

As far as getting root, it’s possible they found a privilege escalation vulnerability. It’s not terribly uncommon, especially if you’ve heavily customized things or write a lot of code, which could inevitably give someone a way to root. 

As far as logs for deleting logs, it’s definitely possible but I’m not familiar enough with their logging structure to say off hand. 

Sucks dude, hope you figure out what happened. One thing you can do is hire a forensics firm, but that’s big money.