Sorry to hear about the issue.
Here at GoodLayers, we take it really serious about security issue. So, before we launch every of our themes, we will make sure that it will not have such vulnerabilities.
We can ensure that the problem won't come from our theme for sure.
1. When we create themes, we do not create any custom functions to communicate with database. We only use it via WordPress's function only so at this point, it will be on the WordPresss itself.
2. The vulnerabilities can caused by third party unreliable script that contact to third party url. In this case, we only use the script that contact to Google(to pull Google font) and Google is surely reliable source.
3. Before launching the theme, Envato will perform the theme reviewing including the checking of inappropriate coding. So they will ensure that all themes sold on the market place will be coded by following the best practice of WordPress theme creation and also they will reject the theme if the code include such a vulnerability.
However, these are possibilities of the infection.
1. Using share hosting, share hosting (or maybe bad hosting) can caused such an issue. When other customer's site that is on the same hosting(shared) of yours get infected, your site will have a high risk then. I can confirm this by experience. I used to use some cheap local hosting and it's not quite good. Some customers' sites got infected and my site was infected too. After cleaning viruses, it didn't go away but after I switched hosting(I switched to Media Temple at that time.), the problem was completely cleared.
2. Vulnerabilities in third party plugins. This is one of the most popular reason that cause WordPress site's infection. Make sure that you use the plugins that are well implement with best practice of WP plugins creation and notice that the plugins are updated time to time to ensure that they keep fixing bugs and patching vulnerabilities.(We do this with our products all the time.)
3. Bad permission folder setting on your server. Make sure that it's securely set. 644 is recommended for php files and 755 is recommended for the folder. By missing the good setting can let hackers to edit files.
4. Password leaks. Make sure that you set the very strong password for admin role, CPanel, Database password, etc…
There can be other reasons for these but it will be good to have these things checked. Our demos and our site have A LOT of traffic in each days so if you get hacked by our themes, our server should be hacked by now but nope, it hasn't happened to us. Also, we have more than 130,000 customers using our themes but very very rare like your cased reported. (like 2-3 times only)
There're also some tips from us.
1. You can try using security wp plugin : https://kinsta.com/blog/wordpress-security-plugins/
2. It will be much even better if you use DNS with security feature. You may check out CloudFlare service. It's quite useful. (Our site use DNS service with WAF feature from StackPath can service.)