So you had $40K in your account and you didn't even set up 2FA?
Without 2FA there are so many ways an attacker can obtain your password.
If they have a thief inside a company, 2FA also will be hacked.
So tell me please the way how hackers can obtain my password, exluding trojan, and fishing? the only way to obtain my password from outside to hack https of btc-e?
Maybe your 2FA device has a virus and the hacker can able to obtain the code. Contact agatin the btc-e support, only they can help you.
2FA alone is not enough--every service that holds cryptocurrency should require verification via email combined with 2FA authentication (this is what Poloniex does). Withdrawals should require the same.
Any service that runs without these basic features is just asking for money to be stolen.
Yes of course ,with the simple 2FA you have a "strong" level of security but as you told also the email for confirm the withdraw will add a much level of security.
However as I always said, you will should never keep your money in an exchange (for 1-2 days) -instead- you have to deposit > make the exchange and then withdraw all your "coins" to your personal wallet.