So you had $40K in your account and you didn't even set up 2FA?
Without 2FA there are so many ways an attacker can obtain your password.
If they have a thief inside a company, 2FA also will be hacked.
So tell me please the way how hackers can obtain my password, exluding trojan, and fishing? the only way to obtain my password from outside to hack https of btc-e?
Maybe your 2FA device has a virus and the hacker can able to obtain the code. Contact agatin the btc-e support, only they can help you.
2FA alone is not enough--every service that holds cryptocurrency should require verification via email combined with 2FA authentication (this is what Poloniex does). Withdrawals should require the same.
Any service that runs without these basic features is just asking for money to be stolen.
Yes of course ,with the simple 2FA you have a "strong" level of security but as you told also the email for confirm the withdraw will add a much level of security.
However as I always said, you will should never keep your money in an exchange (for 1-2 days) -instead- you have to deposit > make the exchange and then withdraw all your "coin" to your personal wallet.
Exactly--this should be common practice. 40k USD isn't exactly pocket change for most people.
There really should be a rating system for the various exchanges, what security measures they offer as well as a track record of their history (sort of like coinssource we need an exchangesource if such a thing exists)
Email confirmation of transactions/withdrawals will at the very least prove the exchange is extremely unlikely to involved in theft from accounts and would point at the user's computer being compromised (or similar).