Yes but the hacker can have keylogger, so they check when OP logs in and get his private keys. In this scenario, nor 2FA nor EMail confirmation helps you out cause he can do whatever he likes with OP account. I thought OP was hacked, if not then I am very happy for him.
If you read the previous posts, its highly likely someone is bruteforcing the passwords. Which if you don't know if not in anyway similar to keylogging, what you're saying does not even make sense. You mean to say email accounts of dozens of members have been compromised and the hackers haven't used them, stupid FFS