Sorry not sure what guath is.

But the individual somehow by passed the 2FA and somehow got ahold of my password and proceeded to changing the API key (no idea what the purpose is) and withdrew all the funds. I have the person's IP address, but I don't think I can do anything with that at this point. I am just paranoid if my computer/phones are infected.

Maybe I should disable 2FA :/