Hello btcney

I'm not aware of any vulnerabilities...

And the thing with the foreign IP is very strange...they should have blockt this.

I mean, this person had time to login (2FA needed), exchange my OMG to BTC (no 2FA needed) and then started a transaction/withdrawal that go authorized (2FA needed).
I could understand somehow that the hacker got my 2FA code once (don't know how, but i think it possible)...but he got a valid code at least 2 times in a few minutes.

The 2FA is on my phone and i had it all the time with me.