if you got compromised trhu your computer it could be possibly, but at same time your mobile which linking with 2fa, they have accessing too, seems it weird.
That's what i don't get. The phone was all the time with me...no idea how thexy got the code...at least twice.
One for the login and then another to authorize the transaction.