Sorry to hear that mate. Hope it wasn't much but yes it was totally wrong to leave coins on an exchange.
Why would you do that ? Even if they weren't stolen, what if the exchange just goes down ? Or turns out to be scammy suddenly ?
Definitely not a good idea ! Your coins would be gone the same way they were. I've been saying this almost every single week. DON'T leave coins except in your own wallet and in an address that you have the private keys to saved somewhere safe.
the thief was was able to login from my IP and was able to login to my email despite the fact that I had just changed my password. Be careful out there. Cold wallet your coins.
You changed your password recently and he could get it that easy ? Well, this suggests one thing only ! The thief hacked into your computer and must've installed some sort of key logger. Hacking stuff are crazy, he might have just used your computer (remote control) and send the coins (I guess you probably have your login info saved in the browser ? ) or even worse you got tricked into entering your login info into a fake phishing site that was sent to your email and you thought it's from them.
Plus don't they have 2fa ? If it exists and you didn't set it up, that's definitely a huge mistake.
Well, we learn from our mistakes but I guess this was a costly one.