In order for the last exploit to work, you must have your electrum wallet running unprotected with any password of 2FA/MultiSig and access a website or run a malicious software that would try use the exploit.

May I ask where did you download your original electrum wallet from? you can find this in your downloads tab in the explorer you used to download.

if it is anything other than electrum.org then you know the reason...