I have tokens for one week. I will always have a lot of tabs opened in my chrome so I don't remember the susceptive activities while opening the MEW wallet. I think I installed a couple of chrome plugins recently. Do you think one of the plugin tracking MEW info? I also noticed the person transfer 0.018 ether to this address
https://etherscan.io/address/0xf565adb21e7ea1c7fd3de8f4f29421e96c0659f2 and then transferred to binance wallet.
There are some possibilities.
1 you are putting your privatekey in the phishing site.
2 Your extension was having a trouble because it's relied on 3rd party it can be used to attack those were installing the extension.
3 you might put your privatekey when you are joining in the airdrop
4 you getting pished by keylogger.