You are simply out to slander an exchange, spam a Telegram chat (@ myCOSS), frankly you are blaming everyone else for what was a unbelievably stupid error on your part, with your username and password being gained from somewhere as well.
Don't be stupid. Passwords are hacked all the time. That's why 2FA exists. If the site allowed someone to brute force the 2FA, which tends to be a no more than 6 digit code, then that makes their 2FA spectacularly useless. As such the blame lies squarely with the site, regardless of whether the OP's password was '1234' or 'dog' or what have you.