Recently I have been receiving emails that someone is login in into some of my exchange accounts that I didn't activate my 2fa settings. Although I don't have money In them, but now I see how unsecured they are without the 2fa settings being activated. So my advice to you is to activate your 2fa settings in any exchange you are trading on to avoid unwanted entries or hacking. Be safe
Did they successfully log in to your accounts or just an attempt?
At most of the cases, even without an activated 2FA, there should be some necessary steps required before a successful login like email or phone confirmation especially in an unrecognized device or IP.
And ever wonder why those hackers know that you have an account at the specific exchange? Stay out joining a mailing list at random sites.