That's not the only way you could have messed up. Phising and malwares can occur from many sides. You could have been infected with a different app, or you could have been hacked in other ways. Even your BitTrex could have been hacked somehow. However, those are only POSSIBILITIES. I'm not saying this is what happened. This is what COULD have happened with you or anyone else.

I mean, if you somehow ended up leaking your API keys (malware, phishing, etc...), the user with possession of your keys could do any kind of trades (along with what permissions you choose for it) without any issues. They could, for example, buy or sell any coins they wanted for any price they wanted, which is what seems to have happened. When you give TabTrader your api key, they do all of this stuff in your name (selling, buying, trading, etc...). If a malicious actor also gets hold of that key - from you or TabTrader - , he can do the same, but in a way you didn't permitted and which benefits him (e.g selling low and buying high).

I'm not saying it's your fault and TabTrader is clean. And neither I said thats all their fault. Only them can give you an answer, and they said they are investigation, so you can only wait. In the end, I can only see them possibly giving you any kind of reimbursement if they admited it was their fault and that their system/app were breached, which we can't if it happened.

I hope it all goes well for you. I have used them before and never had any issues, but this doesn't make them hack-proof. Losing your coins which you had for so long is one of the most frustrating things that could happen.