Very difficult to say whether this was an inside job or not. These sort of attacks happen all the time. However you did the mistake by keeping your coins in the exchange wallet. Unless you are a day trader, I don't see any point in keeping your crypto assets in an exchange wallet. I am telling this out of my own personal experience, as I have lost my coins multiple times in various exchanges.

However a few things sound really fishy. OP is saying that the exchange didn't contacted him to move the coins as restrictions are in place for US costumers. The exchange probably sent an email, but it may have landed in the "spam" folder. The fact that the hacker was able to reset the password (is it even possible without Google Authentication?) could mean that either the phone number or the email address was compromised. In that case, it will not surprise me if the hacker deleted some of the emails from the exchange, even before the OP could notice them.