Hoping next time you can name that exchange so that we can also avoid using that.
I don't want to mention the name directly, but it has been mentioned in this thread by others. You will need to look for it.
Do you remember something or anyone that saw your Google Authentication recovery key? I've been using it for 6 years and I've not yet experienced nor heard a news that their google auth 2fa was compromised. Nevertheless, this would remind to the members of this forum to take extra caution on their private accounts. Secure them properly and make sure you are the only one that knows it. If possible prevent other people from borrowing your device if you think they are capable of stealing your private accounts.
I did not keep the recovery key. At the time of setting it up, I did not even know that we should keep our recovery key.
Something just clicked. I am wondering, why did the hacker change the password instead of just transfer the coins out. Unless they did not really have the code which was sent to my email and the Google Authentication code. Besides, the phone with Google Authentication installed was not turned on. Because these codes are also needed to transfer coins each time.
After I pull out my last coin (which is a very small portion relative to the original amount), I will try to contact them using VPN as ask them to investigate. It is for their own good that they do investigate. If they don't, it will be their own loss.