(I hesitated to mention the name of the exchange in order to protect my existing account still in there.)

I started to use this exchange almost 4 years ago.  There were no any issues till recently.  Last Dec I logged into my account (which I haven't done it for a while) and the first page showed up saying that they will discontinue my services in 14 days and asked me to move my coins out to their US counterpart because I am a US customer.  I was thinking to myself, it I had not logged in, I would never know about this because they did not contact me at all on this matter. So I contacted the US exchange and found that they do not serve customers in my state.  So during all these times, I was researching for way(s) to relocate my coins.  I contacted the foreign  exchange and told them the challenges that I am facing in finding a place to put them.  They just told me to move the coins out before I lose them and then no reply to my follow up email since.  

Last week, I got three automated emails from them at the same time.  
First email: request to reset password from [IP which is not mine] (and a 6-digit code was included for verification).
Second email: Successful password reset from that same IP.
Third email: Successful login from new IP..... to protect your account withdraw is disabled for the next 24 hours.
                   (Thanks God for this function with the 24-hour disable withdraw.)

This happening really got my attention.  I immediately tried to log into my account.  I entered my password 4 times (one time away from my account being locked) without successful as it had been changed.  Thankfully, I did not try the 5th time knowing that my account would be locked and I would not be able to get any help from the exchange.  I sent an email using an old email thread to them reporting the situation, but got a reply saying that my IP is from an unsupported country which they cannot service.

However, thankfully, I was able to go through the process by clicking on the Forgot Password link and reset my password.  During that process, they sent me an email similar to the first email received before with the verification code.  And by using the code along with my Google Authentication code, I reset my password.  During the next several days, I did my best to get as much information as possible on how and where to move my coins to.  By using a VPN tool (first time), a desktop wallet, a hard wallet, and a  coin wallet that works with the hard wallet I was able to withdraw most of my coins out.  Before I moved my coins out, my heart was so heavy and troublesome because I did not know when the hacker would attack again.  

Now that I got most of the assets out from there I am more comfortable to talk about it and to share my story.  Would this be an inside job given that they knew the US customers are vulnerable and helpless (since they cannot use their customer services anymore)?  Else, how can the hacker by passing the email code verification and the Google Authentication process?  This is still very unsettling to me.  


Added on Feb 4, 2021
Thank you for your feedback and suggestions.  I added the following information as many people had asked related questions on them.
-   The exchange name has been mentioned by others in this thread.  Please spent sometimes to look for it.  
-   After I pulled my last coins out from the exchange, I will try to contact them and present the incident to them so that they can investigate and, hopefully as a result, to improve their services.
-   In order to reset my password, I need to enter the passcode which was sent to my email + the Google Authentication code.
-   The old iPhone which has the Google Authenticator installed was not turned on at the time when the hack occurred (and it is not usually turned on in order to extend its usage life as the battery is no good).  And I had not kept the recovery key for the authenticator anywhere – I did not save it.  So there is no one, including me can recovery it.  I got the authenticator for years.
-   This is a question for myself (just thought of it last night) – why did the hacker change the password (which triggered the no-withdrawal-in-24-hour rule) instead of withdrawing the coins out right away?  To withdrawal any coins, both the passcode sent to my email and the Google Authenticator code are needed (same as the reset password requirement).
-   I really don’t believe that my email address was compromised.  It that were true, the hacker could redirect the 3 emails that were sent to me to junk folder when the password got changed and account was accessed from a new IP address.  Without receiving these emails, my coins would be done for.
-   By the way, I have no ill attitude toward the exchange.  I really like the exchange as it supports many altcoins that are not supported in many other exchanges.  The way they required both the security code from email and Google Authenticator to withdrawal added a strong security layer to the accounts (in addition to login with username and password).  Also, the no-withdrawal-in-24-hour rule after password changed was a saver.  
-   They provided good customer support services before they shut me down by sending an automated email saying that my IP was identified as from a country that they don’t support when I tried to reach out to them again.  So if you are an US customer and your account got hacked, there is no way for you to seek any help from them – at least within a short amount of time (24 hours?) – before your assets got moved out.