Really shocked. How peoples would save their funds where even Google 2FA could steal from the device? If using mobile phone verification then it's also could be stolen with the help of operator helps. It's time to think for something else from the end of Google. If continuously happen that then peoples will lose faith from  Google 2FA although that's no a mistake of Google.

Anyway, we should use high reputed exchange where ask for multiple verifications. For example, Binance requires me 3 step verification during withdrawal, Google 2FA, mobile, and email verification.