Each website you create a 2-Factor Authentificaion for also gives you a recovery code that you can use in case you encounter problems with your phone or the Google 2FA app. What is the status of those recovery codes, did you not write them down when you initially set up 2FA?

I have used a few exchanges that allows you to whitelist your device and IP address. The next time you login, it's enough to enter your ID and password and the site wont request a 2FA code. That's why you are still able to access certain sites without any codes.