Disregard the post above. So far you are making use of an exchange, and the deposited address is different and not yours, that should not be QR code or clipboard malware. It is strange to me but I think the hacker was able to logout your exchange account, login their own account which may be very similar to yours.

Don't you enable 2fa and sim authentication?