So basically 2FA protects your account 99.9% of the time if you didn't have a virus or keylogger when you enabled 2FA on an exchange correct?

Because if a hacker has logged your browsing history and saw your 2FA secret code then, you are still vulnerable.