To answer some questions: This does appear to have been caused by malware. Which I've cleaned up
The vulnerability is that anyone could mask your IP and do a forgotten password exploit. This guy was able to loginto my email and clicked the link from there. Apparently there is no 2 step authentication when logging in after a new password is created. He was able to drain my hot wallet despite me replying to the text and via email that I did not change my password.
I did not keep myself off 2fa authentication for 30 days.
I have not heard too much from coinbase and I am worried that this vulnerability. I figure that this is a loss.
I am however keeping on the sunny side as I have still not lost any money in bicoin despite the theft.
Be careful out there.