Yes, that's right but considering the OP's wallet was hacked, it's either the hacker get the login details which is probably wasn't happen in case of OP because he will received the email authentication but it's the seed/recovery seed of the wallet that was compromised, which will not give any notification to Op when there's a transaction happened.
One of the possibilities is that hacker actually came into possession of seed, the question is only in what way. Looks like nobody has read my post which tried to explain mysterious disappearance of funds from blockchain accounts, and this can be one such case.
I returned 9 BTC to reddit user fitwear who recently claimed were stolen from their blockchain.info wallet.
I have evidence that some bitcoin address generation code in the wild is using private keys that can easily be discovered on a regular basis. This is either intentional or by mistake. Some wallets have been compromised by what is probably an innocent looking piece of code. Furthermore, someone has been siphoning bitcoin on a regular basis since 2014 from them. Whether they discovered this by accident (like I did) or are the ones who installed the code themselves, I don't know. It looks like either a clever exploit or a coding error. It could also be yet another piece of malware, however as I explain below, I feel this is less likely the case. In order to fully understand how this works and how I discovered it, please read on.
No matter what really happened in this case, the damage was made and very likely irreversible. It is an indisputable fact that online wallets are not safe place to keep crypto, but in case of Electrum as desktop wallet it was shown that human naivety and ignorance can also cause big losses. But sometimes bad things happen even though we have taken all possible measures, maybe this is such case.
https://bitcointalk.org/index.php?topic=2488493.0