Now that you're mentioning, I can't actually recall changing the password last time I logged in, I'm pretty sure I did a stupid, and actually forgot to change the password. However, I'm still going to proceed closing the account, since it's already associated with a compromised email address.
Thank you.
@Ultegra134, recently there was one thread in which someone described exactly this method, and it is about hackers coming into possession of your login data, and all they need is 2FA code. In an attempt to deceive the user they do the following :
How do they do that? They send you a phishing text messages stating your account may have been compromised, and request that you text-reply the authorization code you are about to receive to confirm your identity. The bad guys then attempt a login to the target website using your username/password. That login triggers a text message to you containing the authentication code.
The bad guys now send another phishing text to your phone requesting that authentication code sent by the website. If you fall for this phishing attempt and text the authentication code back to the bad guys, they immediately enter that code, finalize the login for that target website and immediately change the password/security/phone numbers associated with that account. You are now locked out of your account and they have it for their use!
In addition to changing the e-mail and password on that exchange, you can also try to block the number from which these messages come from or turn off 2FA on the exchange.
That's not exactly the case, this is actually an text from Coinbase, provided that I don't want to use Coinbase, I could potentially be okay by blocking the number.