My email account has been hacked (due to a weak password) but nothing connected to crypto has been hacked.

I credit the old hands on bitcointalk a decade ago for their advice to have a different user name and password for each exchange. When you consider how many exchanges have been taken down by insiders - btc-e, crypsy, mintpal - I shudder to think what those insiders did with those passwords to access people's accounts on other exchanges. Of course I lost money on crypsy and mintpal when they did a bunk, but no amount of passwords protect you from con-men in the exchange itself