Summary of process:<p>1. Used mail.com, which was apparently vulnerable to some hack that allows resetting the password for accounts.<p>2. Hacker was able to setup call forwarding for the person's phone, with only the email address to prove identity ( and perhaps information taken from emails )<p>3. Hacker was then able to reset gmail account even with two-factor auth, by having the two-factor number read out via voice via call forwarding.<p>Email is pretty much the problem here entirely. Using an insecure email host, and having access to your email be able to access thousands of dollars worth of bitcoins... is terrible.<p>Do you trust email hosts in general? I certainly don't.