Because the key is our account. The exchange site does not have a responsibility with it. Because Google 2fa based on 3rd parties. Exchange sites don't have any responsibility for it.
Right, but the advice given by Google to website owners looking to implement TOTP is that they should provide a way to authenticate the user if they have lost their 2FA device.
Two ways to do this: first is to have the user write down a code that they can enter if they lose their 2FA device.
Another way which is what Google suggests is to: ask the user to open the website from a browser & IP they used before, ask them for the password, ask them to verify their email, ask them their account details and about some recent activity they did in their account, for bitcoin websites - ask the user to sign from Bitcoin addresses known to them, and then send the user an email and/or text message telling them their 2FA will be reset in 7 days unless they click a link to cancel the request. This is close to what Google does if you need to reset 2FA on your Gmail account for example.
The security of TOTP 2FA is overstated anyway. It really only protects you from password reuse and a crappy password. If your PC is infected, malware can just hijack your session. You can still get phished too.
A better 2FA system would be one that asks you to confirm whatever action you are doing on the 2FA device, then you'd be protected from an infected PC and phishing.
Some bitcoin services offer nifty feature like limiting IP range - if you are using one IP address, I prefer to use this option instead.
I really wouldn't recommend that as your ISP could change your IP range at any time. Also you could get locked out if you forget to pay your bill, or are away from home. IP authentication is weak anyway as a hacker only needs to find a way to use any device on your network to proxy requests. Depdning on how the website is set up, in some cases this can be done by you visiting a website with malicious javascript that allows the hacker to use your browser as a proxy while you have the page open.