So let me explain:-
As the hacker is logging in from a different device and location, there should be location and device-based login security. If you are logging in from a different device and location, you need to provide a 2FA code or a mail verification code in order to log in to that device. I don't know how much this could affect the privacy of users but I think this will improve the security to a different level. I am not a Stake user so I don't know if it is available or not. If not available then getting it on the platform will help this kind of hacking.
And the most important thing is, the platform can provide security only to an extent. In order to maintain the best security, we need to keep our accounts safe on our own. Don't click on every link you get via email. Verify first.
[I feel sorry for that incident OP. Hope you can resolve the issue. Get help from live support if possible and secure your account ASAP.]