I have never clicked on unknow links.
I ran Malwarebytes and it detected nothing.
I have 2 factors authentification on both my discord and steam account.
I have checked my mail on haveIbeenpwned but nothing popped up.

But still, I received notifications on my phones that I succesfully sold items on the steam market. It sold about 100 of these and then bought some dota 2 items overpriced. All of that without me having to confirm on my phone except for some tf2 cosmetics.

I deauthorized everything and revoked my API.

A few days later, someone sends "50$ steam gift cards" to like 7 of my discord friends. Discord detected that pretty quickly so I logged back in and deauthorized everything again and deleted the messages.

I don't how this happens the o9nly thing that I have suspicions is :

1) I have downloaded some riskier files but again, malwarebytes detected nothing
2) some days after my steam account got hacked, google detected some 'suspicious activities' but google says nothing about this activity so I just assumed it was my computer and I changed password the discord hack happened after that
3) I have lended my steam account to an irl friend (I know it's not him) for some steam family so maybe it's on his computer ? But he didn't have any problems
4) again a few days after the steam hack someone commented on my steam profile and said he 'nedeed to talk to me' so I put my profile on private and then sent him a friend request (idk I thought it was funny). He didn't accept it nothing happened

I don't know if these could be linked and I just hope it's not my mail