Let's assume, that you were hijacked, like way too many others have been too over the last years.
Here's the usual steps you should take to clean out the infection:

Deauthorize all devices https://store.steampowered.com/twofactor/manage
Change your password on a secure device.
Generate new back up codes. https://store.steampowered.com/twofactor/manage
Revoke the api key https://steamcommunity.com/dev/apikey
Check that the email and phone number on the steam account is still yours.

And my favourite advice:
In the future, do not do Steam logins on other websites. Instead do a browser login on the website of Steam (store.steampowered - bookmark it to avoid copycats). Every website, that needs a Steam login, will recognise this and allow you to confirm your account.
If it still asks for your name and password, it is not a real Steam login.

Other people are also submitting tickets, so you have to wait your turn.

If someone got into your account with your authenticator active, then someone must've tricked you into giving away your authenticator code. You most likely logged into a phishing site.

Originally posted by FFL2and3rocks:

Other people are also submitting tickets, so you have to wait your turn.

The more likely explanation is, that the bot in the account keeps closing the tickets as soon as they are opened. Yet another reason to do the stuff, I wrote up there.

Already cleaned up my account but it seems like I can`t do anything to prevent it in the future besides logging in every 2 weeks because I dont use my steam account on any sites
like i said i did not use my pc or steam account in that time at all
just expected steam support to at least write me back with: ´´we cant do anything about it´´ and not just close the request instantly

Originally posted by Laefs:

Already cleaned up my account but it seems like I can`t do anything to prevent it in the future besides logging in every 2 weeks because I dont use my steam account on any sites
like i said i did not use my pc or steam account in that time at all
just expected steam support to at least write me back with: ´´we cant do anything about it´´ and not just close the request instantly

If the tickets are being instantly closed, your account is STILL compromised. Please do the steps you were given.

I dont know how they can allow such big purchases to happen inside the marketplace with no kind of regulation. It's obvious something is going on, why do they keep allowing it and protecting the scammers just because you got infected. It's like getting shot but you're wrong for being outside at that time.

Originally posted by Naomi Karu:

It's obvious something is going on

The only thing going on is people keep giving their login details away.

Your account was not hacked. At some point in time you gave away ALL your account details and were PHISHED.

In a case of both sides having a point:
You did give some malicious person access to your account once.
However, it should not be that easy to establish a semi-permanent control over it. And yes, this exploit is known since 2017. Once you can send support tickets again, ask the question, why it does not require an email-confirmation to set up an API key.

And now do the steps, I gave you right from the start, if you haven't yet. As I and others said, tickets getting closed immediately is the work of the same bot, that stole your items. And it will do so again, if you don't do anything about it.
Oh, and also check your market history and report all accounts, that you had unauthorised transactions with.

Already did the steps you told me like three or four times spread over the last two month seems like i have to live with a bot in my account then

Originally posted by Laefs:

Already did the steps you told me like three or four times spread over the last two month seems like i have to live with a bot in my account then

If you are doing the steps and still getting scammed after that then either you are a) still giving away your credentials to phishing logins or b) you device(s) are deeply compromised with tailored capture malware. It's really one or the other.

Originally posted by Laefs:

Already did the steps you told me like three or four times spread over the last two month

So you say, whenever you check the API key (step 4 in my list), there is a new one? Seconds after the last one?
This is where the bot is at. All the other steps are only there to ensure, that it doesn't establish a new key, when you revoke the existing one.