The other way around.

The attacker had access to the Google account which includes passwords from Chrome and also the 2fa codes stored in Google Authenticator, because those were synced to Google without the author noticing it.

So with passwords and 2fa the attacker could login to Coinbase too.