When you sign in to a new device you’re asked for your pin number.
This all sounds very similar to this post where the person also had their email hacked and somehow someone got around the need for a pin.
Best thing to do is to either call the number on your card or contact Monzo via direct message on Twitter.