Honestly, the email record eventually shared screams scam. It's not quite fluent English, has urgency and requests the information not be shared with anyone else. That's a pretty damning trifecta and should have been a red flag for someone who literally works in an authentication role.

I dislike Google as much as the next guy and I agree that you really shouldn't use Google authenticator cloud sync, but the real problem here is the large amount of crypto. A scammer would have a much much harder time extracting it from a bank and even if they did it would likely still be reversible.

The first comment in response is probably the most important bit:

In addition: trust no inbound communications. If something is in fact urgent, it can be confirmed by reaching out, rather than accepting an inbound call, to a number publicly listed and well known as representative of the company.