How certain are you that none of your printers or visitors' laptops or whatever were ever compromised by a botnet? Or that your ISP isn't also serving customers who are compromised or malicious on IPs adjacent to yours?
A few hardware security keys will probably prevent this problem for you. I'm wondering why you didn't consider getting them after you had login problems before.
I don't really think hardware keys (which I have a few, btw) really improve security:
I use a seriously backed up password manager that I have means to access from anywhere, and the only thing I have to worry is that I'd forget my really complex password to access it, because it is unfeasible that I'll lose all my devices where it is backed up and also an off-site backup of it.
With hardware keys, however, I constantly have to worry to keep them with me or in a safe place and not to lose them.
(my position is partially rooted in the fact that I happen to live in a country where you can easily have all your material possessions forcibly taken from you)
This is about proving to Google that you're secure. Google doesn't know if the password you entered came from a password manager or not. But if you're using a hardware key, they know it's secure.
If you lose your hardware keys, you still have your other 2 factor options, so you are no worse off than your current situation.
Thing is, history has shown that nothing is reliably enough for Google, once it flags you suspicious. You've entered password and totp code? Nah, you're still suspicious. Gave one time backup-code? Hah, still suspicious. Have a hardware key? Nice, but you know you are really suspicious. How else can you prove that it's you?!
A few hardware security keys will probably prevent this problem for you. I'm wondering why you didn't consider getting them after you had login problems before.