2FA means you need to authenticate with two factors, generally something you know (your password) and something you have (ideally, an authenticator app, but in this case SMS). Generally speaking, 2FA is something you have to turn on in your account settings, and, as a hacker this isn’t something you would do unless you were trying to lock the true owner out of their account. At this point the theft has already happened and 2FA doesn’t even matter anymore. Such that you need to turn on 2FA, generally, that means you also are registering your second factor of authentication (phone number or authenticator app). Your phone is something you would have, and thusly receiving a text to a number you registered somewhat satisfies that requirement.

There are ways to intercept these messages as a malicious actor, but targeting an individual isn’t likely, especially if they already have 2FA turned on. It’s much more likely that they would attack a password storage provider like Lastpass to gain access to many more credentials they store. 2FA kicks in here because if in if they could decrypt the passwords they’ve stolen, they couldn’t also log in without your phone, which is simply something most hackers aren’t going to bother trying to steal, unless of course you are a notable person and targeting you would bear rewards making that additional risk possible. If you’re on reddit, you’re probably not one of those people.