If you were able to refund and cancel the sale, they you had to be logged into your shop to do that.

• On Etsy.com, in your Account settings, go to Security.
• Scroll down and review your sign in history. 
• You'll at least be able to see some info about who has been logging into your shop and you can log them out. 

The security changes are not enough.  You use a 3rd party app to log in?  Are you referring to a password keeper?  Those are secure but any other 3rd party app should be suspicious.  Someone has your password and maybe even your new password.  If you did not run anti-virus or malware do so.  You may have key logging installed that is giving this other party information. 2Fa is helpful but not perfect.  Even that can be hacked.

Make sure you are working from a clean device.

Finding out who is logging in may help but if you have an ISP that changes location that may not be much help.

I would contact your bank or CC to get a new one.  Check the last digits of the account.  If this has been changed, you may need to change that.  You may need to contact Etsy for help on this. 

I would remove your listings and put your shop on vacation until this has been sorted. I assume they are not your listings as they have nothing to do with wigs.

The listing currently put in your shop by the hacker, could get you closed down, so best to delete them 

If you changed your password and someone is still or again logging in, your device/pc/tables/phone/etc might be compromised. Do you have anything installed antivirus or antimalware wise?