I suspect ‘credential sharing’ (and not by choice). Perhaps someone was able to get your credentials while you were logged in overnight? Another possibility is browser or site caching; so clear those.
If my site, I’d change credentials everywhere (hosting, FTP, WP database, WP admin users). If necessary through myphpAdmin database access. I would then update everything (WP, themes, plugins; the theme/plugins via manual download/upload from the repository; WP through the Update page).
I would also create a new admin-level user, with a strong password, then sign in as that user (to ensure it works), then deleting (or lowering priveleges to ‘subscriber’). I’d also look for unknown files in all folders (since you reinstalled everything, a date sort of the file list will make those stand out). And I would look at my Child Theme files (especially the Child Theme functions.php file.)
Your site may not be hacked, it could be as simple as caching. My procedure for cleaning hacked sites is here.
Report back with your solution; that’s always helpful to others.