you should ask them about details on from where trades were executed.
was it their office or home terminal/software.
there must be some logs, ask them, lodge a complaint on paper, you may need to do a F.I.R. to catch the culprit, consult a lawyer,
I think most broker firm will not be held liable if the password was mis-used at your end.