Was Apple Pay Hacked?

I suspect what happened was that your bank did not block the previous fraudulent transactions from recurring. Banks and more specifically the PNO (Mastercard, VISA, etc) use a service called Automatic Billing Updater that gives the merchants your new card information to prevent a pause in those recurring charges. Simply issuing you a new card will not stop those transactions and your bank knows that, although the Customer Service agent may not have taken the extra step to block them.

Each PNO has a different name for the service and here is an example and explanation on why they give the merchants (or scammers in your case) your new card information. VISA calls it VISA Account Updater (VAU).

VISA Account Updater

And your bank may also have information on the Automatic Billing Updater for their cards, such as this one for Banner Bank.

https://www.bannerbank.com/personal/automatic-billing-updater

Your bank confirming that the other fraudulent purchase was made from the same card in your Wallet just means that the scammer used the new account information that your bank provided them for the charge, and not that the charge originated from your Wallet. You would have had that fraudulent charge whether you had added your card to the Wallet or not.

Unlikely, as there's nothing to hack from Apple Wallet.

Apple Wallet does not store any card or personal info whatsoever, it stores an encrypted package with a device account number only, which only your bank can decrypt, access and link to your payment method to process payments and requires the use of biometric authentication (Touch ID, Face ID, passcode) to even begin to process a payment.

With that said however, if you started a subscription using Apple Pay somewhere, and your bank keeps automatically updating you payment method to the new card they issue, the subsequent charges from that subscription will keep being charged.

What exactly are these charges you see?

Have you gone to the relevant vendor for the charges and see if you subscribed to something with them?

Things like Nebula Astrology are known to start recurring subscriptions for instance when you accept a reading or free outlook on social media and will continue to charge you until you cancel that subscription with them directly.

This is basically what Jim said. The difference is the additIonal explanation/information for subscriptions and Apple Pay tokens.

If a fraudulent actor adds a stolen credit card to their Apple Wallet and uses Apple Pay for merchant subscriptions, those subscriptions are not automatically canceled when the bank issues a new card number, CVV and expiration date. Instead, banks typically use an “account updater” service provided by payment networks (such as Visa, Mastercard) to automatically update merchants with the new card details, allowing subscription charges to continue seamlessly on the replaced card.

The merchant does not directly bill the Apple Pay token itself; they bill the card account associated with the token. When a card is reissued, the bank updates the merchant with the new card information so that recurring subscription payments are not interrupted. To stop the subscription, the subscriber must cancel it directly with the merchant or provider.

Hence, issuing a new card number and expiration does not automatically cancel any subscriptions established via Apple Pay. Stopping payments requires active cancellation by the subscriber or intervention by the bank to block the merchant.

Apple Pay itself does not manage or cancel subscriptions once initiated; it is merely the payment method for authorization and tokenization. This means that in a fraudulent scenario, if the bank replaces the card without merchant cancellation, the subscriptions can continue to be charged unless actively canceled or blocked by the bank.