You mention emails bouncing back to your inbox in the description of your spam bot attack, implying that the attack involved someone sending emails on behalf of your email address and undelivered emails were then bounced back to you. You also mention creating and managing the email account from your hosting provider's admin panel. I have a feeling that your mentioned hosting provider is not properly configuring the SPF and DKIM records to prevent spoofing.
It's naive to think that you are protecting yourself from spam by omitting publication of your email address. You might be forgetting that nothing is preventing anyone else you correspond with from publishing your email address, leaving your email vulnerable in your mind. I'd look into other alternatives for managing your email address other than some shared hosting admin panel email management add on service.
Regardless of whether your email is published publicly or processed on the back end through a server script, the solution of changing your email on your site is the same as what I've already detailed: open the file or db and update the address. Any other info is just a personal account of why you think you needed to change your email address but doesn't help in answering the OP's question of how to change the address on their website.
EDIT: checked your domain's DNS. No SPF record found! Don't know your DKIM selector so can't check that, but I am taking a wild guess that you don't have that setup either if you don't have SPF and DMARC setup. It looks like a poorly-configured DNS record might be to blame for your spam/spoof/bounceback attacks.