But this type of issue is exactly the one Registrants are seeking a remedy for within ICANN.
The 'claim' is that the transfer (validly completed) was 'fraudulent' because they allowed their details to be exploited/phished/socially engineered or whatever - that's going to need someone to investigate/prove/identify the details of the hack/exploit/scam. Ideally that's a job for the courts and specialists, not ICANN, not a Registrar etc (in many cases) - a *crime* has been committed - we're not 'judges' or qualified to make decisions about that. I hear the 'I've been hacked' story 100 times a week - usually after terminating a spammers services. One of the funniest was Monday someone claiming they never ordered something, and that we're been 'illegally taking money' from their bank account - obviously they must have been 'hacked' (and accused us of doing it) This is after the order came from their IP, it was paid (and 3d-secured at their bank) on their Debit card, they'd raised 3 support tickets/questions in the preceding month, we'd spoken to them by phone at least once ... 'I must have been hacked' translates into 'oh sh!t I forgot to cancel something I dont think I want anymore and rather than being reasonable and asking the company for a refund that they probably would have given without issue, I tried to fvck them over with bullcrap claims' As to the email-chain that started the thread, who is to determine they didnt sell the domains and now have buyers-remorse ? Or had their assets seized by the FBI ? or a million other possibilities ...
I disagree with the position that a party using illegally obtained credentials
I'm merely saying the *correct* credentials were used - if there is a claim that the obtaining of those is 'illegal' then go seek 'legal' counsel. Rob