Semi-technical question about the Nostr protocol. What's the best course of action for a user whose Nostr private key/mnemonic phrase has been compromised/stolen (e.g. via browser exploit, clipboard/keylogger, etc.)? Back up their original profile and follows, move them to a new account, and delete original account? What's the best practice? Thanks in advance.