Nostr needs self recovery key model like bluesky/AT protocol. Current solution to nsec compromise is to burn down and rebuild your network.

This could be solved with self recovery key approach or with Web-of-Trust voting on the new correct npub, I think.

But what do I know? I am humble enough to know that I could be wrong.