No doubt, but what is a good procedure to alert your followers to the fact that the old npub is compromised and that they should follow the new one? The adversary will also be able to post, and can also boot up a new npub & try to divert followers to that.

I am thinking that a reasonable way to do it would be to *already now* set up a backup nsec/npub that you publish, while nothing bad has happened. That way, if something bad happens, you can point to a post made two years ago as evidence that the new npub is legit.