Oh right lol. But if you can only migrate an nsec once, then you’d know that the new key is safe. I don’t know how that would work tho.
Discussion
I don't think you can make it happen only once though. If I migrate my account and it gets hacked, the hacker could also migrate it. How do you decide which migration is first? Relays can't be trusted as they could be operated by malicious people. Timestamps can't be trusted either as the hacker could just lie and say he was first...
It’s an entirely theoretical problem because obviously people will find out pretty quickly if one is compromised when it starts shilling Bitcoin wallets.
The solution is probably something simple like being able to clone all your old stuff to a new keypair.
If you're cloning followers due to your private key being compromised that would imply that the attacker could also clone. If I wake up and find out I'm following 10000 optimum accounts I'm going to be pretty disappointed.