What people did in the past was to change their name to "old account of [username] (new account in profile)".

Of course, if your key really is compromised, whoever has it could change the profile to point to a different account so these pointers are hints but no definite proof that a user moved on to exactly that key.

The only way to different you from a fraudster is to have a nip-05 that only you control IMO. Is not bullet proof but is a pretty good anchor point. Take the verification from your old account to the new one and that will “do”.

Ofc that means you’ll have to own your stuff, cause anybody can pay for a “@ zap.stream” or “ nostr check” and get the verification but only the real Zoltan can have “ @ Zoltan.xyz” unless that one is compromised too. In that case you’re kinda fuck 🤣