I'm sorry, I haven't been very active in the forum the last few years; It was pure luck I saw this update here now, and had missed the earlier ones.
I'm not completely at liberty do discuss details, but in general terms, and what I think of it all.
I did get the domain back, eventually. It took a few months, but I have no info on how Moniker managed to get it back.
Neither do I know if their system is safer now or not; I haven't used it since this happened.
One thing I remember from this incident and communicating with Moniker/Snapnames/Oversee was the lack of security thinking and -awareness that seemed to exist throughout their whole operation. It was like they had somehow convinced themselves that they were as secure as they've always claimed to be, while in fact every comment and action showed exactly the opposite. They were so certain they were secure, that they didn't want to see the very obvious holes in the security, and that the emperor in fact was naked...
They had launched their "integrated" moniker/snapnames system way too early, without doing any kind of testing, much less any security audit... when they said they had "locked down" the domain, that was in fact what the operator thought, and the system told him... but it wasn't the case. So the culprit could transfer the domain out anyway. And they didn't believe me when I told them, since their system said it was locked down... And that's just the tip of the iceberg of it all.
That they at all considered it a good idea to give the buyer full control of the domain immediately, the second the "payment" was processed, (no matter which payment method was used), says quite a lot of their safety thinking...
While the seller had to wait a week to get access to the money... Yes, that's safe for Moniker/Snapnames/Oversee, and the buyer... but not for any seller, and the system was pretty much asking for this kind of thing to happen, the second it was launched.
--Pooh