In that scenario we simply demand the signed message from user and if not get that we will send back the coins to the address from where the coin is transferred :-)
Nice to see that paul is like ... :-)
Genius idea, you'd send the coins to a non-related cold address in the case of zencloud. I guess there are other wallets that work like this too.
also, what about blockchain? there could be 10 or more tx from one wallet?