We are in digital ecosystem, a sign will ward off all the possibilities whether he is real or a jacked account.
Why don't we make it simple, If the guy is real MZ then i hope he would have access to his old online wallets, maybe some exchange or Bit-x?? which has 2fa with registered mobile number   , why don't he send a large volume to the address which is significantly larger than his account and prove the truth.