I don't think the accounts recovery team will accept a signature from the stated address because it was posted right before the account was hacked again.
Actually, checking the time stamps, it was staked right after the account was recovered
Password reset: 12/6/2019 3:14:28 PM password reset via email
First "account recovered post": December 06, 2019, 17:17:44
Address staked: December 06, 2019, 17:34:05
So unless the hacker was able to access the account in those 2 hours (which I must admit, seems feasible judging by the record), the address should be good. The next hack claim was made almost 2 months later.