Theoretically, he can, but never did nor did we feel the need to ask for one as it wouldn't have meant much since the private keys seem to have been kept on a possibly compromised email address. There were a lot of question marks that wouldn't have been answered even with the help of a signed message in this case.
There is one problem with this though. Someone hacks an account, burns it with a scam of some sort, and then on the way out says "by the way, my account got hacked and the hacker got private keys too". Then the real owner shows up, who possibly never really lost those private keys, and signs a message. I hope you have a bit more to go on than just a word of a (potential) hacker.