That's really scary, did you click malicious link before? it would be better if you could attach the proof of how you can guess you're get DOM attack.

Well, it looks like the borrower need to sign a message with the address which has been posted in this forum before. Although there's a chance if the user using web wallet and it's installed in the same device, the hacker can regain access to the wallet too. But that's seems the last way to prove an ownership.

Sorry to hear that @OP and I respect with your promise to pay back your losses.