However, recently two-factor authentication (2FA/OTP) has been added, creating a new possibility for account traders, where account ownership can change by the new owner changing the OTP. The password and email can theoretically stay the same.
It may not play out like you imagine and the reason is quite simple. Now in order to make changes to your 2FA details for OTP generation you need your password to apply changes and as a result the account buyer wouldn't want to risk leaving the old password. Aside that, even if he did, how sure would he be that the seller isn't logged in still?
The truth is account traders will still get a way around it , they could choose to change just 2FA and later on change email address so it looks like a regular change an active user would do.