Not only we don't know whether it is a scam or not, but now you are imagining a "bigger scam".
This is speculation on top of speculation.
This is not the right way to investigate.

For all we know, the operator might still be in the process of recovering from the loss of personal information at the moment.
We simply don't know.

The fact that the wallet has not been emptied yet may be a good sign, as the operator may still be in possession of the wallet private key.

My own chain of speculations, partly based on facts, is the following :

I investigated a bit on the off-side, it appears the operator's account still exists on the shared server he was using for the web site.
That server contained (past tense) both the web site and the mail server, and was (and still is) poorly protected.

Putting all one's eggs in a single basket is a big mistake : once the web site account had been cracked, all the attacker had to do was to change the password and authenticate when a DNS transfer email verification became necessary, thus robbing the legitimate owner of the domain name property.

From that, the allusions made by user lunamine to an attack and to blackmail, as well as the impossibility to log into this forum ever since, since the email address used was most probably something@lunamine.com, can easily be conceived.

I'd really like the Lunamine operator to resurface, even under another account if access to the current one has become impossible, to clear things up.

Up until now, though, I still can't honestly come to the conclusion that it is a scam. As far as I know, the hypothesis of an attack resulting in at the very minimum blackmail over the site or even the customer database is a solid possibilty.

What is more unclear is whether the operator could salvage the customer data or it was definitely lost, a tragic event which his silence would be a symptom of.