Probably GMX already locked him out of the account, Peter Todd is reporting that emails are bouncing back. Taking into account how stupid the hacker looks like, he probably didn't dump all the emails - if now he is locked out he will have no way to prove he was the original hacker because he didn't even create a PGP key for that purpose...
Amateur time.
That would mean the e-mail in the account exist unencrypted somewhere since only a password reset was needed to access it. Makes one wonder what would happen if a GMX admin has some free time to snoop around in his locked e-mail account?Amateur time.
It would surprise me that someone who created a trust-free system like bitcoin had left sensitive unencrypted information on a server controlled by a third party. You must assume that admins of centralized services will eventually snoop around - that's why we have encryption and cryptographic signatures. I'm sure Satoshi is (or was) aware of that
