I wanted to reply to this thread as it was brought to our attention by the OP. I first want to say that we of course do not want to play any role in illegal activity - especially as it relates to theft of domains. We do not want to be considered by anybody that would steal domains to be a safe haven for dong so. This goes strongly against our company philosophies.
With that being said, there is unfortunately not a lot we can do in these situations. As a registrar, our basic requirements given a transfer dispute are to confirm that the transfer complied with ICANN rules. We have been in touch with Godaddy and the OP and we have confirmed that the transfers did comply with all ICANN rules.
We understand the claims made by the OP, but the major problem is that we have no way of verifying they are accurate. We have been involved in multiple disputes in which the Complainant made fraudulent claims that their domains were stolen. We have been provided with falsified documentation, socially engineered "proof", and a host of other tricks people have tried to play to get access to domains. One popular scheme is for people to sell their domains, collect the money, and then claim their domains were stolen in hopes of getting them back.
These are just a few of the issues we encounter when trying to determine claims of theft. In short, and we know it sounds heartless, but security is the responsibility of the Registrant and the losing Registrar to provide adequate tools for Registrants to use to protect their accounts/domains.
In short, as the gaining registrar in a dispute, there are many times no good way for us to prove that complaints are valid. First and foremost, we advocate for our customers unless objective proof of wrongdoing can be provided. We understand this is a very large burden for Complainants, but we also want our customers to feel secure that their domains cannot be seized when fraudulent claims are made. We also provide our customers with 2FA (using Google Authenticator, Authy, etc.) as well as Domain Defender. The combination of those 2 services makes domains virtually impossible to be stolen.
We of course wish there were not so many cases of domain theft, and we do what we reasonably can to prevent it from our end. However, we hope people also understand that we treat our customers' domains as valuable assets and cannot suspend/revoke them without meeting a very high level of objective proof. We understand this is not a perfect stance in that it could lead to people stealing domains and transferring them to us, but we would also lose the trust of our customers if we adopted more lenient policies and people started losing domains for no wrongdoing. It is a very difficult predicament for any registrar, and we do the best we can to provide a service as free of misuse as possible, while still advocating for our customers and protecting their domains.
Sorry for the rant, but this is a very important issue and I hope our position is better understood.