I really sorry this happened to you.
I’m sure you have your suspicions who did this to you, given the history you’ve shared here on meta.
You should always:
- use very strong passwords (and a password manager to help you remember them)
- 2FA wherever possible.
- back up your server off-site periodically (at least once a day at another service like Amazon S3).
Especially when you have unfair-competitive and potentially subversive activity going on (as you have previously outlined).
My only query is this:
My VPS provider (for example) requires identity checks to permit sending requests to mail servers - do Hetzner not hold your true identity outside of your account settings? I had to send some official ID - this is not viewable on account. This would verify who you are and it would help them distinguish you from the person who took over your account.