I've had my credit hacked twice in the past couple years. Once there was a flurry of local purchases, the other time there was a long list of domain names purchased, and of online tax preparation forms filed. Both times I got on the phone with the credit card company and they asked me line by line which purchases were legit mine, and which were fraud. I save all my credit receipts, so it was a pretty easy task on my end.
It could be that the buyer in this case went through the same recovery process and there was a mistake made when identifying real vs fraud purchases?