To the first, rollback.
for the first, you still have everyone subbed to the newly created community made by the attacker and all the links are still updated
if instead of migrating everything right away, you have the original server of the community give redirects for each request, then that won't help if the original server is closing down, but it's probably the only right way to do it, I guess you could also have an angry instance admin disable the redirect to keep the community on their own server
To the second, is that a problem?
migrating and then recreating the original is actually an issue that Github has when you rename a repo, Github will give redirects for the links to the old name of the repo, but if you create another repo with the old name then the redirects are no longer served and if someone clicks on an old link then they end up at the repo that stole the name instead of the repo that was renamed
so if let's say there was an official linus_tech_tips community on beehaw and they moved to lemmy.world, some random person could create the community again on beehaw after the migration to appear official and hijack all the old links out on the internet
you fix that by keeping the old name reserved after migration, I don't really think that's a big problem in this case
I actually liked @Neato@kbin.social's idea, instead of "migrating", you just copy the community and then send a message to every subscriber, close the original community, and put a pinned post at the top, maybe a message in the sidebar too