I've gotten quotes from attorneys of $7k to $15k to file a suit in attempt to get a court order in recovering the domain. Is there a less expensive option?
Yes, and within around 40 days from start to finish.
Pursuing a transfer dispute in this type of situation is usually a pointless waste of time, since the transfer is likely to have been technically compliant, and to have likely used compromised email accounts which the registrars are required to regard as authoritative.
The transfer dispute process is most likely to go nowhere. If your email address was compromised, the transfer was technically compliant, and that is the end of the story there.
Furthermore, providing registrars with police reports is just a fancy way of packaging allegations which registrars have no way of knowing are true or not.
Since the domain name was used in the course of distinguishing your business, it obviously functioned as a trademark and it is surprising that none of the attorneys with whom you spoke recommended the obvious and less expensive course of action.
You might want to review the facts of these cases, and counsel identified in them.
This is a common fact pattern. If the attorneys with whom you have consulted thus far are unfamiliar with how to address this issue, you may be speaking with the wrong attorneys.
Have a look at the highlighted facts below:
https://www.adrforum.com/DomainDecisions/1008008.htm
Complainants are HandHeld Entertainment and Kieran O'Neil (collectively, “Complainant”), represented by John Berryhill
...
HandHeld Entertainment recently acquired Mr. O’Neill’s website, domain name, and the goodwill associated with the HOLYLEMON mark. The website is now a wholly owned subsidiary of HandHeld Entertainment. The Panel will hereinafter refer to HandHeld Entertainment and Mr. O’Neill collectively as “Complainant.”
At some point after entering into its asset purchase agreement with HandHeld Entertainment,
Mr. O’Neill encountered difficulties logging into his e-mail account and soon thereafter discovered the he could no longer access the <holylemon.com> domain name, and that the domain name was somehow also transferred to another registrar. Mr. O’Neill believes this was the result of using public Wi-Fi Internet access while traveling to meet with HandHeld Entertainment.
...
Because Respondent has hijacked the
<holylemon.com> domain name from Complainant and is using it to operate a website virtually identical to the website Complainant previously operated at the domain name in dispute, the Panel finds that Respondent has registered and is using the disputed domain name for the primary purpose of disrupting Complainant’s business pursuant to Policy ¶ 4(b)(iii).
https://www.adrforum.com/DomainDecisions/1623023.htm
Complainant is John Dilks (“Complainant”), represented by John Berryhill
...
Respondent has illegally hijacked the domain name and listed itself as the registrant, rather than Complainant. Respondent continues to transfer the domain name to different registrars in an effort to conceal Respondent’s true identity and to prevent easy recovery of the domain name.
In an effort to conceal the hijacking, the disputed domain name has resolved to Complainant’s own website at all times. Where the complainant was the former owner of the domain name, this raises a rebuttable presumption of bad faith registration and use even when the domain name still resolves to Complainant’s web site.
See InTest Corp. v. Servicepoint, FA 95291 (Nat. Arb. Forum Aug. 30, 2000) (“Where the domain name has been previously used by the Complainant, subsequent registration of the domain name by anyone else indicates bad faith, absent evidence to the contrary.”);
see also Verizon Trademark Servs. LLC v. Boyiko, FA 1382148 (Nat. Arb. Forum May 12, 2011) (“The Panel finds that Respondent’s registration and use of the confusingly similar disputed domain name, even where it resolves to Complainant’s own site, is still registration and use in bad faith pursuant to Policy ¶4(a)(iii).”)
. Respondent’s actions constitute find bad faith under Policy ¶4(a)(iii).
https://www.adrforum.com/DomainDecisions/1633946.htm
Complainant is Michael Evans and Chord Consulting Inc. d/b/a XAG (“Complainant”), represented by John Berryhill
...
Complainant alleges that it previously owned the registration for the
<xag.com> domain name, and that
Respondent only acquired the domain name through theft by compromising Complainant’s administrative e-mail address in order to authorize a registration transfer. While past panels have not seen many instances of similar domain name theft, they have found that there is a likelihood of bad faith when a complainant previously owned a domain name and no longer does, unless there is evidence to suggest a lack of bad faith.
See InTest Corp. v. Servicepoint, FA 95291 (Nat. Arb. Forum Aug. 30, 2000) (“Where the domain name has been previously used by the Complainant, subsequent registration of the domain name by anyone else indicates bad faith, absent evidence to the contrary.”). Therefore, given Respondent’s failure to respond, the Panel finds that Respondent registered and uses the
<xag.com> domain name in bad faith pursuant to Policy ¶ 4(a)(iii).
----------------
The UDRP elements are straightforward:
1. Trademark Rights
"Jixhost" is obviously a distinctive and longstanding mark for the service.
2. Legitimate Rights
The respondent has no legitimate rights in a stolen name
3. Bad Faith Registration and Use
Obviously, stealing a name constituted bad faith registration
You will hear some people say "you can't use the UDRP for a stolen domain name." That is nonsense. What you can't do is to use the UDRP for a stolen domain name
if you did not have trademark rights in the term. The UDRP does not require a registered mark, but provable common law rights in a distinctive term are sufficient.
And, finally, if you are approached by anyone selling "domain name insurance" ask to see whatever license they have obtained from the state where they are operating.