I'm very much still learning Nostr and how it works. My web3 background has been with Hive (the fork from Steemit after Justin Sun tried a takeover). My knowledge there has helped me understand Nostr, but also conflicts with the Nostr way at times.

Differences:

Nostr uses a pub/priv key pair where your public key is effectively your username. The "nym" that shows is nothing but a nametag, the public key is really you...your identifier.

On Hive, you have a human-readable username, mine there is "crrdlx"...that is your account, your identifier. Then, there are actually four private keys used. The reasoning is to ensure there are different levels of security.

"posting" key for posting stuff (like this) "active" key for moving funds "owner" key for managing everything "memo" key for sending encrypted private messages

The logic is that you only use lowest needed key, that way if it ever gets compromised, the hacker can't do the the other things.

Clearly, Nostr doesn't do this type of splitting of keys.

As far as reputation, Hive actually has a "reputation" score that is shown by your username. Your reputation is based on upvotes/downvotes of others (their reputation score influences yours along with their vote). It's not perfect but, it offers a glance-assessment of every user.

As far as a restart to reputation, if my "crrdlx" account was hacked and taken over by someone, I could simply start another account, call it "real-crrdlx". Then, I would need to announce what happened and I'm starting over with a new username. Of course, I'd have to somehow prove I am actually "real-crrdlx." My followers would not automatically be moved over and I'd have to regrow reputation.

As I understand, this is effectively the same that would be needed on Nostr.

I really don't know a solution, this may be a web3 snafu that we must currently live with. Maybe something will be figured out in the future. The bottom line...

...protect your private keys and you'll be fine.