Teleportation domain

It seems that today is not my day. At the end of the working day, I receive a notification that one of my domains at nounet.ru was forcibly deleted, although I recently paid for its renewal. I run to chat to support, here is the story:

16:56 I: good afternoon!
support: What is your contract number?
16:57 I: № *******.
have you just deleted my domain?
who did this?
why?
support: More specifically.
me: Good afternoon!
This letter is formed by the accounting system of the company “Naunet SP” (https://client.naunet.ru).
Here is the result of processing your request automatically.
The application was successfully completed.
Your application:

action: DELETE
domain: antshop.us
options: force
')
TC response:
For complete information on registered services
and spending funds you can contact at
client.naunet.ru , specifying the administrator's login when authorizing
and the corresponding password.

This I received an hour ago
I did not order domain deletion
8 min
17:06 support: The domain was transferred from us by EPP-code to another registrar.

Thus, if you did not do this, you should think about the fact that someone has access to your mail, to which your agreement is registered.
17:07 I: Could this have been done if I knew my password on naunet.ru?
17:08 support: EPP-code is obtained in the service management system client.naunet.ru.
Confirmation comes in the mail.
I: I did not receive confirmation
to the post office
I received a domain deletion notice
How can I get it back?
17:09 support: Access it.
17:11 I: I did not have confirmation of receipt of the EPP-code by mail
how to get access to the domain?
support: Since the domain is not registered through us, we cannot give you an answer to this question.
17:12 I: how is it?
I after all transferred this domain to management
support: This domain is no longer registered through us, because someone on your behalf performed in the system operations that take it out of our control.
17:13 I: What should I do to secure the remaining domains?
support: Obviously, take care of changing passwords.
17:14 And it should be done with cars not infected with trojans.
5 minutes.
17:20 I: do you have logs on the net?
How can I see who came in, with what ip and what did he do?
I do not believe that someone could break my password, and even more so, take possession of the box
Why from the entire list of domains, take only one?
support: According to your paper statement, written in our office, we may provide similar.
me: and the fax?
I'm in another country
17:21 support: A paper letter, notarized and sent by mail, will suit us.
Fax - no.
I realized
Do I have a spare time? is there any time buffer to return domain?
17:22 support: Colleagues report that actions on the domain were made not through our panel, but through the Directi panel.
Thus, we have no logs.
17:23 The domain is no longer registered through us, so we cannot help you with anything related to the specified domain.
You can try contacting Directi via support.resellerclub.com.
17:24 I: got it. Thank you very much, now I will call them.
please tell me how is this possible? if you don’t have access to a donut, how can you pick up a domain through another registrar?
17:25 support: Apparently, someone got access.
How it happened - we can not know.
Maybe through the mail.
me: where access?
support: Maybe through correspondence with their support.
17:26 Access to the Directi panel where your domain was registered.
20 minutes.
17:46 I: But who gives this EPP code?
gave the code?
support: As you have already been informed, our panel did not participate.
17:47 I: so write to me at directi.com or at resellerclub.com?
17:48 support: Since the domain was registered through us, you can use support.resellerclub.com

I’ve already unsubscribed to the support of the reseller, waiting for their answer. Checked for viruses - clean. The mail was open all day and about every new letter I received a notification. Although, if the transfer of the domain did not go through onet.ru, mail has nothing to do with it.

Can you please tell me how to proceed? After all, if without any passwords, the domain can go nowhere, it becomes scary to live. Can / should-if nunet.ru assist in this case, are they responsible for the safety of the domains hosted in their panel?

PS: Unsubscribed on Habre, because there is a maximum concentration of IT-literate people. I really hope for help with advice in this situation.

UPD: Today (10/05/09), in the afternoon, I found in my admin panel an “escaped” domain. Definitely, an error occurred in the directives, which they wrote to me several times during these days while they were solving this problem.
After returning the domain, the tech support directive did not write anything (thanks, even though the domain was returned to the site).