I know several people who have had this happen to them, and it is a vulnerability with GMAIL.

Hackers are able to inject filters into the users accounts. They then go to godaddy.com and fill the the quick and easy domain transfer form. Emails then get sent to the gmail address registered to the owner of the domain. The filters silently forward those emails to the hacker's email address. The hacker clicks the unique "secure" verification link, and viola! the domain is transferred to someone in Vietnam, in another godaddy account. Then they move it from that account to a different registrar.

They also use this trick to get account details with those friendly "I forgot my password" links.

Domain names are a good target because you can often find the email address the person used to register it, either through the registrar or through the site itself (if the registrar offers privacy protection, like godaddy does).

The hackers have your domain and your email, and they then sell your domain, or try to ransom it back to you.

The vulnerability lies with google.
Sign out of gmail, google calendar, google everything, when you're not using it.