I might be able to help with this.
When welsh applied for my signature campaign here,
I saw that he was inactive so I asked him to sign a message.
Then he PMed me with this
Address:
1KtH7MuumBvD3Mn1omrog7CvEqASPNCX7b
Message:
Welsh from bitcointalk.org signs this address by request on 10/10/2017 12:07
Signature:
HNovF+407Ch4WxDPkciG1EZWfJoMfz/Bus7o7vp43JP1D2gnKGhfMKV/khv/CT0TUIJk0vMIWUnHHu7F8XjFTQI=
That address is from here -
https://bitcointalk.org/index.php?topic=291387.msg4144499#msg4144499Unless he was hacked during these 2 months, I think it's safe to assume Welsh is not hacked.