I don’t agree with the OP. If your DNS server is compromised, you should really consider your domain completely compromised. Even if there was a manual check, a fraudster with full access to the domain (including for example, changing the WHOIS or transfer the domain) would ofcourse be able to subdue even the manual checks. (unless the people did have some knowledge about every bank in the world, which I doubt they have).
Remember, hacked server = owned server, so they could of course temporarly change the webpage or DDoS it, or make it unreachable, to not show off that its a bank, just to gain the certificate.
And to not take the problem that the fraudster might just steal the EV certificate’s private key off the server, if the server was hacked.
In this case, they managed to hack the account at the registry, which limited the access, but still, if the bank would use for example two factor authentication, then they wouldn’t be able to carry out the action.
However, the list of EV certificates could instead be used to detect similiar domains and prevent them from Lets-encrypt:ing. So if someone gains a EV certificate, they will get all their similiar domains “protected”, so for example, if thisisabank.com gets a EV, then for example th1s1sabank.com would be “protected”.
There are algoritms out there that can detect such similiarities.