Well quite possibly what could of been happening was the hoax seller listed the domain name in there account - therefore they would get the email from sedo to say that the name had interest, and then the hoax seller could of started to barter with the honest buyer.
The hoax seller could request the transfer documents and signs them (of course falsely) and then gets paid.
Before you realise the names gone! I remember reading on here where by a co.uk was hijacked.
Its quite worrying to think that the honest buyer could end up loosing his money and many hours in lost time.
If you think about it, it would be a good place to sell a domain name you didn’t own.
Do sedo's systems not check the status of the whois upon entering the domain name, into your control panel?