Check the security of your e-mail account, immediately.
You're supposed to receive a bunch of e-mails when your domains are transferred away. Did you receive them? Did you receive any other type of notification from NameCheap? Domain thieves often begin by breaking into the domain owner's e-mail account, so that they can intercept these messages. So make sure that you're in full control of your e-mail account before doing anything else. Double-check your NameCheap account and make sure that your account, as well as all your domains (including those with WhoisGuard) have the proper e-mail address attached to them. Change all the passwords. Change the passwords on your backup e-mail, too. Otherwise the thief may be able to get between you and NameCheap and confuse the hell out of both parties.
Also contact the receiving registrar (22.cn) and let them know that they just received a stolen domain. Send a stern but polite notice to their abuse department. They might or might not do anything about it, depending on how reputable they are, but it's worth a shot.
This is why two-factor authentication is vital for email accounts. It's just too easy to accidentally reuse your email password somewhere, and then things like this can happen. With a second factor, someone would have to physically steal your phone or OTP device to access your account, and that's a lot harder for some hackers in China to do :)
It happens accidentally. I use different passwords for different services and remember them (rather than store them in a database). Once in a while, I'll type the wrong password into the wrong site. That's game over; the account that actually used that password is now compromised.
This is an important point: Type in the wrong password, and you've potentially given away the account that that password belongs to.
And, other things being equal, the more visible your "presence", including the account that the password belongs to, the greater the risk of compromise.
Did you type that wrong password into a dodgy site? Did you type it into a site that does not use https? While on a relatively more unsecure connection?
Even if you trust the ethics of the site, how do they log, and are those logs secure?
You're supposed to receive a bunch of e-mails when your domains are transferred away. Did you receive them? Did you receive any other type of notification from NameCheap? Domain thieves often begin by breaking into the domain owner's e-mail account, so that they can intercept these messages. So make sure that you're in full control of your e-mail account before doing anything else. Double-check your NameCheap account and make sure that your account, as well as all your domains (including those with WhoisGuard) have the proper e-mail address attached to them. Change all the passwords. Change the passwords on your backup e-mail, too. Otherwise the thief may be able to get between you and NameCheap and confuse the hell out of both parties.
Also contact the receiving registrar (22.cn) and let them know that they just received a stolen domain. Send a stern but polite notice to their abuse department. They might or might not do anything about it, depending on how reputable they are, but it's worth a shot.