You may always put an "innocent" looking file into the output binary that states who is the actual authors. Say you may create AUTHORS file in your repo, but store a SHA512 of that file in some obscure file in resources e.g. META-INF/ArtifactSignId, don't automate this step in any way, do it manually. A lot of people that are mindlessly copy'ing your work will not bother doing anything more than remove some stuff & search'n'replace author name. Then you will have a proof in case this other fork gained popularity (not very probable) that it was stolen.

I would not stress over it until that other person sets up a project webside and starts a marketing campaign. Most probably it is only about making a good looking GitHub profile.