We did detect attackers doing this today in the News Feed community
They manipulated the Reputation score estimates by upvoting one another multiple times from ~0.3R accounts. Usually this kind of manipulation is temporary and gets automatically reset every hour when the true Reputation scores are computed. The scores also get reset before any payouts are computed.
However in the case of today's attack, because of some technical details of how the true Reputation is computed, these scores were not fully reset. Instead they were being adjusted very slowly - a little bit every hour. As a result attackers were able to manipulate the rankings of several posts like this one: [https://relevant.community/relevant/post/5f704a97e5c7d50017f008c5](https://relevant.community/relevant/post/5f704a97e5c7d50017f008c5) and earn rewards.
The good news is that this vulnerability __is patched now__. Rep estimates are fully decoupled from actual Reputation, and should always completely reset every hour and before payouts.
You can now see the true Reputation of the attackers: [@tt_linn](/user/profile/tt_linn) [@HtooKo65303362](/user/profile/HtooKo65303362) who, just a few hours ago had scores of ~R24 in the News Feed community.
In general, if you see users or posts with artificially high rep, wait an hour and check again, if the Reputation doesn't reset there is something wrong. Thank you to all the users that alerted us to this issue.