Upon investigation it seems that it was super easy to hack, you didn't even have to collude with a witness. Basically if you craft the right transaction it just works.
And that is really easy, so I can actually imagine a lot of people doing that. Would probably take someone 30 minutes to code it up.
I really don't pity the devs here, if they use the tx in isolation as the randgen seed then they are as incompetent as can be 🤷♂️ that is like hiding passwords in the client application 😂
I didn't think that someone would modify steemd to make their witness produce specially crafted blocks that alter the randgen. But seriously, transactions?