Note: I first discovered this by watching transactions on SteemStream, a very interesting, nifty tool

Within the on-chain market, there is a reward mechanism that pays users who provide liquidity to the market. Liquidity points are measured like this : liquidityPoints = netAsksVolume * netBidVolume

The reward for having the most points per hour is 1200 STEEM (~4k USD as of time of writing).

The two accounts in question @adm and @abit are buying from each other on the market, and then sending to the other in an automated endless loop, generating liquidity points. You can see their wallets and recent transactions by clicking their names above.

Between the two accounts, they have approximately 43,000 STEEM, 266,000 STEEM Power, and 36,000 STEEM Dollars. At these levels, they quite easily dominate the liquidity reward competition.

You can look through their transfers and see the activity as well as the rewards.

{ "type": "liquidity_reward", "owner": "adm", "payout": "1200.000 STEEM" }

Without digging deeper, its hard to be sure just how long this has been going on, but I can confirm they have received at least two rewards. (Note: I say they assuming they are two people, though I have had at least one person confirm they are the same account)

With the rate of transactions occurring, there is little doubt that this is being executed by a script.

The purpose of the liquidity reward system is to encourage users to keep Steem Dollars and Steem available on the on-chain market as bids and asks to increase the ability for other users to exchange.

Given this fact, two very important points:

1) Since they are only buying, selling, and sending to two accounts, the liquidity reward is going to someone that is not actually providing liquidity to the on-chain markets.

2) Given the amount of assets they have and the speed at which they are transferring, no 'normal' users have any chance to earn the liquidity reward, thus removing the incentive opportunity for users and as a result, actually hurting liquidity.

Possible Solutions

Liquidity reward algorithm needs to be changed to make it proportional. This 'all-or-nothing' dynamic makes this attack vector possible.

This user(s) SHOULD NOT be punished -- they simply identified an exploit and they have already received quite the bounty for it.

What do you think?

EDIT: Important point on the way the algorithm works from @smooth: