I put some money on it, made a few bids (both on the rolex and the BTC) and was the winner for a bit, but there seem to be some multi accounts still, they have really fake-y names and they stole the auction in a second.
How did they pass the 2FA? Fake numbers?
Unfortunately that seems to be the case. We are taking steps to ban both spammy email domains (yopmail.com, among others) aswell as known SMS web receiving systems' numbers in order to prevent this in the future.
But as we don't have any proof we won't be stopping this auction, we just hope the winner will come forward to claim the prize.