Few additional suggestion :
Adding "Altcoin Development & Technical Discussion" section/child board since there are many great technology that altcoin have/use and few members began to talk about altcoin technology anyway. But disabling signature might be necessary to prevent spam.
Implement automatic account recovery with signed message when user lost account access, but already set and verify their Bitcoin address on profile information.
Add 2FA security option.
More strict punishment for spam/sharing FUD on Development & Technical Discussion, Mining, Bitcoin Technical Support and Serious discussion (along with it's child boards)
Two report buttons/queues: one for sig spam and low quality posts and one everything else that is more urgent (hundreds of reports on spam posts are currently burying more important reports).
I think choosing category such a spam, wrong section, sharing FUD and others when report would be better.
A sub board for highly merited users to encourage constructive topics only by users who have proven their worth here over time (or make the Ivory Tower merit requirement much higher [OMG ITS LIKE SOVIET RUSSIA GULAG]).
With the amount of thread/post on Ivory tower, i think it's not needed for now.
I found it best to completely avoid any of the established captcha providers. Back when I used to run a phpBB, I had a little-known visual captcha called KittenAuth. It basically gave you 9 pictures in a 3x3 grid and the default setting was to select only the kittens. But you could change the pictures to something more thematically appropriate for your site. I found that far more effective than any other captcha I've ever encountered. Only human beings got through after that.
The safest bet is to make a totally proprietary one. The more obscure, the better.
I don't how long ago this was but captcha solving has really moved on in just the last 4 or 5 months I've been involved with trying to fight bots. Something like that with a 3x3 grid they would just brute force like they do with reCAPTCHA. There's only a certain number of combinations and they have a powerful backend server just trying until it gets a token to pass to a worker bot.
Back to the matter in hand we already know that these spambots can log in, so they must already have the ability to solve reCAPTHCHA so asking them to do it again to post will not make any difference to them. They just need to add a couple of lines to their script.
The bottom line is if there is a financial incentive to do so someone will find a way to defeat any type of captcha.
Implement cooldown (which increase each time if user/bot keep making mistake) when user/bot answer reCAPTCHA wrong should work/reduce the problem.