It's very unfortunate but such an obvious case it falls to the campaign manager, they're being paid to prevent such basic scam which includes verifying that the user is wearing the signature.
Therefore, @Hhampuz and @Royse777 must compensate the company for the past weeks or at least pay to developer (out of their own money) to create a bot to verify that users in the campaign do not modify them signature during the campaign period, any modification will be sent to the campaign manager.
It is indeed an unfortunate incident! Compensating the company is their sole decision. To prevent the selection of such unethical members, they both need to re-evaluate their current onboarding process Both of them have a good reputation and big client base. Anymore incident like this one in the future will hamper their reputation as BM.