It has been requested that I should clarify my post. As I initial disclosed 'cfd camper' is a bot for exploiting a bug which I had found in the CFD implementation. The bug and the associated attack are limited entirely to 'CFD' type bets, no other protocol functionality is, or ever was at risk.

I have written a technical analysis of the bug and the associated attack, which can be found here: https://xcpfeeds.info/cfd_attack/