I have seen recaptcha v3 bypassed with seemingly little effort by financially motivated spammers. I have also seen them spin up large numbers of Gmail accounts for email verification. I'm curious what people have tried that actually worked.
Can't speak for anyone else but we recently implemented V3 with V2 as a fallback entirely to help mitigate DDoS attacks. Haven't been hit with another one yet but I have a feeling it will be sufficient.
No luck in this situation. They were making ~$0.50-$1.00 per hit, and the captcha only slowed them down for a couple hours. The only think that stopped it was shutting down the source of the income, so legitimate users lost out.
