they cant pretend to be the recipient, the way it works is they send a trade with more than 8 items and the trade window only shows 8 so the person accepts it thinking nothing of it, its already fixed in new servers
also it shouldnt be surprising that there are vulnerabilities considering the game has 200k+ lines of code, its not exactly a simple to just go in and fix something with so little information. But I do think this whole thing is extremely overblown, there is at most like 5 different exploiters doing this stuff but the way the announcements and fearmongering is makes it sound like you join the game and your inventory is just instantly gone, its ridiculous