For background, I have 25 years of experience in IT, mostly in endpoint management but I do know systems and have participated in large projects for multiple Fortune 500 companies. Some serious issues have been highlighted because of this incident from a systems operation and control perspective. I do not have insight into how Alex is running his operation so there I am probably making multiple false assumptions. The point is that the questions are being raised, not that I am providing answers to them.
1. It appears there is a systems-wide lack of verification and process control with regards to player actions. Apparently a player was able to spawn massive amounts of resources without admin notification. This implies that there are no processes in place with regards to potential abuse vectors. I'm talking about a scheduled process/script that monitors resources and production by comparing current production to long-term trends and against outlying potentials (i.e. 1st and 2nd std dev potentials). Since there are theoretical limits to the amount of change that *could* occur to production in game (i.e., maximum production capability per nation and game-wide) this is simply a programming problem, and does not have any problem in implementation. It's totally doable and the apparent fact that it hasn't been done is concerning.
2. It also appears that there is documented proof of a similar exploit in use in a prior self-reported example by the original perpetrator. This points to a lack of control over session interaction with clients and the game system itself. I can only assume from face value and the example of nuking an opponent twice by simultaneously employing two separate and discreet clients that there is no system in place for identifying unique sessions and therefore multiple clients could indeed interact with the game within a relatively short period of time and conduct the same operation without failure. This points to a lack of database interaction control. Again, this is simply a systems design and programming problem, not an implementation problem unless the game system itself is really limiting the implementation.
3. The kicker for me is that this is a for-profit operation. There is an expectation by a paying customer that the game will operate within a set of expected behavior - that is, that you will gain an advantage by purchasing something within the game that someone will not be able to gain for free. Obviously this exploit calls this expectation into question and raises the most important problem of all: that the fundamental balance of the game is easily exploitable because of poor design and implementation. While I have purchased credits in the past I will no longer do so due to the serious administrative impact this exploit has highlighted.
In short, this game needs to be run better. Things like this are avoidable. If asked for my advice it would be to hire professional staff to constantly evaluate the backend operation and question where potential exploits might be found, build reporting and verification systems to highlight exploits that were never considered, and to be more responsive to reports of exploits. LOL, I'm shaking my head that the original report was not acted upon from a systems perspective. To continue to allow customers to purchase credits while not addressing that issue is unethical and highly problematic.
TL;DR, old man rants about things he cannot easily change. Thanks for coming to my TED talk.