We talked about ways to close the loophole in the earnings distribution algorithm.

Ideally, the earnings would be distributed to every holder on every transaction. However, that would require a lot of gas. The required amount may exceed the block gas limit. This is unacceptable, so we have implemented a workaround.

We randomly select 256 holders for each distribution. However, it's possible for the exploiter to buy very small amounts from multiple addresses, thus increasing his/her chance to appear in the distribution. There are two ways to fix this.

First, introduce a min amount for participation. This would increase the cost of the exploit to a point where the exploiter becomes a legit holder (puts a lot of money into the contract). 

Second, randomize the "step" variable, so that the selection is not contiguous. This way, exploiter couldn't benefit from securing a contiguous array of addresses.

We're currently working on implementing those fixes.