It sounds like you’re talking about the bot that’s impersonating Nightbot Authentication. Twitch are already aware of it.
And just for clarification, no “hacking” is involved. They used social engineering to fool users into giving them an OAuth token with the scope to connect to chat as that users account.
At the very least this should be a good learning experience for anyone who fell for it. People have learned by now to never give out their login details, but are so willing to authorise apps that ask for far over-reaching scopes, and still have old/unused/defunct apps still connected that are a potential security risk.
Honestly I’m surprised it’s taken so long for something like this to become the issue that it currently it. Anyone here remember the days of users trying to impersonate Q or Quakenet, or NickServ on other networks?