It all depends on the architecture of the application.
The server does not always process all the client's information - it is expensive both in terms of server resources and traffic.
Often the client itself processes what is happening, and only the current statuses are sent to the server, and the task of the server is to check how much real data the client sends to it.
Since it’s not realistic to check everything, there are opportunities to fake it somewhere, but such anomalies are usually logged and sooner or later they will pay attention to it.
For the most part, in any online game you can "fake" but with constant incidents, they will simply be banned.
The older the game, the more difficult it is to find a loophole, because for the most part, over the years, everything has already been closed.
In all games, such an anomaly as "a sharp replenishment of the in-game currency" is monitored - that is, you had 10 "coins" became 100kkkk.

1) Absolutely in any protection there is a hole, it will be very scary or so-so.
2) The stronger and more serious the defense, the less comfort the player has.
3) Some (statistics are silent, but there are many arguments) developers specifically do not patch holes for some time and do not ban cheaters in order to cut down the dough with a wave of bans on purchases of new copies of the game. *
4) Many developers rely on third-party anti-cheats, but this is often the same as trying to block the road with a traffic light.

IMHO there is not only the technical side
, let's say for a long time people told me that he has 50 bots in wow, they collect resources and the mass ban comes before the sale, he updates the bots and then lives quietly
, there are translations on Habré such:
https://habrahabr.ru /post/302394/

In itself, the fact that the server is authoritative (authoritarian is a political regime) is not a panacea.
What can cheaters do even if all the logic is on the server?
- Automate what the player should do on the client. Hence the aimbots and stuff like auto-finishing creeps in DotA.
- Tweak the transparency parameter in the client engine. Oops, now the walls interfere with us much less
- Highlight on the client what should not be not very noticeable. The enemy is hiding behind the box, so only one pixel is visible - let's show this in bright red letters.
That is, we can cheat in a very wide range even in the case of an ideal server. And if we remember that, for performance reasons, we still have to give the client a little more than the player sees at the moment, then we get an even greater number of possible automations and Volhaks.
It is impossible to completely avoid any cheating in practice. The creation of anti-cheating systems is limited
by - cost
- user convenience