a pro-hive person who could easily be masking these transactions
just verified this with Steem.js manually BTW, it doesn't appear steemd is lying.
it means that @anonsteem stored the keys of created accounts in their server
They do, it's not a secret. When you create an account with them they generate the private key for you and tell you that you should change it. They also have a big red button you can press to have them delete the keys from their server (although it can't be verified what that actually does). community321 did not change their keys like AnonSteem suggested, so I wouldn't be suprised if they also neglected to push the button to delete the keys.
Of course, it's possible (and likely IMO) that the keys were compromised in some other manner (such as a disgruntled employee or accidentally revealing it somewhere).
Almost like there's a disgruntled person in the KR group that leaks things done in chat to other people (netuoso/exchanges/etc) and the keys were shared in chat.... but no, definitely some form of elite terrorist espionage hacks. People sometimes