I've noticed this on itwiki, where a filter repeatedly failed to block an LTA trying to autocreate an account. Debugging locally revealed that, for autocreateaccount actions, the performer of the action is a User object identical to the one for the account being created. But the account doesn't exist yet, so it cannot be blocked.
For normal account creations this is not an issue, because the creator is correctly provided as an anonymous user (which BTW leads to T152394).
I'm not sure for how long this has been broken, but even if the relevant code was recently refactored, the block target seems to always have been the same. It's actually possible that the previous code was reporting the block as successful, but I don't think this has ever been the case.