Having constructed raw bitcoin transactions (createrawtransaction API), I can report that it is very easy to have a bug that creates a huge unintended fee.
Let’s say we have an input worth $1000 and we want to spent $100. If our code naively creates a raw tx with input = 1000 and output = 100, then the remaining $900 becomes the fee.
Instead, we would need to provide a second change output, worth say $899, and so then 1000-100-899 = $1 fee.
Most wallet APIs just provide a “fee” field to make it easier, but the raw API does not, and I’ve heard various devs have gotten in trouble that way… though one imagines that they learn quickly.
Seems it would need either collusion with a winning miner beforehand (pretty hard)
Very hard. Even if a large miner (or pool) attempts this trick, the most likely outcome is still that they just lose the funds to another miner.