Hi there, I’ve been having the same issue this past week with spam on WF forms.
After investigating why reCaptcha wasn’t blocking the spam on my form, I checked my reCaptcha account console & in my case I had exceeded the 10,000 free monthly assessments without having billing details supplied to Google for this site key, so I would assume it was because I had surpassed the free monthly 10,000 assessments quota & reCaptcha was simply letting the spam mails go through now.
Last week, I noticed that multiple sites of mine had the recaptcha site/secret key fields reset. The fields were blank and the toggle switch was positioned to “off”. Not sure if this happened due to reaching a quota, but strange that everything was turned off automatically.
I was seeing an increase in Spam and like other people have said I have reCaptcha set up.
Within reCaptcha settings I notice within “Security Preference” I could update this another level to “Most secure” after doing this it has been the first 24 hours since I have had zero spam through.
Not sure if this is just a coincidence or has helped but worth checking and updating see if this helps anyone else 
I shared a quick and easy solution that’s an alternative to using Basin that filters out 100% of the bot generated spam in another thread - link below:
Since I’m a small freelancer with just a few clients, that’s a good idea to use a single Basin account, cheers.
Overall hope there will be a solution from Webflow, also reading others.
