That is done by websites like 2Captcha.com, which basically provide API for spammers to send the CAPTCHA over to their server and the sender is issued a key so that they can get the Google CAPTCHA Token (discussed later). 2Captcha pay human operators (from countries where per capita income is low), and the human operator solves the CAPTCHA. After solving CAPTCHA, google issues a token (kind of key, which proves that the user is not a robot). This token is received by 2Captcha and they update the database. On the other hand, the spammer keeps hitting the URL after few seconds in order to get the Google token.
In such a way, they just bypass the thing. The only way it doesn't work when the IP doesn't match up. As of now, Google reCAPTCHA v2 doesn't require the IP of the user who wants the CAPTCHA solved and the one who really solved it (However, if the spammer uses proxy, that is bypassed again).
(For more info, visit the website and you will understand how it works).
Funny things, how technology has moved on. Spammers have taken solving CAPTCHA as a challenge and they are always trying to improve things. Hopefully in some way, some day, spammer stop spamming (well, then technically, yes, they wouldn't be called spammers).
Related and interesting video I had seen few months ago:
By the way, are these two: (this and this) profile users belong to a single person?