I'll live. I'm not begging. No need to apologize. I treated this exactly how I would want my website to be treated as well.
I just think it's wild to claim military security and have 2fa backups dump without reauthenticating. Then on top of that claim that is how it's supposed to function. Then offer $50 but demand personal information. It's just an experience that needs to be documented IMO. That's worth far more than the $6,000 cap on bug bounties.
- F*ck, this guy talks so much, pay his shit and make him shut up.
How about:
- Hey, this guy found a major flaw in our securities logic that put our customers at risks that could/would result in coins being lost & customers possibly physically hurt. We fixed it asap. Our bug bounty says $2,000-$6,000. Lets do what we say we will do.
Not:
- Uhhh the feature performs as intended.
(1 day later)
- Actually we fixed it because we already knew about it and Google does it this way too. (Google does not)
- Here is $50 for trying so hard, but... we need all your personal info to pay you $50 or you get jack shit! Welcome to the Bitcoin community, thanks for making our website and community more strong... let us know if you see anything else! *an heros *
I just can't stand getting fed bullshit & lies. Please don't confuse my bitching as begging. End of the day, I would have given them this for free... I just dislike the deceptive bullshit.