Hi. Someone that I know has discovered a "bug" in one of the major casino's payout systems. This person has been able to use this bug two times over a six month period which resulted in about $10k of payments, total. That demonstrates that the exploit is repeatable and that it's been around for at least 6 months. The reason that this person hasn't done it more often is because it is a very specific set of circumstances that must present themselves in order to exploit the bug. While the circumstances may be very specific, they aren't necessarily rare and it would be safe to assume that the circumstances could be created more frequently if one were to really try. This bug also isn't caused by a certain game studio. It is 100% a vulnerability in this casino's systems.
The person who discovered this would like to tell the casino, but also feels like they should be compensated for something like this. It's pretty standard practice in many industries to pay people for discovering bugs or vulnerabilities in their processes or systems. This person feels that this isn't any different. If that person, who is a pretty small stakes gambler was able to take advantage of it, there's no telling how many more also have or will in the future.
The person would like to be able to tell the casino about the bug, receive immunity from any penalties (financial or legal) related to the bug, fair compensation for the information.
Does anyone have any helpful info for this person?
Thanks.