Over $200 million worth of users' funds could have been at risk if the whitehat had chosen to exploit the vulnerability for personal gain instead of reporting it to developers.