the right thing to do would be alerting the webmaster to that flaw
This has been done several days in advance, CasinoBit claimed there was no flaw, so then some people just started to suggest to withdraw everything with personal observations on what happened.
If you would've read both threads of this site you would've known that this investment = profit bug was reported to CasinoBit and posted publicly before.
EDIT: Thanks for posting the URL to that other thread of tmbp: the site advertised there is hosted on the exact same server CasinoBit used to be on.
inb4 "shared host" which 1. is not true and 2.: so first you say you have experience with DDoS 'n shit but then it is hosted on a shared host, and @CasinoBit, who is obviously not you @tmbp, why were/are you hosting that site on a shared webhost.
^^^^
must be the same person.