... it certainly works with companies like google. They offer $1337 for security vuln reporting which is a pittance compared to the gain of selling exploits on the black market, but they pay out in the majority of breaches: it usually isn't found in the wild.
This is a good point because reputation/accolades can be a far more valuable motivator than even the largest jackpot.
That $1337 ("elite") payment from one of the biggest companies in the online business garners significant bragging rights far beyond the measly monetary value handed over.
These no-name exchanges are operating from the opposite angle - they've got no clout or history and would need to compensate by upping the pot and/or adding other incentives.
Not to mention, again, that a bounty on the end product is the wrong way to approach security. It can play a part, but effective security is a process that starts before development, continues through operations, and is continuously applied as long as the business remains a going concern.