The thing Luis found is IP-address leak through externally loaded content. A guild/tournament/profile page allows user-controlled external images or embeds. Anyone viewing the page leaks their IP to the host of that image.
So this is why content has to be approved before publishing it to SPL, the recent change. Paying 5k for it is nonsense if you ask me. And the fact that you can agree and pay put 5k without ask is terrifying xD ok maybe it's peanuts for you. Anyhow i would reward Luis with 1k as finders fee

Question is, why Sylar didnt find it? Isn't this a part of his job? What do you do in team Hive account@sylar1 ? Hive account@sylar? If you still are in. Do you think 5k is adequate for this?