I'm an engineer and I worked in aerospace industry. When you have a system that has a failure, there is always a "root cause and corrective action". I see that a root cause was identified as an unknown vulnerability that existed. The exploitation of that vulnerability didn't affect the accounts, but was effective at shutting down the blockchain.

The missing piece of the explanation is the "corrective action". I see that the fix was put into place, but that is not a corrective action. A corrective action would address why a vulnerability existed for so long and discovered and exploited by a copy and paste scammer. I know that code has bugs and can be difficult to discover every possible vulnerability, but take it from an aerospace engineer, you can go a long way error proofing software.

Besides the corrective action, is there a bounty for finding bugs?

Speaking of bounty. Binance has a bounty fund to pay for those who provide information which brings hackers to justice. Will Steemit Inc do something similar?