I think the above would pass the test of not being blackmail, while still being reasonably compensated for your time/skills.
Blackmail? No. Extortion? Absolutely.
It's almost as classic as the "What a nice car you have there. It would be shamed it it got scratched. How about you give me $5 to keep an eye on it"
Edit: As xetsr noted, he even explicitly threatened to sell the exploitThis couldn't be more black and white.
The fact is that gambling sites are for-profit entities, and giving advice as to how to prevent yourself from getting robbed when large amounts of money is at stake should not be given for free. These sites should invest in the time/effort to prevent these kinds of exploits from existing in the first place.
As a professional security researcher if I ever did what subSTRAT did, the absolute minimum I'd be looking at is immediate dismissal. He is free to offer his services to a site for a fee, but the veiled threats and withholding an exploit. He even goes on to explicitly say how much money he believes his exploit could be used to steal.
The correct course of action would've been him to responsibly disclose to the site admins that problem. Wait for them to fix it. Then ask them for a bounty. And if he's unhappy with the bounty cry foul and rave how much he hates the site and feels ripped off.
Why does he need to give up the information first? I don't see any reason why the OP needs to disclose the entire exploit prior to making any arrangement. If the owner of the site is not willing to pay the amount that the person who found the exploit wants for it then I don't see any reason why he should be forced to give up the information for less then what he thinks it is worth.
Explaining how much he thinks someone using the exploit could steal from the site is, IMO, something that would allow the owner of the site to gage how much would be reasonable to pay for such information.
I think that it is important to be very clear that you have no intention of either using the exploit yourself or disclosing it to other third parties. This is important because I am not trying to defend the OP from trying to sell the exploit.
Stating the fact that someone else could potentially find the same exploit is a true statement, and is relevant if nothing more then public information was used to find such exploit as it means that the person soliciting the bounty for the exploit simple staying silent may not be sufficient to protect the site from getting robbed.