I believe I have found a major security flaw in a companies bitcoin system. I am no cryptologist but the flaw is not a technical one, it is more a procedural weakness. I asked if they were aware of a problem related to this and they said no and could I elaborate. There is a small bounty for finding "bugs" but this basically undermines their whole purpose. They are small but do have a lot of press about their new system.  How should I approach the situation.