It sounds like they were never given written confirmation for the bonuses. How likely are you to face penalties if you put a "time bomb" in a codebase like this? Something with plausible deniability like let's say like an authentication script that you have to run every 30 days or the program stops working for "security reasons". Also you're the only one who knows where the script is and how to run it.
This won't get you the bonus, it'll just get you possibly sued and/or prison time.
I think a better fix is to just not give to a company what you would regret giving. Don't put in 80 hours a week for months unless you have good reason to think it's going to be worth it and do it with the full knowledge that you might be gambling on the company's generosity.
I mean, you could come back as a contractor and have them pay your rate to show them how to get the authentication script authenticating again. Obviously this isn't ethical.
> Don't put in 80 hours a week for months unless you have good reason to think it's going to be worth it and do it with the full knowledge that you might be gambling on the company's generosity.
I agree. I'm also not 100% convinced the original story is even true.
