tl;dr: ViaBTC didn't check the header merkle root in their P2P client. Sending a block message with an old header and a modified coinbase transaction caused them to SPV mine on the old header for 30s at a time. I responsibly disclosed this to ViaBTC, and they awarded 2000 USDT.
In January, while investigating a misbehaving client on the Bitcoin P2P network, I found a vulnerability in ViaBTC's SPV mining code that allowed a remote attacker to waste their 60 EH/s hashrate by sending a single, crafted Bitcoin P2P message.
https://b10c.me/blog/012-viabtc-spv-vulnerability-disclosure/
Discussion
I guess for next time it might have been better to first email them and ask if it's ok to demonstrate the issue. If they then don't respond, it's still defendable to demonstrate the issue anyway: since it's likely that a malicious actor would figure it out sooner or later and do far more damage.
This does rest on the assumption that your demonstration itself wouldn't draw lots of attention. Which it might have if they had found a very old stale block. So your other suggestion, to use the most recent block, would have been safer. In hindsight anyway. But also more difficult to pull off IIUC.
Also I would suggest that people use a pool with higher bug bounties :-)