The writer at the end refunds the money and messages Patreon to fix the issue, I think that would go massively in his favour in the rare change it ended up in front of a judge.
I was going to leave this alone, but it's important to point out this is not white hat..
This world still be black hat (or arguably grey hat)...
White hat would have been realizing the possible problem and informing the company without actually making the account (or, with only making the account or prove the link, but not taking money from anyone)
You could possibly argue that if the author "cheated himself" only, that's okay... E.g. paid themselves through patreon... Assuming the author eats the cost difference and doesn't refund.
The author actually defrauded unaware visitors, intentionally, he has caused harm to them, patreon (financially or good will/name), and the money transfer networks; this is at a minimum grey hat... Sure, the end user donating was made whole, but other business entities were harmed... Someone eats that transaction fee.
By stopping. If it is not possible for you to penetrate a service without causing disruption or harm to others, then you stop. You could reach out to the business and say "hey, you should consider checking this out" or asking if they offer some sort of test system for pentesters. But sometimes the result is just to not proceed at all.
If he'd _needed_ to test payment (arguable), he could have created a 'real' account, deleted it, squatted his own deleted account, and sent payments to it himself.
Legal consequences aren't the only form of consequences. In this post the author mentions their (legitimate) business.
If I was a potential customer looking into said business and found this post I would be very offput by the lack of morals. The strongest condemnation we receive for literal theft is they "didn't want to", the author barely even seems to understand why their behavior is immoral.
Did you read the post to the very end?
I don't see anything immoral, he just spotted a weakness in Patreon, warned Patreon and wrote a blog post about it. Nothing wrong here.
The author makes no mention of warning Patreon about this weakness, unless you're counting this blog post as the warning.
They clearly attempted to impersonate the original owner of the page, using a description and artwork suggesting they were the original owner.
The second to last paragraph features the author fantasizing about how much money they could make by defrauding people. Quote: "This plan could be pretty profitable!"
Like yeah, in the end they took down the page and refunded the patron. But the author made the wrong choice at essentially every step prior to that moment.
The author didn't just "spot a weakness in patreon", they attempted to (and managed to) commit wire fraud. The fact they had little success and later returned what they stole is relatively little consolation.