You followed the correct reporting instructions.

https://www.fiverr.com/.well-known/security.txt only has "Contact: [email protected]" and in their help pages they say "Fiverr operates a Bug Bounty program in collaboration with BugCrowd. If you discover a vulnerability, please reach out to [email protected] to receive information about how to participate in our program."