There are a lot of unethical and illegal things that will earn more money than bug bounties. Some, like posting fake "elon musk giving away ETH" tweets, don't even require finding a security vulnerability. Twitter should increase their bounties to incentivize reporting and auditing, but they're never going to win a bidding war with state-sponsored vulnerability markets.

Exactly. And it's not even 3K, it's "280-2940", and well can be argued to be of low importance, because it's "a misused feature, and not a critical bug" (I remember exactly that happening with WhatsApp or Telegram — not sure which it was — after somebody brute-forced phone numbers to collect accounts exactly the same way; and unlike Twitter, they even have a less made-up reason to have your number). Even if you are relatively law-abiding person you have to be absolutely crazy to be expected to collect measly $300-3000 and restraint yourself from finding out Donald Trump's personal phone number.