Given how many accounts were compromised I'm betting the attack was automated. The scammers may have considered what compromising certain of the accounts could be worth, but were more interested in making sure they couldn't get caught than making the biggest possible score.
The problem with doing something like sending a tweet as Musk mentioning a recall of Model 3s is that in order to profit from that you'd need to make market transactions both before and after the tweet to cash in. You either need a LOT of cash to have sufficient margin to borrow a lot of shares to sell short, or do something that stands out even more obviously using options. And you need to have some way of cashing out before your account gets frozen. Not just cashing out of your market account, but getting the money to somewhere the SEC can't touch it anywhere in the world.
While I'm sure that's doable if you have sufficient knowledge of the international banking system, it isn't going to be as easy to do as moving bitcoin from one wallet to another. Its kind of like saying "if you're gonna rob a bank why not rob the US mint since there's a lot more money there?"
The timing of the exploit was also right around when a lot of Twitter employees would be commuting home. Maybe that was a coincidence, or maybe that was deliberate in an attempt to maximize the time it would take for them to figure out what was going on and stop it. That unfortunately conflicts with the timing required to execute stock market shenanigans (though I guess they could have tried them at the market open)