I still think $5,000 is ridiculously low. Lots of research like this fails and it happens you do the work just to be told someone already filled a similar bug before.
Pretty elaborate research indeed, I once filed a very simple, but just as dangerous, stored XSS on www.linkedin.com (with access to cookies) + some other bug, hoping to speedup my Partner API Request, got $400 for the XSS and many weeks later $400 for the other bug too (which took them 6+ months to fix). The $/time wasn't worth it, and of course the Partner API Request got declined without explanation.
It seems to be the market clearing price. Lots of companies think "hey, we offer peanuts and people do all this expensive work for us."
This guy did it to land a job. Hopefully he's done with spec-work like this and his new employer makes sure to negotiate rates ahead of time for security reviews.
Small bounties may not be extremely effective at getting expensive people to work for peanuts but they are very effective at destroying the underground economy where these bugs used to be shared, traded or sold.
Since there is no honor among thieves every buyer has to assume that any bug they buy will also be sold to other buyers. With even a moderate bug bounty in place it becomes a prisoners dilemma for all parties who know of the bug. The first person to disclose the bug captures the bounty and the remaining parties get shut out.
Since everyone in the market has to assume that everyone else is cheating the market collapses. Microsoft has a paper on the economic incentives of the underground economy that covers the topic nicely: