What would you expect HackerOne to do in the situation you describe? You filed a duplicate report. All of the malfeasance you allege is coming from Portswigger.
No idea which one it was, or both. 23K isn't something to sneeze at though, and would be plenty of incentive for the folk at Portswigger to work with douchebags like whoever this shubby dude is in order to collect these bounties.
24K for one bounty... or sell $299 licenses to nerds.. hmm, which one is more profitable...
24K for one bounty... or sell $299 licenses to nerds.. hmm, which one is more profitable...