[meowface]

Why wouldn't they? To me it seems unthinkable they wouldn't invest significant resources into such an investigation, and I could think of plenty of ways they could narrow down suspects. There's a trade-off between potential reward and decreased exposure risk, there. Also, as stated by others, they'd already need to have significant (fiat) capital, and ideally a history of trading (else they'll automatically be near or at the top of the suspects list), which seems unlikely to me.

People with enough money to be investing regularly also probably don't need to orchestrate elaborate smash-and-grab cybercons to make money. People in such a position would already be doing fine and would have the added bonus of never fearing going to jail. I suspect whoever did this likely doesn't have much fiat money, or if they do, it's probably mostly dirty money which wouldn't be feasible to invest with.

Here, there's no risk/reward trade-off like there would be from shorting. It's a much more scalable attack: every additional hijacking results in additional expected value, but no additional risk. With some form of stock betting, the more you scale it up (in terms of reward potential), the more the activity would stand out.

I think the attackers made the smartest possible decision, given what they had/could do, if their goal was purely total profit (plus not getting caught). If their primary goal wasn't money, then it's certainly a squandered opportunity, but most criminals are just in it for the money.