That depends: it wouldn’t matter how much they pay in bounties if the bounty hunter is double dipping by reporting the bug & also exploiting it for sellable data. Not saying that’s what happened here though.
I mean if you're offering much more money for the bounty than could be earned on the blackmarket the hacker probably won't want to take the risk of double dipping.