The Twitter hack is pretty wild. The number and profile of those affected make me think they've got deep internal access at Twitter. I wonder why they wouldn't use a separate BTC address for each Twitter account though.
The only advantage would be in then being able to determine which accounts most successfully managed to trick other users, but it would have resulted in more work (and fees) for them dealing with the money later. They already used a BECH32 address, so it seems they knew what they were doing BTC-wise and were minimising fees. Incidentally this may be both the biggest social media compromise we've seen so far, with the smallest reward (only $116k in total).