If this is the case, the simple bitcoin scam might make sense as a quick way to cash in before an obvious exploit is patched? Compared to the speculation of hidden agendas at least.

I feel like a bug report might make more sense in that case though...

Yep, that won't be a coincidence. Also a bit relieving because this means that probably there was no access to DMs etc. before the rollout of this feature.

This would be sweeter if TwitterDev was now compromised.