I have heard that Trump's account has extra protections around it that presumably prevent even staff from accessing it, in which case if this was a staff account compromise it would make sense that they can't touch Trump's account.

Another possibility is that they are indeed just after the money and compromising Trump's account would prompt a faster response from Twitter (possibly taking down the entire account or platform) and reduce the effectiveness of the scam.

Trump's account might have been the final one targeted, locking the attacker out from messing with any additional accounts. If a Twitter employee is messing with famous accounts in an unauthorized way, automatically stopping the employee would be reasonable.

I've heard of this feature existing with the software used by phone companies and hospitals. Employees who poke around looking at famous people soon get locked out of the system.