So I can see several sides of this and there's some nuance to be considered:
Our Immunefi Bug Bounty cites up to 333k in compensation, paid for in OHM, for exploits that lead to toss of funds. It cites all the contracts that are in-scope for that offer.
As I read it, the contract that was exploited doesn't actually fall under that bounty as it's part of the Bond Protocol Repo and went through their auditing channels:
That said, 0xwatermelon has essentially asked for an OTC and has also shown good faith by already having returned the funds. They've asked for $250k which is less than what would have been offered if the contract had fallen under ImmuneFi and also asked to be compensated in DAI.
So just speaking to this specific exploit that was found and demonstrated to work, I think compensation is in order and an OTC offer can be made since it's out of scope. That said, I also think some internal discussion can be had with Bond Protocol since the contract exists within their repo and wasn't specifically for Olympus but part of their core suite.
Both teams can consider if the ask is tenable and then sort out how best to fund it given responsibility. Olympus and Bond are partners but also separate entities with separate stakeholders so there will need to be consideration.
Also, this contract falls within scope for the Code4Arena contest seen here:
I could see a world where compensation is split between the allocated contest payout as well as some OTC on top.