Article mentions "ELEET" which I assume means their $1,337 bounty.

Well, eleet would be $31337.-

However in Google's case their top bounty is $3133.70

I got 3,133.70 :)

Why would there be a bounty on basically a brute force attack?

Felt legit to me. Sites can, should, and do take steps to mitigate brute force attacks, his approach showed some shortcomings in those steps, e.g. they already only allow 3 bad PINs per call, but he showed that by hanging up immediately after the 3rd bad PIN they make it relatively trivial for the attacker to detect the failure. He also demonstrated that due to the partial phone number masking in the UI the attack could be done from an apparently trusted phone number.

Because it was effective and he told them?

You have a point, I wasn’t expecting a bounty at all. I believe they valued the additional proposed attack vectors, the detailed report and highliting a number of issues that could be fixed to hardening the service. I found that Google values researches and reports beyonf RCEs

Probably because no google engineer recognized it as an attack vector.

Why should any service allow a brute force attack? I can't brute force my bank pin, and I can't brute force my google password.

Because combining some smart/interesting methods make the brute force viable in a small enough time frame.