Theory: Andresen met with Wright on Wright's terms, in a hotel conference room prepared and controlled by Wright. Wright anticipated that Andresen would ask for a clean-room laptop to work with. One of two things happened: either (a) Wright had his "assistant" go out and "shop" for a "brand-new" laptop that was actually a pre-bought laptop with a modified copy of Electrum on it. This is the copy of Electrum that was running when Andresen thought that his freshly-downloaded copy was running. Or (b) Wright actually did have a clean laptop bought, but suggested that Andresen connect to a Wi-Fi Network set up and controlled by Wright with a password provided by Wright, by which he then provided the false copy of Electrum through a MITM attack.

Both scenarios require the ability to modify Electrum in a deceptive way (presuming Andresen is familiar with Electrum and uses it frequently). The complexity of either scenario would require considerable literacy both with networking and code, and perhaps months of practice to make sure everything went off without a hitch. Thus, they seem pretty implausible. But if anything out of this scenario is true, I give props to the guy for really committing, you know?