One theory that I don't see mentioned yet is that someone used an upload to pypi to exfiltrate data or simply as a way to upload arbitrary data somewhere. In a sense pypi is just a file hosting service, so it could have nothing to do with any actual python projects at all.
Interesting approach to data exfil. Though it seems predictable that exactly this kind of subpoena would be issued. If you can predict it, you can probably mitigate it.
Which means the subpoena would only be useful if the criminals made an opsec mistake. That is generally how most sophisticated criminals get caught, but here it feels like anyone inventive enough to try will probably also be prudent enough not to leave a trail.
