Based on the sophistication we've seen, they probably used Mullvad for their VPN. In that case, a subpoena wouldn't turn up anything.

I don’t know if it’s been tried, but if not it would be in everyone’s interest to see what Mullvad will actually cough up.

I have seen NordVPN’s response to a subpoena. Their response was that they had no records connecting an IP address at a specific date/time to any particular person.

it would be the end of their business if they did, as they have a strict no retention policy. This would mean they are lying to all their customers, so it is not going to happen.