Apparently, he leaked the email address in an early email sent to site users. It contained his real first name and birth year, and he used the address on several other sites.

When he was busted he was logged in to the site, and had several passwords/keys stored in plaintext on his machine.

Multiple OpSec failures.

Good analysis here: https://medium.com/@thegrugq/dark-net-trap-545ae5dd8476