I shared the CoinDesk article without reading it closely. The Block did a better job describing the issue:

Bitcoin money laundering suspect arrested by Dutch police
https://www.theblock.co/post/169860/bitcoin-money-laundering-suspect-arrested-by-dutch-police

Using Google Translate:

The police tracked down the man after stolen bitcoins from a rogue software update of Electrum wallet ended up with him.

https://www.politie.nl/nieuws/2022/september/13/03-man-opgepakt-witwassen-cryptovaluta.html

Likely this problem. Older releases of Electrum (prior to v4.0) permitted a message to be displayed by the back-end Electrum server.

When this happens, the attackers instruct the server to show a popup on the user's screen, instructing the user to access an URL and download and install an Electrum wallet app update.

Bitcoin wallet update trick has netted criminals more than $22 million
https://www.zdnet.com/article/bitcoin-wallet-trick-has-netted-criminals-more-than-22-million/

See also:
https://bitcointalk.org/index.php?topic=5271122.20