SouthernPolish99 There's a strong chance it's an attempt at smearing GrapheneOS by portraying it as being used by criminals. However, their overall story and claim of GrapheneOS failing to protect them are so incredibly weak and without basis that it's hard to understand why someone would make this up to attack the project. It's hard to say.
There's no actual indication of the duress PIN not working as they claim. It's likely they configured it a long time ago and forgot it and made a typo twice in a row while setting it which is a common occurrence for regular PINs leading to people needing to wipe their device. Unlike a regular lock PIN/password, you aren't regularly entering it to avoid it being forgotten. That's part of why it's good to write down a duress PIN/password along with that being a useful way to get someone to enter it if they find a paper with "PIN: 123456" in the wallet and/or phone case.
There's no indication of the device being exploited. Their claim is that the device must have been exploited because they believe there's no other incriminating information beyond what's on the phone. The specific information they're referring to are what they said are Threema messages with what they said has 1 minute deletion enabled so the messages would be deleted, but potentially still around not actually wiped either if Threema doesn't attempt to wipe them or it didn't work due to SSD wear levelling, etc. It's very strange to claim GrapheneOS must have been exploited because they think there's no other way incriminating information on them could have been found. The specific statement they made is that a charge of murder was raised to premeditated murder and they believe that was raised due to them getting their incriminating messages. The simplest explanation is that someone who openly posts all this incriminating stuff about themselves didn't have good opsec and left a lot of evidence they don't realize beyond what's on the phone, or left a way to get into the phone such as a reused PIN/password, etc.