[joosters]

While I doubt that many people check the vendor's public keys, it would just take one person to notice that a vendor has a different public key from another site (for example, AlphaBay, since there must have been lots of users moving to Hansa from there). If they questioned the vendor about it, they'd discover something was wrong. This would then blow the cover of the police, or at the very least be a big red flag showing that the site had been hacked.

In short, I doubt the police did this kind of thing because they risked blowing their cover for the sake of getting some buyers' addresses.

Also, these sites tend to have a big button labelled 'encrypt my message' - which ostensibly does all the PGP for you. I'd guess that most people are lazy and just press this instead of running PGP/GPG manually. It would be trivial for the police to capture the unencrypted messages just by subverting the auto-PGP.