I think you misunderstood what they are tracking. Google would still see him login into his gmail account from a know VPN provider IP address. And Google is the entity logging and sharing logs, not the VPN provider.
Possibly. The document doesn't say exactly how, but I was thinking of a scenario where SBF received an email from a VPN company, since email metadata can be collected under the Pen Register Act. Though what you said about Google logging IPs might be the case instead.