The speculation in Bill Cole's comment linked below isn't nearly as exciting/spooky/twisty as some others, but after reading is the one I find most convincing: http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/comment-page-1/#comment-255908