GrapheneOS has never concealed this information, it has been publicly accessible on the GrapheneOS website for years, as an article describing the projects history. https://grapheneos.org/history/

Deleting signing keys under threat of a hostile takeover is the responsible thing to do.