They could receive the private keys from Theema directly, but they also have access to Kocner's phone so they could extract it from there.

This is an investigation of high-profile murder so I assume they have resources to do either of these.

They did not break Threema's encryption. They simply extracted the database from the unlocked iPhone of the target person.