There are a large number of ways to unmask visitors using a vpn or even tor, you can use dns requests to do it, javascript, vpn log access, isp access, cookies, browser history, search queries, time attacks, webrtc, google chrome, ads...
My best guesses are that there are patterns that pop up from the IP addresses of VPN connected users that give it away. Weird devices, weird timezones, the more popular the website the more people from the VPN will be connecting and the more obvious it will be from the sheer numbers.<p>But those VPN IPs are not secret, if I can download a list from of damn near every internet ad server and block the vast majority of ads, it wouldn't surprise me is there was a list out there of VPN IPs.