This type of tracing is only possible because it appears the attacker was using a Monerujo wallet with the PocketChange feature enabled, and the input selection algorithm with PocketChange enabled is so horribly busted that at every single step of the withdraw/churn, each tx had at least half a dozen rings with input members from the same originating transaction. Most transactions on-chain do NOT look like this.
Yes we can, it’s not perfect.
Here is how:
https://moonstoneresearch.com/2023/11/03/Postmortem-of-Monero-CCS-Hack.html
This type of tracing is only possible because it appears the attacker was using a Monerujo wallet with the PocketChange feature enabled, and the input selection algorithm with PocketChange enabled is so horribly busted that at every single step of the withdraw/churn, each tx had at least half a dozen rings with input members from the same originating transaction. Most transactions on-chain do NOT look like this.
This certainty cannot be used to put someone in prison as it is just probability based and relies on known data available by possessing a view key.
So outside of this any “tracing” it basically useless and total FUD.