There is a leak video from Chainalysis, they basically deploy rogue nodes or reverse proxies able to capture IP address along with the monero tx. Before reading the article, I suggest to watch that leak before.

Related: Chainalysis Successful Deanonymization Attack on Monero – https://darkwebinformer.com/chainalysis-successful-deanonymi...

Basically, Chainalisys was able to gather more offchain metadata (IP in this case by setting ip-logging nodes) that then helped them narrow down some heuristics to try to guess some things on the blockchain. From the leaked video, they can't trace nothing and they say "Monero is awesome". Cool.

The article doesn't really explain how that helps Chainanalysis to track the transactions.

Reminds me of this case: https://b10c.me/observations/06-linkinglion/

Btw, I wish Satoshi thought more of the concept of nodes' reputation so you can somewhat know how efficient and legitimate the node is.

Thank you for the investigation. It was very well done.

Finland has recently a significant attack against one of Finland's largest psychotherapy clinics, Vastaamo, The criminal stole all personal information + therapy notes, then started to blackmail company and patients (over 20k victims, many of them very vulnerable, leading to suicides).

National Bureau of Investigation traced the hacker trough Monero transaction. First they sent 0.1 Bitcoin to the blackmailer's address and used that for statistical analysis tracing the money into and out of Monero.

ps.

The police unecrypted 64-character password was used to protect sensitive data on his hard drive. It was not random enough.

They 'took fingerprint' from a digital imange and used it for identification. The criminal on the run took a photo showing only his hand holding a glass. It was enough to see a fingerprint.