1 direct reply

They basically are able to trace some Monero transactions with the help of malicious remote nodes. It's not specifically mentioned in the video but they did hijack DNS entries of previously trusted nodes to infiltrate wallets that used them (for example CakeWallet had one) which made their whole operation much more effective. Through that they are able to know which IP addresses some transactions originate from, assuming they didn't use Tor or a VPN. Their database also includes exchange outputs with which they can eliminate decoys from other transactions (since they can confirm with the exchange that certain outputs in a ring are not spent/spent in another transaction), but also many other heuristics like co-spends. In one of the examples they gave, they could pretty reliably follow the flow of funds, with many mixins eliminated and IP address correlation until they found a spend that had the target's original IP address exposed to their fake node and interacted with a centralized exchange in the past which of course they can subpoena information from. This is basically a combination of a black marble attack (the black marbles being the exchange outputs) and bypassing of Dandelion++ with their fake nodes. However, they also admitted that Monero is at the forefront of blockchain privacy and hard to trace even with their techniques and I presume they picked an example beforehand to not embarrass themselves. Still it shows that FCMP is very much needed. The lesson is, run your own node, and at least use Tor to broadcast transactions. https://github.com/monero-project/monero/blob/master/docs/ANONYMITY_NETWORKS.md