There are other ways to track them than the trail of their BTCs. For instance, did they apply a proper opsec hygiene? Did they brag about it, to friends online or offline?
If I had to guess, the attack was done by a group of people and they split the funds up. Some of them were smarter than others.
It's also possible that the people who have been arrested are simply people who have received stolen goods (knowingly or unknownly). Perhaps they traded something else of value for the Bitcoin and didn't know how dirty it was.
4chan. He wrote it there, afaik from a Twitter comment with screenshot posted many days ago before the Feds announced the kid.
Then bragged about it and went for more accounts. His friends left him when he went for the high profile accounts. I think it was organized on discord.
The mixers keep a ledger outside the blockchain, so no—and a well written one wouldn't store any logs. You could possibly know that someone used a mixer but you wouldn't be able to track from the blockchain where the money came from. It could've come from 1000s of other transactions all with different amounts—none that would trace back to the source funds wallet.
