This type of tracing is only possible because it appears the attacker was using a Monerujo wallet with the PocketChange feature enabled, and the input selection algorithm with PocketChange enabled is so horribly busted that at every single step of the withdraw/churn, each tx had at least half a dozen rings with input members from the same originating transaction. Most transactions on-chain do NOT look like this.
This type of tracing is only possible because it appears the attacker was using a Monerujo wallet with the PocketChange feature enabled, and the input selection algorithm with PocketChange enabled is so horribly busted that at every single step of the withdraw/churn, each tx had at least half a dozen rings with input members from the same originating transaction. Most transactions on-chain do NOT look like this.