http://qspace.qu.edu.qa/handle/10576/5797
It is interesting to note that blockchain analysis is such a problem that it can actually jeaprodize the anonymity of Tor users.
Good thing multisig and subaddresses are coming to Monero very soon (next wallet release).
Sounds like dumbasses linked a BTC wallet on social media or forums then used that wallet or one associated with it to send funds to the darknet. This is user error.