Article: https://medium.com/@nbax/tracing-the-wannacry-2-0-monero-transactions-d8c1e5129dc1
I think it's important to remember that Monero was a total mess by comparison back then. Among other things, it allowed:
- Unencrypted payment IDs
- Arbitrary ringsizes >2
- Optional RingCT
That said, I have absolutely no idea what the Lazarus group was doing here. I'm in disbelief as they:
- Used a very odd transaction graph
- Sent XMR back to the exchange they bought it from
- Cashed out to a single BCH address