1. The method of Tor bypass is confusing to me: "law enforcement reviewed the source code of Welcome to Video's homepage, which could be viewed by right-clicking on the website and selecting 'View Page Source.' In reviewing the source code, law enforcement discovered that Welcome to Video failed to conceal one of its IP addresses, 121.185.153.64." This sounds different from the deanonymization attacks we've seen in the past (e.g., tricking the server software into making an unproxied network request). Any idea what this might be referring to?

Could just be a shoddy site construction where the site's source code had the ip address hard-coded for some reason. This happens when something is hard-coded in development and then not changed when moved to production.

Perhaps on their dev site they wanted their website to connect to the live api server and see how it handled real data and forgot to obscure it later. Or some resource on the server was directly linked. It's not a usually way to deanonymize because you have to fuck up pretty bad to make that error, it's like having your radiation suit fail because you forgot to zip up your fly.

1. It is unclear to me whether the FBI has the ability to deanonymize washed Bitcoin. Maybe someone with more Bitcoin knowledge can glean this from the filings? There's a reference to coin washing ("darknet mixing service") on page 16 of the asset forfeiture filing, but I can't tell whether they were able to reverse the mixing.

They probably can't unless the washing was done very poorly. Alternatively they could have transacted in monero or some better fit for purpose privacy coin. Using bitcoin for anonymous transactions is very stupid.

1. How effective is something like Monero against KYC?

Very effective so long as the network is maintained.