Not a geek, so I could be wrong
Not exactly. The Feds first tracked down someone who was running a child porn site out of Nebraska. They seized his computer equipment and then created malware to install on that computer equipment which then took a digital fingerprint, if you will, of each visitor to that website.
Funny thing about this is that the Feds gathered this evidence almost by accident. Had the 31 year old webmaster of the Tor end point not stupidly left his administrator password unsecured, the Feds likely would’ve never found him. This was literally a “lucky break” in a case. They’d likely still be searching today.