Is anonymity vulnerable in this situation?

Let's say I buy Litecoin from a KYC exchange.

I then use Cakewallet to exchange the LTC for Monero (they keep transaction records including info about the LTC and XMR address and input).

I then buy a few things using the same Monero from another person (so a few transactions on the chain).

This person gets compromised (PC/XMR wallet confiscated).

How hard would it be for the people who have the confiscated wallet to de-anonymize this customer? If they look at the blockchain and they see transactions involving the confiscated wallet, would they not see the rings with all the potential TXID's of the customer? If they looked at these transactions for recurring TXIDs (the customer bought things multiple times), couldn't they assume that the recurring TXID was the actual TXID being used to send monero to the stealth address by another individual (the customer)?

They could then sweep all the known exchanges for info regarding transactions involving this specific TXID and find the LTC-to-Monero exchange ID, which would lead them back to the last person to buy the LTC before that, which of course is linked to the KYC exchange it came from.