There are D-level dumbasses with the same ransomware tools that Darkside has (which came from elsewhere to begin with), so that these 'tools' who tried to burn Colonial were perhaps not NK/PLA but more likely Eastern Europe or even Africa -- although those in the veldt are mostly Chinese-run boilerrooms.
That still doesn’t make any sense to me.
Are you mixing up addresss/wallet? Are you suggesting they created a fake wallet application like their own version of Wasabi, Bitpay, Electrum, etc.. and then tricked the bad guys into using it? How would they do that?
Are you suggesting they somehow created an address that did something weird and had the bad guys receive BTC from it and that somehow did something to compromise them?
I have have a moderate understanding of how Bitcoin works and I can’t tell if you understand it WAY more than me and just aren’t explaining yourself adequately or you don’t understand it at all.