Fairly easy if they used exchanges, services, or bought products that were involved in prior hacks like the Ledger list