How would they know their traffic was csam? Traffic passing through an exit node is traffic between a Tor user and the open Internet. Who's running csam servers on the open Internet instead of as hidden services? And without https? Especially when Tor Browser enforces https? This story doesn't add up at all.

They did bust a site owner despite Tor, though. That story's true.