Original | Odaily Planet Daily(@OdailyChina)
Author | Asher(@Asher_ 0210)
Last night, on-chain investigator ZachXBT exposed an 18-year-old hacker from the United States named Dritan Kapllani Jr. According to the disclosed information, this young man named Dritan Kapllani Jr. is suspected of involvement in multiple social engineering attacks targeting cryptocurrency users, with an estimated total amount involved of approximately $19 million. Although he has not been formally charged yet, he has already been included as a 'co-conspirator' in U.S. judicial documents.
This case quickly attracted attention, not only because of the massive amount involved but also because its starting point was highly dramatic—a voice call meant for showing off wealth became the breakthrough for the entire investigation.
Just Showing Off Wealth Once on Discord
On April 23, 2026, a dispute that occurred in a Discord voice channel kicked off the incident.
It was a voice call known as 'Band 4 Band,' where participants compared their 'strength' in the most direct way—by showcasing their respective assets. The atmosphere soon shifted from teasing to rivalry. Driven by this sentiment, Dritan, to prove he was richer, directly started screen sharing and displayed his Exodus wallet interface, showing a balance of about $3.68 million.
A few weeks later, this scene was revisited. On-chain investigator ZachXBT used this address as a starting point, linking together what were originally scattered transactions one by one, gradually revealing a longer funding trail.
A Cache of 185 Bitcoin Theft Funds Surfaces
Going back to March 14, 2026, a social engineering theft involving 185 Bitcoins occurred, valued at around $13 million at the time. The funds were quickly transferred out of the original address and swiftly entered an on-chain distribution system.
As early as the next day, about $5.3 million of it was transferred into the wallet Dritan displayed during the Discord voice call (address: 0x4487db847db2fc99372a985743a26f46e0b2bba6). Over the next few weeks, this approximately $5.3 million was continuously split, transferred through multiple addresses, and sent to various destinations. By the time of that April 23 voice conversation, about $1.6 million had already been further moved.
Not the First Time Involved in Crypto Theft
Tracing back from the wallet address Dritan displayed, it quickly became apparent that the funds in it didn't only come from that 185 Bitcoin theft.
According to on-chain analysis, the funding sources for this wallet can be traced back to multiple social engineering thefts in 2025, totaling over $5.85 million. Different victims, different times, but after the funds were transferred away, they would be rapidly split and then moved on through a string of addresses, following a very similar pattern. By matching these funds one by one, it was found that many transfers eventually landed in this wallet address Dritan displayed.
It's worth noting that Dritan once had a 'Band 4 Band' dispute with hacker John Daghita (Lick). Lick was later arrested for allegedly stealing about $46 million in U.S. government funds, and in a later-deleted Telegram post, he had publicly shared Dritan's old address (address: 0x97da0685dbba50b4cbabb0ca9e8336f4fbe41122). Currently, this move appears more like an act of retaliation.
Judging from on-chain behavior, this old address showed a highly consistent pattern with the funds flow of the wallet Dritan displayed in terms of fund splitting methods, transfer paths, and subsequent destinations, and is therefore believed to be used by the same controlling party.
Judicial Documents 'Name' Him for the First Time
It wasn't until May 11, 2026, that this on-chain funding trail was officially confirmed for the first time in judicial documents. That day, the criminal indictment against Trenton Johnson was unsealed. He was charged for his involvement in that 185 Bitcoin theft case and faces up to 40 years in prison.
In the indictment, a key co-conspirator is labeled as 'Co-Conspirator 1 (CC-1),' and the on-chain analysis community has already pointed this identity towards Dritan Kapllani Jr. Although Dritan has not been formally charged yet, he has transitioned from a 'linked address' in on-chain inference to a 'co-conspirator structure' in the judicial narrative.
Additionally, the same document mentions another individual involved—Meme coin KOL yelotree, who is accused of assisting in money laundering through his car rental business in Miami and faces up to 30 years in prison.
Turning 18, The Dissolute Life Comes to an End
Previously, Dritan had been living a life of extravagance for a long time, frequently posting related content on Instagram and interacting with other hackers via Telegram. In hacker circles, he was once considered to have a kind of 'protagonist aura'—several groups associated with him (like ACG, 41 / RM Boyz, etc.) were successively dealt with by law enforcement, yet he himself remained untouched.
But as he turned 18, this 'aura' ended, and his past actions began to be pursued legally.
