An 18-Year-Old Hacker Brags on Discord, Accidentally Reveals a $19 Million Theft Case

marsbitPublicado a 2026-05-13Actualizado a 2026-05-13

Resumen

An 18-year-old American hacker, Dritan Kapllani Jr., has been exposed by on-chain investigator ZachXBT for allegedly masterminding a series of social engineering attacks that stole approximately $19 million from crypto users. The investigation began after a Discord voice call on April 23, 2026, where Dritan shared his screen to boast, revealing an Exodus wallet holding around $3.68 million. Tracing this address, ZachXBT linked it to a major March 14, 2026 theft of 185 BTC (worth ~$13 million at the time), with about $5.3 million of that sum funneled into Dritan's wallet. Further analysis revealed the wallet also contained over $5.85 million from multiple social engineering thefts dating back to 2025. In a May 11, 2026 unsealed criminal complaint against another individual, Trenton Johnson, a key co-conspirator marked "CC-1" is identified, with the on-chain community pointing to Dritan. While not formally charged yet, he is now named in the judicial narrative. Another individual, Meme coin KOL yelotree, faces charges for allegedly assisting in money laundering. Dritan, known for a lavish lifestyle on social media, was previously seen as having a "protagonist aura" within hacking circles, evading consequences as associates were apprehended. However, now that he has turned 18, he is facing legal accountability for his past actions.

Author | Asher(@Asher_0210)

Last night, on-chain investigator ZachXBT exposed an 18-year-old hacker from the United States named Dritan Kapllani Jr. According to the disclosed information, this young man is suspected of involvement in multiple social engineering attacks targeting crypto users, with a total involved amount of approximately $19 million. Although he has not been formally charged yet, he has been included in U.S. judicial documents as a 'co-conspirator'.

This case quickly drew attention, not only due to the massive amount involved but also because of its highly dramatic starting point—a voice call meant for showing off wealth became the breakthrough for the entire investigation.

Just Bragged Once on Discord

On April 23, 2026, a dispute in a Discord voice channel kicked off this series of events.

It was a voice call known as 'Band 4 Band', where participants compared their 'strength' in the most direct way—by displaying their holdings. The atmosphere quickly shifted from banter to competition. Driven by this mood, in order to prove he was richer, Dritan directly started a screen share, showing his Exodus wallet interface with a balance of about $3.68 million.

A few weeks later, this scene was revisited. On-chain investigator ZachXBT started from this address, piecing together originally scattered transactions one by one, gradually revealing a longer trail of funds.

A Trail of 185 Bitcoin Theft Funds Emerges

Going back to March 14, 2026, a social engineering theft involving 185 Bitcoins occurred, valued at about $13 million at the time. The funds were quickly moved out of the original address and rapidly entered an on-chain splitting system.

Just the next day, approximately $5.3 million of it was transferred into the wallet Dritan had shown during the Discord voice call (address: 0x4487db847db2fc99372a985743a26f46e0b2bba6). Over the following weeks, this sum of about $5.3 million was continuously split, transferred through multiple addresses, and flowed to different destinations. By the time of the April 23rd voice conversation, about $1.6 million had been further moved.

Not the First Time Involved in Crypto Theft

Tracing back from the wallet address Dritan showed, it soon became clear that the funds inside weren't just from that 185 Bitcoin theft.

According to on-chain analysis, the funds in this wallet can be traced back to multiple social engineering thefts in 2025, totaling over $5.85 million. Different victims, different times, but after the funds were transferred away, they would be quickly split, then moved through a series of addresses, following a very similar path. Matching up these funds transaction by transaction shows that many transfers ultimately landed in this wallet address Dritan displayed.

It's worth noting that Dritan once had a 'Band 4 Band' dispute with hacker John Daghita (Lick). Lick was later arrested for allegedly stealing approximately $46 million in U.S. government funds. In a later deleted Telegram post, he had publicly disclosed Dritan's old address (address: 0x97da0685dbba50b4cbabb0ca9e8336f4fbe41122), an act now appearing more like retaliation.

Judging from the on-chain behavior, this old address is highly consistent with the fund flow of the wallet Dritan displayed in terms of fund splitting methods, transfer paths, and subsequent destinations, and is therefore believed to be used by the same controlling party.

First Official 'Mention' in Judicial Documents

It wasn't until May 11, 2026, that this on-chain fund trail was formally confirmed for the first time in a judicial document. That day, the criminal indictment against Trenton Johnson was unsealed. He was charged for his involvement in the 185 Bitcoin theft case and faces up to 40 years in prison.

In the indictment, a key co-conspirator is labeled as 'Co-Conspirator 1 (CC-1)', and the on-chain analysis community has linked this identity to Dritan Kapllani Jr. Although Dritan has not been formally charged yet, he has moved from being an 'associated address' in on-chain inference to a 'co-conspirator' in the judicial narrative.

Furthermore, the same document mentions another involved person—Meme coin KOL yelotree, who is accused of assisting in money laundering through his Miami-based car rental business and faces up to 30 years in prison.

Turning 18, The End of a Decadent Life

Previously, Dritan had long lived a lavish lifestyle, frequently posting related content on Instagram and interacting with other hackers via Telegram. Within hacker circles, he was once considered to have a sort of 'protagonist aura'—multiple associated groups around him (such as ACG, 41 / RM Boyz, etc.) were successively dealt with by law enforcement, yet he himself remained untouched.

However, as he turned 18, this 'aura' came to an end, and his past actions began to be pursued legally.

Criptos en tendencia

CitreaCTR

wrapped stUSDTWSTUSDT

Velodrome FinanceVELODROME

Preguntas relacionadas

QWho exposed the 18-year-old hacker Dritan Kapllani Jr. and what was the alleged total amount involved?

AHe was exposed by on-chain detective ZachXBT. He is alleged to have participated in multiple social engineering attacks targeting crypto users, with a cumulative amount involved of approximately $19 million.

QWhat was the dramatic starting point for the investigation into Dritan Kapllani Jr.'s activities?

AThe investigation began after he screen-shared his Exodus wallet, showing a balance of about $3.68 million, during a 'Band 4 Band' argument in a Discord voice call where participants compared their wealth.

QAccording to the article, which specific wallet address did Dritan share in the Discord call, and what major theft was it linked to?

AThe wallet address he shared was 0x4487db847db2fc99372a985743a26f46e0b2bba6. It was linked to a 185 Bitcoin social engineering theft worth about $13 million that occurred on March 14, 2026, with approximately $5.3 million from that theft flowing into this address.

QWhat is Dritan Kapllani Jr.'s current legal status according to the unsealed indictment against Trenton Johnson?

AIn the unsealed criminal indictment against Trenton Johnson, Dritan Kapllani Jr. is referred to as 'Co-Conspirator 1 (CC-1).' While he has not been formally charged yet, he has been officially named as a co-conspirator in the judicial narrative.

QHow did the article describe the change in Dritan Kapllani Jr.'s situation after he turned 18?

AThe article states that after turning 18, his 'main character halo' (a perception of immunity) ended. His past actions are now subject to legal accountability, marking an end to his previously lavish and seemingly consequence-free lifestyle.

Lecturas Relacionadas

Ethereum down 45% YTD – So why do SharpLink and whales keep buying?

Despite Ethereum (ETH) being down 20-45% year-to-date amid broader crypto weakness, institutional and whale buying activity suggests growing long-term conviction. SharpLink, after an eight-month pause, purchased 5,000 ETH and later added $45.54 million in LSETH, increasing its total holdings significantly despite substantial unrealized losses. Similarly, a new whale wallet accumulated over 18,000 ETH worth $28.9 million in nine days, indicating strategic positioning for future price movements rather than short-term trading. However, this accumulation contrasts with spot Ethereum ETFs, which saw net outflows of $12.85 million recently, highlighting a divergence between direct treasury/whale buyers and ETF investors. While the persistent buying from these large holders may gradually ease selling pressure, a sustained recovery for Ethereum still depends on a reversal in ETF flows and a broader improvement in network demand and market sentiment.

ambcryptoHace 26 min(s)

Ethereum down 45% YTD – So why do SharpLink and whales keep buying?

ambcryptoHace 26 min(s)

Just now, DeepSeek V4 updates with DSpark, improving inference speed by 80%

DeepSeek has updated its DeepSeek V4 model with the DSpark speculative decoding framework, achieving a significant 60-85% speedup in generation for Flash models and 57-78% for Pro models while maintaining the same overall throughput. This engineering-focused update, rather than a core architectural change, introduces DSpark to address latency and throughput bottlenecks in high-concurrency production environments. DSpark combines high-throughput parallel generation with adaptive load-aware verification. Its key innovations include a semi-autoregressive generation architecture to model dependencies within token blocks and a hardware-aware confidence-scheduled verification system. This system uses a confidence head to predict token acceptance probabilities, allowing it to dynamically optimize verification length per request and allocate compute only to tokens with the highest expected payoff. The asynchronous scheduler is designed for real-world deployment, ensuring zero-overhead scheduling and continuous CUDA graph replay while preserving the target model's output distribution. In tests across mathematical reasoning, code generation, and daily dialogue, DSpark outperformed state-of-the-art models like Eagle3 and DFlash, increasing average acceptance length by 26.7%-30.9% and 16.3%-18.4% respectively on Qwen3 target models. DeepSeek also open-sourced DeepSpec, a full-stack codebase for training and evaluating speculative decoding draft models, providing a standardized toolkit that includes data preparation tools, model implementations, training code, and evaluation scripts.

marsbitHace 1 hora(s)

Just now, DeepSeek V4 updates with DSpark, improving inference speed by 80%

marsbitHace 1 hora(s)

Can Aavenomics 3.0 sustain AAVE’s recovery rally amid Kraken buyout talks?

Aave Labs CEO Stani Kulechov has dismissed reports of a potential stake sale to Kraken, clarifying that Aave would not sell at a significant discount. He highlighted Aave's substantial annualized revenue and its focus on a broad financial market. Kulechov also announced plans for Aavenomics 3.0, featuring a new automated buyback mechanism. Following these updates, the AAVE token price surged 12%, extending its June recovery rally to over 50% from its recent lows. The rally is partly attributed to reduced selling pressure and positive sentiment from the announced tokenomics plan, despite the token remaining significantly below its all-time high.

ambcryptoHace 2 hora(s)

Can Aavenomics 3.0 sustain AAVE’s recovery rally amid Kraken buyout talks?

ambcryptoHace 2 hora(s)

BIT Research: The 2028 Halving Is Not the End, the Real Shake-Up of the Bitcoin Mining Industry Is Just Beginning

The Bitcoin mining industry is undergoing its most complex structural adjustment since inception. Despite Bitcoin's price holding near $61,000 and the network hash rate approaching a record 1 ZH/s, miner profitability is deteriorating. The industry is operating close to its breakeven point, with the 2028 halving expected to accelerate consolidation. The challenges extend beyond the halving's subsidy reduction; the industry's revenue model has yet to successfully transition towards a fee-driven structure. Increasingly, mining companies are evolving from simple Bitcoin producers into infrastructure and energy operators, including providers of AI/HPC computing power. Competition is shifting from pure hash rate expansion to business model upgrades. Economic pressure is evident. The theoretical daily mining revenue at current prices is around $78 million, yet the actual figure is only about $33 million—a 136% gap. Transaction fees remain low at roughly $220k daily, far below historical implied levels. With a current estimated industry-wide breakeven price near $65,000, mining alone is struggling to generate ideal profits. The 2028 halving is projected to push the fundamental production cost floor to approximately $93,289. This will likely accelerate a shift towards consolidation among larger, well-capitalized miners with diversified revenue streams. Competitive advantage will belong to institutionalized players with access to low-cost energy, AI/HPC hosting operations, and stronger balance sheets. In essence, Bitcoin mining is transitioning from a "mining business" to an "infrastructure business." Future profitability and resilience will depend less on block rewards and more on diversified income sources like energy management and computational infrastructure services. For investors, the key question is not the halving itself, but which miners can successfully navigate this business model transformation.

marsbitHace 2 hora(s)

BIT Research: The 2028 Halving Is Not the End, the Real Shake-Up of the Bitcoin Mining Industry Is Just Beginning

marsbitHace 2 hora(s)

This is How God Karpathy Uses Claude?

Andrej Karpathy, a prominent figure in AI, has reportedly joined Anthropic, leading to a noticeable decrease in his open-source contributions and social media activity. A document claiming to be his personal "CLAUDE.md" file—a set of instructions for the Claude AI to follow within a specific codebase—has been circulating online. While its authenticity is unverified, the content aligns closely with Karpathy's publicly shared principles on effective AI-assisted programming. The document outlines key rules for AI coding assistants, emphasizing the importance of reading existing code thoroughly before writing new code to maintain consistency. It advises against over-engineering, advocating for simple, surgical modifications that match the project's existing style. Other guidelines include clarifying assumptions upfront, writing meaningful tests, thoughtful debugging, and carefully considering dependencies. The core message is that these principles help prevent common AI coding failures, such as introducing unnecessary abstractions, style drift, or making invisible architectural decisions. The community has noted that even experts like Karpathy require detailed instructions to guide AI effectively, akin to managing a junior developer. A related GitHub repository, "andrej-karpathy-skills," which encapsulates these ideas, is reported to significantly reduce Claude's code error rate. Ultimately, the advice stresses that the best CLAUDE.md is tailored to one's own tech stack and coding practices.

marsbitHace 2 hora(s)

marsbitHace 2 hora(s)

Trading

Spot

Artículos destacados

Cómo comprar NIGHT

¡Bienvenido a HTX.com! Hemos hecho que comprar Midnight (NIGHT) sea simple y conveniente. Sigue nuestra guía paso a paso para iniciar tu viaje de criptos.Paso 1: crea tu cuenta HTXUtiliza tu correo electrónico o número de teléfono para registrarte y obtener una cuenta gratuita en HTX. Experimenta un proceso de registro sin complicaciones y desbloquea todas las funciones.Obtener mi cuentaPaso 2: ve a Comprar cripto y elige tu método de pagoTarjeta de crédito/débito: usa tu Visa o Mastercard para comprar Midnight (NIGHT) al instante.Saldo: utiliza fondos del saldo de tu cuenta HTX para tradear sin problemas.Terceros: hemos agregado métodos de pago populares como Google Pay y Apple Pay para mejorar la comodidad.P2P: tradear directamente con otros usuarios en HTX.Over-the-Counter (OTC): ofrecemos servicios personalizados y tipos de cambio competitivos para los traders.Paso 3: guarda tu Midnight (NIGHT)Después de comprar tu Midnight (NIGHT), guárdalo en tu cuenta HTX. Alternativamente, puedes enviarlo a otro lugar mediante transferencia blockchain o utilizarlo para tradear otras criptomonedas.Paso 4: tradear Midnight (NIGHT)Tradear fácilmente con Midnight (NIGHT) en HTX's mercado spot. Simplemente accede a tu cuenta, selecciona tu par de trading, ejecuta tus trades y monitorea en tiempo real. Ofrecemos una experiencia fácil de usar tanto para principiantes como para traders experimentados.

416 Vistas totalesPublicado en 2025.12.08Actualizado en 2026.06.02

Discusiones

Bienvenido a la comunidad de HTX. Aquí puedes mantenerte informado sobre los últimos desarrollos de la plataforma y acceder a análisis profesionales del mercado. A continuación se presentan las opiniones de los usuarios sobre el precio de NIGHT (NIGHT).