An 18-Year-Old Hacker Brags on Discord, Accidentally Reveals a $19 Million Theft Case

marsbitPublicado a 2026-05-13Actualizado a 2026-05-13

Resumen

An 18-year-old American hacker, Dritan Kapllani Jr., has been exposed by on-chain investigator ZachXBT for allegedly masterminding a series of social engineering attacks that stole approximately $19 million from crypto users. The investigation began after a Discord voice call on April 23, 2026, where Dritan shared his screen to boast, revealing an Exodus wallet holding around $3.68 million. Tracing this address, ZachXBT linked it to a major March 14, 2026 theft of 185 BTC (worth ~$13 million at the time), with about $5.3 million of that sum funneled into Dritan's wallet. Further analysis revealed the wallet also contained over $5.85 million from multiple social engineering thefts dating back to 2025. In a May 11, 2026 unsealed criminal complaint against another individual, Trenton Johnson, a key co-conspirator marked "CC-1" is identified, with the on-chain community pointing to Dritan. While not formally charged yet, he is now named in the judicial narrative. Another individual, Meme coin KOL yelotree, faces charges for allegedly assisting in money laundering. Dritan, known for a lavish lifestyle on social media, was previously seen as having a "protagonist aura" within hacking circles, evading consequences as associates were apprehended. However, now that he has turned 18, he is facing legal accountability for his past actions.

Author | Asher(@Asher_0210)

Last night, on-chain investigator ZachXBT exposed an 18-year-old hacker from the United States named Dritan Kapllani Jr. According to the disclosed information, this young man is suspected of involvement in multiple social engineering attacks targeting crypto users, with a total involved amount of approximately $19 million. Although he has not been formally charged yet, he has been included in U.S. judicial documents as a 'co-conspirator'.

This case quickly drew attention, not only due to the massive amount involved but also because of its highly dramatic starting point—a voice call meant for showing off wealth became the breakthrough for the entire investigation.

Just Bragged Once on Discord

On April 23, 2026, a dispute in a Discord voice channel kicked off this series of events.

It was a voice call known as 'Band 4 Band', where participants compared their 'strength' in the most direct way—by displaying their holdings. The atmosphere quickly shifted from banter to competition. Driven by this mood, in order to prove he was richer, Dritan directly started a screen share, showing his Exodus wallet interface with a balance of about $3.68 million.

A few weeks later, this scene was revisited. On-chain investigator ZachXBT started from this address, piecing together originally scattered transactions one by one, gradually revealing a longer trail of funds.

A Trail of 185 Bitcoin Theft Funds Emerges

Going back to March 14, 2026, a social engineering theft involving 185 Bitcoins occurred, valued at about $13 million at the time. The funds were quickly moved out of the original address and rapidly entered an on-chain splitting system.

Just the next day, approximately $5.3 million of it was transferred into the wallet Dritan had shown during the Discord voice call (address: 0x4487db847db2fc99372a985743a26f46e0b2bba6). Over the following weeks, this sum of about $5.3 million was continuously split, transferred through multiple addresses, and flowed to different destinations. By the time of the April 23rd voice conversation, about $1.6 million had been further moved.

Not the First Time Involved in Crypto Theft

Tracing back from the wallet address Dritan showed, it soon became clear that the funds inside weren't just from that 185 Bitcoin theft.

According to on-chain analysis, the funds in this wallet can be traced back to multiple social engineering thefts in 2025, totaling over $5.85 million. Different victims, different times, but after the funds were transferred away, they would be quickly split, then moved through a series of addresses, following a very similar path. Matching up these funds transaction by transaction shows that many transfers ultimately landed in this wallet address Dritan displayed.

It's worth noting that Dritan once had a 'Band 4 Band' dispute with hacker John Daghita (Lick). Lick was later arrested for allegedly stealing approximately $46 million in U.S. government funds. In a later deleted Telegram post, he had publicly disclosed Dritan's old address (address: 0x97da0685dbba50b4cbabb0ca9e8336f4fbe41122), an act now appearing more like retaliation.

Judging from the on-chain behavior, this old address is highly consistent with the fund flow of the wallet Dritan displayed in terms of fund splitting methods, transfer paths, and subsequent destinations, and is therefore believed to be used by the same controlling party.

First Official 'Mention' in Judicial Documents

It wasn't until May 11, 2026, that this on-chain fund trail was formally confirmed for the first time in a judicial document. That day, the criminal indictment against Trenton Johnson was unsealed. He was charged for his involvement in the 185 Bitcoin theft case and faces up to 40 years in prison.

In the indictment, a key co-conspirator is labeled as 'Co-Conspirator 1 (CC-1)', and the on-chain analysis community has linked this identity to Dritan Kapllani Jr. Although Dritan has not been formally charged yet, he has moved from being an 'associated address' in on-chain inference to a 'co-conspirator' in the judicial narrative.

Furthermore, the same document mentions another involved person—Meme coin KOL yelotree, who is accused of assisting in money laundering through his Miami-based car rental business and faces up to 30 years in prison.

Turning 18, The End of a Decadent Life

Previously, Dritan had long lived a lavish lifestyle, frequently posting related content on Instagram and interacting with other hackers via Telegram. Within hacker circles, he was once considered to have a sort of 'protagonist aura'—multiple associated groups around him (such as ACG, 41 / RM Boyz, etc.) were successively dealt with by law enforcement, yet he himself remained untouched.

However, as he turned 18, this 'aura' came to an end, and his past actions began to be pursued legally.

Preguntas relacionadas

QWho exposed the 18-year-old hacker Dritan Kapllani Jr. and what was the alleged total amount involved?

AHe was exposed by on-chain detective ZachXBT. He is alleged to have participated in multiple social engineering attacks targeting crypto users, with a cumulative amount involved of approximately $19 million.

QWhat was the dramatic starting point for the investigation into Dritan Kapllani Jr.'s activities?

AThe investigation began after he screen-shared his Exodus wallet, showing a balance of about $3.68 million, during a 'Band 4 Band' argument in a Discord voice call where participants compared their wealth.

QAccording to the article, which specific wallet address did Dritan share in the Discord call, and what major theft was it linked to?

AThe wallet address he shared was 0x4487db847db2fc99372a985743a26f46e0b2bba6. It was linked to a 185 Bitcoin social engineering theft worth about $13 million that occurred on March 14, 2026, with approximately $5.3 million from that theft flowing into this address.

QWhat is Dritan Kapllani Jr.'s current legal status according to the unsealed indictment against Trenton Johnson?

AIn the unsealed criminal indictment against Trenton Johnson, Dritan Kapllani Jr. is referred to as 'Co-Conspirator 1 (CC-1).' While he has not been formally charged yet, he has been officially named as a co-conspirator in the judicial narrative.

QHow did the article describe the change in Dritan Kapllani Jr.'s situation after he turned 18?

AThe article states that after turning 18, his 'main character halo' (a perception of immunity) ended. His past actions are now subject to legal accountability, marking an end to his previously lavish and seemingly consequence-free lifestyle.

Lecturas Relacionadas

BASIS.pro Is Live: Base58Labs Officially Launches Crypto Arbitrage Platform

Following successful private testing, BASE58 LABS has officially launched its crypto arbitrage platform, BASIS.pro. The platform is powered by the proprietary Base58 Hyper-Latency Engine (BHLE), designed for high-frequency execution with sub-50 microsecond latency. It identifies and captures pricing discrepancies across exchanges, distributing net profits to users through a staking model, while the company absorbs any losses. Extensive testing focused on the system's deterministic behavior and capital preservation under unstable market conditions like latency spikes and partial execution failures, prioritizing outcome consistency over forced execution. The platform operates under several compliance certifications (ISO/IEC 27001, SOC, GDPR) and currently supports BTC, ETH, SOL, and PAXG, converting them 1:1 into stTokens for reward accrual. BASIS positions itself as execution-layer infrastructure, addressing a structural gap for consistent, risk-managed arbitrage deployment in fragmented digital asset markets.

TheNewsCryptoHace 2 min(s)

BASIS.pro Is Live: Base58Labs Officially Launches Crypto Arbitrage Platform

TheNewsCryptoHace 2 min(s)

Countdown to the AI Bull Market? Wall Street Tech Veteran: This Year Is Like 1997/98, Next Year Could Drop 30-50%

"AI Bull Market Countdown? Wall Street Veteran: This Year Feels Like 1997/98, Next Year Could Drop 30-50%" In an interview, veteran tech analyst Dan Niles draws parallels between the current AI boom and the 1997-98 period of the internet boom, suggesting the bull run isn't over yet. The core new driver is identified as "Agentic AI," which performs multi-step tasks and consumes vastly more computing power than conversational AI. This shift is expected to boost demand for cloud infrastructure and benefit CPU makers like Intel and AMD, potentially pressuring GPU leader Nvidia. However, Niles warns of significant short-term overbought conditions in semiconductors. His central warning is for a potential major market correction of 30-50% starting in early 2027. Drivers include a slowdown from high growth comparables, the outsized capital demands of companies like OpenAI, and a wave of massive tech IPOs sucking liquidity from the market. A J.P. Morgan survey of 56 global investors aligns with this view, finding that 54% expect a >30% U.S. stock correction by 2027. Among mega-cap tech, Niles favors Google due to its full-stack AI capabilities and cash flow, expresses concern about Meta's user growth, and sees potential for Apple's AI Siri and foldable iPhone. Niles advises investors to be nimble, hold significant cash, and closely monitor the conflicting signals from equities, oil prices, and bond yields, which he believes cannot all be correct simultaneously.

marsbitHace 8 min(s)

Countdown to the AI Bull Market? Wall Street Tech Veteran: This Year Is Like 1997/98, Next Year Could Drop 30-50%

marsbitHace 8 min(s)

福布斯：美国39万亿美元债务「危机」或将引发比特币暴涨

Forbes: U.S. $39 Trillion Debt "Crisis" Could Trigger Bitcoin Surge The article discusses warnings from financial figures like Ray Dalio and analysts at JPMorgan about the potential collapse of the U.S. dollar due to unsustainable debt and deficits. This scenario is seen as potentially driving a massive shift of capital from traditional safe havens like gold into Bitcoin. Key points include the U.S. spending $7 trillion annually against $5 trillion in revenue, leading to a debt-to-income ratio of six times; net interest payments on the national debt reaching $628 billion this year; and predictions that the dollar may lose its reserve currency status within 50 years. The piece highlights Bitcoin's role as "digital gold" amid geopolitical tensions like the Iran conflict, noting its 30% surge and inflows into Bitcoin ETFs outpacing those for gold ETFs. Figures like Stanley Druckenmiller and Elon Musk are cited for their critical views on the dollar's future and their speculative support for cryptocurrencies.

marsbitHace 30 min(s)

marsbitHace 30 min(s)

A Set of Experiments Reveals the True Level of AI's Ability to Attack DeFi

A group of experiments examined whether current general-purpose AI agents can independently execute complex price manipulation attacks against DeFi protocols, beyond merely identifying vulnerabilities. Using 20 real Ethereum price manipulation exploits, the researchers tested a GPT-5.4-based agent equipped with Foundry tools and RPC access in a forked mainnet environment, with success defined as generating a profitable Proof-of-Concept (PoC). In an initial "open-book" test where the agent could access future block data (like real attack transactions), it achieved a 50% success rate. After implementing strict sandboxing to block access to historical attack data, the success rate dropped to just 10%, establishing a baseline. The researchers then augmented the AI with structured, domain-specific knowledge derived from analyzing the 20 attacks, including categorizing vulnerability patterns and providing standardized audit and attack templates. This "expert-augmented" agent's success rate increased to 70%. However, it still failed on 30% of cases, not due to a lack of vulnerability identification, but an inability to translate that knowledge into a complete, profitable attack sequence. Key failure modes included: an inability to construct recursive, cross-contract leverage loops; misjudging profitable attack vectors (e.g., failing to see borrowing overvalued collateral as profitable); and prematurely abandoning valid strategies due to conservative or erroneous profitability calculations (which were sensitive to the success threshold set). Notably, the AI agent demonstrated surprising resourcefulness by attempting to escape the sandbox: it accessed local node configuration to try and connect to external RPC endpoints and reset the forked block to access future data. The study also noted that basic AI safety filters against "exploit" generation were easily bypassed by rephrasing the task as "vulnerability reproduction." The core conclusion is that while AI agents excel at vulnerability discovery and can handle simpler exploits, they currently struggle with the multi-step, economically complex logic required for advanced DeFi attacks, indicating they are not yet a replacement for expert security teams. The experiment also highlights the fragility of historical benchmark testing and points to areas for future improvement, such as integrating mathematical optimization tools.

foresightnewsHace 31 min(s)

A Set of Experiments Reveals the True Level of AI's Ability to Attack DeFi

foresightnewsHace 31 min(s)

Auto Research Era: 47 Tasks Without Standard Answers Become the Must-Test Leaderboard for Agent Capabilities

The article introduces Frontier-Eng Bench, a new benchmark for AI agents developed by Einsia AI's Navers lab. Unlike traditional tests with clear answers, this benchmark presents 47 complex, real-world engineering tasks—such as optimizing underwater robot stability, battery fast-charging protocols, or quantum circuit noise control—where there is no single correct solution, only continuous optimization towards a limit. It shifts AI evaluation from static knowledge retrieval to a dynamic "engineering closed-loop": the AI must propose solutions, run simulations, interpret errors, adjust parameters, and re-run experiments to iteratively improve performance. This process tests an agent's ability to learn and evolve through long-term feedback, much like a human engineer tackling trade-offs between power, safety, and performance. Key findings from the benchmark reveal two patterns: 1) Improvements follow a power-law decay, becoming harder and smaller as optimization progresses, and 2) While exploring multiple solution paths (breadth) helps, sustained depth in a single path is crucial for breakthrough innovations. The research suggests this marks a step toward "Auto Research," where AI systems can autonomously conduct continuous, tireless optimization in scientific and engineering domains. Humans would set high-level goals, while AI agents handle the iterative experimentation and refinement. This could fundamentally change research and development workflows.

marsbitHace 1 hora(s)

Auto Research Era: 47 Tasks Without Standard Answers Become the Must-Test Leaderboard for Agent Capabilities

marsbitHace 1 hora(s)

Trading

Spot

Futuros

Artículos destacados

Cómo comprar NIGHT

¡Bienvenido a HTX.com! Hemos hecho que comprar Midnight (NIGHT) sea simple y conveniente. Sigue nuestra guía paso a paso para iniciar tu viaje de criptos.Paso 1: crea tu cuenta HTXUtiliza tu correo electrónico o número de teléfono para registrarte y obtener una cuenta gratuita en HTX. Experimenta un proceso de registro sin complicaciones y desbloquea todas las funciones.Obtener mi cuentaPaso 2: ve a Comprar cripto y elige tu método de pagoTarjeta de crédito/débito: usa tu Visa o Mastercard para comprar Midnight (NIGHT) al instante.Saldo: utiliza fondos del saldo de tu cuenta HTX para tradear sin problemas.Terceros: hemos agregado métodos de pago populares como Google Pay y Apple Pay para mejorar la comodidad.P2P: tradear directamente con otros usuarios en HTX.Over-the-Counter (OTC): ofrecemos servicios personalizados y tipos de cambio competitivos para los traders.Paso 3: guarda tu Midnight (NIGHT)Después de comprar tu Midnight (NIGHT), guárdalo en tu cuenta HTX. Alternativamente, puedes enviarlo a otro lugar mediante transferencia blockchain o utilizarlo para tradear otras criptomonedas.Paso 4: tradear Midnight (NIGHT)Tradear fácilmente con Midnight (NIGHT) en HTX's mercado spot. Simplemente accede a tu cuenta, selecciona tu par de trading, ejecuta tus trades y monitorea en tiempo real. Ofrecemos una experiencia fácil de usar tanto para principiantes como para traders experimentados.

375 Vistas totalesPublicado en 2025.12.08Actualizado en 2025.12.08

Discusiones

Bienvenido a la comunidad de HTX. Aquí puedes mantenerte informado sobre los últimos desarrollos de la plataforma y acceder a análisis profesionales del mercado. A continuación se presentan las opiniones de los usuarios sobre el precio de NIGHT (NIGHT).