An 18-Year-Old Hacker Brags on Discord, Accidentally Reveals a $19 Million Theft Case

marsbitPublished on 2026-05-13Last updated on 2026-05-13

Abstract

An 18-year-old American hacker, Dritan Kapllani Jr., has been exposed by on-chain investigator ZachXBT for allegedly masterminding a series of social engineering attacks that stole approximately $19 million from crypto users. The investigation began after a Discord voice call on April 23, 2026, where Dritan shared his screen to boast, revealing an Exodus wallet holding around $3.68 million. Tracing this address, ZachXBT linked it to a major March 14, 2026 theft of 185 BTC (worth ~$13 million at the time), with about $5.3 million of that sum funneled into Dritan's wallet. Further analysis revealed the wallet also contained over $5.85 million from multiple social engineering thefts dating back to 2025. In a May 11, 2026 unsealed criminal complaint against another individual, Trenton Johnson, a key co-conspirator marked "CC-1" is identified, with the on-chain community pointing to Dritan. While not formally charged yet, he is now named in the judicial narrative. Another individual, Meme coin KOL yelotree, faces charges for allegedly assisting in money laundering. Dritan, known for a lavish lifestyle on social media, was previously seen as having a "protagonist aura" within hacking circles, evading consequences as associates were apprehended. However, now that he has turned 18, he is facing legal accountability for his past actions.

Author | Asher(@Asher_0210)

Last night, on-chain investigator ZachXBT exposed an 18-year-old hacker from the United States named Dritan Kapllani Jr. According to the disclosed information, this young man is suspected of involvement in multiple social engineering attacks targeting crypto users, with a total involved amount of approximately $19 million. Although he has not been formally charged yet, he has been included in U.S. judicial documents as a 'co-conspirator'.

This case quickly drew attention, not only due to the massive amount involved but also because of its highly dramatic starting point—a voice call meant for showing off wealth became the breakthrough for the entire investigation.

Just Bragged Once on Discord

On April 23, 2026, a dispute in a Discord voice channel kicked off this series of events.

It was a voice call known as 'Band 4 Band', where participants compared their 'strength' in the most direct way—by displaying their holdings. The atmosphere quickly shifted from banter to competition. Driven by this mood, in order to prove he was richer, Dritan directly started a screen share, showing his Exodus wallet interface with a balance of about $3.68 million.

A few weeks later, this scene was revisited. On-chain investigator ZachXBT started from this address, piecing together originally scattered transactions one by one, gradually revealing a longer trail of funds.

A Trail of 185 Bitcoin Theft Funds Emerges

Going back to March 14, 2026, a social engineering theft involving 185 Bitcoins occurred, valued at about $13 million at the time. The funds were quickly moved out of the original address and rapidly entered an on-chain splitting system.

Just the next day, approximately $5.3 million of it was transferred into the wallet Dritan had shown during the Discord voice call (address: 0x4487db847db2fc99372a985743a26f46e0b2bba6). Over the following weeks, this sum of about $5.3 million was continuously split, transferred through multiple addresses, and flowed to different destinations. By the time of the April 23rd voice conversation, about $1.6 million had been further moved.

Not the First Time Involved in Crypto Theft

Tracing back from the wallet address Dritan showed, it soon became clear that the funds inside weren't just from that 185 Bitcoin theft.

According to on-chain analysis, the funds in this wallet can be traced back to multiple social engineering thefts in 2025, totaling over $5.85 million. Different victims, different times, but after the funds were transferred away, they would be quickly split, then moved through a series of addresses, following a very similar path. Matching up these funds transaction by transaction shows that many transfers ultimately landed in this wallet address Dritan displayed.

It's worth noting that Dritan once had a 'Band 4 Band' dispute with hacker John Daghita (Lick). Lick was later arrested for allegedly stealing approximately $46 million in U.S. government funds. In a later deleted Telegram post, he had publicly disclosed Dritan's old address (address: 0x97da0685dbba50b4cbabb0ca9e8336f4fbe41122), an act now appearing more like retaliation.

Judging from the on-chain behavior, this old address is highly consistent with the fund flow of the wallet Dritan displayed in terms of fund splitting methods, transfer paths, and subsequent destinations, and is therefore believed to be used by the same controlling party.

First Official 'Mention' in Judicial Documents

It wasn't until May 11, 2026, that this on-chain fund trail was formally confirmed for the first time in a judicial document. That day, the criminal indictment against Trenton Johnson was unsealed. He was charged for his involvement in the 185 Bitcoin theft case and faces up to 40 years in prison.

In the indictment, a key co-conspirator is labeled as 'Co-Conspirator 1 (CC-1)', and the on-chain analysis community has linked this identity to Dritan Kapllani Jr. Although Dritan has not been formally charged yet, he has moved from being an 'associated address' in on-chain inference to a 'co-conspirator' in the judicial narrative.

Furthermore, the same document mentions another involved person—Meme coin KOL yelotree, who is accused of assisting in money laundering through his Miami-based car rental business and faces up to 30 years in prison.

Turning 18, The End of a Decadent Life

Previously, Dritan had long lived a lavish lifestyle, frequently posting related content on Instagram and interacting with other hackers via Telegram. Within hacker circles, he was once considered to have a sort of 'protagonist aura'—multiple associated groups around him (such as ACG, 41 / RM Boyz, etc.) were successively dealt with by law enforcement, yet he himself remained untouched.

However, as he turned 18, this 'aura' came to an end, and his past actions began to be pursued legally.

Related Questions

QWho exposed the 18-year-old hacker Dritan Kapllani Jr. and what was the alleged total amount involved?

AHe was exposed by on-chain detective ZachXBT. He is alleged to have participated in multiple social engineering attacks targeting crypto users, with a cumulative amount involved of approximately $19 million.

QWhat was the dramatic starting point for the investigation into Dritan Kapllani Jr.'s activities?

AThe investigation began after he screen-shared his Exodus wallet, showing a balance of about $3.68 million, during a 'Band 4 Band' argument in a Discord voice call where participants compared their wealth.

QAccording to the article, which specific wallet address did Dritan share in the Discord call, and what major theft was it linked to?

AThe wallet address he shared was 0x4487db847db2fc99372a985743a26f46e0b2bba6. It was linked to a 185 Bitcoin social engineering theft worth about $13 million that occurred on March 14, 2026, with approximately $5.3 million from that theft flowing into this address.

QWhat is Dritan Kapllani Jr.'s current legal status according to the unsealed indictment against Trenton Johnson?

AIn the unsealed criminal indictment against Trenton Johnson, Dritan Kapllani Jr. is referred to as 'Co-Conspirator 1 (CC-1).' While he has not been formally charged yet, he has been officially named as a co-conspirator in the judicial narrative.

QHow did the article describe the change in Dritan Kapllani Jr.'s situation after he turned 18?

AThe article states that after turning 18, his 'main character halo' (a perception of immunity) ended. His past actions are now subject to legal accountability, marking an end to his previously lavish and seemingly consequence-free lifestyle.

Related Reads

There’s An FOMC Meeting Scheduled This Month, But Will The Fed Decision Affect Bitcoin?

The Federal Open Market Committee (FOMC) is scheduled to meet on June 16-17, with markets widely expecting the Fed to maintain interest rates at their current level of 3.5-3.75%. According to the CME FedWatch Tool, there is a 99.4% probability of rates remaining unchanged. The outcome of this meeting is anticipated to impact Bitcoin's price. If rates are held steady, Bitcoin's current market trajectory is likely to continue unchanged. Conversely, an unexpected rate hike could trigger bearish sentiment by reducing investor risk appetite and market liquidity, potentially leading to sell-offs. A rate cut, though currently considered improbable, would be the most bullish scenario, encouraging investment in risk assets like Bitcoin and potentially driving its price higher.

bitcoinist36m ago

There’s An FOMC Meeting Scheduled This Month, But Will The Fed Decision Affect Bitcoin?

bitcoinist36m ago

Anthropic's IPO Launch: Commercial Miracle or Valuation Bubble?

Anthropic has confidentially filed for an IPO, led by Morgan Stanley and Goldman Sachs, potentially going public by October. Following its latest $650 billion funding round, its pre-IPO valuation stands at $965 billion, with projections reaching up to $2 trillion at listing, which would make it the highest-valued private company ever. The article, written by Fu Sheng, addresses skepticism that this represents an AI bubble akin to the 2000 dot-com crash. It argues the current situation differs fundamentally. Unlike the internet bubble era, which relied on speculative narratives with little revenue, Anthropic's valuation is backed by unprecedented, measurable financial performance. Key data points include: * **Revenue Growth:** ARR skyrocketed from $10 billion in early 2025 to $470 billion by May 2026, targeting $100 billion by year-end—a growth curve unmatched in business history. * **Profitability:** It achieved operating profitability in Q2 2026 with an estimated $5.6 billion profit. * **Efficiency:** With ~3,000 employees and ~$470 billion ARR, its revenue per employee exceeds $10 million. Products like Claude Code, launched less than a year ago, already generate $25 billion in annualized revenue. * **Enterprise Adoption:** It boasts a strong enterprise client base, with 8 of the Fortune 10 and over 1,000 large firms spending over $1 million annually on Claude. The valuation is framed using a traditional SaaS model (e.g., a 10x Price-to-Sales multiple on $100 billion revenue). The author contends the core question for analysts has shifted from "How big could this be?" to "How much is it earning and will earn next quarter?" The discussion extends beyond Anthropic to a broader paradigm shift: the transition from a "carbon-based" to a "silicon-based" economy. Companies are increasingly prioritizing investment in compute and AI capabilities over human resources, as these directly scale productivity and competitive advantage. Anthropic's IPO is thus positioned not just as a corporate milestone, but as a price anchor for this new economic era.

链捕手42m ago

Anthropic's IPO Launch: Commercial Miracle or Valuation Bubble?

链捕手42m ago

US Senators Press Bank Regulators For ‘Fair’ Crypto Capital Rules

A group of U.S. Senate Republicans, led by Senator Cynthia Lummis, is urging federal bank regulators to establish clear and fair capital rules for banks involved with crypto assets. In a letter to the Federal Reserve, FDIC, and OCC, the lawmakers criticized the international Basel Committee's standards, which impose a punitive 1,250% risk weight on crypto assets, calling it a de facto ban not based on actual risk. They applauded recent interagency guidance that granted tokenized securities the same capital treatment as traditional ones, arguing this risk-based principle should apply consistently to all digital assets. The senators called on the agencies to develop a new capital framework, aligning with recent legislative progress on crypto market structure. Their push coincides with testimonies from top regulators, who emphasized a shift toward more risk-based supervision and responsible innovation, while also addressing stablecoin oversight under new proposals.

bitcoinist47m ago

US Senators Press Bank Regulators For ‘Fair’ Crypto Capital Rules

bitcoinist47m ago

Near Returns to the AI Stage: Transformation into a Public Chain Due to 'Payroll Difficulties,' Agent and Privacy Emerge as New Growth Narratives

NEAR Returns to AI Origins: From Payroll Struggles to Blockchain, Now Focusing on AI Agents and Privacy NEAR Protocol's journey began not with grand blockchain ambitions, but from a practical hurdle: its AI startup founders, including Transformer paper co-author Illia Polosukhin, couldn't efficiently pay international developers in 2017. This led them to pivot and build a high-performance, scalable blockchain. After years navigating various crypto narratives like sharding and cross-chain interoperability, NEAR is now leveraging its AI roots to re-enter the AI arena. A key driver is its "NEAR Intents" layer, which abstracts complex cross-chain transactions. Users simply state their goal (e.g., swap BTC for ETH), and a solver network finds the optimal route. This system has processed over $20B in cross-chain volume, generating significant fee revenue. A major growth area is private transactions via "Confidential Intents/Swaps," which hide trade details until settlement to protect against MEV and front-running. Remarkably, private swaps recently accounted for over 40% of NEAR's transaction volume, highlighting strong demand but also potential regulatory scrutiny. With its AI-founder pedigree, NEAR is positioning itself at the intersection of blockchain, AI agents, and privacy, aiming to become infrastructure for the emerging agent economy while navigating the challenges of its rapid adoption.

marsbit3h ago

Near Returns to the AI Stage: Transformation into a Public Chain Due to 'Payroll Difficulties,' Agent and Privacy Emerge as New Growth Narratives

marsbit3h ago

From Ethereum to AI's 'CROPS': What Exactly is This Set of 'Slow Variables' That Vitalik Repeatedly Emphasizes?

In recent discussions, Vitalik Buterin has frequently emphasized the concept of "CROPS," a framework defining core values for Ethereum's development. CROPS stands for Censorship Resistance, Capture Resistance, Open Source, Privacy, and Security. Initially outlined in the Ethereum Foundation's "EF Mandate," it represents a commitment to user sovereignty, ensuring that the network resists external control, remains open, protects privacy, and prioritizes security. The relevance of CROPS extends beyond Ethereum's foundational principles, becoming crucial in the context of AI integration. As AI agents begin handling wallet operations and automated transactions, the risk increases that users may cede control over their digital assets, privacy, and intentions to centralized AI service providers. A "CROPS AI" would therefore emphasize local execution where possible, privacy-preserving remote model calls (e.g., using zero-knowledge proofs), and transparent, verifiable processes to maintain user agency. Vitalik highlights a significant convergence between "CROPS Ethereum access layer" and "CROPS AI." Both address the same fundamental challenge: how users can access powerful services—be it blockchain data via RPCs or AI models—without exposing sensitive information or relinquishing ultimate control. This intersection points toward a future digital entry point that is more private, secure, and user-controlled. Ultimately, CROPS is not merely an abstract ideal but a practical guidepost. It steers development—from protocol resilience and wallet design to AI agent safety—towards a future where users retain self-sovereignty even as digital systems grow more complex and powerful. In an era of accelerating AI adoption, these "slow variables" of censorship resistance, openness, privacy, and security may define Ethereum's enduring value.

marsbit3h ago

From Ethereum to AI's 'CROPS': What Exactly is This Set of 'Slow Variables' That Vitalik Repeatedly Emphasizes?

marsbit3h ago

Trading

Spot
Futures

Hot Articles

How to Buy NIGHT

Welcome to HTX.com! We've made purchasing Midnight (NIGHT) simple and convenient. Follow our step-by-step guide to embark on your crypto journey.Step 1: Create Your HTX AccountUse your email or phone number to sign up for a free account on HTX. Experience a hassle-free registration journey and unlock all features.Get My AccountStep 2: Go to Buy Crypto and Choose Your Payment MethodCredit/Debit Card: Use your Visa or Mastercard to buy Midnight (NIGHT) instantly.Balance: Use funds from your HTX account balance to trade seamlessly.Third Parties: We've added popular payment methods such as Google Pay and Apple Pay to enhance convenience.P2P: Trade directly with other users on HTX.Over-the-Counter (OTC): We offer tailor-made services and competitive exchange rates for traders.Step 3: Store Your Midnight (NIGHT)After purchasing your Midnight (NIGHT), store it in your HTX account. Alternatively, you can send it elsewhere via blockchain transfer or use it to trade other cryptocurrencies.Step 4: Trade Midnight (NIGHT)Easily trade Midnight (NIGHT) on HTX's spot market. Simply access your account, select your trading pair, execute your trades, and monitor in real-time. We offer a user-friendly experience for both beginners and seasoned traders.

3.4k Total ViewsPublished 2025.12.08Updated 2026.06.02

How to Buy NIGHT

Discussions

Welcome to the HTX Community. Here, you can stay informed about the latest platform developments and gain access to professional market insights. Users' opinions on the price of NIGHT (NIGHT) are presented below.

活动图片

Top Questions

Hot Categoriesright-arrow

Hot Tagsright-arrow