Hacker flaunts wealth and gets caught: 23 million on-chain self-incrimination

CN
智者解密
Follow
3 hours ago

Around January 23, 2026, in the UTC+8 time zone, a dispute that originally belonged to a small group chat within the hacker community was magnified into a “self-incrimination” incident worth tens of millions of dollars due to on-chain evidence. Hacker John (online alias Lick) actively showcased a wallet containing approximately $23 million in assets during a quarrel with fellow hacker Dritan Kapplani Jr., attempting to prove his “status” in the community through his balance and achievements. However, this seemingly simple act of boasting was quickly captured by on-chain analysts and security researchers, linking it to the 2024 theft of over $90 million in cryptocurrency assets from the U.S. government and several unreported victim cases from November to December 2025. The bravado in the group chat was evolving into significant criminal leads involving treasury theft and invisible victims, with the core conflict suddenly becoming clear: the infighting and competition among hackers were tearing apart the “anonymity umbrella” they relied on for survival.

Group Chat Banter Turns into a Multi-Million Dollar Confession Scene

● The starting point of the dispute was a competition for status within the hacker community. John and Dritan Kapplani Jr. argued in a small group chat about whose achievements were more “hardcore” and who controlled more funds. The briefing indicates that this was not a random emotional outburst but rather an eruption of long-standing grievances within the same hacker/gray market circle, where flaunting wealth became a crude means of validating identity and authority, and was also John’s direct motivation for making a high-risk display.

● To overpower his opponent, John directly revealed his “trump card”—a screenshot of a wallet containing approximately $23 million in assets. The amount far exceeded the typical scale seen among ordinary hackers, and the asset composition included multiple chains and various mainstream tokens, making this wallet highly recognizable among similar addresses. It was this unconventional scale and combination that triggered heightened alertness among onlookers and on-chain detectives: such a concentrated massive asset is rarely from a single normal source and is likely part of a major case's funding pool.

● On-chain investigator ZachXBT subsequently commented on social media that this was “a typical case of hackers exposing their whereabouts due to arrogance” (according to A/C reports). From his perspective, such flaunting screenshots often contain a series of retrievable clues, including time, amount, and currency composition. If matched with existing suspicious funding samples, it could very likely expose a real “funding pinnacle” that was originally hidden behind the dark web and bridge addresses.

Fragmented Clues of the Stolen Treasury on the Chain

● Public information shows that the 2024 theft of over $90 million in cryptocurrency assets from the U.S. government sparked significant controversy at the time. On one hand, the government was seen as the “ultimate secure vault” for asset custody, yet it exposed serious vulnerabilities in technology and processes; on the other hand, the large-scale stolen funds were continuously split, mixed, and transferred across chains, making it difficult for law enforcement to trace accurately, becoming a typical case of “the treasury being washed,” and remaining on the watchlist of the on-chain security community for a long time.

● The reason John’s flaunted wallet quickly triggered associations is that multiple public analyses (source: A/C) pointed out that its funding flow and composition exhibited highly overlapping trajectory characteristics with the $90 million theft case. Although the specific addresses and hashes involved are still pending verification, researchers have extracted “fingerprints” that are highly similar to the stolen government assets based on the amount scale, some transfer timeframes, and cross-chain path patterns, making John’s $23 million wallet appear more like a fragment of the stolen treasury assets rather than an isolated whale account.

● The sensitivity of this money is further heightened by the fact that the U.S. government's cryptocurrency asset seizure and custody mechanisms have long been at the center of public scrutiny. Once confirmed to originate from stolen government assets, it would not only mean that hackers have touched the most sensitive funding pool but would also amplify public doubts about the technical shortcomings of the seizure mechanism, custody security, and internal control processes. For law enforcement, this represents a critical breakthrough for accountability and asset recovery, as well as a pressure test for institutional credibility.

Unreported Victims and 2025…

● The briefing indicates that the flaunted wallet has also been linked by multiple parties to several unreported victim cases from November to December 2025. These cases have not been widely disclosed in the media and are mostly mentioned only in internal communications within the on-chain security circle. While the scale of losses may not match that of government assets, they have caused a chain reaction among several niche industries and high-net-worth individuals. The suspected connection between the wallet and these funding flows makes it not only a “treasury clue” but also a potential intersection point for multiple civil and criminal cases.

● These victims have long remained unexposed to the public for multiple overlapping reasons: first, they lack the media resources and legal team support to match large institutions; second, the professional thresholds for cross-border and on-chain evidence collection are high, making it difficult for many cases to meet the requirements for filing and prosecution in the short term; third, some victims, due to concerns about reputation and compliance reviews, are reluctant to be labeled as “hacked” or “risk management failures,” thus passively choosing silence or private settlements.

● Because of this, John’s flaunting behavior unexpectedly became an opportunity for these “invisible victims” to resurface. Once on-chain evidence can find commonalities within the same funding pool and path patterns, there is a chance to connect scattered reports and funding flows. For those who have never been the focus of media attention, this is a rare second chance for recovery—they can finally leverage public attention and on-chain analytical results to be seen again and systematically included in the investigation.

Digital Footprints Have Nowhere to Hide: From Flaunting…

● The toolbox of on-chain detectives in this case is actually much more “simple” than the outside world imagines: extracting balance values, mainstream currency compositions, and interface layouts from chat screenshots, and then combining them with the distribution characteristics of funds on the public chain to first reverse-lock a collection of suspicious addresses that fit this amount range and asset combination. Subsequently, by cross-matching with known suspicious funding sets—such as the 2024 U.S. government stolen asset samples—they gradually narrow down the range, ultimately pinpointing a very small number of highly suspicious target address groups.

● At the current stage, specific wallet addresses and hashes are still listed as pending verification information, and the briefing explicitly requests not to disclose details to prevent harm to the innocent and artificially amplify unverified accusations. However, even without providing precise addresses, the entire tracing process remains reproducible and transparent: any researcher can repeat similar filtering and comparison steps on the public chain based on amount ranges, time windows, asset compositions, and cross-chain behaviors, which itself directly challenges the hacker's psychological expectation that “as long as I don’t disclose the address, no one will find out.”

● For many hackers, including John, they generally misjudge the boundaries of so-called “anonymity”: believing that as long as they hide in group chats, communicate in jargon, and use bridge wallets for transfers, the real funding pinnacle will always be safe. The reality, however, is that the on-chain ledger has never been a “black box open only to insiders,” but rather a globally accessible public database that anyone can inspect. Once it overlaps with suspicious samples, a flaunting screenshot is equivalent to highlighting oneself in this ledger.

The Cat-and-Mouse Game Between Law Enforcement and On-Chain Detectives…

● In such cases, the relationship between civilian on-chain analysts and law enforcement agencies increasingly resembles a form of “loose collaboration.” Independent researchers like ZachXBT complete the initial sketch of funding paths through public reports, social media threads, and visual charts, which is then supplemented by law enforcement agencies under a confidentiality framework, combining KYC records, exchange cooperation, and cross-border intelligence to complete the real identities and judicial chains. This model of civilian initiative followed by official follow-up significantly shortens the time gap from the discovery of suspicious funds to formal case filing.

● At the same time, the technical shortcomings and institutional controversies exposed by the U.S. government in asset seizure and protection are being re-examined in the context of this case. On one hand, the large-scale theft itself indicates systemic vulnerabilities in custody, key management, and access control; on the other hand, how to securely “store” seized assets on-chain without being stolen again due to internal errors or external attacks still lacks unified technical standards and transparent accountability mechanisms. This makes the “government wallet” both a tempting target for attackers and a high-risk target that cannot afford further mistakes.

● Looking ahead, foreseeable paths include: more controversial funds being actively applied for on-chain freezing, paired with more refined wallet profiling tools for long-term monitoring of high-risk addresses; exchanges and custody institutions strengthening intelligence sharing with civilian researchers within compliance frameworks; and regulatory bodies promoting the establishment of more standardized government asset custody and auditing norms. For hackers, each exposure of such cases will inversely prompt upgrades and iterations of on-chain monitoring tools, continuously compressing the space for the cat-and-mouse game.

The Era of Flaunting Hackers: The Myth of Anonymity…

Hacker John’s downfall story reminds everyone: in an era of excessive information flow and permanent on-chain data retention, the infighting and flaunting among hackers are no longer just dramatic conflicts within the community, but are continuously undermining their self-perceived invulnerable myth of anonymity. A single group chat screenshot or an ill-considered comparison is enough to expose tens of millions of dollars in funds buried within complex bridge paths back under the on-chain microscope, even leading to multiple clues related to treasury theft and invisible victims.

From a trend perspective, the traceability of on-chain data and cross-entity law enforcement collaboration will make large-scale cryptocurrency crimes increasingly difficult to conclude favorably. Whether it is government assets or personal and institutional funds, once suspicious behavior samples are formed, there is a chance to be re-located by algorithms and manual analysis at any future point in time. For ordinary users and institutions, while questioning the “security of the government” and custody capabilities, it is also necessary to truly understand the double-edged sword nature of on-chain transparency: it indeed amplifies single-point errors and security flaws, but it also provides unprecedented accountability tools and temporal depth for victims and regulators.

Join our community to discuss and become stronger together!
Official Telegram community: https://t.me/aicoincn
AiCoin Chinese Twitter: https://x.com/AiCoinzh

OKX Welfare Group: https://aicoin.com/link/chat?cid=l61eM4owQ
Binance Welfare Group: https://aicoin.com/link/chat?cid=ynr7d1P6Z

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To

Related Articles

avatar
avatar智者解密
7 minutes ago
Bitcoin Breaks $90,000: Price Madness and Compliance Shadows
avatar
avatar智者解密
16 minutes ago
The Trump family bets USD 1: Declaring war on PayPal?
avatar
avatar智者解密
25 minutes ago
The Trump family bets USD 1: challenging PayPal's digital dollar
avatar
avatar智者解密
34 minutes ago
Leverage liquidation or institutional sell-off? Tracking the truth in Q4.
avatar
avatar智者解密
44 minutes ago
Silver breaks a hundred and crypto repairs: 2026 new order
APP

X

Telegram

Facebook

Reddit

CopyLink