CryptoCurrency
$23M Crypto Flex Exposes Hacker as Funds Link to US Seizure
TLDR:
- Hacker “John” exposed $23M in stolen crypto during a public “band-for-band” dispute with another hacker.
- ZachXBT traced the wallet to a $90M illicit pool tied to US government seizures from Bitfinex hack.
- Recorded screen-shared wallet movements provided crucial evidence linking multiple hacker addresses.
- John’s wallet received $63M in 2025 from addresses connected to government-controlled seizure funds
Infamous hacker, alias “John” or “Lick,” found themselves in hot water after flaunting $23 million in stolen cryptos. Blockchain investigator ZachXBT traced these funds back to U.S. government seizure addresses.
The hacker’s public display of wealth during an online dispute led to the discovery of these illicit links. This incident began when “John” participated in a “band for band” (b4b) contest with another threat actor.
The entire exchange, which included screen-shared wallet movements, was recorded and later analyzed by ZachXBT. Through this, millions in stolen cryptos were linked back to a $90 million pool of suspected illicit funds.
These include assets tied to the Bitfinex hack, which the U.S. government had previously seized. ZachXBT’s tracing efforts revealed John’s past cases of cybercriminals by exposing all stolen cryptocurrency.
This development provides law enforcement with valuable evidence for potential future actions.
The Band-for-Band Dispute and the Exposure of Funds
The recorded online dispute became the key to tracing illicit funds. John and another hacker, known as Dritan Kapplani Jr., engaged in a high-stakes “band for band” exchange.
Each participant tried to show they had control over the most significant crypto assets. In one segment of the recording, John revealed control of a Tron wallet with around $2.3 million.
Later, another $6.7 million in ETH was transferred into a specific wallet. By the end of the session, approximately $23 million in cryptocurrency had been consolidated into John’s wallet address, 0xd8bc.
The recording clearly demonstrated John’s control over multiple addresses and provided a rare look into the operations of cybercriminals. For blockchain investigator ZachXBT, this was an opportunity to trace the funds further back.
Through tracing the wallet’s transaction history, ZachXBT linked 0xd8bc to a series of other addresses. Including 0x8924, which John reportedly confirmed owning.
One particular transaction in November 2025 stood out, where 1,066 wrapped ether (WETH) was transferred from wallet 0xc7a2. Interestingly, this wallet had previously received funds linked to the U.S. government’s Bitfinex hack seizure.
Tracing the Funds to U.S. Government Seizures
ZachXBT’s investigation revealed that the funds in John’s wallet were not just from random victims. They were connected to government-controlled seizure addresses.
A wallet linked to John had received $24.9 million tied to the Bitfinex hack seizure in March 2024. There was a direct link between the hacker’s funds and one of the largest government seizures related to crypto theft.
Despite the hacker’s attempt to hide their tracks, blockchain tracing exposed the full scope of their illicit activities. The U.S. government address, which had received the stolen funds, still holds approximately $18.5 million as of the latest transaction.
ZachXBT also found that John’s wallet received additional significant transfers, including more than $63 million in 2025. When tracked this funds came from addresses connected to government-controlled addresses.
This pattern demonstrated that John had a wide network of stolen assets. When investigated, most traced back to high-profile crypto hacks and government seizures.
In 2024, a group who flaunted a $243 million fraud in the same way was arrested prematurely. In many instances, displaying stolen property in public has proven to be quite harmful.
This is because it creates opportunities for law enforcement to track, document activities in, and build criminal cases.
