Investigator ZachXBT revealed this Friday that a cybercriminal known as “John” unintentionally exposed a multimillion-dollar fortune following an online dispute. Through exhaustive blockchain fund tracing, more than 90 million illicit dollars, including assets previously seized by the United States government, were linked to a single digital wallet belonging to the alleged threat actor.
The technical investigation began when the individual, nicknamed “John” or “Lick,” participated in a financial bragging competition known as “band for band.” During this recorded exchange, the subject shared his screen in real-time, demonstrating control over multiple addresses and consolidating approximately 23 million dollars into the 0xd8bc wallet, being this an action that allowed his definitive identification.
Through detailed analysis, it was determined that the 0xd8bc address received inflows exceeding 63 million dollars during the fourth quarter of 2025. The data shows connections with previous victims, suggesting a massive scale operation, evidencing how the transparency of the distributed ledger facilitates the work of independent analysts against complex and sophisticated criminal activities in the digital realm.
Government connections and the strategic error of public exposure
Retrospective analysis linked the primary wallet to the 0x8924 address, which received funds in November 2025 from a government account. These assets come from a historic seizure related to the Bitfinex hack, representing a surprising finding for authorities, as it suggests that malicious actors managed to divert or interact with funds that were previously under federal custody and oversight.
Furthermore, it was detected that the implicated wallet recently received 4,170 units of the Ether cryptocurrency from a centralized exchange, valued at 12.4 million dollars. This incessant activity, added to the attacker’s negligence, has allowed for the reconstruction of a detailed map of financial movements, facilitating the tracking of stolen assets through various platforms and capital mixing protocols worldwide.
Could this finding lead to new mass arrests in the cryptographic sector?
On the other hand, this incident bears similarities to previous social engineering cases where perpetrators were arrested after flaunting their earnings on social media. Financial history demonstrates that arrogance is usually the main point of failure in digital criminal schemes, allowing investigators to take advantage of oversights to trace the origin of fortunes that would otherwise remain in total anonymity.
Nevertheless, the security community warns about the persistence of these groups operating under pseudonymous identities in closed forums. The success of recent technical analysis suggests that on-chain monitoring tools are becoming increasingly precise, which is why greater institutional collaboration is expected to recover seized funds that ended up once again in the hands of global cybercrime networks and organizations.
