On-chain investigator ZachXBT has publicly named Dritan Kapllani Jr, a US-based individual he alleges is responsible for $19 million in social engineering attacks targeting crypto holders. The investigator posted evidence today that includes social media posts showing luxury lifestyle purchases and a recorded call in which Kapllani allegedly displayed a wallet containing stolen funds.
The exposure marks another high-profile doxing from ZachXBT, who has built a reputation tracking crypto theft and fraud operations across blockchain networks. In this case, the investigator stated that Kapllani “flexes luxury cars, watches, private jets, & clubs all over social media” while being tied to the multimillion-dollar theft total. The recorded call showing the wallet represents direct forensic evidence linking the suspect to the alleged crimes.
Pattern Fits Broader Social Engineering Wave
Social engineering remains one of the most effective attack vectors in crypto. Unlike protocol exploits or bridge hacks that require technical sophistication, these attacks rely on manipulating victims into voluntarily transferring funds. The $19 million figure puts this alleged operation in the upper tier of individual social engineering campaigns, though it’s dwarfed by organized groups targeting institutional holders.
ZachXBT’s work has increasingly focused on individual threat actors rather than anonymous wallet clusters. In December, he exposed a Canadian scammer tied to a $2 million fraud targeting Coinbase support. Earlier this year, he published data from a compromised North Korean IT worker payment server showing $3.5 million flowing through a fraudulent identity operation. That investigation revealed 390 accounts and an internal platform processing roughly $1 million monthly through fake identities and forged documents.
Public Naming Raises Legal Questions
Publicly identifying suspects before criminal charges carries risks. While ZachXBT’s track record includes multiple cases where his investigations preceded law enforcement action, naming individuals opens the door to defamation claims if the evidence doesn’t hold up in court. The investigator has historically been careful to present transaction flows, wallet addresses, and other verifiable on-chain data alongside his conclusions.
The recorded call evidence and social media documentation suggest ZachXBT is confident in the attribution. Whether US authorities will pursue charges remains unclear. Social engineering cases often stall in prosecution because victims are reluctant to admit they were manipulated, and jurisdictional issues complicate enforcement when stolen crypto moves across multiple chains and mixers.
For now, Kapllani’s name is public, his alleged wallet activity is documented, and the crypto community has another face to attach to the social engineering problem that continues to drain millions from holders who think they’re talking to legitimate support staff or trusted contacts.
