Earlier today the threat actor 'Dritan Kapllani Jr' transferred $2.59M (1.99M DAI, 259 ETH) three hops from: 0x4487db847db2fc99372a985743a26f46e0b2bba6
to:
0x67ec1d405e53ed13a19eb77a9db19186723d125d where stolen funds currently sit dormant.

On May 12 I published my investigation on X (Twitter) detailing Dritan's involvement with Trenton (Trent) Johnson in a 185 BTC ($13M) social engineering theft.

You can read my investigation below:
https://x.com/zachxbt/status/2054170002945987029

Offering up to $10K bounty for intel about the Hong Kong market maker Heisenberg Guru aka HSBG linked to multiple CEX market manipulation incidents such as $RIVER.

Sion & Chao are two core team members.

Chat logs, contracts, internal comms, etc are the types of evidence I will consider rewarding.

Send me a DM on X (Twitter) if you can assist: x.com/zachxbt

Update: Following up on my earlier warnings about Gurhan Kiziloz, I completed onchain tracing which demonstrates commingling of at least $25M of presale funds between two investment schemes linked to him, which were then used to pay KOL streamers for his casino Spartans[.]com.

I have not seen any disclosure in the original BlockDAG Network or ZKP presale materials indicating that funds would be used to promote a separate venture, and retail investors continue to publish complaints on social media.

This is another red flag on top of the issues outlined in my earlier post. I advise everyone to stay away from BlockDAG, ZKP, and Spartans.

Spartans KOL payment address
TRa9KjECpmmBBr1GKTwEWmskdiEKyLnf3C
0xb8e55a329536f3e981c63567b7b1156533d1855a

Blockdag presale address
0x4c39ed0438d5e8913acf423db6d56cce78b2d367
Blockdag consolidation
TZENvWXqdkqQYT2om6yLC731Cphu57yKkY

ZKP presale address
0x3b224a7a5a7ee682a2597eaf2b1f61d153424f4b

See attached for my forensics graph: BlockDAG & ZKP presale wallets → consolidation → bridge from Ethereum to Tron → CEX deposits and withdrawals (HTX, BTSE) → Spartans hot wallet and KOL payment address.

Update: The Spartans team immediately blocked me on X (Twitter) and hid my reply after I replied to their post asking for clarification.

It has come to my attention there are new accounts impersonating me and they are gaining views / engagement on Instagram & YouTube.

Reminder my only two official accounts are x.com/zachxbt on X (Twitter) @investigations on Telegram.

Do not get scammed by these larps.

An unknown victim lost ~231 BTC ($18.8M) on May 14, 2026 due to private key compromise.

Social engineering threat actors from 'The Com' have tried taking credit for the theft however it appears they're larping due to unrelated Russian indicators on the laundering movements.

Theft address
bc1qmmfyekpkkuxryezpup7nw2x9qvr5avlfj3vvpc
bc1qrf02hgf9e3lypt8wm025g4waee47wjwz2at9az

Community alert: A Polymarket admin address appears to have been compromised on Polygon

>$520K drained thus far

Attacker address: 0x8F98075db5d6C620e8D420A8c516E2F2059d9B91

Related contracts
0x91430CaD2d3975766499717fA0D66A78D814E5c5

Address drained
0x871D7c0f9E19001fC01E04e6cdFa7fA20f929082
0xf61e39C7EB1E2Ff5af3A24bCA88D40fD11594805

Edit 1: Updated to reflect its an admin vs contract

Edit 2: Polymarket confirmed the compromised address

Update: I collaborated with BitcoinVN & ChangeNOW to help successfully freeze $164K from the Polymarket private key compromise incident.

Two contracts related to European stablecoin issuer StablR appears to have been potentially exploited for ~$10M (EURR & USDR)

The attacker address was funded via CCTP on Noble

Attacker address
0xea480c23d7b29a515856aafe0dc86f7519965a04
0x09BE1A36c2d7f9909eb3D6F9184c6e46A12B0ACA
0xD4677B5A8B1b97EA213Fdb876b0FcBAB3f9F6CD1
0x6283558eB6948CA50A2bE942D98A41ca4d1Def40
0xf1f70d7461356f32b97ddc2cd54a490d4363340e
0x74b4621b82eb31c5fd9fbad5729bef1813e26dcf
0x8aaa93d06bf8de94c282f66a16effe6d9d94d038
0x5D2184d84b82B67c1818Bbec8ce81E7Df14F6bAb

Update: I have helped freeze 6 figures.

StablR team appears to likely be asleep as the attack is still ongoing after 3 hours now.

EURR & USDR have both depegged by >20%.

An entity previously received ESPORTS, RIVER, & LIGHT tokens via Sablier vesting contract and is also directly tied to a signer on three LAB multisigs.

These four BSC tokens have experienced market manipulation incidents on centralized exchanges.

I peviously highlighted LAB & RIVER however earlier today ESPORTS crashed 93% in a single red candle.

Would you say the entity is just lucky or are they an insider?

Bitget deposit address
0x5f04a53bff7ae409140f35cf1804892aac295be5
Kraken deposit address
0xba898b422932783c7a3cb57b641922b84daa24f2
LAB signer
0xcea722a1a812ebdfa5bbd8130531cf1d1956ebc9

Looks like Circle blacklisted the Zama (privacy protocol) Confidential USDC (cUSDC) contract on Ethereum 7 hours ago which has frozen 12.6M USDC of user funds.

The cUSDC contract is publicly labeled in the protocol docs and on block explorers.

Zama contract address frozen by Circle
0xe978F22157048E5DB8E5d07971376e86671672B2

It still remains unclear why Circle froze the USDC however in March 2026 I reported how Circle froze 16+ hot wallets for businesses, protocols, services without providing any transparency.

Update: After further analysis 0xf7Fcc767dE537953b3519D4b3097A24A6dFE1c84 deposited 12.4M USDC to Zama on May 11, 2026.

0xf7fcc appears to relate to Overnight Finance which held a governance vote recently to distribute treasury funds after holders alleged the team was rug pulling.

Regardless it's precedent setting to unilaterally freeze the contracts / addresses of a protocol where funds have been commingled with Zama users.

Update 2: It gets much worse from my understanding the Zama team does NOT appear to have been notified of the Circle freeze prior.

One of the plaintiffs responsible for the civil case against Overnight Finance is Patagon Management an entity known for hostile DAO takeovers / RFV raiding protocols.

Overall I feel bad for Zama users who have now been indirectly impacted with this mess of a US civil case.

Community alert: I suggest avoiding Rain Protocol ($8.8B mkt cap; top 15) at all costs. As a prediction market RAIN has few users, minimal product traction, no notable backers, & a team with little track record in our industry.

I traced the RAIN team addresses onchain and the source of funds originate via the Gems hot wallet and CEX deposit addresses that previously moved funds for failed projects like Data Ownership Protocol (DOP) & TOMI at the same time indicating potential overlap between teams:

0xa35e61cb836ae15f2d7d400efb49bda7222b98bc linked to RAIN deployer sent dust on Oct 14, 2025 at 3:31:47 pm UTC to 0xbac1
0xa810e14e2ee46e1e25e56bcf280208b78242d5d1 linked to TOMI team multisig & CEX deposit 0x6a6 sent dust on Oct 14, 2025 at 3:31:11 pm UTC to 0xbac1

0xbac19cb634c34baf7670263ccc74806a2d004fb0 received from 0xf205 in Dec 2025 which received from a DOP multisig.

0xa81 transferred to 0x2db0e5d3678ace8db1c400844b2ed9a0af331a66 in Feb 2025 which sent to the same CEX deposit address as DOP deployer 0x366.

RAIN's price appears it is being manipulated onchain with addresses linked to the deployer via Uni V3 LP with spot transfers obfuscated via Gems hot wallet:
0x7c10f934c84a0aefaffd3334463c245a311cc967
0x7706342d38d3fd957c7061ac87a98f21f1cb53aa

RAIN has a DAT named Enlivex (Nasdaq listed) that announced a $212M treasury strategy in November 2025 but has no comps to Kalshi or Polymarket to justify the amount. Defillama reports RAIN TVL at $27.2M on Arbitrum however it's entirely in its own illiquid native token & $1m annual fees.

TOMI, DOP & Sirin Labs all trace back to a highly controversial Israeli founder named Moshe Hogeg, who was detained for fraud in 2021 and later accused by law enforcement of a $290M fraudulent crypto scheme in 2023 as well as facing multiple lawsuits from former business partners and employees.

Gems[.]vip is a sketchy launchpad that has hosted multiple of these projects (RAIN, DOP, etc.) and appears to be launching a presale for Kai Platform soon.

Data Ownership Protocol (DOP) reportedly raised $162M in a 2024 token sale. Kai was recently announced to have acquired DOP, but it's unclear where those funds went with numerous retail investor complaints on social media.

In recent months I have expressed concern about the growing trend of projects aggressively manipulating the price without any repercussions. I do not advise trading them under any circumstances.

Update: I have downgraded my ranking of Kraken as a CEX from S-tier to B-tier because of its lack of due diligence when listing low quality manipulated tokens (M, RAIN, RIVER, RAVE, etc).

Also the recent public disclosure of its breach left out any mention of victim compensation.

Other large exchanges such as Coinbase or Bybit prioritized user compensation after security incidents.

If you are an insider with incriminating business contracts, full chat logs, active MM agreements, or similar tied to CEX market manipulation schemes I am increasing my total bounty up to $100K paid in the crypto of your choice out of my own pocket.

In my opinion it will continue until one of the teams is made an examples of by regulators or the public.

I do not care how the documents are obtained.

Send me a DM on X (Twitter) for your submission:

x.com/zachxbt

Community alert: Multiple users of the East Asian centralized exchange Ju (JuCoin) have reported withdrawal issues over the past week.

In March 2025 I first published a warning for Ju when they were listed as a Platinum sponsor for Token 2049 after I observed numerous red flags.

A recent analysis into the Ju proof of reserves posted on X (Twitter) alleged the self reported numbers of $511M in total reserves were likely overstated given the vast majority was issued USDC & USDT on their own chain JuChain without a clear backing.

Ju's ownership is opaque. The publicly listed team does not appear to actually control it. That fits a pattern seen with fraudulent offshore exchanges, where the actual principals, often Chinese, stay hidden.

Ju has publicly stated the delays are the result of upgrades and restructuring. Ju has rebranded multiple times in the past (Jubi → JuCoin → Joy Universe/Ju).

JuDAO was exploited for $225K in Apr 2026 due to a smart contract exploit.

JuDAO allegedly lost $20M in Sep 2025 due to deploying a proxy contract which incorrectly left 77M POL stuck.

At least $5M tied to the Bybit DPRK exploit was moved via Ju in 2025, while weeks earlier the team had claimed to offer financial support of up to 1,000 BTC ($95M) for Bybit.

A basic test for centralized exchanges is to see if the ownership is fully transparent and registered in high quality jurisdictions whereas Ju fails both.

If you send l a DM or tag me on X/Twitter asking me to assist you with a prediction market I am muting or blocking you for wasting my time.

Prediction markets gamblers in 2026 have become the equivalent of meme coin gamblers from 2024 - 2025.

They’ll happily profit off to your likeness while all of the negatives become associated with you.

However one exception is I have an ongoing investigation into an Israeli national suspected of profiting from insider knowledge in relation to war.

Yesterday (June 11) TA6YHqB2xh5HhfmC7WoLQaWmqq7Vv4zCoQ received 120.2M USDT on Tron and began transferring $17.5M+ to Kucoin deposit addresses and $8M to various instant exchanges.

The entity created Monero orders which caused the XMR price to spike from $330 -> $420.

Another $8M+ was bridged from Tron to Bitcoin / Ethereum via Near Intents.

A few minutes ago Tether blacklisted an address directly related to Ta6YHq with 72M USDT: TBzrPEsStbZAUx2SBhD4oHz8UW3FX9Ak9W