On January 23, 2025, blockchain investigator ZachXBT disclosed findings that connect a pseudonymous user known as 'John' or 'Lick' to over $90 million in suspected illicit cryptocurrency activity. This includes funds traced back to a US government-controlled wallet associated with the 2016 Bitfinex hack.
Details of the Investigation
The investigation revealed that approximately $24.9 million from a US government wallet, which had received seized assets from the Bitfinex hack, was traced to wallets attributed to 'John.' This tracing was facilitated by real-time wallet activity observed during a private Telegram exchange, where participants displayed their cryptocurrency holdings.
During this exchange, ZachXBT was able to observe a user known as 'Lick' screen-sharing an Exodus wallet that displayed a TRON address holding about $2.3 million. Additionally, $6.7 million in Ether was transferred live into an Ethereum address, culminating in roughly $23 million being consolidated into a single wallet.
On-Chain Evidence and Laundering Patterns
ZachXBT's tracing identified that the consolidated wallet activity originated from a US government address that had previously received seized funds. Notably, this wallet had been flagged for anomalous activity in October 2024, when approximately $20 million was drained, with some funds not recovered.
The laundering patterns observed in this case are consistent with known tactics. Funds were moved from victim and seizure-linked addresses into intermediary theft wallets, where they were split, recombined, and cycled through various exchanges and bridges. This method obscures the source of funds before they are reconsolidated.
Implications for Law Enforcement and Oversight
The exposure of alleged control over funds tied to government wallets is significant. Such movements are likely under active monitoring by US authorities. Historically, investigations of this nature rely on covert tracing and legal processes, making this public disclosure unusual.
This case illustrates that even sophisticated laundering operations can be compromised by overconfidence or operational errors. The immutable nature of blockchain records allows for the reconstruction of complex financial activities, even when funds traverse multiple chains and services.
ZachXBT's findings highlight the importance of vigilance in the cryptocurrency space, particularly regarding the potential for illicit activities linked to government-controlled assets. Stakeholders in the digital asset ecosystem should remain aware of these developments and consider the implications for compliance and risk management.
Automated TrustSniffer Intelligence — grounded, attributed analysis of public on-chain and web data.
Run any crypto address or domain through the TrustSniffer risk engine.
