Bitcoin Magazine
US Government Investigating Alleged $40 Million Crypto Theft by Federal Contractor’s Son
Members of the U.S. government are investigating allegations that tens of millions of dollars in cryptocurrency seized by law enforcement were stolen through insider access via a federal contractor, according to public statements from officials.
The U.S. Marshals Service (USMS) confirmed to CoinDesk that it is investigating claims that more than $40 million in confiscated digital assets were siphoned from government-linked wallets.
The allegations center on Command Services & Support (CMDSS), a Virginia-based technology firm contracted by the USMS to manage and dispose of certain categories of seized cryptocurrency.
Blockchain investigator ZachXBT alleged that John “Lick” Daghita — the son of CMDSS president and chief executive Dean Daghita — gained unauthorized access to crypto wallets holding government-seized digital assets and diverted funds for personal use.
ZachXBT said he reported the alleged activity to authorities and linked multiple wallet addresses to assets controlled by or associated with the USMS.
Brady McCarron, chief of public affairs for the USMS, told CoinDesk that the agency could not comment further on the case because investigations were underway.
Details of the digital asset theft fraud
The allegations first surfaced after a dispute in a private Telegram chat was recorded and later circulated online. According to ZachXBT, the individual identified as “Lick” appeared to screen-share a wallet holding millions of dollars in cryptocurrency and demonstrated the ability to move funds in real time.
Subsequent on-chain analysis linked those wallets to addresses known to hold government-seized assets, including funds associated with prior high-profile law enforcement seizures.
“Meet the threat actor John (Lick), who was caught flexing $23M in a wallet address directly tied to $90M+ in suspected thefts from the US Government in 2024 and multiple other unidentified victims from Nov 2025 to Dec 2025,” ZachXBT wrote on X over the weekend.
ZachXBT later identified the individual as John Daghita, alleging that he is the son of CMDSS’s president and that CMDSS currently holds an active federal IT contract.
CMDSS was awarded a contract in October 2024 to assist the USMS in managing and disposing of seized and forfeited digital assets, including crypto not supported by major exchanges and assets tied to complex criminal cases.
Those crypto assets reportedly include funds seized from the 2016 Bitfinex hack, one of the largest cryptocurrency thefts on record.
ZachXBT has said it remains unclear how John Daghita allegedly obtained access to the wallets, including whether that access was facilitated through his father or CMDSS’s internal systems.
According to ZachXBT, one wallet he attributed to Daghita held 12,540 ether — worth roughly $36 million at recent pri