The U.S. Marshals Service (USMS) is investigating allegations that the son of a government contractor stole over $40 million in seized cryptocurrency from federal wallets.
The claims originated from blockchain investigator ZachXBT, who identified the alleged perpetrator as John Daghita also known online as “Lick”. He is reportedly the son of Dean Daghita, president and CEO of Command Services & Support (CMDSS), a Virginia-based IT firm.
CMDSS was awarded a contract in 2024 by the U.S. Marshals Service to assist in managing, safeguarding, and disposing of certain seized and forfeited cryptocurrency assets specifically “Class 2–4” tokens requiring specialized custody. This role gave the company access to sensitive government-controlled wallets holding assets confiscated in criminal investigations, including funds from the 2016 Bitfinex hack.
Register for Tekedia Mini-MBA edition 19 (Feb 9 – May 2, 2026).
Register for Tekedia AI in Business Masterclass.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab.
According to reports: ZachXBT traced suspicious transfers, including a major one of about $24.9 million in March 2024 from a U.S. government-linked wallet. At least $23 million was linked to a wallet Daghita allegedly controlled, with origins tied to roughly $90 million in suspected stolen government and other seized crypto from 2024–2025.
Evidence reportedly includes leaked video recordings where Daghita flaunted control over wallets containing stolen funds during a dispute with another individual. Some funds were allegedly laundered through various channels, though partial recoveries occurred in related prior incidents like $20 million drained in October 2024, mostly returned except for ~$700K.
The U.S. Marshals Service confirmed it is actively investigating these claims. No arrests or formal charges have been announced as of the latest reports from January 26–27, 2026, and the allegations remain unproven in court. CMDSS has not publicly commented, and its website/social media reportedly went offline amid the scrutiny.
This incident has reignited concerns about federal oversight of seized crypto holdings. The USMS manages billions in digital assets from forfeitures, but prior reporting from 2025 highlighted challenges in accurately tracking inventories, especially as the government considers uses like a national crypto reserve.
The allegations surrounding John Daghita (aka “Lick”) allegedly stealing over $40 million in seized cryptocurrency from U.S. government wallets—while his father, Dean Daghita, leads CMDSS, the contractor tasked with managing those assets—carry significant implications across multiple levels.
For Government Crypto Custody and Oversight
This case highlights potential vulnerabilities in how the U.S. government handles seized digital assets, which total billions in value from cases like the 2016 Bitfinex hack and others. The U.S. Marshals Service (USMS) relies on private contractors like CMDSS for specialized custody of certain “Class 2–4” tokens.
If insider access via family ties enabled the theft, it exposes gaps in: Background checks and conflict-of-interest protocols for contractors and their associates. Access controls to private keys and wallets—especially amid prior criticisms that the USMS lacked precise inventory knowledge of its holdings noted in 2025 reporting tied to national crypto reserve discussions.
Overall security in outsourcing sensitive asset management to firms with limited apparent crypto-specific expertise (prior protests from competitors like Wave Digital Assets raised similar concerns, though dismissed by the Government Accountability Office).
The incident has already prompted the USMS to confirm an active investigation, and it could lead to: Stricter vetting, multi-party custody requirements, or even a shift toward in-house or more heavily regulated solutions. Calls for Treasury or DOJ to reclaim direct control of private keys to prevent further risks.
Experts and analysts describe this as exposing systemic weaknesses in government blockchain custody: It underscores the risks of human/insider threats in high-value digital asset management, even with on-chain transparency.
It may accelerate demands for enhanced audits, real-time monitoring, AI-driven threat detection, and forensic tools—potentially boosting related security firms. In the context of evolving U.S. policy— 2025 executive orders promoting digital asset innovation while navigating regulatory ambiguities, it highlights the tension between innovation and accountability in federal crypto handling.
John Daghita faces serious potential charges like theft of government property, wire fraud, money laundering if proven—though no arrests or formal charges have been announced as of late January 2026. His alleged boasting on Telegram including live wallet demos during disputes provided key evidence via ZachXBT’s on-chain tracing.
CMDSS has seen its website, X account, and LinkedIn go offline amid the scrutiny, raising questions about the firm’s viability and any broader involvement though unproven. This could result in contract termination, fines, or debarment from future federal work.
In the crypto space, it reinforces ZachXBT’s reputation for exposing illicit flows and reignites debates on self-custody vs. institutional and government holding. Some voices argue it shows why centralized seizure management is flawed, while others see it as a cautionary tale for better safeguards.
Overall, while the claims remain allegations (unproven in court), the rapid public exposure via blockchain analysis and the USMS probe could drive meaningful reforms in how seized crypto is secured—potentially influencing future federal policy on digital asset reserves and custody standards.