John “Lick” Daghita; full name John Daghita was arrested on March 4, 2026, in Saint Martin; a Caribbean island under French jurisdiction for allegedly stealing over $46 million in cryptocurrency from U.S. government-seized assets managed by the U.S. Marshals Service (USMS).
The arrest resulted from a joint operation between the FBI and French authorities including the elite Gendarmerie unit GIGN). During the raid, authorities seized cash (in a metal briefcase, hard drives, security keys, and other hardware potentially linked to the theft.
Daghita is the son of Dean Daghita, president and CEO of Command Services & Support (CMDSS), a Virginia-based firm that secured a U.S. government contract in October 2024 to manage and dispose of seized digital assets for the USMS. These assets often include crypto from major cases, such as the 2016 Bitfinex hack.
Register for Tekedia Mini-MBA edition 20 (June 8 – Sept 5, 2026).
Register for Tekedia AI in Business Masterclass.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab.
The Alleged Theft
He reportedly abused insider access through his father’s company to siphon funds from government-controlled wallets between 2024 and late 2025. On-chain traces link him to at least $46 million in stolen crypto primarily Ethereum, with some reports suggesting ties to over $90 million in broader suspicious activity.
Pseudonymous blockchain investigator ZachXBT publicly identified Daghita in late January 2026 after Daghita bragged about controlling wallets holding millions including ~$23 million in one instance in Telegram group chats. ZachXBT traced transactions on-chain, connected them to government seizure wallets, and linked the online alias “Lick” to Daghita personally.
Daghita reportedly taunted ZachXBT multiple times on Telegram. He even performed a “dust attack” by sending small amounts of the allegedly stolen funds to ZachXBT’s public wallet address, a move intended to mock or implicate, but which provided more evidence.
ZachXBT has stated the arrest was a direct result of his investigation. U.S. authorities are expected to pursue extradition. No formal charges have been detailed publicly yet, but potential offenses include theft of government property, wire fraud, and money laundering—carrying significant prison time.
Recovery of funds remains unclear, though on-chain transparency aided the probe. This case highlights risks in government crypto custody, the power of public blockchain analysis, and how overconfidence like public flexing can lead to downfall.
The arrest of John “Lick” Daghita on March 4, 2026, for allegedly stealing over $46 million in cryptocurrency from U.S. Marshals Service (USMS)-managed seized assets has several significant impacts across legal, security, industry, and broader policy domains.
Daghita faces potential federal charges including theft of government property, wire fraud, money laundering, and computer fraud and abuse—offenses that could carry decades in prison if convicted. U.S. authorities are pursuing extradition from Saint Martin with the joint FBI-French Gendarmerie operation already seizing cash, hard drives, security keys, and other hardware during the raid.
Recovery of the stolen funds remains uncertain, though blockchain transparency has aided tracing; some reports note partial unrecovered amounts like ~$700k from early transfers. His father’s company, Command Services & Support (CMDSS), faces intense scrutiny.
The firm held a USMS contract awarded in 2024 for ~$4-7.8M to manage and dispose of seized digital assets. Post-arrest fallout could include contract termination, audits, or debarment from future federal work, especially given prior protests against CMDSS’s selection and apparent online scrubbing.
The case highlights insider risks in government crypto custody. The USMS oversees billions in seized assets, often relying on external contractors for specialized handling. Daghita allegedly exploited family-linked access to siphon funds from official wallets between 2024-2025.
This echoes prior USMS criticisms. Reports emphasize outdated systems (“spreadsheet problem”) and call for modernization to prevent similar breaches. It underscores how overconfidence can accelerate downfall—providing direct evidence trails. Intensified scrutiny on USMS contractor oversight, access controls, and segregation of duties.
Analysts predict potential reforms like stricter vetting, multi-party custody, hardware security modules, or reduced reliance on private firms for high-value assets. Ties into ongoing debates about federal handling of seized crypto including the U.S. Bitcoin Reserve concept with calls for better protocols amid growing holdings worth tens of billions.
Could influence policy on digital asset forfeiture, auctions, and security—potentially leading to congressional hearings or updated guidelines. ZachXBT’s role is widely celebrated as a major win for independent blockchain analysis. His January 2026 exposure tracing via public flexing and dust attack directly led to the arrest, boosting credibility of pseudonymous investigators and on-chain forensics in high-profile cases.
Serves as a cautionary tale: “The blockchain never forgets.” Public flexing in crypto often backfires, reinforcing community warnings against arrogance with illicit gains. Daghita reportedly launched and rugged a $LICK meme coin tied to stolen wallets, adding irony and potential additional fraud angles.
While the immediate financial hit to taxpayers is substantial ~$46M+ potentially up to $90M in linked activity, the bigger long-term impact may be reforms in federal crypto custody to close insider loopholes and enhance transparency and security. The case demonstrates blockchain’s power in accountability—even against government-held assets.