TLDR
- Blockchain investigator ZachXBT accused John Daghita of stealing millions in crypto from U.S. government wallets.
- John Daghita is allegedly the son of Dean Daghita who is the CEO of government contractor CMDSS.
- CMDSS holds a U.S. Marshals Service contract to manage and dispose of seized cryptocurrencies.
- ZachXBT traced the stolen funds to wallets linked with assets seized from the 2016 Bitfinex hack.
- The allegations emerged after a Telegram group chat where Daghita showed control of wallets holding large crypto sums.
Blockchain investigator ZachXBT has accused John Daghita, known online as “Lick,” of stealing crypto from U.S. government wallets, linking him to funds tied to the 2016 Bitfinex hack. He also revealed that his father, Dean Daghita, is the CEO of CMDSS, a firm contracted by the U.S. Marshals Service to custody seized crypto assets. Though no official charges have been filed, the allegations have raised concerns about oversight.
Alleged Crypto Theft and Telegram Confrontation
ZachXBT linked “Lick” to a live crypto transfer during a Telegram group dispute. The screen-share revealed an Exodus wallet holding a Tron address with $2.3 million. During the argument, “Lick” also received $6.7 million in ether on a separate Ethereum address. The total sum shown reached about $23 million.
ZachXBT traced the crypto flow back to a wallet linked to a U.S. government address. That address held funds from the 2016 Bitfinex seizure.
The investigator said, “The funds moved in March 2024 from a U.S. government wallet holding seized Bitfinex crypto.”
He shared on-chain data to support this claim.
1/ Meet the threat actor John (Lick), who was caught flexing $23M in a wallet address directly tied to $90M+ in suspected thefts from the US Government in 2024 and multiple other unidentified victims from Nov 2025 to Dec 2025. pic.twitter.com/SBAFU5hTnE
— ZachXBT (@zachxbt) January 23, 2026
The origin of the funds, according to the analysis, is tied back to wallets managed by the U.S. Marshals Service. The agency had taken custody of the crypto after the Bitfinex breach.
Custody Contract With the U.S. Marshals Service
Dean Daghita leads Command Services & Support (CMDSS), which won a federal contract in October 2024. CMDSS was tasked with managing and disposing of non-mainstream seized digital assets. These assets include cryptocurrencies unsupported by centralized exchanges. The Marshals Service selected CMDSS over other firms.
Wave Digital Assets, a competing bidder, protested the award. They alleged CMDSS lacked required SEC and FINRA registrations. Wave also claimed CMDSS employed a former USMS official. The official allegedly had access to confidential evaluation data. The Government Accountability Office later denied the protest. It ruled that the Marshals Service’s selection process followed proper procedures.
Suspected Link to U.S. Government Wallets
ZachXBT alleged that a suspicious wallet received $24.9 million from a U.S. government address. The transfer occurred in March 2024. He first noticed suspicious activity in October 2024. Roughly $20 million had been drained from U.S. government wallets.
Most funds were reportedly returned within 24 hours. However, $700,000 routed through instant exchanges remains unrecovered. ZachXBT stated that “wallet connections and transfer timing suggest internal access.” He raised concerns about insider links.
The investigation points to possible misuse of government-controlled crypto holdings. No law enforcement agency has confirmed any official action.
Oversight Concerns Around Custody Provider
CMDSS’s role in crypto asset management has received scrutiny. Questions have surfaced about their internal controls and security. Wave Digital Assets expressed concern about potential conflicts of interest. Their protest focused on CMDSS’s lack of financial oversight credentials.
A February 2025 CoinDesk report criticized the U.S. Marshals Service’s tracking methods. It noted reliance on spreadsheets without inventory control. The report stated the agency could not estimate its total bitcoin holdings. That lack of data has raised transparency concerns.
The U.S. Marshals Service has not issued a public statement on the theft claims. CMDSS has also not responded to media inquiries. ZachXBT published his findings on January 23. The crypto community has since examined the involved wallet addresses independently.
