US Marshals Probe Contractor’s Son in $40M Insider Crypto Heist
US Marshals investigate John ‘Lick’ Daghita for allegedly stealing $40M+ in seized crypto, exposing critical supply chain vulnerabilities in government custody.
The Insider Threat Realized
The U.S. Marshals Service (USMS) has confirmed it is actively investigating a breach of government-controlled cryptocurrency wallets, validating reports that an insider, not an external hacker, siphoned over $40 million in seized assets. The primary suspect is John “Lick” Daghita, the son of the CEO of Command Services & Support (CMDSS), a federal contractor hired in late 2024 to manage the government’s digital inventory.
This isn’t just a theft; it is a supply chain failure. Blockchain investigator ZachXBT exposed the scheme after Daghita allegedly screen-shared a wallet containing $23 million during a “band-for-band” argument on Telegram. The funds were traced directly to USMS seizure addresses, including assets confiscated from the 2016 Bitfinex hack.
John […] sent me 0.6767 ETH ($1.9K) of the stolen government funds from 0xd8bc to my public wallet address, ZachXBT
The “Flex” That Failed
Daghita’s operational security collapsed under ego. While arguing with other users on Telegram, he displayed an Exodus wallet holding millions in illicit funds. On-chain data subsequently linked his wallets to inflows of approximately $90 million from government seizures between 2024 and 2025. One specific wallet identified by investigators holds 12,540 ETH (approx. $36 million).
The brazenness escalated post-exposure. Instead of going dark, Daghita launched a memecoin, $LICK, on the Solana platform Pump.fun, promoting it via livestream. The market ignored the spectacle; Ethereum remained resilient, trading up 3% at $3,200, while Bitcoin hovered near $87,700.
Custody’s Weakest Link
The breach centers on CMDSS, a Virginia-based firm awarded a contract in October 2024 to dispose of “Class 2-4” digital assets. Competitors like Wave Digital Assets had previously protested the award, citing CMDSS’s lack of specialized crypto credentials. Those concerns now appear prophetic.
For institutional players, the implications are severe. The USMS manages billions in forfeited assets. If a contractor’s family member can access private keys to Bitfinex seizure funds, the government’s custody framework is fundamentally compromised. Oversight is expected to tighten immediately, freezing third-party disposals until the entire vendor chain is audited.
