US Marshals Contractor Linked to $40M Crypto Heist; ZachXBT Exposes ‘Nepo’ Exploit
On-chain data reveals the son of a USMS contractor allegedly drained $40M from government wallets after screen-sharing evidence in a Telegram chat.
A U.S. government contractor hired to secure seized cryptocurrency has been implicated in the theft of the very assets it was paid to protect. Blockchain investigator ZachXBT published findings alleging John Daghita, known online as ‘Lick’, siphoned over $40 million from U.S. Marshals Service (USMS) wallets. John is the son of Dean Daghita, CEO of CMDSS, a firm awarded a federal contract in October 2024 to manage seized digital assets.
The ‘Band for Band’ Leak
The breach was not discovered through a federal audit, but via an ego-driven dispute in a Telegram chat. During a ‘band for band’ argument, a contest where individuals prove their wealth, Daghita screen-shared an Exodus wallet containing $2.3 million and executed live transfers on the Ethereum network.
ZachXBT traced these on-chain movements directly to wallets controlled by the U.S. government.
In case you are curious how John Daghita (Lick) was able to steal $40M+ from US government seizure addresses. John’s dad owns CMDSS… which currently has an active IT government contract in Virginia.
The investigation linked ‘Lick’ to a specific cluster of addresses that received $24.9 million in March 2024 from a government wallet holding assets seized from the 2016 Bitfinex hack. Additional drains occurred in October 2024, where $20 million was removed and partially returned, leaving approximately $700,000 unaccounted for at the time.
The Institutional Failure
The compromised funds expose a critical vetting failure in the federal supply chain. CMDSS (Command Services & Support) was tasked with managing "Class 2-4" cryptocurrencies, assets often unsupported by major custodians like Coinbase Prime. This niche mandate seemingly granted the CEO’s son access to keys protecting tens of millions in taxpayer-held value.
Following the publication of the allegations, CMDSS deleted its LinkedIn and X (formerly Twitter) presence. Neither the USMS nor the Department of Justice has issued a statement regarding the recovery of the remaining funds or the status of the CMDSS contract.
