Insider Threat: Son of USG Contractor Allegedly Drains $40M from Seizure Wallets
Blockchain investigator ZachXBT links a $40M theft of US Marshals’ seized crypto to the son of a federal contractor, exposing critical gaps in government asset custody.
A federal crypto custody strategy intended to secure illicit assets has reportedly backfired, exposing a $40 million breach rooted in nepotism and poor vendor oversight. John "Lick" Daghita, the son of the president of government contractor Command Services & Support (CMDSS), is alleged to have siphoned tens of millions from wallets controlled by the U.S. Marshals Service (USMS).
The breach, detailed in an investigation by on-chain sleuth ZachXBT, forces a re-evaluation of the government’s supply chain security just as the USMS attempts to professionalize its asset management.
The "Band for Band" Leak
The theft was not detected by a federal audit, but exposed by hubris. According to ZachXBT, Daghita engaged in a "band for band" argument, a wealth-flexing contest, on Telegram. During the dispute, Daghita screen-shared an Exodus wallet and executed live transactions to prove his liquidity.
ZachXBT traced these real-time movements back to their source: US government seizure accounts. The investigation identified two primary outflow events:
- March 2024: $24.9 million moved from a wallet tied to the 2016 Bitfinex hack seizures.
- October 2024: Approximately $20 million was drained, with roughly $700,000 remaining unrecovered after being routed through instant exchanges.
"The claim builds on ZachXBT’s earlier investigation linking an individual known as ‘John’ or ‘Lick’ to over $90 million in suspected stolen crypto."
Vendor Risk: The CMDSS Contract
The breach highlights a critical vulnerability in the USMS’s tiered custody model. While Coinbase Prime manages "Class 1" assets (major caps like Bitcoin), CMDSS was awarded a contract in October 2024 to handle "Class 2-4" assets, altcoins and complex tokens that require specialized disposal.
Competitor Wave Digital Assets had previously filed a protest with the Government Accountability Office (GAO) regarding the CMDSS award, citing a lack of proper licensing and potential conflicts of interest. The GAO denied the protest. Now, the revelation that the firm’s president, Dean Daghita, allegedly allowed familial access to sensitive keys validates earlier industry concerns regarding the depth of due diligence performed on small-business set-asides.
Market Reaction
Markets brushed off the news, differentiating between custodial incompetence and systemic protocol failure. Bitcoin held steady at $87,800 (-1%), with the theft viewed as an isolated vendor failure rather than a threat to the asset class. However, for institutional players, the incident serves as a stark reminder: custody is only as secure as the human layer controlling the keys.
