USMS Contractor’s Son Allegedly Drains $40M Seized Crypto After Telegram Flex Goes Wrong

The U.S. Marshals Service (USMS) is actively investigating claims that John "Lick" Daghita, the son of a federal contractor, siphoned over $40 million from government-controlled cryptocurrency wallets. The allegations, surfaced by on-chain investigator ZachXBT, link the theft directly to seizure addresses holding assets from the 2016 Bitfinex hack.

The "Band for Band" Leak

The scheme unraveled due to a moment of hubris in a private Telegram group. During a "band for band" dispute, slang for a wealth comparison contest, Daghita screen-shared an Exodus wallet containing $2.3 million to prove his liquidity. In the recorded footage, he then moved another $6.7 million in real-time.

ZachXBT correlated these on-chain movements with known USMS seizure addresses. The trace revealed Daghita controlled wallets that had received at least $23 million directly from government custody. Total illicit flows linked to the operation exceed $40 million.

Ethereum (ETH) traded flat at $3,029 following the news, suggesting the market views this as a custody failure rather than a liquidation event.

The Insider Connection

The breach appears to stem from vendor privilege rather than a sophisticated exploit. Daghita’s father, Dean Daghita, is the President of Command Services & Support (CMDSS). In October 2024, the USMS awarded CMDSS a contract to manage "Class 2-4" digital assets, a designation for non-standard tokens requiring specialized hardware or software wallet custody.

"Meet the threat actor John (Lick), who was caught flexing $23M in a wallet address directly tied to $90M+ in suspected thefts from the US Government in 2024," ZachXBT wrote.

The contract gave CMDSS oversight of the very assets now missing. The "Class 2-4" designation implies these were not the highly liquid Bitcoin (BTC) or Ethereum (ETH) usually held with institutional custodians like Coinbase Prime, but rather long-tail assets that required manual handling, and apparently lacked multi-sig safeguards robust enough to prevent a single insider from acting.

Institutional Fallout

CMDSS effectively vanished from the internet within hours of the report. The firm deleted its X (formerly Twitter) and LinkedIn pages, and its website went offline. The USMS confirmed an active investigation but declined to comment on the specifics of the custody breach.

This incident exposes a critical vulnerability in the government’s seizure infrastructure: while major assets are secured by institutional-grade custodians, the "long tail" of seized crypto is often farmed out to smaller contractors with less transparent security protocols. Daghita, meanwhile, has reportedly launched a meme token, $LICK, capitalizing on the notoriety of the allegations.