- ZachXBT alleges John ‘Lick’ Daghita siphoned over $40 million from US government-controlled wallets holding seized digital assets.
- The suspect is the son of Dean Daghita, president of CMDSS, a firm contracted by the US Marshals Service for crypto management.
- The exposure stemmed from a Telegram dispute where Daghita flaunted wallet balances, leading to on-chain tracing that linked funds to government seizures, including Bitfinex hack proceeds.
A prominent blockchain investigator has uncovered what appears to be an insider theft of more than $40 million in cryptocurrencies from US government seizure wallets, raising serious questions about the security of federally managed digital assets.
ZachXBT, known for exposing crypto scams and thefts, detailed in a lengthy X thread how John Daghita—operating under the alias ‘Lick’—allegedly drained funds from addresses tied to assets confiscated by authorities. The investigation began after Daghita engaged in a heated Telegram group chat challenge, known as ‘band for band,’ where participants compare wallet balances. During the exchange, he screenshared control over addresses holding approximately $23 million, which ZachXBT traced back to suspected thefts. This incident highlights vulnerabilities in government crypto custody arrangements, particularly when involving third-party contractors.
According to ZachXBT’s analysis, one major theft involved $24.9 million transferred in March 2024 from a wallet containing Bitcoin seized from the 2016 Bitfinex hack. Additional inflows to Daghita’s addresses totaled over $90 million from various victims and government sources between November 2025 and December 2025. Funds included Ethereum and stablecoins like USDC, moved across chains including Tron and Base before attempts to bridge to Ethereum. ‘Meet the threat actor John (Lick), who was caught flexing $23M in a wallet address directly tied to $90M+ in suspected thefts from the US Government,’ ZachXBT wrote in his post.
Daghita’s father heads CMDSS, a Virginia-based firm that secured a contract in October 2024 to assist the US Marshals Service (USMS) with custody and liquidation of seized cryptocurrencies. While it’s unclear how John accessed the wallets—potentially through his father’s position—CMDSS swiftly deleted its website, X account, and LinkedIn profile following the exposure. The USMS confirmed to reporters that it is investigating the allegations but declined further comment. Experts warn this case could erode trust in institutional crypto handling, emphasizing the need for enhanced oversight and multi-signature protocols to mitigate insider risks.
Balanced views from industry analysts suggest that while such incidents are rare, they underscore broader challenges in securing digital assets amid growing government involvement in crypto forfeitures. ‘Threat actors only continue showing off stolen funds… making it an easy future case for law enforcement,’ ZachXBT noted, pointing to the hubris that often leads to capture. No arrests have been reported yet, but the probe could influence future contracting standards for sensitive assets.
Disclaimer: This article is for informational purposes only and does not constitute advice of any kind. Readers should conduct their own research before making any decisions.
