Members of the U.S. government are investigating allegations that tens of millions of dollars in cryptocurrency seized by law enforcement were stolen through insider access via a federal contractor, according to public statements from officials.
The U.S. Marshals Service (USMS) confirmed to CoinDesk that it is investigating claims that more than $40 million in confiscated digital assets were siphoned from government-linked wallets.
The allegations center on Command Services & Support (CMDSS), a Virginia-based technology firm contracted by the USMS to manage and dispose of certain categories of seized cryptocurrency.
Blockchain investigator ZachXBT alleged that John “Lick” Daghita — the son of CMDSS president and chief executive Dean Daghita — gained unauthorized access to crypto wallets holding government-seized digital assets and diverted funds for personal use.
ZachXBT said he reported the alleged activity to authorities and linked multiple wallet addresses to assets controlled by or associated with the USMS.
Brady McCarron, chief of public affairs for the USMS, told CoinDesk that the agency could not comment further on the case because investigations were underway.
Details of the digital asset theft fraud
The allegations first surfaced after a dispute in a private Telegram chat was recorded and later circulated online. According to ZachXBT, the individual identified as “Lick” appeared to screen-share a wallet holding millions of dollars in cryptocurrency and demonstrated the ability to move funds in real time.
Subsequent on-chain analysis linked those wallets to addresses known to hold government-seized assets, including funds associated with prior high-profile law enforcement seizures.
“Meet the threat actor John (Lick), who was caught flexing $23M in a wallet address directly tied to $90M+ in suspected thefts from the US Government in 2024 and multiple other unidentified victims from Nov 2025 to Dec 2025,” ZachXBT wrote on X over the weekend.
ZachXBT later identified the individual as John Daghita, alleging that he is the son of CMDSS’s president and that CMDSS currently holds an active federal IT contract.
CMDSS was awarded a contract in October 2024 to assist the USMS in managing and disposing of seized and forfeited digital assets, including crypto not supported by major exchanges and assets tied to complex criminal cases.
Those crypto assets reportedly include funds seized from the 2016 Bitfinex hack, one of the largest cryptocurrency thefts on record.
ZachXBT has said it remains unclear how John Daghita allegedly obtained access to the wallets, including whether that access was facilitated through his father or CMDSS’s internal systems.
According to ZachXBT, one wallet he attributed to Daghita held 12,540 ether — worth roughly $36 million at recent prices. He also alleged that Daghita sent him 0.6767 ETH, which the investigator said he would forward to a U.S. government seizure address.
ZachXBT further claimed that transaction trails suggest approximately $20 million was removed from USMS-linked wallets in October 2024, most of which was returned within a day, though roughly $700,000 routed through instant exchanges was not recovered.
In additional posts, ZachXBT estimated that total suspected thefts could exceed $90 million in various crypto when accounting for other wallet activity observed in late 2025, some of which he said remains in compromised wallets.
United States’s bitcoin security under scrutiny
The allegations have raised valid concerns over how the U.S. government safeguards its growing stockpile of seized bitcoin and other digital assets. The federal government may control between roughly 198,000 BTC and more than 300,000 BTC, worth tens of billions of dollars at current market prices.
According to bitcointreasuries.net, the U.S. government holds 328,372 bitcoin worth roughly $29 billion.
The controversy comes amid heightened scrutiny of how seized bitcoin is handled following reports earlier this year questioning whether forfeited assets tied to the Samourai Wallet case were improperly sold despite executive orders directing that seized bitcoin be retained as part of a U.S. Strategic Bitcoin Reserve.
While U.S. officials later denied that any sale took place, the lack of on-chain evidence provided publicly has continued to fuel skepticism.
Source: https://bitcoinmagazine.com/news/us-investigating-40-million-crypto-theft
