A crypto investigator uncovered that $90M in stolen government-seized crypto appears connected to the son of a contractor managing US Marshals' digital assets, revealed during a screensharing dispute between thieves.
New details have emerged about one of the most brazen cryptocurrency thefts from US government-controlled wallets, with blockchain investigator zachxbt revealing that the alleged thief appears to be the son of a contractor responsible for safeguarding seized digital assets.
The trail began when two cryptocurrency thieves engaged in an online argument about who controlled more wealth. To settle the dispute, they screenshared their crypto wallet activity. During this exchange, a user known as "Lick" accidentally revealed a wallet address that zachxbt recognized from his October 2024 investigation into a $20 million theft from US government crypto reserves.
zachxbt's follow-up investigation connected "Lick" to John Daghita, son of Dean Daghita - owner of Command Services & Support (CMDSS). This Maryland-based firm secured a US Marshals Service contract in October 2024 to manage seized cryptocurrency assets, a contract that remains active despite the allegations.
Security researchers note the disturbing pattern:
- October 2024: CMDSS begins managing seized assets
- Same month: $20M theft occurs from government wallets
- January 2026: Additional $70M theft discovered through screenshare slip
After zachxbt publicly connected John Daghita to the thefts, CMDSS abruptly removed its website and social media presence. Meanwhile, "Lick" began trolling zachxbt on Telegram before sending 0.6767 ETH (~$1,900) of stolen funds to the investigator's public wallet - a move interpreted as both intimidation and admission.
The case exposes critical vulnerabilities in how law enforcement manages seized crypto assets. CMDSS's website, before being taken offline, boasted about providing "mission-critical services" to the Department of Justice and Department of Defense, raising questions about vetting procedures for contractors handling sensitive digital evidence.
Blockchain analysts confirm the stolen funds have begun moving through mixing services, suggesting the thief is attempting to launder the assets. The US Marshals Service has not commented on whether they've frozen the contract or initiated an internal investigation.
This incident marks one of the largest thefts from law enforcement custody in cryptocurrency history, highlighting systemic risks when government agencies outsource technical operations without adequate oversight mechanisms for contractor personnel.
Image credits: Web3 is Going Great
Comments
Please log in or register to join the discussion