Over the weekend, ZachXBT, who is an advisor to crypto investment firm Paradigm and has been called “one of the best digital detectives” by The New York Times, claimed that the perpetrator of a suspected $40 million theft from the U.S. government’s crypto holdings is the son of an executive at a firm tasked with the management of those funds. Now, the U.S. Marshals Service says it’s investigating the situation.
Command Services & Support (CMDSS) was awarded a government contract for the management and disposal of a specific class of crypto assets in October 2024. Dean Daghita is the chief executive of CMDSS, and according to ZachXBT, his son, John Daghita (also known as Lick), is connected to a theft of crypto funds in government custody that were associated with the 2016 hack of crypto exchange Bitfinex. According to a report in The Block, most—but not all—of these funds allegedly stolen from the government were returned within 24 hours.
In case you are curious how John Daghita (Lick) was able to steal $40M+ from US government seizure addresses.
John’s dad owns CMDSS, which currently has an active IT government contract in Virginia.
CMMDS was awarded a contract to assist the USMS in managing/disposing of… https://t.co/lzR2a1aidA pic.twitter.com/PV0IkSuhVy
— ZachXBT (@zachxbt) January 25, 2026
The connection between John Daghita and the stolen funds is said by crypto insiders to have been made after the accused was seen bragging about large-value crypto wallets in a Telegram group chat. During a dispute with another member of the group chat, where each user was attempting to prove they controlled more crypto than the other, John allegedly revealed access to a wallet connected to the previous theft of funds from government custody.
After ZachXBT made multiple reports regarding these connections on X, roughly $1,900 worth of ether associated with the stolen government funds was sent to the blockchain investigator’s publicly known Ethereum address. ZachXBT has stated that any stolen funds received will be forwarded to U.S. government seizure addresses.
This is not the first controversy that the U.S. Marshals Service (USMS), which oversees seized crypto associated with federal cases, has faced challenges when it comes to its handling of digital assets. Previously, separate reports in CoinDesk and The Rage indicated the agency (and the government as a whole) is unable to provide a proper and transparent accounting of its crypto holdings.
CMDSS’s LinkedIn and X accounts have been deactivated, and the company did not respond to a request for comment from Gizmodo made via the CMDSS website. The USMS told Gizmodo, “At this time, we will not be making any statement as the matter is under investigation.” CMDSS did not respond to a request for comment.
On X, President’s Council of Advisors for Digital Assets Executive Director Patrick Witt indicated he is looking into the matter.
https://x.com/patrickjwitt/status/2015919455650435104
In the past, the U.S. government has seized crypto assets associated with criminal cases and then sold them off for a profit. For example, legendary tech investor Tim Draper once purchased nearly 30,000 bitcoin that were seized from a darknet market Silk Road. This bitcoin stash was worth around $18 million at the time and is now worth roughly $2.5 billion.
Following an executive order from President Trump last year, these sorts of sales have stopped. Now, seized bitcoin is added to a strategy bitcoin reserve, and other crypto assets are added to a separate stockpile. The Trump administration is also looking at ways to expand the strategic bitcoin reserve with additional purchases to add on top of coins seized by law enforcement. Multiple states have also established their own, separate bitcoin reserves.
Arkham Intelligence currently values U.S. government bitcoin holdings at just under $30 billion.
After all these years, thefts of bitcoin and other crypto assets are still a rather common issue. Last year, an Office Space-esque exploit at a longstanding decentralized finance (DeFi) application sent a chill through the entire industry, as it put into question whether these platforms, where transactions are irreversible and “code is law,” can ever be fully trusted. Additionally, 2025 was a record year for physical crypto thefts, as more criminals are taking their activities offline and going with $5 wrench attacks, potentially based on personal information they’ve obtained from a crypto hardware wallet manufacturer or French tax authority.
2025 was also a record year for illicit crypto activity more generally, with a report from blockchain analytics firm estimating these transfers at $154 billion. However, much of this activity was denominated in stablecoins, which are centrally issued and more easily frozen and controlled. For example, stablecoin issuer Tether recently froze $182 million of its USDT token amid reports of heavy use of the dollar-pegged digital currency by the Maduro regime in Venezuela.
Of course, in many ways, solving the price volatility and lack of transaction reversals in Bitcoin through centralized stablecoins nullifies a significant aspect of its originally intended purpose.
