Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
U.S. Marshals are looking into allegations that the child of a government contractor embezzled $40 million worth of confiscated cryptocurrency.
The suspected perpetrator was filmed showcasing millions in cryptocurrency purportedly drained from U.S. government seizure accounts, subsequently traced by ZachXBT.
The offspring of a firm responsible for overseeing seized cryptocurrency by U.S. authorities has been accused of misappropriating $40 million in digital currency. (Photo by Kevin Horvat on Unsplash/Modified by CoinDesk)
Key points to note:
- The U.S. Marshals Service is probing claims that the son of a federal contractor, engaged in securing seized cryptocurrencies, pilfered over $40 million in digital assets from government wallets.
- Blockchain analyst ZachXBT identified the suspected thief as John “Lick” Daghita, the son of CMDSS president Dean Daghita, and traced a minimum of $23 million in assets to approximately $90 million in cryptocurrency seized by authorities in 2024 and 2025.
- This situation has sparked renewed apprehensions regarding the supervision of cryptocurrencies held by the U.S. government, following previous reports suggesting that the U.S. Marshals Service might not have a clear understanding of the digital assets in its possession.
The U.S. Marshals Service (USMS) is looking into allegations that the son of a contractor for the Department of Defense and Department of Justice, responsible for overseeing cryptocurrency confiscated by law enforcement, has stolen in excess of $40 million in seized digital assets.
Blockchain investigator ZachXBT accused John “Lick” Daghita, the son of Dean Daghita, president of CMDSS — a company that states on its website it provides essential services for the Department of Justice and Department of Defense — of misappropriating the seized digital assets from cryptocurrency wallets managed by his father’s firm.
STORY CONTINUES BELOWDon’t miss out on another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newslettersSign me up
ZachXBT, who claimed to have reported John to the authorities, noted that it remains unclear how John Daghita allegedly gained access to the wallets, including whether such access was facilitated by his father.
Brady McCarron, the chief of public affairs for the USMS, informed CoinDesk that the agency could not provide further commentary on the matter as investigations were ongoing.
“Meet the suspected perpetrator John (Lick), who was recorded showcasing $23M in a wallet address directly linked to over $90M in alleged thefts from the U.S. Government in 2024 and several other unidentified victims from November 2025 to December 2025,” ZachXBT shared on X last Friday.
Related Posts
ZachXBT identified the individual as John Daghita, asserting that CMDSS currently holds an active federal IT contract. The blockchain investigator later stated he reported a wallet address containing 12,540 ETH, valued at approximately $36.3 million, which he claimed was under Daghita’s control. ZachXBT added that Daghita sent him 0.6767 ETH, which he indicated he would direct to a U.S. government seizure address.
“If you’re curious how John Daghita (Lick) managed to steal over $40 million from U.S. government seizure accounts: John’s father owns CMDSS, which currently holds an active IT government contract in Virginia,” ZachXBT highlighted, referring to a CoinDesk report that CMDSS was granted a contract to assist the U.S. Marshals Service (USMS) in managing and disposing of seized and forfeited crypto assets.
The Department of Defense, ZachXBT, and CMDSS did not provide immediate responses to a CoinDesk inquiry for comments.
Caught on video
In February 2025, following the White House’s announcement of its consideration for a national crypto reserve, a source familiar with the situation informed CoinDesk that the U.S. Marshals Service seemed unaware of the extent of cryptocurrency it possessed.
The USMS is responsible for managing assets seized by law enforcement during criminal investigations, encompassing real estate, cash, jewelry, antiques, and automobiles.
John Daghita attracted attention after being involved in a recorded dispute in a Telegram group chat with another individual. The exchange, referred to in cybercriminal circles as a “band for band,” involved both parties attempting to demonstrate who had more cryptocurrency. ZachXBT captured this confrontation on video.
“In part 1 of the (video) recording, Dritan (another threat actor) ridicules John,” Zach noted. “However, John shares his screen [a] Exodus Wallet,” revealing $2.3 million. In part 2 of the recording, Dritan continued to mock John while an additional $6.7 million worth of ETH is transferred into a wallet address.
ZachXBT stated that the complete recording demonstrates that Daghita “clearly controls both addresses.” The investigator then elaborated that he traced the funds to confirm their origins, discovering that at least $23 million was associated with approximately $90 million in cryptocurrency seized by the government in 2024 and 2025.
“Threat actors continually flaunt their stolen assets in leaked recordings rather than simply remaining silent after an alleged theft from the U.S. government,” Zach criticized, adding that they only make it easier for law enforcement to build a case against them.
