Blockchain sleuth ZachXBT has accused the son of a top executive at a government-contracted crypto custody firm of orchestrating a multimillion-dollar theft from U.S. government-controlled wallets.
The crypto investigator said his on-chain analysis links a crypto user known as “Lick,” whom he identified as John Daghita, to the theft of tens of millions of dollars from wallets associated with the U.S. government.
ZachXBT also claimed that Daghita is the son of Dean Daghita, the president and chief executive of Command Services & Support (CMDSS), a firm contracted by the U.S. Marshals Service to manage certain confiscated cryptocurrencies.
In a series of posts, he alleged that the funds were siphoned from addresses holding seized crypto assets.
The incident has raised fresh questions about oversight and security around seized digital assets among crypto market participants.
The scandal also comes at a time when illegitimate crypto addresses received a record $154 billion in 2025, a significant increase from the previous year. None of the complaints made thus far have been tried in court, and no criminal charges have been filed.
How was the theft conducted?
Publicly accessible records indicate that Command Services & Support (CMDSS), headquartered in Haymarket, Virginia, entered into a contract in October 2024 to assist the U.S. Marshals Service in the management of, as well as disposal of, so-called “Class 2-4” digital assets.
Assets of this nature usually include lesser-known digital tokens, which are also normally unavailable through main public stock exchanges and might also demand specific storage mechanisms.
ZachXBT’s current claims follow an investigation published on January 23, in which the “Lick” online persona was linked to over $90 million in suspected illegal crypto transactions.
In the probe, he traced funds to a U.S. government-controlled wallet tied to assets seized in the 2016 Bitfinex hack.
According to ZachXBT, the findings emerged from a live online exchange in which both sides attempted to prove control over large crypto balances.
During the session, the individual known as “Lick” shared an Exodus wallet showing a Tron address with about $2.3 million, followed by a live transfer of roughly $6.7 million in ether. By the end of the transfer, around $23 million had been consolidated into a single wallet.
Tracing those transactions backward, ZachXBT said the wallet received $24.9 million from a U.S. government address in March 2024.
He also pointed to earlier anomalies in October 2024, when about $20 million briefly left similar government wallets. Most of those funds were later returned, though roughly $700,000 routed through instant exchanges was not recovered.
CMDSS previously questioned over role in handling seized crypto
It is not the first time that CMDSS’s status as a government contractor has come under fire.
Following the loss of the U.S. Marshals Service contract, Wave Digital Assets filed a protest with the Government Accountability Office, protesting that CMDSS lacked required regulatory registrations and flagging possible conflicts of interest with a former Marshals Service official.
More recently, broader federal crypto custody practices have been called into question. A February 2025 report said the Marshals Service struggled to track what it had in digital assets, citing weak inventory controls and an inability to make reasonably accurate estimates for its reserves of Bitcoin.