Blockchain investigator ZachXBT has made explosive allegations linking a multimillion-dollar theft from U.S. government cryptocurrency wallets to the son of an executive at a company contracted by the government to manage seized digital assets. According to ZachXBT's investigation, an individual known online as "Lick," identified as John Daghita, is allegedly involved in siphoning tens of millions of dollars worth of crypto from government-controlled wallets.
The investigation reveals that John Daghita is the son of Dean Daghita, the chief executive of Command Services & Support (CMDSS). Company records show Dean Daghita serves as president of the Haymarket, Virginia-based firm, which was awarded a contract by the U.S. Marshals Service (USMS) in October 2024. The contract specifically involves assisting with managing and disposing of "Class 2-4" seized cryptocurrencies, which include coins not supported by mainstream centralized exchanges.
Following ZachXBT's public statements, CMDSS's official website and social media accounts were shut down. The Block reported it could not reach CMDSS for comment, and no official charges have been announced as the allegations have not been adjudicated in court.
The investigation traces back to a recorded argument in a Telegram group chat, where the alleged threat actor engaged in a "band for band" dispute—a cybercrime practice where parties attempt to prove who controls more cryptocurrency. During the exchange, "Lick" screen-shared an Exodus wallet showing a Tron address holding approximately $2.3 million, with an additional $6.7 million in ether transferred live into an Ethereum address. By the end, roughly $23 million had been consolidated into one wallet.
ZachXBT traced these funds backward to another address that had received $24.9 million from a U.S. government address in March 2024. That government address was tied to funds seized in the 2016 Bitfinex hack. ZachXBT first flagged suspicious activity in October 2024 when approximately $20 million was drained from government-controlled wallets. While the majority of those funds were returned within 24 hours, roughly $700,000 sent through instant exchanges was not recovered.
CMDSS's government contract has faced prior scrutiny. The firm beat out competitors including Wave Digital Assets for the Marshals Service contract. Wave subsequently filed a protest with the Government Accountability Office (GAO), alleging CMDSS lacked proper licensing with the SEC and FINRA and raised concerns about a potential conflict of interest involving a former USMS official employed by CMDSS. The GAO denied the protest, finding the agency's evaluation reasonable.
A February 2025 CoinDesk report highlighted broader challenges facing the Marshals Service, noting the agency could not provide even a rough estimate of its bitcoin holdings and had previously relied on spreadsheets lacking adequate inventory controls.
