ZachXBT Alleges Contractor CEO’s Son Stole $40 Million from Government Crypto Wallets

Highlights:

• ZachXBT claims that John Daghita has stolen more than $40 million from the U.S. government’s cryptocurrency wallets
• Daghita is said to be the son of the president of CMDSS, taking care of the cryptocurrencies seized by the Marshals Service.
• Earlier ZachXBT’s investigation linked “Lick” to the $90 million stolen Bitfinex seizure funds.

Blockchain investigator ZachXBT has alleged that a $40 million theft of cryptocurrency from U.S. government wallets is tied to family connections inside a federal contractor. The accused individual is said to be the son of an executive whose company was awarded responsibility for managing seized digital assets.

In case you are curious how John Daghita (Lick) was able to steal $40M+ from US government seizure addresses.

John’s dad owns CMDSS, which currently has an active IT government contract in Virginia.

CMMDS was awarded a contract to assist the USMS in managing/disposing of… https://t.co/lzR2a1aidA pic.twitter.com/PV0IkSuhVy

— ZachXBT (@zachxbt) January 25, 2026

The individual known online as “Lick,” or John Daghita, allegedly stole tens of millions from government-controlled accounts. His father, Dean Daghita, leads Command Services & Support (CMDSS), a Virginia company that won an October 2024 contract to manage seized cryptocurrencies not supported by major exchanges.

The contract assigned CMDSS responsibility for managing “Class 2-4” seized cryptocurrencies, which major exchanges do not support. However, courts have not tested the allegations against John Daghita, and authorities have filed no official charges. Meanwhile, attempts to contact CMDSS for comment were unsuccessful.

Investigation Traces Millions in Real-Time Crypto Moves

ZachXBT’s investigation gained attention after a Telegram dispute in a group called “band for band.” During the argument, “Lick” reportedly shared his Exodus wallet, revealing a Tron address holding $2.3 million. He then moved $6.7 million in Ether in real time and later combined about $23 million into one wallet.

1/ Meet the threat actor John (Lick), who was caught flexing $23M in a wallet address directly tied to $90M+ in suspected thefts from the US Government in 2024 and multiple other unidentified victims from Nov 2025 to Dec 2025. pic.twitter.com/SBAFU5hTnE

— ZachXBT (@zachxbt) January 23, 2026

ZachXBT traced the transactions backward and linked the wallet to another address that received $24.9 million from a U.S. government account in March 2024. That account held assets seized from the 2016 Bitfinex hack.

Later, in October 2024, ZachXBT pointed out $20 million extracted from government wallets. Most of these were repaid within 24 hours, except for $700,000 lost using instant exchanges. The January 23 report by ZachXBT linked “Lick” to over $90 million in suspected illicit crypto. This data indicated direct associations between government-seized money and accounts held by the accused.

CMDSS Oversight and Contract Challenges Raise Concerns

The contract of CMDSS had already been contested. Wave Digital Assets, a competitor, had filed a protest with the Government Accountability Office, claiming that CMDSS did not have the required license from the SEC and FINRA. There were also issues regarding a conflict of interest since CMDSS had hired a former employee of the U.S. Marshals Service. The GAO dismissed the protest on the grounds that it was reasonable. However, there were still issues regarding the oversight.

In a report by CoinDesk in February 2025, issues in the management of the seized crypto by the Marshals Service were also brought to light. The organization could not give an estimate of its Bitcoin assets. It also used spreadsheets in its management. There are weaknesses in the management of digital assets. This further strengthens the findings of ZachXBT’s investigation, which pointed out weaknesses that were exploited in the theft.