Son of Government Crypto Custody Contractor Allegedly Behind $40 Million Theft: Inside the ZachXBT Claims



In a stunning development that has captured global crypto attention, well‑known blockchain investigator ZachXBT has publicly alleged that the individual responsible for siphoning more than $40 million in cryptocurrency from U.S. government‑controlled wallets is the son of a contractor executive entrusted with safeguarding those very assets. The allegations, first detailed on social media and corroborated by several independent reports, raise troubling questions about crypto custody, insider risk, and federal oversight.

---

The Core Allegation: Who Is ‘Lick’?

According to ZachXBT, the threat actor behind the suspected theft goes by the online alias “Lick”, real name John Daghita — an individual who allegedly accumulated tens of millions of dollars in cryptocurrency and proudly displayed control of those funds during a recorded online dispute.

This so‑called “band‑for‑band” dispute — a type of online argument where participants try to prove who controls more crypto — took place in a private Telegram group. During the exchange, “Lick” allegedly:

Shared an Exodus wallet showing about $2.3 million in Tron (TRX).

Received a live transfer of approximately $6.7 million in Ether (ETH) during the conversation.

Consolidated roughly $23 million into a single wallet by the end of the exchange.

Blockchain tracing by ZachXBT connected these and other wallet addresses back to crypto that originated in government‑controlled accounts tied to seized assets.

---

Tracing the Money: Government Wallet Connections

The core of ZachXBT’s findings revolves around on‑chain analysis, which allows digital asset movements to be publicly tracked. Investigators tied some of the allegedly stolen funds to a wallet that received $24.9 million in March 2024 from a U.S. government address holding assets seized in the 2016 Bitfinex hack — a high‑profile breach that led to substantial recoveries over the years.

In prior incidents reported in late 2024, similar wallets were flagged after roughly $20 million was drained from government‑controlled wallets. Although most of those funds were eventually returned to government control, approximately $700,000 was lost permanently through instant exchange withdrawals.

Across these linked transactions, ZachXBT estimates that total suspected thefts — including amounts beyond the initial $40 million figure — could exceed $90 million.

---

Family Link Raises Red Flags: CMDSS and Its Government Contract

What makes these allegations particularly explosive is the claimed family connection to a government contractor charged with managing seized crypto.

Public records identify Dean Daghita as the president and chief executive of Command Services & Support (CMDSS), a Virginia‑based technology firm that won a contract in October 2024 with the U.S. Marshals Service (USMS) to help manage and dispose of certain categories of seized digital assets, especially tokens not supported by mainstream exchanges.

ZachXBT alleges that John Daghita is the son of Dean Daghita, raising concerns that insider access facilitated the theft. The exact method of alleged access — whether through credential misuse, overlooked permissions, or direct exploitation of custody infrastructure — remains unclear and has not been confirmed in any official capacity.

---

Government and CMDSS Responses — Or Lack Thereof

As of the latest reporting:

No formal charges have been filed against John Daghita.

No official statements have been released by the U.S. Marshals Service regarding criminal prosecution or administrative findings.

CMDSS has not publicly responded to requests for comment. Some reports note that CMDSS’s website and social media presence were temporarily deactivated amid the controversy, though the reasons remain unconfirmed.

The U.S. Marshals Service’s public affairs office has declined detailed comments, citing ongoing investigations and standard limitations on information disclosures.

---

Industry Reactions and Custody Concerns

The gravity of the allegations has stirred widespread concern across both crypto and broader financial sectors. Independent analysts argue that this case highlights structural vulnerabilities in how governments and third‑party contractors handle digital assets — particularly when custody, access control, and auditing practices are not airtight.

Critics have highlighted the need for:

Robust multi‑factor authentication and role‑based access controls.

Independent auditing of custody operations.

Clear segregation of duties to prevent unauthorized unilateral transfers.

Transparency and reporting requirements for contractors managing government assets.

Many in the blockchain community also note that on‑chain visibility, while providing transparency, cannot prevent theft on its own — emphasizing the importance of comprehensive security governance and oversight in institutional custody operations.

---

What’s Next? Ongoing Investigation and Legal Ambiguity

At present, the situation remains unevaluated in a court of law. ZachXBT’s reporting is based on public blockchain data and investigative analysis, and should be understood as allegations, not adjudicated facts.

U.S. authorities — including the Marshals Service and potentially federal prosecutors — may pursue formal inquiries or criminal charges depending on the outcome of ongoing investigations. Until such official actions are taken, much about the methods, motives, and responsibilities in this case remains unsettled.

---

Conclusion

The allegations that the son of a government crypto custody contractor may have played a central role in a multi‑million‑dollar theft from U.S. government wallets has rocked both institutional and crypto communities. Beyond the dramatic personal dimension, the case highlights persistent custody challenges within the rapidly evolving world of digital asset management — and the critical need for robust security, regulation, and transparency where public funds are concerned.

---