The idea that government-held crypto could quietly disappear is already unsettling. What makes the latest allegations more disturbing is who may be connected to it.
According to blockchain investigator ZachXBT, more than $40 million was siphoned from U.S. government crypto wallets by an individual allegedly linked to a company hired by the government itself to manage seized digital assets. If proven, the case would point to more than a technical lapse. It would expose a trust gap at the heart of how authorities safeguard confiscated crypto.
The claims surfaced as part of a wider investigation by ZachXBT, one of the most closely watched independent on-chain investigators in crypto for tracking illicit flows. In a series of posts published in late January, he alleged that an individual operating under the aliases “John” and “Lick,” identified as John Daghita, was involved in draining funds from wallets controlled by U.S. authorities.
ZachXBT further alleged that Daghita is the son of Dean Daghita, president of Command Services & Support (CMDSS), a Virginia-based firm awarded a U.S. Marshals Service contract in 2024 to help with custody and liquidate certain categories of seized cryptocurrency.
Kelechi Edeh
How the Wallets Were Exposed
The trail that led to the alleged theft didn't begin with a government audit or an internal review. Instead, it emerged from a public dispute inside a Telegram group, where participants engaged in what's known in cybercrime circles as a “band for band” argument, essentially a contest to prove who controlled more money.
During the exchange, the individual known as “Lick” screen-shared wallet balances and moved large sums live on-chain, providing a rare real-time glimpse into addresses holding millions of dollars in crypto.
ZachXBT traced those wallets backward and identified a connection to a U.S. government address that had received funds seized from the 2016 Bitfinex hack. According to his findings, roughly $24.9 million flowed from that government-controlled wallet into addresses later displayed during the Telegram exchange.
That transfer followed a separate October 2024 incident, when about $20 million was drained from related government wallets tied to the same Bitfinex seizure. While most of those funds were reportedly returned within a day, several hundred thousand dollars routed through instant exchanges weren't recovered.
The Contractor at the Center of the Allegations
CMDSS, the firm now indirectly caught in the spotlight, was awarded its U.S. Marshals Service contract to handle so-called “Class 2–4” seized cryptocurrencies, assets that aren't easily supported by major centralized exchanges.
At the time, the contract drew attention within the industry because it signaled a shift in how the government intended to deal with more complex digital assets beyond Bitcoin and Ethereum.
The firm had already faced scrutiny before ZachXBT’s allegations. Wave Digital Assets, one of the companies that lost the bid, filed a protest with the Government Accountability Office (GAO), arguing that CMDSS lacked proper licensing and raised potential conflict-of-interest concerns tied to former government employees. The GAO ultimately rejected the protest, stating that the Marshals Service’s evaluation process was reasonable.
CMDSS hasn't publicly commented on the latest allegations, and no charges have been filed against the company or the individuals named. The claims remain unproven and haven't been tested in court, a point ZachXBT himself has acknowledged.
If the allegations are confirmed, the fallout will likely extend well beyond one family or one contractor. It could force a broader reckoning over how governments custody digital assets in an era where a single compromised key can move tens of millions of dollars in seconds.
David Adubiina
