GAS: 0.0489 Gwei
Cryptocurrency, Security by Mark Zimmerman // Technical Writer

USMS Contractor’s Son Identified in $40M Theft of Seized Bitfinex Funds

John Daghita, son of the CEO of federal contractor CMDSS, allegedly siphoned $40M+ from USMS wallets, including seized Bitfinex funds, after flexing the stolen crypto on Telegram.

The U.S. government’s custody of seized digital assets is facing a catastrophic breach of trust. On-chain investigator ZachXBT has identified John “Lick” Daghita as the primary suspect in the theft of over $40 million from government-controlled wallets. Daghita is the son of Dean Daghita, CEO of Command Services & Support (CMDSS), the federal contractor hired by the U.S. Marshals Service (USMS) to safeguard those very assets.

The $90M Receipt

The exposure stems from a classic case of hubris. During a heated “band for band” argument in a Telegram chat, Daghita screen-shared his Exodus wallet to prove his wealth to a rival. The stream revealed a wallet holding $23 million and executed a live transfer of 12,540 ETH ($36.3 million).

ZachXBT correlated these on-chain movements with specific government seizures. The most damning transaction involved $24.9 million moved in March 2024, funds originally seized in connection with the 2016 Bitfinex hack. In total, Daghita’s wallet was linked to over $90 million in illicit inflows, with roughly $44 million directly siphoned from USMS custody addresses.

“Meet the threat actor John (Lick), who was caught flexing $23M in a wallet address directly tied to $90M+ in suspected thefts from the US Government.”, ZachXBT

Institutional Failure at the Source

The breach highlights a critical vulnerability in the government’s vendor selection process. CMDSS was awarded the USMS contract in 2024 to manage “Class 2-4” cryptocurrencies, assets requiring specialized handling. Competitors like Wave Digital Assets had previously protested the award, citing CMDSS’s lack of regulatory licenses and fiduciary safeguards. Following the revelations, Wave filed a formal complaint with the DOJ Inspector General, describing the theft as a result of “unremedied failures in the USMS procurement process.”

CMDSS has effectively gone dark, deleting its website, LinkedIn, and X accounts. A USMS spokesperson confirmed to reporters that “the matter is under investigation” but offered no further comment on how a contractor’s family member allegedly gained access to federal private keys.

> ABOUT_THE_AUTHOR _

Mark Zimmerman

// Technical Writer

Hi, I'm Mark. My journey into the blockchain industry began on the investment side, where I worked as a developer in charge of DeFi operations for a digital asset-focused firm, eventually becoming a partner. I transitioned from the financial side of crypto to the deep technical trenches as a Solidity developer, a central limit order book built on the Avalanche blockchain. That hands-on experience building decentralized applications gave me a rigorous understanding of the challenges developers face when working with distributed ledger technology. Currently, I work as a Technical Writer at CoinWatchDaily, where I focus on bridging the gap between complex low-level code and accessible developer education.

VIEW_PROFILE >>

RELATED INTELLIGENCE

Chainlink Breaks the Bell: 24/5 US Equities Data Goes Live On-Chain

Institutional Exodus: $1 Billion Bleeds From Crypto ETFs in 24 Hours

Senator Lummis Sets 2027 Exit; Crypto Policy Agenda Faces New Timeline