The call came from inside the house.
On-chain investigator ZachXBT has identified the individual behind a massive theft of US government-seized cryptocurrency as John Daghita, the son of a federal contractor hired to protect those exact assets.
The alleged thief, known online as “Lick,” is reportedly the son of Dean Daghita, CEO of Command Services & Support (CMDSS). In October 2024, the US Marshals Service (USMS) awarded CMDSS a contract to custody and dispose of seized digital assets. Three months later, wallets linked to Daghita began siphoning funds.
The Telegram Slip-Up
The connection surfaced through a classic security failure: ego. While arguing in a Telegram chat, a practice known as going “band for band” to prove wealth, Daghita screen-shared an Exodus wallet to demonstrate his holdings.
ZachXBT captured the stream. The wallet contained $2.3 million in TRON (TRX) and received a live transfer of $6.7 million in Ether (ETH). At current prices, ETH is trading near $2,865 (-2.2%), while TRX holds steady at $0.29.
“The wallet came to light during a public exchange… tracing funds backward linked the wallet to another address that had received $24.9 million from a U.S. government address.”
Those funds originated from the 2016 Bitfinex hack seizures. The investigation links Daghita to over $90 million in total illicit crypto, with at least $40 million drained directly from government-controlled addresses.
Supply Chain Failure
The breach validates earlier industry concerns regarding the USMS vetting process. When CMDSS won the custody contract in late 2024, competitor Wave Digital Assets filed a formal protest, alleging the firm lacked necessary regulatory licenses and flagged potential conflicts of interest.
The USMS has not yet issued a statement regarding the breach or the status of the CMDSS contract. No official charges have been filed against the Daghitas as of this writing.
