The Breach
The U.S. Marshals Service (USMS) has confirmed it is investigating a security breach involving the theft of over $40 million in government-controlled cryptocurrency. The incident, first flagged by on-chain investigator ZachXBT, allegedly involves John Daghita, the son of the President of Command Services & Support (CMDSS), the federal contractor hired in 2024 to custody these very assets.
The theft was not discovered through an audit, but through hubris. The alleged perpetrator, operating under the alias “Lick,” reportedly screen-shared his wallet during a Telegram dispute to prove his wealth. This allowed ZachXBT to trace the funds directly back to USMS wallets containing assets seized from the 2016 Bitfinex hack.
While the market largely shrugged off the news, Bitcoin is trading steady at $89,355 (+1.45%), the breach represents a catastrophic failure of physical security for the government’s multi-billion dollar crypto stockpile.
The Receipt
The connection is explicit. CMDSS, an IT firm based in Haymarket, Virginia, secured the USMS contract to manage “Class 2-4” digital assets in October 2024. ZachXBT’s analysis links the drained funds to addresses that received $24.9 million directly from government forfeiture wallets.
The suspected actor screen-shared an Exodus wallet and appeared to move funds in real time… [ZachXBT] traced flows to a government address linked to the 2016 Bitfinex hack seizure.
In a bizarre taunt, the suspect allegedly sent 0.6767 ETH to ZachXBT’s public address after being outed. The USMS has since frozen the remaining associated wallets, but approximately $700,000 has already been laundered through instant exchanges and is considered permanently lost.
Institutional Failure
This incident exposes a critical vulnerability in the federal custody chain: the reliance on third-party contractors with apparently lax internal controls. While the Department of Justice holds the keys to billions in seized Bitcoin (including the 94,000 BTC recovered from the Bitfinex case), the operational security of the firms hired to manage these keys is now in question.
CMDSS has scrubbed its online presence, and the USMS declined to comment further, stating only that “the matter is under investigation.” For institutional allocators, this serves as a stark reminder: not even the U.S. government is immune to the most basic vector of crypto theft, insider access.
