The U.S. Marshals Service (USMS) is investigating a massive security breach after allegations surfaced that the son of a federal contractor siphoned over $40 million in seized cryptocurrency from government-controlled wallets. The suspect, identified by on-chain investigator ZachXBT as John Daghita (alias "Lick"), is reportedly the son of Dean Daghita, CEO of Command Services & Support (CMDSS), a firm hired to manage the government’s digital asset inventory.
The Receipt: A "Band for Band" Slip-Up
The investigation did not stem from a government audit, but from a fatal ego check in a private Telegram group. According to ZachXBT, the suspect screen-shared his wallet during a "band for band" dispute, a wealth-flaunting contest common in illicit crypto circles. The video reportedly showed Daghita moving millions in real-time to an Exodus wallet.
On-chain analysis linked this specific wallet to a cluster of addresses that had received $24.9 million from a known USMS seizure address in March 2024. These funds are believed to be part of the assets recovered from the 2016 Bitfinex hack. In total, ZachXBT estimates the network of wallets connected to Daghita processed over $90 million in illicit flows, with at least $40 million originating directly from government custody.
"The suspect screen-shared a wallet with millions… on-chain analysis linked those wallets to addresses known to hold government-seized assets."
Institutional Context: The Vendor Risk
The breach highlights a critical vulnerability in the government’s crypto custody chain. CMDSS was awarded the USMS contract in October 2024 to manage "Class 2-4" digital assets—tokens too complex for standard centralized exchange liquidation. The timeline presents a glaring security question: while the contract was formally awarded in late 2024, the primary $24.9 million transfer occurred months earlier in March, suggesting either premature access or a deeper breakdown in the custody handover process.
Competitors had previously flagged risks. Wave Digital Assets filed a protest with the Government Accountability Office (GAO) against the CMDSS contract, alleging the firm lacked necessary licensing and citing potential conflicts of interest. The GAO denied the protest at the time, a decision that is now likely to face renewed scrutiny.
Market Impact & Outlook
While the theft involves significant sums, the market impact remains muted as the assets (primarily Bitcoin and stablecoins) were not immediately dumped in a liquidity-draining event. Bitcoin held steady at $104,200 following the news.
The immediate fallout is corporate: CMDSS has scrubbed its digital footprint, taking down its website and social media profiles. The USMS has yet to issue a formal statement, but the breach forces a re-evaluation of how the U.S. government secures its multi-billion dollar seizure portfolio.
