In a shocking revelation that has sent ripples through the cryptocurrency community, investigative analyst ZachXBT has uncovered potential links between a staggering theft exceeding $40 million from U.S. government crypto seizure wallets and John Daghita, an individual reportedly operating under the moniker ‘Lick.’ The unsettling details point towards Daghita’s family ties with a crucial contractor, raising questions about security and oversight in managing seized digital assets.
According to ZachXBT’s Twitter disclosure on January 25, he identified Command Services & Support (CMDSS) as a contractor holding an IT government contract in Virginia. The firm is alleged to have been awarded a significant contract to assist the U.S. Marshals Service (USMS) in overseeing the management and disposal of seized crypto assets. The circumstances under which Daghita allegedly accessed sensitive information from his father remain unclear, adding a layer of intrigue to the unfolding saga.
The gravity of the incident is compounded by prior investigations pinpointing Daghita’s involvement in a web of crypto thefts. Earlier evidence, shared on January 23, illustrated wallet activities and discussions directly tied to Daghita, showcasing his brazen display of wealth amassed from a litany of criminal activities. ZachXBT reported Daghita flaunting $23 million linked to over $90 million in suspected thefts from the U.S. government and various victims during 2024 and late 2025.
Central to ZachXBT’s claims is a video recording captured during a Telegram chat, which showcased a competition dubbed ‘band for band (b4b)’ among threat actors. This specific dispute featured Daghita and another actor, Dritan Kapplani Jr. The recording purportedly includes screen-shared wallet details and current account balances, providing a crucial trail of evidence correlating to Daghita’s alleged wrongdoing.
In a twist, the video reportedly reveals Daghita exhibiting an Exodus wallet that displays a Tron address containing an astonishing $2.3 million. Further interactions in the session show a transfer of an additional $6.7 million in Ethereum to a separate address while the discussions heated up.
As ZachXBT notes, ownership continuity across various crypto addresses solidifies claims of Daghita’s control over the illicit funds. The investigation allegedly traces back to a significant $24.9 million transfer associated with a U.S. government address involved in the infamous Bitfinex crypto hack. Moreover, ZachXBT suggests that remnants of Daghita’s operations include an additional $63 million linked to transactions from victims and government seizure sources.
The implications of this alleged theft are monumental, particularly given that CMDSS’s operations might have exposed vulnerabilities in the U.S. Marshals Service’s crypto asset management processes. ZachXBT emphasizes the complexity of the situation, stating that the exact method by which Daghita gained access to sensitive information remains a mystery.
As the story unfolded, CMDSS’s online presence was abruptly deactivated, and Daghita’s continued online activity raised alarms among commentators and crypto advocates. Prominent figures in the cryptocurrency community responded strongly to these events. David Bailey, CEO of Nakamoto Inc., highlighted the urgent need for the Treasury to secure private keys before further losses occur, while Pierre Rochard, co-founder of the Satoshi Nakamoto Institute, mourned the situation as a national security crisis.
This crisis serves as a stark reminder of the vulnerabilities that exist within the framework of cryptocurrency management, particularly when high-stakes assets are at play. As the investigation evolves, the cryptocurrency world watches closely, awaiting further updates on this unprecedented breach involving government assets. At press time, Bitcoin was trading at $87,847.
