Key Highlights
- John Daghita, a U.S. government contractor, was arrested by the FBI for allegedly stealing $46 million in cryptocurrency from U.S. Marshals Service wallets.
- The stolen funds include assets from 2024 government seizures, including the Bitfinex hack, and were traced through multiple wallets.
- Daghita is the son of CMDSS CEO Dean Daghita, a company with a government contract to manage seized cr
The FBI has reportedly arrested John “Lick” Daghita, a U.S. government contractor, today in Saint Martin, accusing him of stealing around $46 million in cryptocurrency from wallets managed by the U.S. Marshals Service.
Authorities said the theft involved multiple government seizure accounts, including assets recovered from the 2024 Bitfinex hack. The arrest was confirmed by FBI Director Kash Patel.
“Last night, John Daghita – a U.S. government contractor who allegedly stole more than $46 million in cryptocurrency from the U.S. Marshals Service – was arrested on the island of Saint Martin by the French Gendarmerie’s premier elite tactical unit in a joint operation with the FBI” he wrote on X.
How the incident happened
The case first became public in January 2025, when blockchain investigator ZachXBT published a report showing wallet addresses that allegedly received government funds. At first, the stolen amount was estimated at $40 million, but ZachXBT later said the total was closer to $46 million.
Investigators traced some of the stolen funds to 2024, when about $24.9 million was taken from government-controlled wallets, including assets from the Bitfinex hack. ZachXBT tracked the funds moving through many wallets and platforms before they were split up
John Daghita is the son of Dean Daghita, the CEO of Command Service $ Support (CMDSS), a Virginia contractor that received a $4 million contract in October 2024 to help the U.S. Marshals Service manages and disposes of certain seized digital assets.
However, ZachXBT noted that it is unclear how John Daghita accessed the wallets, including whether his father’s company played a direct role. Brady McCarron, chief of public affairs for the USMS, told CoinDesk the agency could not comment further because investigations are ongoing
Investigators found evidence on Telegram
The investigation intensified after Daghita allegedly posted a video in a group on Telegram, showing a wallet holding around $23 million. Another wallet with about 12,500 ETH was also found in connection to the same clutter of transactions.
Meet the threat actor John (Lick), who was caught flexing $23M in a wallet address directly tied to $90M+ in suspected thefts from the US Government in 2024 and multiple other unidentified victims from Nov 2025 to Dec 2025” ZachXBT posted on X.
This case has raised concerns about how the government keeps cryptocurrency safe and how contractors use the systems. Experts say the case could lead to better rules and stronger security for government-held crypto.
Also Read: South Africa’s Land Bank Refuses to Pay Bitcoin Ransom After Attack
