The U.S. Marshals Service (USMS) is investigating allegations that John "Lick" Daghita, the son of a services provider to federal agencies, stole more than $40 million in cryptocurrency seized by law enforcement. Blockchain investigator ZachXBT has publicly linked a wallet holding 12,540 ETH—worth roughly $36.3 million—to Daghita and said he reported the matter to authorities. The case centers on wallets reportedly managed by CMDSS, the company whose president is Daghita's father and which holds an active federal IT contract related to seized crypto.
U.S. Marshals Investigate Alleged $40M Crypto Theft by Government Contractor's Son
According to public reporting and ZachXBT's disclosures, the USMS is looking into claims that more than $40 million in confiscated digital assets were taken from wallets tied to a company contracted to assist federal agencies. ZachXBT identified a specific wallet balance in ETH and said he notified authorities after tracing funds. USMS declined to comment further on the ongoing investigation.
Key Evidence: Telegram Video and Blockchain Analysis
ZachXBT published a video recording from a Telegram group chat in which John Daghita allegedly screenshared an Exodus wallet showing about $2.3 million. The investigator also reported tracing a separate address that held 12,540 ETH—valued at roughly $36.3 million—and said at least $23 million was linked to government-seized crypto. In his public posts, ZachXBT noted he received 0.6767 ETH from Daghita and said he would forward it to a U.S. government seizure address.
CMDSS's Role in Government Crypto Operations
Citing public records and the investigator's reporting, ZachXBT wrote that CMDSS currently holds an active federal IT contract in Virginia to assist with managing and disposing of seized crypto assets. The company's connection to the alleged wallet access is a central element of the inquiry, though public reporting does not establish how access was obtained. Neither CMDSS nor related federal departments had provided comments in initial reporting.
ZachXBT's Investigation and Public Disclosures
ZachXBT has shared blockchain traces and recordings publicly and stated he alerted authorities about the addresses he linked to Daghita. In the Telegram recording the investigator posted, another participant mocked Daghita while funds moved between addresses, and ZachXBT said the recording shows control of both wallets. The investigator emphasized that the traced funds included amounts tied to seizures the government reported in 2024 and 2025.
Why this matters
For individual miners and small operators, this case highlights how custody and access to wallets can become central in legal investigations when seized assets are involved. Even if you mine in Russia and do not hold government-seized assets, the story underlines that weak access controls and unclear custody arrangements can create legal and operational risks. At the sector level, cases like this push attention on how third parties and contractors manage private keys and asset custody, which can affect trust in service providers.
What to do?
If you run from one to a thousand mining devices, prioritize clear, tested procedures for securing any crypto you control and for interacting with third-party services. Use hardware wallets or well-audited custodial solutions for long-term holdings, keep private keys offline when possible, and restrict access to wallet management to named, authenticated individuals. Regularly monitor on-chain activity for addresses you control and keep records of custody arrangements and communications with service providers to simplify any future inquiries.
For further reading on related cases and arrests that involved traced crypto, see reporting on an arrest in $6M case and a separate piece detailing a Coinbase theft that may help illustrate investigative methods used in tracing stolen funds.
