The U.S. government’s reputation as the ultimate “diamond hand” holder of Bitcoin is facing its most severe test yet. A bombshell investigation has alleged that a brazen insider theft siphoned over $40 million from federal wallets—funds that were supposedly under the lock and key of the U.S. Marshals Service (USMS). The suspected culprit? Not a sophisticated foreign hacking group, but reportedly the son of the very executive hired to protect the assets.
Reputable blockchain investigator ZachXBT has reported on CMDSS, a Virginia-based contractor that handles seized digital assets on behalf of the federal government. This reporting exposes what appears to be an abusive relationship between CMDSS and the federal government, raising concerns about the safety and security of the billions of dollars in digital currency held by the government (including the Strategic Bitcoin Reserve authorized by then-president Trump), as well as the overall effectiveness of the government’s process for securing its multi-billion dollar cryptocurrency holdings.
The “Lick” Leak: A Telegram Flex Gone Wrong
In the case of this heist, as in so many other crimes involving cryptocurrency, it was actually an egotistical post made by a user on social media that led to the unraveling of this crime. According to information provided by ZachXBT, the initial clues leading to the investigation and eventual prosecution were found in a Telegram channel through a “band-for-band” argument between two users. During the back-and-forth argument, one of the users, who goes by the name of “Lick”, used a screen-sharing feature on Telegram to show off his cryptocurrency wallet, which had several million dollars’ worth of cryptocurrency in it. He then appeared to move funds in real-time. This moment of hubris was fatal; observers captured the wallet address, allowing investigators to trace the funds backwards. The trail led directly to wallets known to hold assets seized by the U.S. government, specifically those linked to the infamous 2016 Bitfinex hack.
A Family Affair?
The identity of “Lick” is the most explosive part of the allegation. ZachXBT identified the user as John Daghita, the son of Dean Daghita. Dean Daghita is the President and CEO of Command Services & Support (CMDSS), the firm that was awarded a lucrative contract in October 2024 to manage the USMS’s inventory of “Class 2-4” digital assets—tokens not supported by major exchanges.
If this is proven to be true, it would be a mega failure of internal controls. The allegations indicate that relationship to the executive suite of the contractor allowed an unauthorized person access to private keys or seed phrases that would hold millions of dollars of taxpayer assets. Neither the USMS nor CMDSS has issued a public statement, but the silence from the Virginia headquarters is deafening.
The Bitfinex Billions
The stolen funds are not just random tokens; they are part of crypto history. According to on-chain analysis, about $24.9 million in Bitcoin diverted in the attack was taken from funds confiscated in conjunction with the 2016 Bitfinex attack.
These assets were recovered by the Department of Justice in one of the largest financial seizures of all time.
Additional data suggests the breach may have started as early as October 2024, shortly after CMDSS won the contract. Approximately $20 million was removed from USMS-linked wallets at that time. While most of those funds were inexplicably returned within 24 hours—perhaps a test run or a moment of panic—about $700,000 vanished through instant exchanges and was never recovered.
Custody in Crisis
This incident has laid bare the systemic vulnerabilities in how the U.S. government handles digital money. Report after report has criticized the U.S. Marshals Service for their reliance on obsolete tracking methods such as outdated spreadsheets to manage their complex inventory of cryptocurrency.
When CMDSS was appointed as custodian, many felt it was a controversial decision from the onset. A rival company filed a protest to the contract award in 2024, questioning CMDSS’ licensure as well as any possible conflict of interest. Now that those challenges previously raised have proven to be valid, an IT Security Analyst who has reviewed the transaction logs has stated, “If acquirers can take out massive amounts of value from custodial wallets without being noticed by the authorities, it proves that the entire custodial system is irreparably broken.”
Threats to the Strategic Reserve
It is particularly unfortunate for the Trump administration, given that the “Strategic Bitcoin Reserve” is at the very heart of its economic policy. As stated in an Executive Order issued by the White House, No. 14233, seized Bitcoin is to remain a national asset rather than be sold off.
However, earlier this year, investigations suggested that federal prosecutors might have quietly sold Bitcoin forfeited in the Samourai Wallet case, potentially violating the President’s order. Now, with $40 million walking out the back door, critics like David Bailey, CEO of Nakamoto, are calling for drastic measures. “Treasury must secure the private keys from the Justice Department ASAP before more is stolen,” Bailey posted on X. As the investigation widens, the question remains: is the U.S. government capable of guarding the digital gold it has worked so hard to seize?
