Blockchain investigator ZachXBT has made a striking claim, alleging that a multimillion-dollar crypto theft from U.S. government-controlled wallets may be linked to the son of a CEO whose company is contracted to safeguard seized digital assets.
In a series of detailed posts, ZachXBT said the individual behind the theft is an online figure known as “Lick,” whom he identified as John Daghita. According to the investigator, the person siphoned tens of millions of dollars in cryptocurrency from wallets connected to assets held by the U.S. government.
ZachXBT further alleged that Daghita is the son of Dean Daghita, president and CEO of Command Services & Support (CMDSS) — a firm contracted by the U.S. Marshals Service to help manage certain seized cryptocurrencies.
It’s important to note that these allegations have not been proven in court, and no criminal charges have been filed as of publication. CMDSS did not respond to requests for comment.
Government-Linked Wallets and the Bitfinex Connection
Public records show that CMDSS, based in Haymarket, Virginia, was awarded a government contract in October 2024 to assist the Marshals Service with the custody and disposal of so-called Class 2–4 digital assets — tokens that aren’t supported by major exchanges and often require specialized handling.
ZachXBT says his latest claims build on an earlier investigation published on January 23, which tied the same online persona to more than $90 million in suspected illicit crypto activity. In that probe, transaction trails led back to a U.S. government wallet holding assets seized from the 2016 Bitfinex hack.
The investigation gained momentum after a heated exchange in a Telegram group chat, where “Lick” became involved in what ZachXBT described as a “band-for-band” argument — a dispute in which participants try to prove wealth by showing live balances and transfers.
During the exchange, “Lick” allegedly screen-shared an Exodus wallet showing a Tron address with roughly $2.3 million, followed by a live transfer of about $6.7 million in ether. By the end of the session, about $23 million had reportedly been consolidated into a single wallet.
Tracing the funds backward, ZachXBT linked that wallet to an address that received $24.9 million from a U.S. government-controlled wallet in March 2024 — one tied to assets seized in the Bitfinex case.
Prior Red Flags and Unanswered Questions
ZachXBT has also pointed to earlier irregularities. In October 2024, he flagged unusual activity when roughly $20 million was drained from similar government-linked wallets. Most of the funds were returned within 24 hours, though about $700,000 routed through instant exchanges was never recovered.
CMDSS’s role as a government contractor has faced scrutiny before. After losing the Marshals Service contract, Wave Digital Assets filed a protest with the Government Accountability Office (GAO), raising concerns over CMDSS’s regulatory status and potential conflicts of interest involving a former Marshals Service official. The GAO ultimately rejected the protest.
Broader concerns around government crypto custody have also surfaced. A February 2025 CoinDesk report said the Marshals Service struggled to fully account for its digital asset holdings, citing weak inventory controls and difficulty estimating its total bitcoin reserves.
The allegations come amid a broader surge in crypto-related crime. According to industry data, illicit cryptocurrency addresses received a record $154 billion in 2025, sharply higher than the previous year — underscoring the growing risks around digital asset custody, even at the highest institutional levels.
For now, ZachXBT’s claims remain allegations — but they’ve raised uncomfortable questions about oversight, accountability, and security in government-linked crypto operations.
