Blockchain investigator ZachXBT has alleged that the son of the chief executive of CMDSS, a company contracted by the U.S. Marshals Service to custody seized digital assets, is responsible for the theft of approximately $40 million in cryptocurrency from government wallets linked to the 2016 Bitfinex hack.
What Happened: Investigator Links Theft to Contractor's Son
ZachXBT's investigation, published on X, identified an individual known online as "Lick" — real name John Daghita — as allegedly being behind the siphoning of tens of millions in crypto from government-controlled addresses.
The investigator claims Daghita is the son of Dean Daghita, president of Command Services & Support, a Haymarket, Virginia-based firm awarded a Marshals Service contract in October 2024 to manage seized "Class 2-4" cryptocurrencies not supported by mainstream exchanges.
The allegations surfaced after a recorded dispute in a Telegram group chat, where the suspect screen-shared an Exodus wallet displaying a Tron (TRX) address holding roughly $2.3 million. An additional $6.7 million in Ether (ETH) was then transferred live into an Ethereum address.
By the end of the exchange, approximately $23 million had been consolidated into one wallet.
ZachXBT traced the funds backward, linking them to a government address that received $24.9 million in March 2024 — funds tied to assets seized in the Bitfinex hack.
He first flagged suspicious activity in October 2024 when roughly $20 million was drained from government wallets; most was returned within 24 hours, though approximately $700,000 sent through instant exchanges was never recovered.
The allegations have not been adjudicated in court, and no official charges have been announced.
Also Read: South Korean Prosecutors Lose $47M Seized Bitcoin To Phishing Attack
Why It Matters: Government Crypto Custody Faces Scrutiny
The CMDSS contract has faced prior challenges. Wave Digital Assets, a competitor, filed a protest with the Government Accountability Office alleging the firm lacked proper licensing with the Securities and Exchange Commission and the Financial Industry Regulatory Authority.
Wave also raised conflict-of-interest concerns, claiming the Marshals Service failed to investigate CMDSS's employment of a former agency official with access to nonpublic information.
The GAO denied the protest, finding the agency's evaluation reasonable.
Back in February 2025 media reports highlighted broader problems facing the Marshals Service in managing seized crypto, noting the agency could not provide even a rough estimate of its Bitcoin (BTC) holdings and had previously relied on spreadsheets lacking adequate inventory controls.
The story comes in the of December events. Trust Wallet confirmed that approximately $7 million in cryptocurrency was stolen through a compromised browser extension update. The breach affected only version 2.68 of the Chrome extension, which was released on Dec. 24. Mobile wallet users remained unaffected. Changpeng Zhao, founder of Binance, which owns Trust Wallet, said the wallet would compensate all affected users.
Read Next: Why Are Whales Buying Seeker While Smart Money Sells?