Blockchain investigator ZachXBT has alleged that the person responsible for a multimillion-dollar theft of cryptocurrency from US government-controlled wallets is the son of the chief executive of a firm contracted to safeguard seized digital assets. Key Takeaways: ZachXBT alleges a multimillion-dollar crypto theft from US government wallets is linked to the son of a federal crypto custody contractor’s CEO. The funds were traced to wallets connected to assets seized in the 2016 Bitfinex hack. The claims remain unproven in court, and no charges have been filed as of publication. In a series of posts detailing his findings , ZachXBT claimed that an individual known online as “Lick,” whose real name he identified as John Daghita, siphoned tens of millions of dollars in crypto from wallets linked to the US government. He further alleged that Daghita is the son of Dean Daghita, president and chief executive of Command Services & Support (CMDSS), a company contracted by the US Marshals Service to handle certain seized cryptocurrencies. CMDSS Awarded US Marshals Contract to Handle Non-Mainstream Seized Crypto Public records show that CMDSS, based in Haymarket, Virginia, was awarded a contract in October 2024 to assist the Marshals Service with the custody and disposal of so-called “Class 2–4” digital assets. These include tokens that are not supported by major centralized exchanges and often require bespoke handling. The allegations have not been tested in court, and no criminal charges have been announced. CMDSS did not respond to requests for comment at the time of publication. ZachXBT’s claims expand on an investigation he published on Jan. 23, which linked the same online persona to more than $90 million in suspected illicit crypto activity. That probe traced funds back to a U.S. government wallet associated with assets seized from the 2016 Bitfinex hack. The investigation gained traction after a recorded dispute in a Telegram group chat between “Lick” and another individual. Update: The CMDSS company X account, website, & LinkedIn were all just deactivated pic.twitter.com/nvN6u5XMPq — ZachXBT (@zachxbt) January 25, 2026 The exchange, described as a “band-for-band” argument, involved both parties attempting to demonstrate control over large crypto balances. During the exchange, “Lick” screen-shared an Exodus wallet displaying a Tron address holding roughly $2.3 million, followed by a live transfer of about $6.7 million in ether. By the end of the session, approximately $23 million had been consolidated into a single wallet. By tracing transactions backward, ZachXBT linked that wallet to an address that received $24.9 million from a US government-controlled wallet in March 2024. The government address was tied to funds seized in the Bitfinex case. ZachXBT had previously flagged unusual activity in October 2024, when around $20 million was drained from similar government wallets. Most of those funds were returned within 24 hours , though roughly $700,000 routed through instant exchanges was not recovered. CMDSS Contract Faced Prior Scrutiny as GAO Rejected Protest CMDSS’s role as a government contractor has drawn scrutiny before. After losing the Marshals Service contract, Wave Digital Assets filed a protest with the Government Accountability Office, arguing that CMDSS lacked proper regulatory registrations and raising concerns over potential conflicts of interest involving a former Marshals Service official. The GAO ultimately denied the protest . Questions around crypto custody have also been raised more broadly. A February 2025 CoinDesk report said the Marshals Service struggled to account for its digital asset holdings, citing weak inventory controls and an inability to estimate its bitcoin reserves. As reported, illicit cryptocurrency addresses received a record $154 billion in 2025 , a sharp increase from the year before. The post ZachXBT Alleges Son of US Government Crypto Custodian CEO Behind Wallet Theft appeared first on Cryptonews .
