ZachXBT alleges a custody CEO’s son stole tens of millions in crypto from US government‑linked wallets tied to Bitfinex funds, exposing systemic custody risks.
Summary
- ZachXBT claims online persona “Lick,” identified as John Daghita, siphoned tens of millions in crypto from wallets linked to the U.S. government and seized 2016 Bitfinex funds.
- On‑chain traces allegedly show about $24.9m leaving a US‑controlled wallet in March 2024, plus earlier activity tied to more than $90m in suspected illicit flows.
- The case revives scrutiny of contractor CMDSS and wider federal crypto‑custody controls, even as Bitcoin, Ethereum, and Solana prices trade mostly on macro drivers.
Core allegation
In a detailed thread “documenting [his] findings,” ZachXBT claimed that an online figure known as “Lick,” identified as John Daghita, “siphoned tens of millions of dollars in crypto from wallets linked to the US government.”
He further alleged that Daghita is the son of Dean Daghita, president and chief executive of Command Services & Support (CMDSS), a Virginia‑based firm contracted by the U.S. Marshals Service to safeguard seized digital assets classified as “Class 2–4” tokens that require bespoke custody solutions.
Trace from Bitfinex‑linked wallets
According to on‑chain traces cited by ZachXBT, the allegedly compromised funds were linked to assets seized in the 2016 Bitfinex hack, with one wallet receiving “$24.9 million from a US government‑controlled wallet in March 2024.”
The probe builds on an earlier investigation, published January 23, that tied the “Lick” persona to “more than $90 million in suspected illicit crypto activity” routed through a network of addresses associated with government‑linked wallets.
The Telegram “band‑for‑band” dispute
The investigation reportedly accelerated after a heated Telegram “band‑for‑band” argument in which two individuals tried to one‑up each other by showing control over large balances.
During that exchange, ZachXBT says “Lick” screen‑shared an Exodus wallet showing a Tron address with roughly “$2.3 million,” then executed a live transfer of about “$6.7 million in ether,” ultimately consolidating “approximately $23 million” into a single wallet that could be traced back to the U.S. government address.
Prior CMDSS scrutiny and systemic risk
CMDSS’s appointment already faced challenge: rival Wave Digital Assets filed a protest with the Government Accountability Office, arguing the firm lacked key registrations and warning of potential conflicts involving a former Marshals Service official, though the GAO later denied the protest.
Separately, a 2025 CoinDesk report found the Marshals Service struggled to reconcile its digital asset holdings, underscoring broader concerns around federal crypto custody as illicit addresses received a record “$154 billion in 2025,” up sharply year‑on‑year.
Market context and current prices
The alleged breach lands in a market still dominated by Bitcoin, which is trading around 87,700–87,900 dollars today, down roughly 1 percent over the last 24 hours as daily volume hovers in the mid‑40 billion‑dollar range.
Ethereum is changing hands near 3,150–3,200 euros, showing about a 3 percent gain over the past day, while Solana trades around 151 euros after slipping roughly 2 percent over the same period, moves that suggest a market more focused on macro flows than on isolated custody failures—at least for now.
Source: https://crypto.news/who-is-john-daghita-inside-the-us-governments-40m-crypto-theft-case/