ZachXBT Unmasks Suspect in $40M U.S. Government Crypto Wallet Heist

Prominent on-chain investigator ZachXBT revealed on January 26 that he has identified the alleged individual behind a massive cryptocurrency theft involving wallets controlled by the U.S. government.

In case you are curious how John Daghita (Lick) was able to steal $40M+ from US government seizure addresses.
John’s dad owns CMDSS, which currently has an active IT government contract in Virginia.
CMMDS was awarded a contract to assist the USMS in managing/disposing of… https://t.co/lzR2a1aidA pic.twitter.com/PV0IkSuhVy
— ZachXBT (@zachxbt) January 25, 2026

According to ZachXBT’s findings, a man named John Daguita is suspected of stealing more than $40 million in digital assets from government seizure addresses. Daguita is reportedly the son of Dean Daguita, CEO of CMDSS ,which is a government contractor that was awarded a U.S. Marshals Service (USMS) contract in 2024 to manage confiscated crypto assets.

Insider Access Suspected in Government Crypto Breach

ZachXBT believes the theft was likely enabled through insider access tied to family connections. Blockchain data shows that at least $23 million was transferred directly into wallets controlled by Daguita.

While authorities reportedly recovered part of the stolen funds within 24 hours, approximately $700,000 remains unaccounted for. The incident has raised serious concerns about contractor oversight and internal controls for government-held crypto assets.

Industry competitors had previously flagged CMDSS over potential conflicts of interest and qualification issues, but the contract remained active.

Bitfinex Hack Funds Also Affected

The investigation further revealed that assets seized from the infamous 2016 Bitfinex hack were also compromised.

In March 2024 alone, roughly $24.9 million tied to the Bitfinex case was moved in a single unauthorized transaction. These funds were meant to be securely safeguarded by federal authorities, making their loss particularly alarming.

ZachXBT estimates that wallets linked to Daguita have been involved in over $90 million worth of stolen crypto globally, including funds taken from non-government victims. Online, Daguita allegedly operated under the alias “Lick.”

Another wallet associated with him reportedly received $63 million from “suspicious sources” during Q4 2025, suggesting a broader pattern of illicit activity.

Telegram Activity Helped Expose the Wallets

Ironically, Daguita’s own online behavior helped investigators connect the dots.

ZachXBT says Daguita shared wallet screenshots and transaction details in Telegram chats while attempting to boast about his holdings to other hackers. In one exchange with an individual named “Dritan Kapplani Jr.,” Daguita reportedly displayed his Exodus wallet balance , providing crucial evidence for on-chain tracking.

Shortly after the allegations surfaced, CMDSS deleted its X (formerly Twitter) and LinkedIn accounts and removed employee information from its website.

No official arrest has been announced yet, but law enforcement investigations are believed to be ongoing.

Fallout for Government Crypto Custody

The case is expected to intensify scrutiny around how U.S. agencies store and manage seized digital assets, particularly their reliance on third-party contractors.

Security experts argue that high-value holdings should be protected using offline cold-storage systems and stricter access controls. The incident also serves as a reminder for individual investors to prioritize secure crypto wallets and self-custody best practices.

As blockchain transparency continues to expose financial misconduct, this breach could become a turning point in how governments worldwide approach digital asset custody.