Government Contractor's Son Allegedly Steals $40M in Seized Crypto

When you're managing $40 million worth of seized cryptocurrency for the U.S. government, the last thing you should do is brag about stealing it on Telegram. Yet that's exactly how John "Lick" Daghita allegedly got caught.

The U.S. Marshals Service is now investigating claims that Daghita, son of a Defense Department contractor, siphoned millions from government-controlled crypto wallets. The case has exposed glaring vulnerabilities in how America manages its growing pile of confiscated digital assets.

Caught Red-Handed in a Digital Pissing Contest

Daghita's downfall began with what cybercriminals call a "band for band" — essentially a digital dick-measuring contest where participants compete to prove who controls more cryptocurrency. During a heated Telegram argument in February 2025, Daghita screen-shared his Exodus wallet showing $2.3 million, then moved another $6.7 million worth of Ethereum to prove his wealth.

The entire exchange was recorded and later analyzed by blockchain investigator ZachXBT, who traced the funds back to government seizure addresses. "Threat actors only continue to show off stolen funds in leaked recordings rather than simply staying quiet after an alleged theft from the U.S. government," ZachXBT criticized, noting how criminals make law enforcement's job easier.

Daghita is the son of Dean Daghita, president of CMDSS, a Virginia-based firm with active federal IT contracts. The company's website boasts of providing "critical services" to the Department of Justice and Department of Defense, including assistance with managing seized crypto assets.

The Government's Crypto Custody Crisis

This incident highlights a fundamental problem: the U.S. government may not actually know how much cryptocurrency it holds. In February 2025, after the White House announced it was considering a national crypto reserve, a source told CoinDesk that the U.S. Marshals Service "did not appear to know how much cryptocurrency it held."

The USMS manages assets seized during criminal investigations — everything from real estate and cash to jewelry and vehicles. But cryptocurrency presents unique challenges. Unlike physical assets that can be locked in a vault, digital assets require technical expertise to secure properly. This has led to increased reliance on private contractors like CMDSS.

ZachXBT traced at least $23 million of the allegedly stolen funds to roughly $90 million in crypto seized by the government in 2024 and 2025. The investigator reported a wallet address holding 12,540 ETH (worth approximately $36.3 million) that he claims Daghita controlled.

When Digital Assets Meet Human Nature

The Daghita case represents a new category of white-collar crime adapted for the digital age. Traditional government contractor fraud required physical access to steal cash or equipment. Cryptocurrency theft requires only digital keys — and can be executed from anywhere in the world.

What's particularly striking is how Daghita's alleged crime was exposed. His need to show off wealth in a Telegram chat reflects a generational shift in criminal behavior. Social media-native criminals often can't resist documenting their exploits, turning their digital footprints into evidence trails.

The irony is palpable: Daghita allegedly stole cryptocurrency that was originally confiscated from other criminals, then got caught because he couldn't resist bragging about it online. Even more bizarrely, he sent ZachXBT0.6767 ETH — money the investigator says he'll forward to a government seizure address.

The Oversight Vacuum

Brady McCarron, chief of public affairs for the USMS, declined to comment beyond confirming that investigations were underway. The Department of Defense, ZachXBT, and CMDSS did not respond to requests for comment.

This silence underscores a broader accountability gap. When private contractors manage government assets, who watches the watchers? Traditional oversight mechanisms designed for physical assets may be inadequate for digital currencies that can be moved instantly across borders.

The case also raises questions about vetting processes for contractor personnel. Did the government know that Dean Daghita's son had access to sensitive systems? What safeguards were in place to prevent unauthorized access?