Blockchain Investigator ZachXBT Alleges Son of US Government Crypto Custodian CEO Involved in Multi-Million Dollar Wallet Theft
January 26, 2026 — In a striking new development within the cryptocurrency community, blockchain investigator ZachXBT has publicly alleged that the son of the CEO of a firm contracted by the US government to safeguard seized digital assets may be behind a substantial theft involving government-controlled cryptocurrency wallets. The claims, detailed in a series of investigative posts, link tens of millions of dollars in stolen crypto assets to wallets connected with the aftermath of the notorious 2016 Bitfinex hack.
The Allegations
ZachXBT identified an online persona known as “Lick,” whose real name he claims is John Daghita, as the individual responsible for siphoning off large sums of cryptocurrency from wallets managed by the US government. According to ZachXBT’s research, Daghita is the son of Dean Daghita, president and CEO of Command Services & Support (CMDSS). CMDSS is a company contracted by the US Marshals Service to manage custody and disposal of certain seized cryptocurrencies classified as “Class 2–4” digital assets—tokens not typically supported by major centralized exchanges and requiring specialized handling.
Ties to the US Government Contract
Public records confirm that CMDSS, headquartered in Haymarket, Virginia, was awarded a contract in October 2024 specifically to assist the US Marshals Service with managing these complex digital assets. The allegations center around the theory that John Daghita exploited access to this sensitive custody operation to divert funds illicitly.
Evidence and Investigation Findings
ZachXBT’s investigation first surfaced on January 23, 2026, when he uncovered suspicious activities attributable to “Lick” amounting to over $90 million in suspected illicit crypto transactions. The probe tracked funds back to a government-controlled wallet directly connected to assets confiscated in the 2016 Bitfinex hack, one of the largest cryptocurrency thefts in history.
A key moment in this investigation involved a Telegram group chat recording capturing a “band-for-band” dispute, where “Lick” clashed with another participant over control of substantial cryptocurrency amounts. During this confrontation, “Lick” was seen screen-sharing an Exodus wallet showing a Tron address with approximately $2.3 million and then proceeding with a live transfer of about $6.7 million in ether. By the session’s conclusion, roughly $23 million had been amassed in a single wallet, which tracing efforts linked directly back to a March 2024 transaction originating from a government-controlled wallet tied to Bitfinex seizure funds.
Notably, ZachXBT had already noticed irregular activity in October 2024, when around $20 million was drained from similar government wallets. While the majority of those funds were returned within 24 hours, an estimated $700,000 routed through instant exchanges remained unrecovered.
Past Scrutiny of CMDSS Contract
The CMDSS contract has faced prior scrutiny. After Wave Digital Assets lost the Marshals Service contract to CMDSS, the company filed a formal protest with the government’s accountability body, the Government Accountability Office (GAO). The protest questioned CMDSS’s regulatory registrations and highlighted potential conflicts of interest involving a former Marshals Service official. However, the GAO ultimately rejected Wave’s protest.
Other reports have also drawn attention to concerns about the Marshals Service’s handling of digital assets. In February 2025, CoinDesk revealed that the agency struggled with inventory controls and had difficulty accurately accounting for its holdings of cryptocurrencies like bitcoin, raising broader questions regarding the security and transparency of government-managed crypto custody.
No Charges Filed Yet
As of the time of publication, these allegations have not been tested in court, and no criminal charges related to the incident have been officially announced. CMDSS has declined to comment on the matter.
Growing Concerns over Illicit Cryptocurrency Activity
This incident occurs amid a broader context of rising illicit cryptocurrency activity worldwide. In 2025, illicit crypto addresses reportedly received a record $154 billion—a substantial jump from the previous year—highlighting ongoing challenges regulators and investigators face in tracking and securing digital assets.
Summary:
ZachXBT, a prominent blockchain investigator, has put forth allegations implicating John Daghita—the son of Command Services & Support’s CEO—in a multi-million-dollar theft involving cryptocurrency wallets controlled by the US government. The stolen funds have been linked to assets seized following the 2016 Bitfinex hack. While evidence traces substantial sums through digital wallet transactions, these claims remain unproven in court as of now. The investigation has reignited concerns over the oversight and security of government-held digital assets and the emerging risks in cryptocurrency custody management.
Reported by Amin Ayan for Cryptonews.com, as covered by Yahoo News