Well known blockchain sleuth, ZachXBT, alleges a custody CEO’s son stole tens of millions in crypto from US government‑linked wallets tied to Bitfinex funds, exposing systemic custody risks.
1/ Meet the threat actor John (Lick), who was caught flexing $23M in a wallet address directly tied to $90M+ in suspected thefts from the US Government in 2024 and multiple other unidentified victims from Nov 2025 to Dec 2025. pic.twitter.com/SBAFU5hTnE
— ZachXBT (@zachxbt) January 23, 2026
As Andrew Folkler reports for Crypto.news, the case revives scrutiny of contractor CMDSS and wider federal crypto‑custody controls, even as Bitcoin, Ethereum, and Solana prices trade mostly on macro drivers.
Core allegation
In a detailed thread “documenting [his] findings,” ZachXBT claimed that an online figure known as “Lick,” identified as John Daghita, “siphoned tens of millions of dollars in crypto from wallets linked to the US government.”
He further alleged that Daghita is the son of Dean Daghita, president and chief executive of Command Services & Support (CMDSS), a Virginia‑based firm contracted by the U.S. Marshals Service to safeguard seized digital assets classified as “Class 2–4” tokens that require bespoke custody solutions.
Trace from Bitfinex‑linked wallets
According to on‑chain traces cited by ZachXBT, the allegedly compromised funds were linked to assets seized in the 2016 Bitfinex hack, with one wallet receiving “$24.9 million from a US government‑controlled wallet in March 2024.”
The probe builds on an earlier investigation, published January 23, that tied the “Lick” persona to “more than $90 million in suspected illicit crypto activity” routed through a network of addresses associated with government‑linked wallets.
As Hannah Collymore reports for Cryptopolitan.com, that up until two days ago, John Lick had avoided detection.
John ‘Lick’ Daghita’s flamboyant lifestyle outed him
He had over $20 million in crypto wallets.
However, things started to unravel when he got into a heated argument with another threat actor known as Dritan Kapplani Jr. in a group chat to see who had more funds in crypto wallets.
By the time the showoff session wrapped up, John had flaunted $23 million in total, moving the funds between wallets ZachXBT claims he clearly controls.
2/ Earlier today John got into a heated argument with another threat actor known as Dritan Kapplani Jr. in a group chat to see who had more funds in crypto wallets.
In ‘The Com’ this is known as a band for band (b4b).
However the entire interaction was fully recorded.… pic.twitter.com/2XkdFCSNgz
— ZachXBT (@zachxbt) January 23, 2026
After that, Zach began tracing backwards to verify the source of funds and found that one of the wallets, the 0xc7a2 wallet, had previously received $24.9 million from a U.S. government wallet back in March 2024.
That transaction was linked to funds the government seized in the Bitfinex hack, and Zach had already flagged that same address in a post from October 2024. Another wallet was linked, the 0xd8bc wallet, which goes back to $63 million obtained from sketchy wallets during Q4 2025.
John just enjoys showing off
According to reports, it was only a matter of time before this happened, given how much John loves to show off. The Telegram account linked to him reportedly has a long history of bragging about his riches and brokeshaming people.
His username is tied to TG ID 8269661864. After he was outed by Zach, he allegedly wiped out his NFT usernames and quickly changed his screen name, but the damage was already done.
Zach later revealed that there are rumors circulating in cybercrime Telegram circles indicating John could be John Daghitia, who had previously been arrested in September 2025. He did concede that more research was needed to fully confirm it.
Since he made the link between John and his father, Zach claims the CMDSS company X account, website, & LinkedIn were all deactivated, and John Daghita (Lick) began trolling again on Telegram shortly after.
Update: The CMDSS company X account, website, & LinkedIn were all just deactivated pic.twitter.com/nvN6u5XMPq
— ZachXBT (@zachxbt) January 25, 2026
As Andrew Folkler reports for Crypto.news concludes, this is not the first issue faced by CMDSS.
Prior CMDSS scrutiny and systemic risk
CMDSS’s appointment already faced challenges when rival Wave Digital Assets filed a protest with the Government Accountability Office, arguing the firm lacked key registrations and warning of potential conflicts involving a former Marshals Service official, though the GAO later denied the protest.
Separately, a 2025 CoinDesk report found the Marshals Service struggled to reconcile its digital asset holdings, underscoring broader concerns around federal crypto custody as illicit addresses received a record “$154 billion in 2025,” up sharply year‑on‑year.
For now, there have been no public arrests or DOJ confirmations, but the onchain evidence has been making rounds across the Internet. Law enforcement could eventually intervene.
Loading recommendations…
