Blockchain investigator ZachXBT published an allegation on claiming an online actor known as “Lick,” identified as John Daghita, siphoned roughly $40 million from wallets tied to U.S. government-held cryptocurrency. The core claim links the suspected theft to wallets associated with seized assets and to a custody-contractor proximity that elevates governance risk.
The allegation has drawn attention because ZachXBT tied “Lick” to the son of Dean Daghita, CEO of Command Services & Support (CMDSS), a contractor described as having custody responsibilities for assets seized by the U.S. Marshals Service. The overlap between custody functions and family affiliation is the pressure point that turns a wallet-flow story into a controls-and-oversight story.
In case you are curious how John Daghita (Lick) was able to steal $40M+ from US government seizure addresses.
John’s dad owns CMDSS, which currently has an active IT government contract in Virginia.
CMMDS was awarded a contract to assist the USMS in managing/disposing of… https://t.co/lzR2a1aidA pic.twitter.com/PV0IkSuhVy
— ZachXBT (@zachxbt) January 25, 2026
On-chain trail and scope of the claims
ZachXBT’s tracing connected transfers from a government wallet holding assets seized in the 2016 Bitfinex hack to addresses the investigator associated with “Lick,” and the claims were echoed in follow-on coverage dated Jan. 25, 2026. The probe separates a narrower allegation of roughly $40 million tied to government-controlled wallets from a broader suspicion of more than $90 million in linked illicit activity.
If the contractor relationship and access pathway are substantiated, the implications are immediate for custody governance: who can authorize movements, how keys are controlled, and what compensating controls exist when privileged access is possible. This is fundamentally a segregation-of-duties and audit-traceability problem, not a market-volatility problem.
Operational controls and next steps
In this posture, contracting authorities and custodians typically prioritize tightening identity and access management, enforcing multi-party authorization for transfers, and hardening the evidentiary trail around every wallet movement. The operational response should center on verifiable access controls, immutable audit logs, and rapid forensic validation when anomalous transfers intersect with custody contracts.
Stakeholders will be watching for formal responses from CMDSS and the U.S. Marshals Service, plus any independent forensic reporting or law-enforcement filings that confirm or refute the investigator’s linkages. Those outputs will determine whether this episode drives stricter contractual safeguards, expanded audit requirements, or revised oversight playbooks for seized-asset custody.
