Government Contractor CEO's Son Allegedly Stole $40M in Bitcoin From US Treasury

Blockchain investigator ZachXBT has brought attention to serious allegations of cryptocurrency theft from wallets holding assets seized by the US government. According to detailed on-chain analysis, an individual known as John Daghita, also referred to online as "Lick", is linked to unauthorized transfers totaling over $40 million from these government-controlled wallets. The case highlights potential risks in how federal authorities manage confiscated digital assets, particularly as their crypto portfolio has grown through high-profile enforcement actions.

The allegations surfaced after a recorded online dispute in a Telegram group chat, where participants compared their cryptocurrency balances in what is known as a band for band challenge. During the exchange, John ("Lick"), reportedly shared screen captures of crypto wallets showing substantial holdings, including one Tron address with around $2.3 three million dollars and an Ethereum address that received additional funds mid-conversation. ZachXBT obtained the recordings and traced the wallets backward, connecting them to inflows from addresses associated with US government seizures, including funds from the Bitfinex hack recovery.

ZachXBT's findings point to transfers dating back to March 2024 and continuing into late 2025, with significant movements in November and December. One key transaction involved nearly $25 million moving from a government-linked address to an intermediary wallet, part of which flowed into addresses controlled by the suspect. Additional inflows, exceeding $63 million in total during the fourth quarter of 2025, came from other suspected victim addresses and seizure-related sources.

Ties to Federal Crypto Custody Contract

CMDSS, a company led by Dean Daghita, holds a government contract awarded in Virginia to assist the US Marshals Service in handling and disposing of forfeited cryptocurrency assets. These include notable seizures from cases like Silk Road and Bitfinex. ZachXBT noted that John Daghita is the son of the company's CEO, raising questions about how access to the seized wallets might have been obtained.

Earlier in his career, Dean Daghita was a senior manager at Lockheed Martin, operating in aerospace and defense environments. According to his now scrubbed and deleted Linkedin, his work history includes service as a Sergeant in the United States Army.

Following the public disclosure of the investigation, the company's online presence, including its X account, website, and LinkedIn page, was quickly deleted. This development occurred shortly after ZachXBT's posts detailing the wallet connections and the recorded evidence. The suspect has continued limited activity on Telegram, including interactions that appear provocative in light of the allegations.

It's unclear at this time just how John Daghita obtained the private keys of the Bitcoin and crypto wallets. If they were personally in the custody of Dean Daghita, it's plausible his son gained access that way, or even assisted with the setup and management of it. Another possibility is a physical backup of the private keys were held by Dean Daghita, which his son John may have obtained access to them that way.

This situation highlights ongoing debates about safeguarding seized cryptocurrencies, which now represent a substantial portion of US government holdings from criminal proceedings. As on-chain evidence provides transparency in transactions, investigators like ZachXBT play a role in identifying potential irregularities. Authorities have not yet issued public statements on the matter, but the detailed transaction records could support future inquiries into the handling of these assets.