Crypto Crime: Insider Thefts Reveal Systemic Security Risks

Crypto Crime: Insider Thefts Reveal Systemic Security Risks

While the Bitcoin community often discusses external threats from hackers and fraudsters, two recent cases bring a far more dangerous reality into focus: The greatest security risks frequently arise from individuals with privileged access and positions of trust. A former police officer in Los Angeles and a government employee in the USA demonstrate in alarming fashion how insider knowledge and institutional positions can be exploited for crypto theft.

The two cases—as different as they may appear at first glance—reveal a fundamental problem in handling digital assets: Even established institutions such as police departments and federal agencies struggle with the secure custody and protection of cryptocurrencies from insider threats.

The Facts

A jury at the Los Angeles County Superior Court convicted former police officer Eric Halem of kidnapping and robbery after a two-week trial. Halem had served 13 years with the Los Angeles Police Department and had left active duty in 2022, but was still active as a reserve officer at the time of the crime ^[1].

The case occurred in 2024, when Halem, together with three other accomplices, raided an apartment that had been rented by a 17-year-old youth. The perpetrators posed as police officers, wore corresponding vests, and gained access using an access code provided by an accomplice who had previously rented the apartment. Inside, they handcuffed the teenager's girlfriend with handcuffs obtained from police supplies, tied up the teenager, and threatened him with death if he did not grant them access to his cryptocurrencies ^[1].

Under this massive pressure, the victim eventually handed over a hard drive containing Bitcoin worth approximately $350,000 USD. The defense questioned the victim's credibility and pointed out that the teenager had admitted in court to having obtained his cryptocurrencies through fraud ^[1].

In parallel, an even larger case is shaking confidence in state institutions: John Daghita, an alleged government employee, was arrested on the island of Saint Martin in a coordinated operation between the FBI and French authorities. He is accused of stealing more than $46 million in cryptocurrencies from the U.S. Marshals Service (USMS) ^[2].

Daghita is the son of Dean Daghita, CEO of Command Services & Support (CMDSS), a Virginia-based technology company that was contracted by the USMS in October 2024 to manage and liquidate certain categories of seized cryptocurrencies. The contract included digital assets not supported by major exchanges, including assets from complex criminal cases and high-profile seizures such as the 2016 Bitfinex hack ^[2].

Blockchain investigator ZachXBT identified Daghita online under the pseudonym "Lick" and documented how he demonstrated the ability to move millions of dollars in real-time in a private Telegram chat. On-chain analyses linked these wallets to addresses known to hold government-seized assets. One wallet allegedly controlled by Daghita contained 12,540 Ether worth approximately $36 million ^[2].

Transaction traces indicate that approximately $20 million was removed from USMS-linked wallets in October 2024. The majority was returned within one day, but around $700,000 that was routed through instant exchanges remained missing. Estimates of the total theft could exceed $90 million when activities in late 2025 are taken into account ^[2]. FBI Director Kash Patel confirmed the arrest and emphasized cooperation with international partners in pursuing individuals attempting to defraud American taxpayers ^[2].

Analysis & Context

These two cases illustrate a fundamental challenge in the crypto ecosystem: While Bitcoin and other cryptocurrencies were designed as technologically secure systems, humans remain the greatest vulnerability. The often-cited maxim "Not your keys, not your coins" takes on a new dimension through these incidents—yet even self-custody does not protect against physical violence or extortion.

Particularly alarming is the exploitation of institutional authority in both cases. Halem's status as a former police officer not only gave him access to police equipment but also a position of trust that he deliberately abused. The Daghita case reveals even more serious systemic weaknesses: A government contractor with access to assets worth billions of dollars—the USMS is believed to hold over 198,000 BTC ^[2]—was apparently able to operate without adequate controls.

The increasing frequency of such attacks mentioned in reporting—from robberies in Las Vegas with $4 million in loot to kidnappings in France ^[1]—points to a worrying trend. The transparency of the blockchain makes it easier for criminals to identify potential victims with large crypto holdings, while the irreversibility of Bitcoin transactions makes the assets an attractive target.

For institutional custodians and government agencies, the Daghita case is a wake-up call. Managing seized cryptocurrencies requires multi-signature wallets, strict access controls, and regular audits. The fact that a single insider could move millions suggests fundamental deficiencies in security protocols. This will inevitably lead to tighter regulations and higher compliance requirements for custody providers.

Conclusion

• Insider threats pose a greater risk to crypto assets than external hacks—both for private users and government institutions

• The irreversibility of Bitcoin transactions makes them a preferred target for criminals with privileged access, but simultaneously requires the highest security standards for custody

• Government agencies must fundamentally overhaul their custody processes: Multi-signature wallets, dual-control principles, and regular on-chain audits are essential

• Private users should not publicly display their crypto holdings and take physical security measures seriously—hardware wallets only protect against digital attacks, not physical ones

• The increasing professionalization of crypto crime will result in tighter regulations for custody providers and temporarily strain confidence in institutional custody