Inside Job: How a Federal Contractor's Son Allegedly Stole $40 Million in Government-Seized Bitcoin

When the Watchmen Steal: A Federal Contractor Breach Exposes Bitcoin Custody Crisis

The irony is almost too perfect: the U.S. government, having spent years seizing cryptocurrency from criminals and hackers, now finds itself the victim of an alleged insider theft that may exceed $40 million. But the real story here isn't just about missing funds—it's about what this breach reveals regarding institutional custody practices at a moment when the federal government is positioning itself to hold Bitcoin as a strategic reserve asset. When a contractor's son can allegedly waltz away with tens of millions in seized crypto, every assumption about government-grade security deserves scrutiny.

This incident arrives at a particularly sensitive juncture for Bitcoin policy. As discussions intensify around a U.S. Strategic Bitcoin Reserve and proper stewardship of seized assets, this alleged breach demonstrates that custodial infrastructure—not just regulatory frameworks—remains dangerously immature.

The Facts

The U.S. Marshals Service is investigating allegations that over $40 million in confiscated digital assets were stolen from government-linked wallets through insider access facilitated by a federal contractor ^[2]. At the center of the investigation is John "Lick" Daghita, allegedly the son of Dean Daghita, president and CEO of Command Services & Support (CMDSS), a Virginia-based technology firm contracted by the USMS to manage and dispose of seized cryptocurrency ^[1][2].

The allegations surfaced through blockchain investigator ZachXBT, who detailed his findings after a recorded Telegram dispute revealed an individual identified as "Lick" screen-sharing a wallet containing $23 million and demonstrating the ability to move funds in real time ^[1][2]. "Meet the threat actor John (Lick), who was caught flexing $23M in a wallet address directly tied to $90M+ in suspected thefts from the US Government in 2024 and multiple other unidentified victims from Nov 2025 to Dec 2025," ZachXBT wrote on X ^[2].

CMDSS was awarded a contract in October 2024 to assist the USMS in managing seized digital assets, including cryptocurrencies not supported by major exchanges and assets tied to complex criminal cases ^[2]. These holdings reportedly include funds seized from the 2016 Bitfinex hack, one of the largest cryptocurrency thefts on record ^[2]. ZachXBT's blockchain analysis linked multiple wallet addresses to assets controlled by or associated with the USMS, tracing fund flows from official seizure wallets through intermediary addresses to wallets the suspect allegedly displayed publicly ^[1][2].

According to ZachXBT's investigation, one wallet attributed to Daghita held 12,540 ether—worth approximately $36 million at recent prices ^[2]. The investigator also claimed that transaction trails suggest approximately $20 million was removed from USMS-linked wallets in October 2024, with most returned within a day, though roughly $700,000 routed through instant exchanges was not recovered ^[2]. ZachXBT estimated that total suspected thefts could exceed $90 million in various cryptocurrencies when accounting for other wallet activity observed in late 2025 ^[2].

Brady McCarron, chief of public affairs for the USMS, confirmed to CoinDesk that the agency is investigating the claims but could not comment further because investigations are underway ^[2]. Following publication of ZachXBT's research, CMDSS largely removed its online presence while the suspect began deleting traces of his social media activity ^[1]. The exact mechanism by which access to the seized Bitcoin holdings was allegedly obtained remains unclear, though questions focus on whether access was facilitated through the father's company or CMDSS's internal systems ^[1][2].

Analysis & Context

This alleged breach represents more than an embarrassing operational failure—it strikes at the heart of Bitcoin's custody challenge across all institutional contexts. The fundamental promise of Bitcoin is that it enables true self-custody without trusted intermediaries, yet governments and institutions consistently revert to legacy models involving third-party contractors and complex access hierarchies. These structures inevitably create insider threat vectors that Bitcoin's cryptographic security was designed to eliminate.

The timing couldn't be worse for the U.S. government's Bitcoin ambitions. According to bitcointreasuries.net, the federal government holds 328,372 bitcoin worth approximately $29 billion ^[2]. As discussions around a Strategic Bitcoin Reserve gain political momentum, this breach demonstrates that the infrastructure for securing these holdings remains fundamentally inadequate. If a contractor's son can allegedly access and move tens of millions in government-held crypto, what confidence should the public have in the security of far larger holdings?

Historically, similar custody failures have plagued both private and public sector cryptocurrency holders. From the Mt. Gox collapse to the QuadrigaCX scandal, insider access has repeatedly proven to be the weakest link in cryptocurrency security—far more dangerous than external hacking attempts. What distinguishes this case is the government context: these weren't private company funds but seized assets held in public trust, with custody outsourced to contractors operating under federal supervision. The breach suggests that government agencies have failed to implement even basic best practices like multi-signature controls, hardware isolation, or proper access auditing that sophisticated private custodians now consider standard.

The controversy also compounds existing skepticism about government transparency regarding seized Bitcoin. Earlier reports questioned whether assets tied to the Samourai Wallet case were improperly sold despite executive orders directing retention for a Strategic Bitcoin Reserve ^[2]. While officials denied any sale occurred, the lack of public on-chain evidence has continued fueling distrust ^[2]. This new alleged theft will only deepen concerns that the government lacks both the technical competence and institutional accountability to manage Bitcoin holdings responsibly.

For Bitcoin investors and the broader ecosystem, this incident reinforces a critical lesson: custody architecture matters more than promises. Whether evaluating an exchange, a custody provider, or government stewardship claims, the technical implementation details—multi-signature schemes, key management protocols, access controls—deserve intense scrutiny. The alleged ease with which funds were moved suggests systemic failures that no amount of regulatory oversight can compensate for without proper technical foundations.

Key Takeaways

• The alleged $40+ million theft from U.S. government-seized Bitcoin wallets through a federal contractor exposes critical vulnerabilities in custodial infrastructure at precisely the moment authorities are positioning to hold Bitcoin as a strategic reserve asset

• Blockchain transparency enabled independent investigator ZachXBT to trace the alleged theft and identify the suspect—demonstrating that Bitcoin's public ledger serves as an accountability mechanism even when traditional oversight fails

• This breach reinforces that insider access remains the primary security vulnerability for institutional Bitcoin custody, far exceeding external hacking threats, and that proper technical controls like multi-signature schemes are non-negotiable regardless of institutional reputation

• The incident will likely intensify scrutiny of government Bitcoin custody practices and fuel demands for public on-chain verification of holdings, potentially accelerating adoption of more transparent proof-of-reserve standards

• For individual Bitcoin holders, this case underscores the value proposition of true self-custody: the complexity and trust requirements of third-party custody—whether private or governmental—create systemic risks that Bitcoin's design enables users to avoid entirely