The $46 Million Theft from U.S. Government Crypto Wallets
On March 5, 2026, French and American authorities arrested John “Lick” Daghita on the island of Saint Martin in the Caribbean, bringing to an end an investigation that exposed one of the most significant security failures in the management of digital assets seized by the United States government. Daghita is accused of stealing $46 million in cryptocurrency directly from wallets maintained by the U.S. Marshals Service (USMS), the federal agency responsible for the custody of seized assets.
The case draws attention not only because of the amount involved, but also due to how the theft occurred: Daghita is the son of Dean Daghita, president of CMDSS, the company contracted by the U.S. Department of Justice and the Department of Defense to provide critical digital asset management services. In other words, the very custodian of seized government-held crypto had a son with operational access.
How the Theft Happened
According to the formal charges, John Daghita abused the access he had through his father’s company to divert cryptocurrency from government custody wallets. Investigations indicate that he moved approximately $23 million in Ethereum across multiple digital wallets, creating a chain of transactions designed to obscure tracking.
What makes the case even more significant is the origin of the stolen funds. Blockchain investigator ZachXBT was able to connect part of the diverted cryptocurrency to assets that had been seized by the U.S. government in 2024, which in turn were linked to the infamous 2016 Bitfinex hack—one of the largest crypto thefts in history.
The Role of ZachXBT in the Investigation
Before any official action by authorities, it was on-chain investigator ZachXBT who brought the case to light. In January 2026, he published group chat conversations and on-chain data showing that Daghita openly bragged about the theft in private chats. ZachXBT’s blockchain analysis traced the flow of funds from government wallets to addresses controlled by Daghita.
Daghita’s response to the exposure was equally revealing. After the accusations became public, he sent small amounts of the stolen cryptocurrency to ZachXBT’s personal wallet—a tactic known as “dusting.” The goal was to compromise the investigator by associating his wallet with illicit funds, an intimidation attempt that ultimately served as additional evidence against the accused.
The Arrest in the Caribbean
The arrest operation involved international cooperation between the FBI and a tactical unit of the French Gendarmerie, as Saint Martin is partially governed by France. At the time of arrest, agents found Daghita carrying a metal suitcase filled with $100 bills, along with hard drives and security keys that may contain further evidence related to the scheme.
Choosing the Caribbean as a hideout is not uncommon in financial crimes involving cryptocurrency. The region offers jurisdictions with looser financial regulation and more complex international cooperation, although in this case, the French presence in Saint Martin facilitated the capture.
Implications for Government Crypto Custody
The Daghita case raises serious concerns about how the U.S. government manages the billions of dollars in seized cryptocurrencies under its custody. If the son of a contractor was able to divert $46 million, what other security controls might be failing?
It is also worth noting that, at the same time, the U.S. justice system is facing scrutiny over a separate $15 billion Bitcoin seizure currently under judicial review. The combination of these events calls into question the government’s ability to securely manage its growing stockpile of seized crypto assets.
For the crypto market, the case serves as a reminder that digital asset security depends not only on technology, but also on governance, access controls, and human oversight. The same blockchain transparency that allowed ZachXBT to trace the funds is what makes it possible to expose failures in government custody.