Insight into the $40 Million Government Crypto Heist

An in-depth investigation led by on-chain analyst ZachXBT has cast a spotlight on a staggering crypto theft exceeding $40 million. This heist is believed to be linked to US government seizure wallets and may involve John Daghita, known in certain circles as “Lick,” alongside a contractor relationship connected to his family.

The Connection to Command Services & Support (CMDSS)

In a detailed post on January 25, ZachXBT highlighted CMDSS, a company holding an active IT government contract in Virginia. He suggested that CMDSS had been entrusted with a contract to support the US Marshals Service (USMS) in the management and liquidation of seized crypto assets. However, the method by which John Daghita allegedly gained access through his father’s company remains shrouded in mystery.

The Alleged Role of John Daghita

The allegations against John Daghita, also known as “Lick,” are set against a backdrop of prior investigative efforts. On January 23, ZachXBT had traced wallet activities and communication logs back to Daghita. According to ZachXBT, John was implicated in showcasing $23 million from a wallet address connected to over $90 million in suspected thefts from the US Government in 2024, alongside numerous other unidentified victims from November 2025 to December 2025.

Revelations from Recorded Interactions

The focus of ZachXBT’s exploration involves a heated exchange in a Telegram chat room between “John” and fellow threat actor, Dritan Kapplani Jr. This showdown, referred to as “band for band (b4b)” by the community, serves as a contest to demonstrate control over financial assets. The recorded encounter allegedly displays John revealing a Tron address via Exodus wallet with a balance of $2.3 million.

Connecting the Dots: Evidence and Transfers

ZachXBT’s findings emphasize the significance of address ownership continuity. The recordings reportedly capture John controlling multiple addresses, offering a trail to trace the origin of funds. A critical link was established to a March 2024 transfer of $24.9 million from a US government address associated with the Bitfinex crypto hack seizure. An additional $18.5 million is purported to sit at a specified address.

Exploring the Potential Access Breach

The investigation raises questions about a possible access breach, especially if CMDSS was involved in managing USMS crypto assets. The exact mechanism of access, whether intentional or accidental, remains elusive. Following the revelations, CMDSS’s digital presence, including its X account, website, and LinkedIn, was reportedly deactivated, while Daghita allegedly resumed activities on Telegram.

Industry Reactions and Security Concerns

The revelations sparked significant reactions within the crypto community. David Bailey, CEO of Nakamoto Inc., expressed urgent concern over the situation, urging for immediate action to secure private keys from the Justice Department. Pierre Rochard, a prominent Bitcoin advocate, described the scenario as a national security crisis, calling for legislative measures through the BITCOIN Act.

Bitcoin Market Context

Amidst these developments, Bitcoin’s market performance has been closely watched. At the time of reporting, Bitcoin was trading at $87,847, navigating between the 0.618 and 0.786 Fibonacci levels, as indicated by the BTCUSDT on TradingView.com.