Government contractor’s son accused of massive crypto theft
John Daghita, known online as “Lick”, was arrested today by the FBI in the Caribbean. He is accused of stealing approximately $46 million in cryptocurrency seized by U.S. authorities. The arrest follows an investigation that began when blockchain investigator ZachXBT linked different wallet addresses.
What makes this case particularly interesting is how Daghita could have accessed it. His father, Dean Daghita, ran Command Services & Support, Inc., a company hired by the Department of Justice and the Department of Defense to handle asset divestitures. John worked there as an employee and investigators believe he used this position to transfer the confiscated cryptocurrencies to his personal wallets.
The outcome of the scheme
The theft reportedly began in 2024, but Daghita remained anonymous until January 2026. That’s when he made what could have been a critical error. He allegedly bragged about his success to another confessed thief named Dritan Kaplani Jr. During their conversation, Daghita revealed his wallet address.
ZachXBT, who previously exposed the Axiom insider trading case, obtained a recording of this interaction. He then traced the wallet address and found links to several scams. More importantly, he linked it to a US government address from which digital assets had been siphoned off in 2024. The trail led directly to the seized assets that Daghita’s father’s company was supposed to manage.
A model of security vulnerabilities
This case is not an isolated incident in the crypto world. This highlights what appears to be a recurring problem when it comes to the security of digital assets, even when they are in government hands. Just recently, the South Korean tax agency accidentally revealed the seed phrase of its virtual asset wallet online, resulting in a loss of $4.8 million in tokens.
Earlier this year, Apple warned iOS users about the “Coruna” exploit, which targeted crypto wallet seed phrases on phones running certain versions of iOS. This malware affected at least 42,000 devices. These incidents suggest that security practices around the storage and management of cryptocurrencies may need more attention, particularly when large sums of money are involved.
Wider implications
What strikes me about this case is the internal nature of the alleged theft. When entrepreneurs handle sensitive assets, there is always some risk, but $46 million is a staggering amount. This raises questions about the procedures for monitoring the management of government-contracted cryptocurrencies.
The fact that Daghita felt comfortable enough to brag about his theft suggests that he might have believed himself untouchable. Or maybe he underestimated how traceable blockchain transactions can be when someone knows what they’re looking for.
I think this case will likely lead to a re-evaluation of how seized crypto assets are handled. Considering that similar systems appear to be “rampant” according to the original article, there is clearly room for improvement in security protocols. The balance between accessibility for legitimate purposes and protection against theft is a delicate one, but incidents like this show why it’s important.
As more governments and institutions hold cryptocurrencies, whether seized or not, they will need to develop more robust systems. The decentralized nature of blockchain does not eliminate the need for traditional security measures around access and authorization. If anything, it might require even closer attention to who has access to private keys and seed phrases.
