Alleged insider theft from government-seized addresses
A major crypto scandal has surfaced involving John Daghita, who goes by the online name “Lick.” He is accused of stealing more than $40 million from addresses seized by the U.S. government. What makes this case particularly concerning is the connection to his father’s business.
Daghita’s father runs CMDSS, a Virginia-based IT company that received a contract in 2024 to help the US Marshals Service manage and dispose of seized crypto assets. The timing here is important: the contract was awarded just before the alleged thefts began.
I think this raises immediate questions about surveillance. How can someone access private crypto addresses through family ties? The exact methods aren’t entirely clear yet, but blockchain investigator ZachXBT reportedly traced at least $23 million to a single wallet.
Digital evidence and business response
This wallet appears linked to alleged thefts totaling more than $90 million, between 2024 and the end of 2025. The response from CMDSS was telling: they deleted their X (Twitter) and LinkedIn accounts and scrubbed their website of employee information.
When companies start to remove their digital presence in this way, it usually means they are aware of serious problems. This is not the action of a company confident in its innocence.
ZachXBT noted something interesting: Daghita remained active on Telegram even after the investigation began. He allegedly posted assets related to the theft and interacted with public addresses related to the investigation. This shows either remarkable confidence or perhaps a lack of understanding of the traceability of crypto transactions.
After being exposed, Daghita quickly deleted the NFT usernames from his Telegram account and changed his screen name. This complicates tracing efforts, but blockchain evidence tends to be persistent.
Broader implications for government management of crypto
The CMDSS is not a small operation. They have had active contracts with the Department of Defense and the Department of Justice over the years. This amplifies concerns about what other sensitive information or assets may have been accessed.
Analysts are calling for urgent audits and more transparency to assess potential losses. The total scope could be greater than currently known.
This incident highlights a recurring problem in crypto custody arrangements, even in government settings. Technical protections can be compromised by human connections and internal access. It reminds us that security is not just about technology: it is also about people and processes.
Investigators are currently examining both the technical aspects of the alleged theft and the CMDSS operational protocols. They are investigating how the company’s government contracts may have inadvertently created hotspots.
John Daghita’s alleged theft represents one of the most significant breaches of government-run crypto assets in recent memory. The case shows how traditional insider threat scenarios translate into the crypto space, with potentially massive consequences.
The government will likely face pressure to review how it selects and monitors contractors handling sensitive digital assets. This could lead to stricter control processes and more robust monitoring mechanisms for future contracts.
What is clear is that as crypto becomes more integrated into government operations, risks evolve alongside opportunities. This case serves as a cautionary tale about the intersection of family ties, government contracts, and digital asset management.
