Most crypto heists involve breaking through something: a compromised private key, a phishing attack, a bug in a smart contract. There is always a barrier the thief has to defeat. The case of John Daghita stands out precisely because there was no barrier to defeat. He allegedly walked away with $46 million in US government cryptocurrency for a simple reason. He already had the keys.
According to a federal indictment filed in March in the Eastern District of Virginia, Daghita spent roughly three months moving $46 million in seized digital assets out of wallets controlled by his employer, a small Virginia contractor called Command Services & Support (CMDSS), and into wallets only he controlled. CMDSS held a US Marshals Service contract to help manage certain categories of confiscated crypto. That contract gave the firm, and by extension Daghita, direct access to government seizure wallets.
The alleged spending spree that followed reads like a caricature of a crypto thief. Prosecutors say Daghita bought a 2019 Lamborghini Aventador, chartered a private yacht, rented a six-bedroom villa, and hired a bodyguard and a private chef. He spent over $2 million buying the Telegram usernames “@devil,” “@skid,” and “@fraud.” When French Gendarmerie officers arrested him on the Caribbean island of Saint Martin in March, they reportedly found him with a metal briefcase of hundred-dollar bills, a Rolex, and multiple hardware wallets holding stolen government crypto.
The theft was brazen. But the more important story is the system that made it possible, a system that security experts say had been deteriorating for years.
How He Got Caught
What makes this case genuinely remarkable is that Daghita wasn’t caught by a government audit or an internal control. He was caught because he showed off.
The investigation began not with law enforcement but with a pseudonymous on-chain investigator known as ZachXBT. In January 2026, during an online “band-for-band” exchange, a social media trend where participants publicly compare their crypto holdings, a user going by the alias “Lick” screen-shared a wallet containing roughly $23 million. Then, still on camera during a dispute, the user moved millions more in ether between addresses, handing investigators a live transaction trail.
ZachXBT started pulling the thread. Working backward from the wallet addresses visible in the recording, he traced the funds directly to US government-controlled seizure wallets, some reportedly tied to assets confiscated in connection with the 2016 Bitfinex hack. He identified the person behind “Lick” as Daghita and reported his findings to law enforcement before publishing them publicly on January 23.
Daghita’s response was defiant. Rather than lying low after being named, he mocked ZachXBT repeatedly on Telegram and even carried out a “dust attack,” sending small amounts of the allegedly stolen funds to the investigator’s public wallet address, a tactic used to taunt or to implicate uninvolved parties. “Thanks for the last laugh, John,” ZachXBT posted after the arrest. He also began routing funds through mixers like Tornado Cash to obscure their origin, but the FBI was able to trace the money through those laundering steps to identify cash-out points.
The Structural Flaw
The uncomfortable heart of this case isn’t Daghita’s alleged greed. It’s how easily one person could allegedly move that much government money.
When a federal agency seizes cryptocurrency, the assets don’t go straight into secure long-term storage. According to Les Borsai of Wave Digital Assets, the typical process involves two or three handoffs before assets reach their designated custodian, the US Marshals Service. That chain of custody creates gaps, and Daghita was allegedly operating inside one of them.
The specific weakness was the apparent absence of genuine multi-signature controls. In a properly structured setup, moving cryptocurrency requires independent authorization from multiple key holders, each holding a separate cryptographic key. No single person can move funds alone. That safeguard appears not to have been in place. Per the indictment, CMDSS stored government assets in wallets at the company’s office, meaning one person in one office had unilateral access to hardware wallets holding US government assets.
The contract itself covered what are called “Class 2-4” tokens, crypto not supported by major exchanges, including complex seizures from high-profile criminal cases. These are exactly the harder-to-verify, harder-to-recover assets where robust controls matter most. The timeline in the indictment is stark. On January 22, the Marshals Service asked CMDSS to return roughly $2 million to a government address. About 20 minutes later, Daghita allegedly transferred the assets to a non-government address instead.
The Bigger Custody Problem
Daghita’s arrest closed one case but exposed a much larger question: does the US government actually know how much crypto it holds, and is it safe?
The concern is not hypothetical. A White House review from early 2025 found that the Marshals Service struggled to reconcile its digital asset holdings and may not have known precisely how much crypto it controlled. “No clear policy exists for managing these assets, leading to a lack of accountability,” that review reportedly concluded. For an agency estimated to sit on well over 100,000 bitcoin, worth tens of billions of dollars, that’s a significant gap.
The stakes have only grown. The US government now holds seized crypto as part of a strategic bitcoin reserve, making the security of these assets a matter of national financial policy rather than routine case management. Borsai estimated that roughly $600 million in digital assets were seized in recent weeks alone. After the Daghita matter became public, the Marshals Service reportedly approached major US crypto providers about an emergency arrangement to take possession of CMDSS-held assets, in effect turning to the kind of established institutional custody infrastructure that hadn’t been chosen for the original contract.
What It Means
For the crypto industry, the case is a vivid reminder that the weakest link in securing digital assets is almost always human, not technical. The blockchain worked exactly as designed. The transactions were valid, final, and irreversible. The failure was in who was allowed to sign them, and under what controls.
There’s also a genuinely positive lesson buried in the story. The same transparency that lets criminals move money instantly across borders is what allowed an independent investigator to trace $46 million back to government wallets from a single screen-share, and what let the FBI follow the funds through mixers to an arrest. Public ledgers cut both ways. Cash leaves no such trail.
For the government, the episode is a call for reform that regulators and lawmakers appear to be taking seriously. Proper multi-signature custody, independent verification, and centralized professional storage are not exotic requirements; they are standard practice at any serious crypto institution. That a federal contractor allegedly operated without them, while holding tens of millions in public assets, is the real scandal. Daghita faces charges of theft of government property and wire fraud. The system that allegedly let one 21-year-old with the keys drive off in a Lamborghini is the part still waiting to be fixed.
Disclaimer: This article is for informational purposes only and does not constitute financial or legal advice. Cryptocurrency investments carry significant risk. Always conduct your own research before making any investment decisions.
















