Alleged Insider Theft from Government Seizure Addresses
A significant crypto scandal has surfaced involving John Daghita, who goes by the online name “Lick.” He’s accused of stealing over $40 million from US government seizure addresses. What makes this case particularly concerning is the connection to his father’s company.
Daghita’s father heads CMDSS, a Virginia-based IT firm that received a 2024 contract to help the US Marshals Service manage and dispose of seized crypto assets. The timing here is important—the contract was awarded just before the alleged thefts began.
I think this raises immediate questions about oversight. How does someone gain access to private crypto addresses through family connections? The exact methods aren’t fully clear yet, but blockchain investigator ZachXBT has reportedly traced at least $23 million to a single wallet.
Digital Evidence and Company Response
That wallet appears connected to suspected thefts totaling more than $90 million, spanning from 2024 through late 2025. The response from CMDSS has been telling—they deleted their X (Twitter) and LinkedIn accounts and scrubbed their website of employee information.
When companies start removing their digital presence like that, it usually suggests they’re aware of serious problems. It’s not the action of a firm confident in its innocence.
ZachXBT noted something interesting: Daghita remained active on Telegram even after the investigation began. He was reportedly flaunting assets connected to the theft and interacting with public addresses linked to the investigation. That shows either remarkable confidence or perhaps a lack of understanding about how traceable crypto transactions can be.
After being exposed, Daghita quickly removed NFT usernames from his Telegram account and changed his screen name. That complicates tracing efforts, but blockchain evidence tends to be persistent.
Broader Implications for Government Crypto Management
CMDSS isn’t some small operation. They’ve had active contracts with both the Department of Defense and the Department of Justice over the years. This amplifies concerns about what other sensitive information or assets might have been accessible.
Analysts are calling for urgent audits and more transparency to assess potential losses. The full scope might be larger than what’s currently known.
This incident highlights a recurring problem in crypto custody arrangements, even within government frameworks. Technical safeguards can be undermined by human connections and insider access. It’s a reminder that security isn’t just about technology—it’s about people and processes too.
Investigators are now examining both the technical aspects of the alleged theft and CMDSS’s operational protocols. They’re looking at how the firm’s government contracts might have inadvertently created access points.
John Daghita’s alleged theft represents one of the most significant breaches of government-managed crypto assets in recent memory. The case shows how traditional insider threat scenarios translate into the crypto space, with potentially massive consequences.
The government will likely face pressure to review how it selects and monitors contractors handling sensitive digital assets. This could lead to stricter vetting processes and more robust oversight mechanisms for future contracts.
What’s clear is that as crypto becomes more integrated into government operations, the risks evolve alongside the opportunities. This case serves as a cautionary tale about the intersection of family connections, government contracts, and digital asset management.
