Federal cryptocurrency custody under scrutiny

Overview

The United States Marshals Service is investigating allegations that John Daghita stole more than $40 million from government wallets. Daghita's father is chief executive of a federal cryptocurrency custody contractor. The stolen assets were seized in criminal investigations.

A blockchain investigator publicly exposed wallet movements tracing back to the 2016 Bitfinex hack. Those assets are now part of the national Strategic Bitcoin Reserve, established by President Trump in March 2025.

The incident reveals a systemic vulnerability: the federal government has struggled for nearly a decade to secure its growing cryptocurrency holdings. A 2022 inspector general audit found the Marshals Service lacked adequate policies for storage, tracking, and disposal of seized digital assets. Multiple custody contracts have collapsed, and an alleged insider breach has put tens of millions at risk—raising questions about whether Washington can protect a reserve it wants to treat like a 'digital Fort Knox.'

Play on this story Voices Debate Predict

Key Indicators

$40M+

Alleged Theft

Cryptocurrency allegedly embezzled from government seizure wallets

$77M

Contract Portfolio

Total value of seized crypto assigned to CMDSS under 2024 contract

207,000

Federal Bitcoin Holdings

Estimated bitcoins held by the U.S. government as of March 2025

OIG Recommendations

Unresolved recommendations from 2022 audit of Marshals Service crypto management

Voices

Curated perspectives — historical figures and your fellow readers.

Ever wondered what historical figures would say about today's headlines?

Play

Exploring all sides of a story is often best achieved with Play.

Predict 4 ways this could play out. Contrarian picks score more — points lock when the scenario resolves. Log in to play

Timeline Five events from this story — drag them oldest to newest. Log in to play

Connections Sixteen names from the news. Find the four hidden groups of four. Log in to play

People Involved

John Daghita

Under investigation; no charges filed

Dean Daghita

Company under scrutiny; no personal charges

ZachXBT

Active; submitted report to law enforcement

Patrick Witt

Reviewing allegations

Organizations Involved

United States Marshals Service

Federal Law Enforcement Agency

Investigating alleged theft; managing Strategic Bitcoin Reserve assets

The nation's oldest federal law enforcement agency, responsible for managing seized assets including cryptocurrency from criminal investigations.

Command Services & Support (CMDSS)

Federal Contractor

Under scrutiny; online presence offline

A Virginia-based firm contracted by the Marshals Service to manage seized cryptocurrencies requiring specialized custody.

Wave Digital Assets

Cryptocurrency Custody Firm

Pursuing legal challenge in Court of Federal Claims

A Los Angeles cryptocurrency firm that lost the Marshals Service custody contract to CMDSS and has challenged the award.

Timeline

August 2016 January 2026

13 events Latest: January 28th, 2026 · 4 months ago Showing 8 of 13

Tap a bar to jump to that date

January 2026
Marshals Service Confirms Active Investigation
Latest Official

U.S. Marshals Service officially confirms investigation into alleged digital asset theft. White House Crypto Council director Patrick Witt signals he is reviewing the claims.
January 28th, 2026
Wave Digital Assets Requests Inspector General Investigation
Legal

Wave Digital Assets formally requests that the Department of Justice Office of the Inspector General investigate the U.S. Marshals Service's cryptocurrency asset management practices, citing years of documented deficiencies, procurement failures, and the recent theft allegations.
January 27th, 2026
CMDSS Goes Dark as Allegations Spread
Response

CMDSS deactivates website, X account, and LinkedIn page. Blockchain investigator reports Daghita deposited $35.2 million into Tornado Cash cryptocurrency mixer.
January 26th, 2026
Accused Launches $LICK Meme Coin
Incident

John Daghita launches a meme coin called $LICK on Pump.fun. Token briefly reaches $915,000 market cap before crashing 97% and being removed from the platform.
January 25th, 2026
ZachXBT Exposes Alleged Government Crypto Theft
Investigation

Blockchain investigator ZachXBT publishes findings linking John Daghita to at least $23 million traced from government seizure wallets. Evidence surfaced after Daghita screen-shared wallets during recorded Telegram dispute.
January 23rd, 2026
March 2025
GAO Denies Wave Digital Assets Protest
Legal

Government Accountability Office rejects Wave Digital Assets' challenge to CMDSS contract, finding agency evaluation was fair and consistent with solicitation terms.
March 14th, 2025
Trump Signs Strategic Bitcoin Reserve Executive Order
Policy

President Trump establishes Strategic Bitcoin Reserve and Digital Asset Stockpile, directing that bitcoin from federal forfeitures be treated as reserve assets not to be sold.
March 6th, 2025
October 2024
$20 Million Drained from Government Bitfinex Wallet
Incident

Approximately $20 million is transferred out of a government wallet holding seized Bitfinex funds. Most funds returned within 24 hours, but roughly $700,000 routed through instant exchanges is not recovered.
October 24th, 2024
CMDSS Awarded Marshals Service Custody Contract
Contract

Command Services & Support wins indefinite-delivery contract to manage seized cryptocurrencies requiring specialized custody. Wave Digital Assets protests the award.
October 1st, 2024
April 2024
Marshals Service Issues Crypto Custody RFP
Procurement

Marshals Service solicits proposals for contractor to manage and dispose of 'Class 2-4 cryptocurrencies' with portfolio valued at $77.1 million.
April 5th, 2024
June 2022
Inspector General Audit Finds Marshals Service Crypto Management Inadequate
Oversight

DOJ Inspector General releases report finding the Marshals Service lacks adequate policies for cryptocurrency storage, quantification, valuation, and disposal. Makes seven recommendations for improvement.
June 1st, 2022
February 2022
DOJ Seizes $3.6 Billion in Stolen Bitfinex Funds
Seizure

Federal authorities arrest Ilya Lichtenstein and Heather Morgan, seizing approximately $3.6 billion in cryptocurrency from the 2016 hack—the largest financial seizure in Justice Department history.
February 8th, 2022
August 2016
Bitfinex Exchange Hacked for 119,756 Bitcoin
Origin

Hackers steal approximately 119,756 bitcoins from cryptocurrency exchange Bitfinex, worth $72 million at the time. The theft would later be attributed to Ilya Lichtenstein.
August 2nd, 2016

#timeline [x-show="expanded"] { display: revert !important; opacity: 1 !important; } #timeline .timeline-toggle-btn { display: none; }

Historical Context

3 moments from history that rhyme with this story — and how they unfolded.

February 2014

Mt. Gox Collapse and Insider Failures (2014)

Mt. Gox, then handling 70% of global Bitcoin transactions, revealed that approximately 850,000 bitcoins had disappeared through a combination of hacking and structural mismanagement. CEO Mark Karpelès was later arrested and charged with embezzlement and data manipulation. The collapse exposed how weak internal controls and poor key management could enable catastrophic losses at institutions trusted to custody digital assets.

Then

Mt. Gox declared bankruptcy. Karpelès was arrested and convicted of data falsification, though acquitted of embezzlement charges. Creditors waited over a decade for partial repayment.

Now

Japan created the first formal cryptocurrency exchange regulations. The incident established that custodial failures—whether from external hackers or insider malfeasance—could destroy institutions and erode trust in the entire cryptocurrency ecosystem.

Why this matters now

Like Mt. Gox, the CMDSS incident involves alleged insider access enabling theft from a trusted custodian. Both cases highlight how cryptocurrency's irreversibility makes custody security existential—once keys are compromised, assets can vanish in minutes.

1986-1990

Operation Ill Wind Defense Contractor Scandal (1986-1990)

The FBI's three-year investigation uncovered widespread bribery and fraud involving Pentagon officials and defense contractors. Melvyn Paisley, Assistant Secretary of the Navy, accepted hundreds of thousands in bribes to steer contracts. Deputy Assistant Secretary James Gaines was convicted of theft of government property. The scandal exposed how contractors with access to sensitive government programs could exploit insider positions for personal gain.

Then

Over 90 individuals and corporations were convicted. Multiple Pentagon officials served prison sentences. Defense procurement reforms were enacted.

Now

Established precedent that contractor access to government assets creates inherent risks requiring robust oversight. Led to enhanced procurement integrity rules still in effect today.

Why this matters now

Both cases involve contractors entrusted with government assets allegedly exploiting their access. The CMDSS incident suggests that even as asset classes evolve from defense hardware to digital currencies, the fundamental vulnerability—insider access without adequate oversight—persists.

August 2016 - November 2024

2016 Bitfinex Hack and Recovery (2016-2024)

Ilya Lichtenstein exploited vulnerabilities in Bitfinex's security to steal 119,756 bitcoins. He and his wife Heather Morgan spent years laundering the proceeds through complex cryptocurrency transactions. In 2022, federal authorities traced and seized $3.6 billion—then the largest financial seizure in Justice Department history. Lichtenstein pleaded guilty and received a five-year sentence.

Then

Lichtenstein sentenced to five years, Morgan to 18 months. Approximately $10 billion in assets ultimately recovered. Both were released early under First Step Act provisions.

Now

Demonstrated that blockchain's transparency enables forensic tracing of stolen funds years after theft. Also showed that seized cryptocurrency creates new custody challenges—the very funds recovered from this case are now allegedly at the center of the CMDSS theft.

Why this matters now

Directly connected: funds from the Bitfinex seizure were among those allegedly stolen in the current incident. The irony is stark—assets recovered through years of federal investigation may have been lost again through inadequate custody controls.