The United States Marshals Service confirmed it is investigating allegations that John Daghita, son of a federal cryptocurrency custody contractor's chief executive, stole more than $40 million from government wallets containing assets seized in criminal investigations. The probe follows a blockchain investigator's public exposure of wallet movements tracing back to funds from the 2016 Bitfinex hack—assets now meant for the national Strategic Bitcoin Reserve established by President Trump in March 2025.
The incident highlights a systemic vulnerability: the federal government has struggled for nearly a decade to secure its growing cryptocurrency holdings. A 2022 inspector general audit found the Marshals Service lacked adequate policies for storage, tracking, and disposal of seized digital assets. Multiple custody contracts have collapsed. And now an alleged insider breach has put tens of millions at risk—raising questions about whether Washington can protect a reserve it wants to treat like a 'digital Fort Knox.'
The nation's oldest federal law enforcement agency, responsible for managing seized assets including cryptocurrency from criminal investigations.
CO
Command Services & Support (CMDSS)
Federal Contractor
Status: Under scrutiny; online presence offline
A Virginia-based firm contracted by the Marshals Service to manage seized cryptocurrencies requiring specialized custody.
WA
Wave Digital Assets
Cryptocurrency Custody Firm
Status: Pursuing legal challenge in Court of Federal Claims
A Los Angeles cryptocurrency firm that lost the Marshals Service custody contract to CMDSS and has challenged the award.
Timeline
Marshals Service Confirms Active Investigation
Official
U.S. Marshals Service officially confirms investigation into alleged digital asset theft. White House Crypto Council director Patrick Witt signals he is reviewing the claims.
Wave Digital Assets Requests Inspector General Investigation
Legal
Wave Digital Assets formally requests that the Department of Justice Office of the Inspector General investigate the U.S. Marshals Service's cryptocurrency asset management practices, citing years of documented deficiencies, procurement failures, and the recent theft allegations.
CMDSS Goes Dark as Allegations Spread
Response
CMDSS deactivates website, X account, and LinkedIn page. Blockchain investigator reports Daghita deposited $35.2 million into Tornado Cash cryptocurrency mixer.
Accused Launches $LICK Meme Coin
Incident
John Daghita launches a meme coin called $LICK on Pump.fun. Token briefly reaches $915,000 market cap before crashing 97% and being removed from the platform.
ZachXBT Exposes Alleged Government Crypto Theft
Investigation
Blockchain investigator ZachXBT publishes findings linking John Daghita to at least $23 million traced from government seizure wallets. Evidence surfaced after Daghita screen-shared wallets during recorded Telegram dispute.
GAO Denies Wave Digital Assets Protest
Legal
Government Accountability Office rejects Wave Digital Assets' challenge to CMDSS contract, finding agency evaluation was fair and consistent with solicitation terms.
Trump Signs Strategic Bitcoin Reserve Executive Order
Policy
President Trump establishes Strategic Bitcoin Reserve and Digital Asset Stockpile, directing that bitcoin from federal forfeitures be treated as reserve assets not to be sold.
$20 Million Drained from Government Bitfinex Wallet
Incident
Approximately $20 million is transferred out of a government wallet holding seized Bitfinex funds. Most funds returned within 24 hours, but roughly $700,000 routed through instant exchanges is not recovered.
CMDSS Awarded Marshals Service Custody Contract
Contract
Command Services & Support wins indefinite-delivery contract to manage seized cryptocurrencies requiring specialized custody. Wave Digital Assets protests the award.
Marshals Service Issues Crypto Custody RFP
Procurement
Marshals Service solicits proposals for contractor to manage and dispose of 'Class 2-4 cryptocurrencies' with portfolio valued at $77.1 million.
Inspector General Audit Finds Marshals Service Crypto Management Inadequate
Oversight
DOJ Inspector General releases report finding the Marshals Service lacks adequate policies for cryptocurrency storage, quantification, valuation, and disposal. Makes seven recommendations for improvement.
DOJ Seizes $3.6 Billion in Stolen Bitfinex Funds
Seizure
Federal authorities arrest Ilya Lichtenstein and Heather Morgan, seizing approximately $3.6 billion in cryptocurrency from the 2016 hack—the largest financial seizure in Justice Department history.
Bitfinex Exchange Hacked for 119,756 Bitcoin
Origin
Hackers steal approximately 119,756 bitcoins from cryptocurrency exchange Bitfinex, worth $72 million at the time. The theft would later be attributed to Ilya Lichtenstein.
Scenarios
1
Federal Charges Filed Against John Daghita
Discussed by: Legal analysts at CoinDesk and Bloomberg covering federal cryptocurrency prosecutions
Federal prosecutors charge John Daghita with theft of government property under 18 U.S.C. § 641, wire fraud, and money laundering. The use of Tornado Cash to obscure funds adds potential sanctions violations. Given the high-profile nature of the case and its connection to the Strategic Bitcoin Reserve, the Justice Department prioritizes prosecution. This outcome depends on investigators' ability to attribute wallet control definitively and establish a chain of custody for evidence.
2
CMDSS Contract Terminated, Major Custody Overhaul
Discussed by: Government contracting experts and cryptocurrency policy analysts at Lawfare and FedScoop
The Marshals Service terminates the CMDSS contract and implements comprehensive reforms to cryptocurrency custody procedures. Congress holds oversight hearings. The incident accelerates adoption of institutional-grade custodians like Coinbase Custody or BNY Mellon for all federal digital asset holdings, including Strategic Bitcoin Reserve assets. Wave Digital Assets' ongoing Court of Federal Claims challenge gains new relevance.
3
Investigation Stalls, Funds Unrecoverable
Discussed by: Cryptocurrency security researchers and blockchain forensics firms like TRM Labs
Despite blockchain evidence, prosecutors struggle to build a case that meets criminal standards. Funds routed through Tornado Cash prove difficult to trace to their final destination. The investigation extends for years without charges. The incident joins a pattern of unresolved government cryptocurrency losses, including the still-missing $700,000 from the October 2024 drain. Critics cite it as evidence that the government cannot adequately secure digital assets.
4
Strategic Bitcoin Reserve Policy Reconsidered
Discussed by: Cryptocurrency policy critics and government oversight organizations
The theft becomes a focal point for skeptics of the Strategic Bitcoin Reserve. Congressional opponents argue the government lacks the institutional capacity to secure billions in digital assets. The incident contributes to policy debates about whether forfeited cryptocurrency should be converted to fiat rather than held in reserve. This outcome depends on whether additional custody failures emerge and how effectively the administration defends its digital asset strategy.
Historical Context
Mt. Gox Collapse and Insider Failures (2014)
February 2014
What Happened
Mt. Gox, then handling 70% of global Bitcoin transactions, revealed that approximately 850,000 bitcoins had disappeared through a combination of hacking and structural mismanagement. CEO Mark Karpelès was later arrested and charged with embezzlement and data manipulation. The collapse exposed how weak internal controls and poor key management could enable catastrophic losses at institutions trusted to custody digital assets.
Outcome
Short Term
Mt. Gox declared bankruptcy. Karpelès was arrested and convicted of data falsification, though acquitted of embezzlement charges. Creditors waited over a decade for partial repayment.
Long Term
Japan created the first formal cryptocurrency exchange regulations. The incident established that custodial failures—whether from external hackers or insider malfeasance—could destroy institutions and erode trust in the entire cryptocurrency ecosystem.
Why It's Relevant Today
Like Mt. Gox, the CMDSS incident involves alleged insider access enabling theft from a trusted custodian. Both cases highlight how cryptocurrency's irreversibility makes custody security existential—once keys are compromised, assets can vanish in minutes.
The FBI's three-year investigation uncovered widespread bribery and fraud involving Pentagon officials and defense contractors. Melvyn Paisley, Assistant Secretary of the Navy, accepted hundreds of thousands in bribes to steer contracts. Deputy Assistant Secretary James Gaines was convicted of theft of government property. The scandal exposed how contractors with access to sensitive government programs could exploit insider positions for personal gain.
Outcome
Short Term
Over 90 individuals and corporations were convicted. Multiple Pentagon officials served prison sentences. Defense procurement reforms were enacted.
Long Term
Established precedent that contractor access to government assets creates inherent risks requiring robust oversight. Led to enhanced procurement integrity rules still in effect today.
Why It's Relevant Today
Both cases involve contractors entrusted with government assets allegedly exploiting their access. The CMDSS incident suggests that even as asset classes evolve from defense hardware to digital currencies, the fundamental vulnerability—insider access without adequate oversight—persists.
2016 Bitfinex Hack and Recovery (2016-2024)
August 2016 - November 2024
What Happened
Ilya Lichtenstein exploited vulnerabilities in Bitfinex's security to steal 119,756 bitcoins. He and his wife Heather Morgan spent years laundering the proceeds through complex cryptocurrency transactions. In 2022, federal authorities traced and seized $3.6 billion—then the largest financial seizure in Justice Department history. Lichtenstein pleaded guilty and received a five-year sentence.
Outcome
Short Term
Lichtenstein sentenced to five years, Morgan to 18 months. Approximately $10 billion in assets ultimately recovered. Both were released early under First Step Act provisions.
Long Term
Demonstrated that blockchain's transparency enables forensic tracing of stolen funds years after theft. Also showed that seized cryptocurrency creates new custody challenges—the very funds recovered from this case are now allegedly at the center of the CMDSS theft.
Why It's Relevant Today
Directly connected: funds from the Bitfinex seizure were among those allegedly stolen in the current incident. The irony is stark—assets recovered through years of federal investigation may have been lost again through inadequate custody controls.
