A staggering crypto heist worth over $40 million has rocked the US, allegedly orchestrated by John Daghita, online alias “Lick,” who exploited insider access from his father’s government IT firm. CMDSS, a Virginia-based contractor, secured a 2024 deal with the US Marshals Service to handle seized crypto assets, putting private wallet details right in the family’s reach. This isn’t just another hack; it’s a blatant abuse of trust in the government’s crypto custody chain, raising alarms about how deeply vulnerabilities run in official systems.
Blockchain sleuth ZachXBT has connected the dots, tracing at least $23 million to a single wallet tied to over $90 million in suspected thefts from 2024 through late 2025. As the scandal unfolds, CMDSS has gone dark, wiping its social media and website clean. Daghita, meanwhile, reportedly paraded his spoils on Telegram before scrubbing traces. This crypto heist exposes the fragility of even sanctioned crypto management, where human links can unravel sophisticated safeguards. For more on escalating crypto theft losses, check our analysis.
Alleged Insider Access Fuels Massive Crypto Heist
The mechanics of this crypto heist hinge on privileged information from CMDSS’s role in managing USMS-seized assets. John Daghita’s father led the firm, granting potential exposure to sensitive wallet addresses meant for secure disposal. What starts as a family business tie turns into a multimillion-dollar breach, underscoring how insider threats dwarf many external hacks in impact. This case isn’t isolated; it mirrors broader risks in government-contracted crypto handling, where oversight lags behind asset values.
ZachXBT’s investigation reveals a wallet directly implicated in $90 million-plus thefts, with Daghita allegedly flaunting linked assets online. CMDSS’s swift account deletions signal damage control, but the harm is done. Authorities now face questions on contract vetting and access controls. As crypto money laundering schemes proliferate, this incident demands a reckoning on custody protocols.
Investigators are dissecting the breach’s technical side, from wallet key handling to transaction flows. The scandal’s timing, amid rising US crypto ETF inflows, amplifies its irony—legit capital floods in while seized funds vanish.
ZachXBT Traces the Money Trail
ZachXBT’s thread lays bare the crypto heist‘s scale: a key wallet holds $23 million, funneling from government seizures across 2024 and into 2025. Daghita’s Telegram activity, including flexing assets and pinging investigation-linked addresses, provided crucial leads. He later ditched NFT usernames and aliases, a classic evasion move that blockchain transparency ultimately thwarts. This detective work highlights why on-chain sleuths remain crypto’s best defense against theft.
Theft patterns suggest methodical draining, not opportunistic grabs, pointing to sustained access. Victims include unidentified parties from late 2025, broadening the probe. CMDSS’s silence post-deletion fuels speculation on complicity or negligence. Related patterns echo in reports of Ethereum hacks, where protocol flaws meet human error.
Recovery odds dim as funds disperse, but freezes on exchanges could claw back portions. This trail exposes systemic gaps in tracking government-held crypto.
CMDSS Goes Dark Amid Backlash
In textbook crisis mode, CMDSS deactivated its X, LinkedIn, and website sections on staff, erasing digital footprints. This move, flagged by ZachXBT on January 25, 2026, screams accountability dodge. The firm’s prior DoD and DOJ contracts now invite scrutiny—did similar access enable prior leaks? Deleting traces doesn’t erase blockchain records, but it hampers public trust.
Daghita’s ongoing Telegram presence contrasts sharply, where he mingled stolen asset vibes pre-exposure. Such bravado often unravels thieves in crypto’s transparent ledger. Analysts push for audits, echoing calls after crypto firm charter risks. Without transparency, contracts like CMDSS’s risk becoming heist highways.
Government Contracts Under Fire in Crypto Heist Scandal
CMDSS wasn’t a fly-by-night operator; its DoD and DOJ ties made it a trusted custodian for high-stakes assets. Awarding such a firm a USMS contract in 2024 presumed ironclad security, yet the crypto heist proves presumptions fail. This breach spotlights how government outsourcing amplifies insider risks, especially with volatile crypto values soaring. Broader implications loom for all federally managed digital assets.
Critics demand audits to quantify losses and plug holes, a call intensified by the firm’s scrub job. The Daghita link personalizes the threat—family proximity to keys turns routine contracts toxic. As Clarity Act debates rage, custody flaws undermine regulatory progress. Human elements persist as the weakest link.
Probes now target CMDSS protocols, weighing if lapses were isolated or endemic. This scandal could reshape bidding for crypto management gigs.
Firm’s Deep Government Roots Raise Stakes
CMDSS’s portfolio included defense and justice gigs, positioning it as a go-to for sensitive IT. The 2024 USMS contract specifically tasked asset liquidation, handing over seizure wallet intel. Daghita’s alleged exploits suggest info flowed home unchecked. RocketReach profiles confirm the firm’s stature, now tainted.
Loss scope could exceed $90 million, dwarfing many private breaches. Taxpayer-funded seizures vanishing hits hard amid Bitcoin market volatility. Reforms may mandate stricter family vetting and air-gapped systems.
Calls for Audits and Oversight Reform
Analysts urge full audits, transparency mandates, and third-party monitors for contractors. This crypto heist echoes Ledger breaches, where custody fails spectacularly. USMS must reassess partners, perhaps centralizing crypto ops. Echoes in global crypto shadows show risks transcend borders.
Without action, trust erodes, chilling institutional inflows.
Insider Threats Echo Across Crypto Custody Landscape
This crypto heist isn’t a one-off; it unmasks persistent custody frailties, even in government frameworks. Sophisticated tech falters against insiders wielding authorized access. CMDSS’s case amplifies debates on human vetting versus automation. As tokenization booms, custody integrity becomes non-negotiable.
ZachXBT’s role underscores community watchdogs’ value over sluggish officials. Daghita’s Telegram slips highlight arrogance’s role in busts. Broader lessons apply to exchanges and funds facing similar perils.
Human Vectors in High-Tech Heists
Insiders bypass firewalls via trust, as here with familial ties. CMDSS access enabled precise hits on seizure addresses. This mirrors enterprise breaches where credentials trump code. Mitigation demands zero-trust models, even internally.
Scale—$40 million-plus—ranks among top 2025 thefts, per trends in theft reports. Recovery hinges on swift freezes, often futile post-laundering.
Blockchain Forensics as Deterrent
ZachXBT’s tracing proves immutability’s power, linking wallets irrevocably. Public flexing aided the case, a cautionary tale. Tools like these outpace thieves, but prevention lags. Integration with gov systems could preempt such crypto heists.
What’s Next
Investigations deepen, with potential charges against Daghita and CMDSS fallout looming. USMS may overhaul contracts, favoring blockchain-native custodians. This crypto heist accelerates calls for robust regs amid 2026’s ETF surge and tokenization wave. Watch for audit outcomes shaping custody standards—fail here, and trust fractures further. Stay ahead with our 2026 venture repricing insights.
Ripples could hit related sectors, from mining to DeFi, as scrutiny rises. Blockchain’s transparency offers hope, but only if humans heed lessons.
