U.S. law enforcement is quietly trying to sort through a messy and uncomfortable situation involving seized cryptocurrency, a government contractor, and allegations that tens of millions of dollars were improperly siphoned from wallets controlled by federal authorities.

 

At the center of the case is a claim that more than $40 million in seized crypto was moved out of government-linked wallets without authorization. The U.S. Marshals Service has confirmed it is reviewing the allegations, though no charges have been announced and the investigation remains in its early stages.

 

The claims surfaced publicly after blockchain investigators began flagging unusual on-chain movements tied to wallets believed to be associated with assets seized by the U.S. government in prior criminal cases.

 

Blockchain Trails and a Familiar Name

Much of the attention comes from independent blockchain investigators who traced large transfers from wallets associated with seized funds to addresses allegedly controlled by a single individual. According to multiple blockchain intelligence reports, the individual at the center of this incident is identified as John Daghita, known in crypto circles by the alias “Lick”. Analysts such as ZachXBT, an independent blockchain investigator, publicly tied on-chain movements from government-controlled cryptocurrency addresses to wallets controlled by Daghita.

 

ZachXBT’s investigation reportedly traced back transactions involving tens of millions of dollars to wallet addresses that received $24.9 million from a U.S. government account in March 2024. This particular government account is linked to assets seized after the 2016 Bitfinex hack, one of the largest cryptocurrency thefts in history, where authorities later seized funds connected to that case.

 

“Meet the threat actor John (Lick), who was caught flexing $23M in a wallet address directly tied to $90M+ in suspected thefts from the US Government in 2024 and multiple other unidentified victims from Nov 2025 to Dec 2025”, ZachXBT wrote on X.

 

According to on-chain analysis shared publicly, one wallet received roughly $25 million from a government-controlled address in March 2024. Investigators say the source wallet appears to be tied to cryptocurrency seized in connection with the 2016 Bitfinex hack, a case that has continued to ripple through the crypto industry nearly a decade later.

 

The situation escalated after a dispute in a Telegram group, where the individual allegedly disclosed wallet details that appeared to confirm control over large balances of ether and other digital assets. Once those wallet addresses were public, blockchain analysts quickly began connecting dots.

 

While blockchain data can show where funds move, it cannot on its own establish intent or legality. That distinction has become especially important as the story gains traction.

 

The Contractor Connection

What has made the case particularly sensitive is a reported family link to a government contractor.

 

John Daghita is said to be the son of Dean Daghita, president of Command Services and Support, a Virginia-based firm that holds a federal contract connected to the handling of seized cryptocurrency for the U.S. Marshals Service. The company was awarded that contract in late 2024, following a competitive procurement process that drew objections from rival bidders.

 

The contract reportedly covers the management and liquidation of certain seized digital assets, particularly smaller or less liquid tokens that are not typically handled by large exchanges.

 

There is no public evidence that the contractor itself is under investigation or that the alleged misconduct occurred as part of official company operations. Still, the overlap between government custody, private contractors, and family relationships has raised uncomfortable questions about access controls and oversight.

 

A Broader Problem for Seized Crypto

The allegations land at a time when the U.S. Marshals Service is already under scrutiny for how it manages digital assets. The agency plays a central role in handling property seized in criminal cases, including cryptocurrency tied to fraud, ransomware, darknet markets, and hacking incidents.

 

Over the years, the Marshals Service has accumulated billions of dollars worth of crypto, including large bitcoin holdings seized in high-profile cases. But audits and reporting have repeatedly shown that tracking, accounting, and securing these assets is far from simple.

 

Internal systems were not originally designed for blockchain-based assets, and oversight bodies have previously flagged weaknesses in inventory tracking and custody procedures. In some cases, the agency has struggled to provide a clear accounting of exactly how much crypto it holds at a given time.

 

Those challenges have become more visible as the value of seized crypto has soared and as debates continue in Washington over whether the government should hold, sell, or strategically manage these assets.

 

What Happens Next

For now, the U.S. Marshals Service is keeping its comments limited. Officials have acknowledged the allegations and confirmed that they are being reviewed, but they have not said whether criminal charges are expected or whether any funds have been recovered.

 

Key questions remain unanswered. Investigators will need to determine whether the alleged transfers involved unauthorized access, compromised credentials, or insider misuse of systems tied to crypto custody. Another open issue is whether the case points to individual misconduct or deeper structural weaknesses in how seized digital assets are handled.

 

Until law enforcement provides more clarity, much of the public narrative will continue to be shaped by blockchain analysts and online investigators. As with many crypto-related cases, the transparency of the blockchain offers clues, but not conclusions.

 

What is clear is that the case highlights the growing pains of government agencies adapting to digital assets. As crypto seizures become more common and more valuable, the systems designed to safeguard them are being tested in very real ways.