Recent developments in the cryptocurrency space have unveiled shocking details surrounding a $40 million theft linked to U.S. government crypto wallet seizures. Investigative expert ZachXBT has linked this significant heist to a suspect known as John Daghita, also referred to by his alias “Lick.”
Understanding the Massive Crypto Theft
On January 25, ZachXBT posted critical information, pointing to a company called Command Services & Support (CMDSS) which has been implicated in the situation. This firm holds an active IT contract with the U.S. government, assisting the United States Marshals Service (USMS) in managing seized crypto assets. The connection raises eyebrows regarding how John gained access to sensitive information through familial ties.
Are you aware of how John Daghita (Lick) orchestrated the theft of over $40 million from U.S. government seizure wallets?
His father runs CMDSS, a firm currently engaged in an IT contract serving the U.S. government.
The firm was tasked with aiding USMS in handling surrendered crypto assets… pic.twitter.com/PV0IkSuhVy
— ZachXBT (@zachxbt) January 25, 2026
These allegations surface against earlier investigations published by ZachXBT, which connect wallet activity and digital conversations to the same individual. John was identified as a suspect who flaunted a wallet containing $23 million, which is intrinsically linked to over $90 million in suspected unauthorized transactions from the U.S. government and other unidentified sources during 2024 and late 2025.
In his investigation, ZachXBT highlighted a particular incident involving a dispute in a Telegram chat amongst cryptocurrency enthusiasts where John and another threat actor, identified as Dritan Kapplani Jr., engaged in an informal contest to display their financial dominance. This discussion, along with screen recordings, provides crucial evidence regarding the control over substantial funds.
In part one of the recording, Dritan taunts John, but John responds by sharing his Exodus wallet, showing a Tron address with $2.3 million:
TMrWCLMS3ibDbKLcnNYhLggohRuLUSoHJg pic.twitter.com/jvcjIVEpaE
— ZachXBT (@zachxbt) January 23, 2026
Ownership continuity across the displayed wallets became a pivotal piece of evidence in ZachXBT’s findings. The recordings underpin the assertion that John exercises control over multiple wallet addresses. Following this, efforts to trace the origins of funds led back to a transaction from March 2024, amounting to $24.9 million, which was associated with cryptocurrencies seized from the infamous Bitfinex hack.
Moreover, ZachXBT alerted about an additional amount of $18.5 million thought to be residing at one of the identified addresses. Notably, more transactions, totaling over $63 million, were found to originate from victims and government seizure wallets within Q4 2025. This included a notable transfer of 4.17K ETH valued at approximately $12.4 million from the MEXC exchange.
In his post, ZachXBT contemplated how CMDSS’s involvement with USMS might have inadvertently created an access pathway for John. Questions linger regarding whether systems or credentials were compromised, though the exact processes remain a mystery.
Following this bombshell revelation, ZachXBT noted that CMDSS’s online accounts were swiftly deactivated, indicating attempts to distance from the situation. Meanwhile, Daghita’s activities on Telegram persisted, hinting at a defiance in the face of mounting scrutiny.
The situation has captured widespread attention from the cryptocurrency community, prompting strong reactions from industry leaders. David Bailey, CEO of Nakamoto Inc., emphasized the need for immediate action to secure the U.S. government’s digital assets, while Pierre Rochard, a prominent Bitcoin advocate, framed the incident as a critical national-security issue, calling for legislative measures.
As this story continues to unfold, the implications for the future of cryptocurrency regulations and security will undoubtedly be immense. Industry stakeholders are now questioning the protocols in place for safeguarding digital assets.
