Over the weekend, ZachXBT, a known advisor to the cryptocurrency investment firm Paradigm and recognized for his investigative prowess in the digital asset space, made alarming claims regarding a significant theft of crypto assets from U.S. government custody. Specifically, he accused the son of a chief executive at a firm managing these funds of being involved in the alleged $40 million theft connected to the notorious 2016 hack of the Bitfinex exchange.
The U.S. Marshals Service (USMS) has since confirmed that it is investigating the allegations surrounding the theft. Command Services & Support (CMDSS), the company in question, was awarded a government contract for managing a specific class of crypto assets just last October. Dean Daghita, the CEO of CMDSS, finds himself at the heart of the accusations as ZachXBT asserts that his son, John Daghita, also known by the pseudonym Lick, is implicated in this breach.
According to reports, a significant portion of the stolen funds was returned within 24 hours. Yet the circumstances behind how John Daghita gained access to such substantial crypto assets remain troubling. Insiders in the crypto community suggest that his connection to the stolen funds became apparent when he allegedly boasted about the contents of high-value crypto wallets in a Telegram chat. A confrontation with other chat members led him to reportedly disclose access to a wallet directly related to the seizure of funds by the government.
Amid this unfolding scandal, ZachXBT publicly disclosed that roughly $1,900 worth of ether, traced back to the government’s stolen crypto, was sent to his Ethereum address. He has pledged to forward any stolen funds received to the relevant U.S. government seizure addresses.
This situation underscores a broader, ongoing issue with the U.S. Marshals Service’s management of digital assets. Previous inquiries into the agency have revealed significant challenges in accounting for its crypto holdings transparently. CMDSS’s social media accounts have been deactivated, and the company has yet to respond to inquiries regarding the allegations.
The USMS, when approached for comment, indicated that it would refrain from making any statements while the investigation is ongoing. Meanwhile, Patrick Witt, Executive Director of the President’s Council of Advisors for Digital Assets, has expressed his intent to investigate the situation further.
Historically, the U.S. government has seized cryptocurrencies related to criminal activities and sold them for profit. Notably, investor Tim Draper made headlines for purchasing nearly 30,000 bitcoins seized from the Silk Road darknet market, an investment that has dramatically appreciated over time. However, following a pivot in policy under the previous administration, sales of seized cryptocurrencies were halted, with a new strategy prioritizing a reserve of seized bitcoin and other digital assets.
The landscape of cryptocurrency thefts continues to evolve. Last year, notable exploits in decentralized finance sent shockwaves through the industry as fundamental questions arose about the trustworthiness of these platforms. The year 2025 was marked by a spike in both physical thefts of cryptocurrencies and illicit activities, with estimates suggesting that $154 billion in illicit transactions took place, predominantly utilizing stablecoins—centralized digital assets that offer greater control over transactions.
As investigation proceeds, the implications of this case resonate deeply within the broader conversation about security, management, and the future of cryptocurrency in both regulated and unregulated environments.
