Key highlights:
- John Daghita stole over $90 million in crypto, including $40 million in US government Bitcoin seized from the 2024 Bitfinex hack.
- Daghita’s father owns CMDSS, a firm managing confiscated crypto for US Marshals Service.
- Telegram screenshots showing $23M transfers exposed Daghita despite public theft allegations.
Crypto investigator ZachXBT linked American John Daghita to stealing over $90 million in digital assets. More than $40 million of stolen funds belonged to the U.S. government, as they were confiscated as part of the investigation into the 2016 Bitfinex hack.
Telegram bragging leads to exposure
The investigation began after a public Telegram exchange between Daghita (known as “Lick”) and Dritan Kapplani Jr. During their dispute over crypto portfolio sizes, Daghita shared screenshots and videos of fund movements, including a $23 million transaction.
1/ Meet the threat actor John (Lick), who was caught flexing $23M in a wallet address directly tied to $90M+ in suspected thefts from the US Government in 2024 and multiple other unidentified victims from Nov 2025 to Dec 2025. pic.twitter.com/SBAFU5hTnE
— ZachXBT (@zachxbt) January 23, 2026
ZachXBT noted the suspect “completely failed digital security,” demonstrating clear digital traces of his crimes. The materials show Daghita controlling addresses containing stolen assets and continuing to brag on messaging apps even after allegations were published.
John Daghita flaunts his wealth. Source: ZachXBT
Contacting a government contractor
Two days after ZachXBT’s first publications found out, John is the son of Command Services & Support (CMDSS) owner. This organization won a U.S. Marshals Service (USMS) contract in 2024 to manage and sell confiscated crypto assets. The company also performs IT contracts for government agencies in Virginia.
In case you are curious how John Daghita (Lick) was able to steal $40M+ from US government seizure addresses.
John’s dad owns CMDSS, which currently has an active IT government contract in Virginia.
CMMDS was awarded a contract to assist the USMS in managing/disposing of… https://t.co/lzR2a1aidA pic.twitter.com/PV0IkSuhVy
— ZachXBT (@zachxbt) January 25, 2026
Following the investigation publication, CMDSS’s social media accounts, corporate website, and LinkedIn page were deactivated. The mechanism by which Daghita gained access to government funds remains unclear.
Chronology of crimes and provocations
According to the detective, thefts took place November-December 2025, but public displays of wealth began only January 22, 2026. In addition to government funds, private investors suffered as about $50 million was stolen from them.
After the allegations were published, Daghita not only continued trolling on Telegram, but also sent ZachXBT 0.6767 ETH (approximately $1,900). The transaction provided further evidence of suspect’s control over the funds.
The crypto detective stated that all funds received from Daghita will be transfered to the government address for asset seizure.
The contract was awarded to CMDSS a while back.
The thefts happened in Nov 2025 & Dec 2025
The stolen funds were not flexed until a few days ago on Jan 22, 2026
— ZachXBT (@zachxbt) January 26, 2026
No official U.S. Marshals Service comment exists. All information based on ZachXBT’s investigation (January 23-26, 2026). The case demonstrates vulnerabilities in confiscated digital asset management and security protocol importance when handling government funds.
Source:: Crypto Sleuth Links Government Contractor's Son to $90M Crypto Theft