A new investigation by prominent on-chain analyst ZachXBT has exposed what could be one of the most serious insider-related crypto security breaches involving U.S. government-controlled wallets.
According to the findings, an individual identified as John Daghita is accused of siphoning over $40 million in various cryptocurrencies from digital wallets managed on behalf of the U.S. government. These wallets reportedly held seized assets tied to criminal investigations, funds meant to be securely stored under federal custody.
ZachXBT’s on-chain tracing reveals that the assets were not taken in a single transaction but drained gradually over several months, suggesting deliberate planning rather than a technical exploit. The stolen crypto was then routed through decentralized protocols and privacy mixers in anju apparent effort to conceal the money trail.
The full investigation was publicly detailed by ZachXBT in a thread shared here:
In case you are curious how John Daghita (Lick) was able to steal $40M+ from US government seizure addresses.
John’s dad owns CMDSS, which currently has an active IT government contract in Virginia.
CMMDS was awarded a contract to assist the USMS in managing/disposing of… https://t.co/lzR2a1aidA pic.twitter.com/PV0IkSuhVy
— ZachXBT (@zachxbt) January 25, 2026
The revelations are now fueling serious concerns about how seized digital assets are being managed and protected by government contractors.
Contents
Family Connection Raises Insider Access Concerns
What makes the case especially alarming is the alleged family link to the firm responsible for safeguarding the seized funds.
ZachXBT reports that John Daghita is the son of the CEO of Cyber Management & Digital Security Services (CMDSS), a cybersecurity company that recently secured a federal contract involving digital asset custody.
CMDSS is not a peripheral service provider. The firm plays a direct role in managing and securing cryptocurrencies confiscated by U.S. authorities during criminal seizures. This places the company in control of wallets holding millions of dollars across multiple blockchains.
The relationship has sparked widespread concern that the alleged theft may not have resulted from hacking in the traditional sense, but rather from insider access, one of the most difficult security risks to prevent.
While no official confirmation has yet emerged from federal agencies, the connection alone has intensified calls for greater oversight in government crypto custody.
Federal Contract Put CMDSS At The Center Of Asset Custody
CMDSS was awarded a high-profile contract to assist the U.S. Marshals Service (USMS) in managing and disposing of seized and forfeited crypto assets.
The responsibilities reportedly include:
• Securing government-controlled wallets
• Managing transfers and liquidations
• Handling custody infrastructure
• Supporting digital asset forfeiture processes
In effect, CMDSS acts as a technical custodian for cryptocurrency confiscated during law enforcement operations.
These wallets may contain assets recovered from major hacks, fraud schemes, darknet marketplaces, and ransomware cases, making them highly sensitive targets.
The scale of funds under custody means even a small breach could lead to massive losses, placing extraordinary trust in the systems and personnel controlling access.
Alleged Systematic Draining And Laundering Operation
According to ZachXBT’s blockchain analysis, the theft unfolded slowly rather than through a sudden exploit.
The funds were allegedly:
• Removed in stages across months
• Moved through decentralized exchanges
• Routed via cross-chain bridges
• Laundered using privacy mixers and protocols
This pattern is consistent with techniques used by sophisticated threat actors to reduce traceability and avoid triggering automated monitoring systems.
ZachXBT claims transaction flows directly connect government seizure wallets to addresses controlled by Daghita, forming a consistent and traceable pattern of unauthorized withdrawals.
The gradual nature of the transfers suggests a calculated operation rather than an accidental exposure of private keys.
Unclear How Access Was Obtained
One of the most critical unanswered questions remains how John Daghita gained control over wallets holding government assets.
What is currently known:
• His father owns CMDSS
• CMDSS holds an active government IT contract in Virginia
• The company assists in managing seized crypto for the USMS
What remains unclear:
• Whether access was granted intentionally
• Whether internal security protocols failed
• Whether credentials were shared or compromised
• Whether proper multi-signature systems were in place
So far, no public explanation has been issued by CMDSS or U.S. authorities.
This lack of clarity has only intensified scrutiny around contractor oversight and internal security practices.
A Wake-Up Call For Government Crypto Security
If confirmed, the incident would represent one of the largest alleged insider crypto thefts tied to government-held funds.
It also highlights a growing challenge as law enforcement agencies accumulate massive crypto reserves through seizures.
Unlike traditional bank assets, cryptocurrencies rely entirely on private key security. Anyone with access can move funds instantly, with no central authority able to reverse transactions.
As governments increasingly outsource custody to private firms, risks expand to include:
• Insider abuse
• Weak access controls
• Poor audit systems
• Lack of real-time monitoring
• Human security failures
The case may push agencies to accelerate adoption of:
• Multi-signature custody wallets
• Segmented access permissions
• Independent security audits
• Continuous on-chain surveillance
For the crypto industry, it reinforces a long-standing reality: custody remains the weakest link in digital finance.
Even the most secure blockchain becomes vulnerable when access control breaks down.
As investigations continue, this case could become a turning point for how seized digital assets are managed worldwide, forcing tighter controls, greater transparency, and stronger accountability across both government agencies and private contractors.
For now, the blockchain evidence uncovered by ZachXBT has already sparked a serious conversation about insider risk in the era of government crypto custody, one likely to shape policy long after the dust settles.
Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.
Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news!
