🏛️ INSIDER HEIST: SON OF U.S. GOV CONTRACTOR LINKED TO $40M SEIZED CRYPTO THEFT

A major cybersecurity scandal has rocked the U.S. government as of January 26, 2026, involving the alleged theft of over $40 million in cryptocurrency from wallets used for government seizures. Investigated by on-chain sleuth ZachXBT, the heist has been traced to John Daghita (known online as “Lick”), the son of the executive heading **CMDSS **a Virginia-based IT firm. CMDSS was awarded a significant contract in 2024 to assist the U.S. Marshals Service (USMS) in managing and disposing of seized digital assets. This breach represents one of the most high-profile insider threats in government-sanctioned crypto custody history, exposing critical vulnerabilities in how the state secures its billions in forfeited assets.

The Breach: Insider Access and Private Key Exposure

The theft was not a result of a sophisticated external hack, but rather an exploitation of trusted “supply chain” access.

• The CMDSS Connection: Daghita’s father leads CMDSS, which was granted specialized access to the private addresses used for government seizures. This insider positioning reportedly allowed John Daghita to siphon funds from addresses meant to be under federal protection.
• Blockchain Evidence: Blockchain investigator ZachXBT successfully traced at least $23 million to a single wallet controlled by Daghita. This specific wallet is linked to a broader web of suspected thefts totaling more than $90 million between 2024 and late 2025.

Flaunting the Loot: Social Media and the $23M “Flex”

The case took a surreal turn as the suspect reportedly flaunted the stolen wealth on social messaging platforms.

• Telegram Activity: Daghita remained active on Telegram, “flexing” luxury assets and a wallet containing $23 million in stolen funds. He even allegedly interacted with public addresses linked to the investigators tracking him.
• Cover-up Attempts: As the news broke, Daghita quickly scrubbed NFT-linked usernames from his Telegram account and changed his screen name. Simultaneously, CMDSS deleted its X (Twitter) and LinkedIn accounts and removed employee information from its official website in an apparent attempt to distance the firm from the scandal.

Systemic Risk: The Future of Gov-Seized Crypto

This incident has sparked urgent calls for a total audit of all U.S. government-contracted crypto custody arrangements.

• Institutional Concern: CMDSS is a significant player, holding active contracts with the Department of Defense and the Department of Justice. The fact that a contractor’s relative could access seized assets raises alarming questions about the vetting and oversight protocols within federal IT agencies.
• Custody Vulnerability: Analysts note that even with high-level government oversight, human connections remain the weakest link. This heist highlights that centralized custody even when sanctioned by the state faces the same “insider threat” risks as private exchanges.

Essential Financial Disclaimer

This analysis is for informational and educational purposes only and does not constitute financial, investment, or legal advice. Reports of the $40 million crypto heist and John Daghita’s involvement are based on ongoing investigations and public reports as of January 26, 2026. The suspect is presumed innocent until proven guilty in a court of law. Government contracts and seizure protocols are subject to change as the full scope of this breach is understood. Always conduct your own exhaustive research (DYOR) and consult with a professional regarding the security of digital asset custody.

Is the “insider threat” the biggest risk to the U.S. government’s multibillion-dollar crypto stash?