logo
U.S. Government's Crypto Assets Stolen by a Connected Individual—Who Will Guard the National Strategic Reserve?
Fri, Mar 6, 12:02 PM
Foresight News
The U.S. Bitcoin Reserve has been established, but the system still has outstanding issues.


Written by: angelilu, Foresight News


On March 5, FBI Director Kash Patel personally announced an arrest on X: suspect John Daghita was arrested on the Caribbean island of St. Maarten, carrying a metal briefcase full of $100 bills, multiple hard drives, and several crypto keys.



He is charged with stealing over $46 million in cryptocurrency from the U.S. Marshals Service (USMS).


What's more ironic is that his father's company is the contractor responsible for managing these crypto assets for the U.S. government.


It All Started With a Wealth-Flaunting Contest


The story began with a wealth-flaunting contest in a Telegram group. John Daghita (online alias "Lick") participated in such a contest and showed the assets in his wallet in a video.


Blockchain detective ZachXBT noticed this video. He began to trace the on-chain data.


At the end of January, ZachXBT released an investigation report accusing John Daghita of stealing at least $46 million from U.S. government-hosted crypto wallets by abusing internal privileges of his father Dean Daghita's company (CMDSS)—including approximately 12,540 Ethereum. CMDSS is a Virginia-based tech company that just obtained a crypto asset custody contract from the U.S. Marshals Service in October 2024, with clients including the U.S. Department of Justice and the Department of Defense.



After ZachXBT's investigation, John also repeatedly provoked ZachXBT on his Telegram channel, even launching dust attacks on ZachXBT's public wallet address using stolen funds.



Five weeks later, the FBI and elite French gendarmerie units arrested John Daghita. ZachXBT wrote on X: "John Daghita's arrest is a direct result of my investigation" and "Thanks for letting me have the last laugh, John."


After the incident was exposed, CMDSS's official website, X account, and LinkedIn page were all quickly taken down, and the company has effectively "disappeared." There are no public reports of Dean Daghita (father/CEO) being charged so far, but his company has essentially dissolved.


Insider Theft?


To understand this case, we first need to know what the U.S. Marshals Service is responsible for.


Over the years, the U.S. government has accumulated a huge inventory of crypto assets through various criminal proceedings such as drug cases, hacking cases, and exchange cases. The Bitcoin that eventually flowed back to government accounts from the infamous Silk Road case, BTC-e money laundering case, and Bitfinex hack case are all custodied by the Marshals Service. According to available public data, the U.S. government currently holds approximately 328,000 Bitcoins, worth about $23 billion at current market prices, making it the world's largest known sovereign Bitcoin holder.


Yet in this sizeable asset repository, the son of a contractor owner, using system access obtained through family ties, quietly transferred $46 million—from the contract taking effect in October 2024 to the exposure in January 2026, this loophole existed for at least three months.


Images previously released by ZachXBT show that CMDSS obtained a limited-scope contract to manage niche cryptocurrencies, responsible for "Class 2-4" seized crypto assets—niche coins not supported by major centralized exchanges (such as Coinbase and Binance), as well as assets related to high-profile cases like the 2016 Bitfinex hack.


ZachXBT's on-chain tracking shows that John Daghita actually had access to approximately $90 million in government wallet assets, and finally stole $46 million of it.


National Bitcoin Reserve: Who Will Guard It?


In March 2025, Trump signed an executive order to formally establish the "U.S. Strategic Bitcoin Reserve," incorporating Bitcoin obtained by the government through judicial forfeiture into national strategic assets and explicitly ordering that it "shall not be sold." According to the latest data, the reserve size has reached 328,000 BTC.



In addition, the U.S. Congress is considering the "BITCOIN Act," which proposes to authorize the Treasury Department to purchase up to an additional 1 million Bitcoins over the next five years.


In other words, the U.S. government is planning to massively expand its crypto holdings—but the CMDSS case clearly illustrates a question that has not yet been formally answered: How exactly should these assets be stored and who should manage them?


Currently, the U.S. government's custody model for crypto assets is a hybrid structure of "cold wallets + contractor-managed custody." The Marshals Service entrusts different categories of seized assets to different private tech companies for handling, lacking unified federal agency standards and real-time audit mechanisms. Using private contractors to manage national-level assets is not uncommon in traditional finance—but the characteristics of crypto assets (private keys equal ownership, irreversible transfers) have infinitely amplified insider risks.


Anyone with access rights can transfer assets to any address at any time. Although the on-chain traces left are permanent, if no one actively monitors them, it's like still water.


ZachXBT Did It, But the U.S. Government Didn't


The most intriguing detail of this case is the identity of the discoverer.


It wasn't the FBI, the Treasury's internal audit department, or the Marshals Service's risk control team—it was an anonymous independent on-chain detective who, using publicly available blockchain data, caught the anomaly in a wealth-flaunting video and then traced the entire chain.


From tracking on-chain data to real identity, ZachXBT's core tools were nothing more than Etherscan, on-chain clustering analysis, and cross-verification with social media. But this set of methods filled the gap in the U.S. government's internal monitoring mechanisms.


This forms a highly ironic reality: the transparency of blockchain ultimately became the most powerful weapon against this theft—but the one who actively used this weapon was not a law enforcement agency, but a civilian detective.


Comparison with Traditional Finance: Would the Fed Operate This Way?


We can use a thought experiment for comparison: What would happen if someone stole $46 million worth of physical gold from the Federal Reserve's gold vaults?


First, the Fed's gold is subject to multi-layered physical security, dual-control rules, and independent audits. It is almost impossible for any single individual to access physical assets independently without triggering an alarm. Second, the transfer of gold requires physical handling and cannot be "withdrawn" cross-border in a few minutes.


Crypto assets are the exact opposite. Transfers take minutes, are global without borders, and the private key holder has absolute control. This means that traditional physical security logic is completely ineffective here, and a completely different risk control architecture must be used instead—and the U.S. government has clearly not yet established this architecture.

ACTKEYPublicZachXBTReserveXCurrentDATAREALBitcoin Reserve

LATEST NEWS

loading...
© 2025 Foresight News. All Rights Reserved.