A U.S. government contractor's son, accused of stealing more than $46 million in cryptocurrency from the U.S. Marshals Service, was arrested Wednesday on the island of Saint Martin.
The arrest was the result of a joint operation between the FBI and France's elite Groupe d'Intervention de la Gendarmerie Nationale, FBI Director Kash Patel announced on Thursday.
"Last night, John Daghita – a U.S. government contractor who allegedly stole more than $46 million in cryptocurrency from the U.S Marshals Service – was arrested on the island of Saint Martin by the French Gendarmerie's premier elite tactical unit in a joint operation with the @FBI," Patel said.
"Thanks to the International Cooperation Team Serious Crime Unit of the French Gendarmerie National in Saint Martin, and the Groupe d'intervention de la Gendarmerie nationale of Guadeloupe for the outstanding coordination."
According to photos taken during Daghita's arrest, law enforcement officers also seized an undisclosed amount of U.S. dollars in $100 bank notes, as well as multiple hard drives and security keys.
John Daghita (who uses the "Lick" online handle) is the son of Dean Daghita, president and CEO of Command Services & Support (CMDSS). This Virginia-based firm has been helping the U.S. Marshals Service manage and dispose of seized digital assets since October 2024.
Those holdings reportedly also include funds tied to the 2016 Bitfinex hack, one of the largest cryptocurrency heists on record, which led to the theft of 120,000 bitcoins from the Hong Kong-based Bitfinex crypto-exchange.
Blockchain investigator ZachXBT broke the case publicly in late January when he published an analysis that traced $23 million in USMS-linked wallet movements to addresses he linked to Daghita, who is also a U.S. government contractor, according to Patel.
ZachXBT found that Daghita inadvertently exposed himself during a dispute with another threat actor (known as Dritan Kapplani Jr.) in a recorded private Telegram chat, where he demonstrated the ability to move large sums between two cryptowallets in real time.
Further on-chain analysis subsequently enabled ZachXBT to link those wallets to government-seized assets from the Bitfinex hack seizure. After the investigator reported his findings to authorities, Daghita reportedly taunted him repeatedly on Telegram by sending small amounts of the allegedly stolen funds (a tactic known as a "dust attack") to ZachXBT's public wallet address.
"In late January 2026, I exposed how John stole $ 46M+ in seized crypto assets from the US government by abusing access at CMDSS, his father's company, which held a USMS contract," ZachXBT said after Daghita's arrest.
"John then taunted me multiple times via his Telegram channel and dust attacked my public wallet address with stolen funds. Thanks for the last laugh, John."
Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
Comments
Sentin3l - 3 weeks ago
It's funny how the government didn't miss 46 million nor acted on it until ZachXBT reported it.... Very unbelievable.
CJatWork - 3 weeks ago
When they're in the red for 38.85 trillion dollars, it's quite believable. 2024 Federal spending was roughly 6.8 trillion. 2024 median household income in the US was $83,730. So that family losing .57 cents is like the Federal government not noticing 46 million being "misplaced". What, you never lost .57 cents? ;-) Seriously though, I'm as PO'd as the next taxpayer whenever I see this, and more is uncovered all the time. I'm just saying that I'd use the word inexcusable instead of unbelievable.
[edit] I wanted to add that this is not a political statement of any kind, just math, and maybe not even correct, heh.
Elastoer - 3 weeks ago
The main reason these idiots get caught is because they feel compelled to brag about what they did.