John Daghita, a US government contractor, was arrested on March 5, 2026, on the Caribbean Island of Saint Martin in connection with a major cryptocurrency theft case. Authorities say Daghita is the son of Dean Daghita, the CEO of Command Services & Support (CMDSS), a company that works with US government agencies.
The arrest was carried out during a joint operation involving the Federal Bureau of Investigation (FBI) and special units of the French Gendarmerie. Elite officers from the Groupe of Intervention de la Gendarmerie nationale based in the Guadeloupe also took part in the operation.
FBI Director Kash Patel confirmed the arrest on social media. He stated that Daghita is accused of stealing more than $46 million in cryptocurrency from digital wallets managed by the U.S. Marshals Service (USMS)
During the arrest, investigators seized several items believed to be connected to the case. These included a metal briefcase filled with stacks of $100 bills, multiple hardware crypto wallets, USB drives, and other digital storage devices. Photos from the scene showed Daghita in handcuffs near a swimming pool while officers displayed the seized cash and electronic equipment.
Insider Access and the CMDSS Connection
Command Services and Support (CMDSS), an IT firm based in Virginia and owned by Dean Daghita, had a $4 million contract with the US Marshals Service awarded in October 2024. The contract required the company to help manage and dispose of cryptocurrency assets that had been seized or forfeited by the government. These assets included funds connected to the major criminal cases, such as the 2016 Bitfinex hack. Because of this work, CMDSS had access to wallets containing billions of dollars worth of digital assets.
Allegations have surfaced against John Daghita, who is accused of using his father’s company to move funds from government-controlled wallets into personal accounts. Investigators say he may have used insider access at CMDSS, although it is still unclear if he held an official position there. Soon after the claims became public, the company’s online presence- including its X account, website, and LinkedIn page was taken down. Authorities are continuing to investigate the incident and determine how the alleged transfer of funds occurred.
Blockchain Investigation and Online Trail
The breach first came to light in January 2026 when blockchain investigator ZachXBT traced suspicious transactions from a US government wallet to several private crypto addresses. During his investigation, he found that a wallet identified as Oxc7a2 recovered about $24.9 million in March 2024, with more funds moving through multiple wallets by 2025.
ZachXBT connected these transactions to an online persona called “Lick,” who was later identified as John Daghita. The investigation gained momentum after Daghita allegedly bragged about his wealth in a Telegram group chat. During an argument with another user, he reportedly displayed a crypto wallet holding $23 million in digital assets.
Daghita also tried to challenge the investigator by sending dust attacks, which are tiny crypto transactions, from stolen wallets to ZachXBT’s public address. Instead of hiding the trails, these actions helped the investigators track the movement of funds closely. The blockchain evidence eventually helped expose the alleged theft and connect it to Daghita.
Extradition and Future Security Concerns
John Daghita is currently in custody in Saint Martin and is expected to be extradited to the United States. Authorities say he could face several charges, including theft of government property, wire fraud, and money laundering. Investigators are still reviewing the evidence to understand how the alleged transfer of funds happened and who may have been involved.
The case has raised serious concerns about the security of digital assets held by the government, especially those managed by third-party contractors. Reports say the government currently holds more than 198,000 BTC from seized cases, worth tens of billions of dollars at current prices.
Because of this incident, experts and lawmakers are calling for a full audit of companies that manage government crypto wallets. Security specialists warn that the case highlights weaknesses in the current system. They believe stricter regulations and stronger cybersecurity measures may soon be introduced to better protect seized cryptocurrency.
