FBI Director Kash Patel confirmed Wednesday that John Daghita, known online as "Lick," was arrested in Saint Martin, a French collectivity in the Caribbean, on suspicion of stealing more than $46 million in cryptocurrency from wallets controlled by the U.S. Marshals Service (USMS). The arrest was a joint operation involving the FBI, France's Groupe d'Intervention de la Gendarmerie Nationale (GIGN), and the French Gendarmerie's International Cooperation Team Serious Crime Unit in Saint Martin. Daghita is the son of Dean Daghita, president of Command Services and Support (CMDSS), a Virginia-based government IT contractor that was paid $4 million in October 2024 to manage seized digital assets on behalf of the USMS.

"John Daghita allegedly stole more than $46 million in cryptocurrency from the U.S. Marshals Service," Patel wrote in a post on X. Investigators seized a metal briefcase containing stacks of $100 bills, multiple hard drives, and hardware security keys at the time of his arrest. Extradition proceedings are expected to follow.

---

How the Theft Was Traced

The case began not with federal investigators but with ZachXBT, a pseudonymous blockchain researcher known for tracking illicit crypto flows. In late January 2026, ZachXBT published findings showing that Daghita had been recorded in an argument in a Telegram group chat with another individual, where both parties attempted to demonstrate control over a cryptocurrency wallet. The identity and role of the second individual has not been publicly established. That wallet held approximately $23 million in Ethereum (ETH), a sum ZachXBT linked to wallets connected to more than $90 million in suspected government seizures. ZachXBT reported his findings to authorities and later stated publicly that "John Daghita's arrest was a direct result of my investigation."

The on-chain data identified as part of the investigation is specific. One wallet held roughly 12,540 ETH, worth more than $36 million at the time it was identified. A separate address on the TRON blockchain contained an additional $2.3 million in digital assets. The stolen funds originated from U.S. government seizure wallets, including assets connected to the 2016 Bitfinex hack, one of the largest exchange thefts of its era. That hack involved the theft of 120,000 BTC; U.S. authorities have since recovered more than $3.6 billion tied to that case.

After ZachXBT's public disclosure, Daghita reportedly mocked the researcher on Telegram and carried out what is known as a "dust attack." This tactic involves sending tiny amounts of cryptocurrency to a target's public wallet address. The intent appears to have been to contaminate ZachXBT's on-chain record and potentially implicate him in handling stolen funds.

Brady McCarron, USMS Chief of Public Affairs, declined further comment pending the completion of the investigation.

---

A Structural Failure, Not Just One Bad Actor

The CMDSS contract sits at the center of this case. CMDSS was awarded responsibility for managing Class 2 through 4 seized digital assets, a category covering cryptocurrencies other than Bitcoin. Coinbase had separately won a contract to handle Class 1 assets, primarily Bitcoin, in July 2024. John Daghita allegedly exploited the insider access his father's firm held to move funds out of government-controlled wallets.

This was not an unforeseeable risk. A 2022 audit by the Department of Justice Office of Inspector General found that the USMS was managing seized cryptocurrency using supplemental spreadsheets, lacked documented operating procedures, and had inaccuracies in its records. The OIG explicitly warned the agency to "establish properly documented policies and procedures prior to handing over cryptocurrency responsibilities to a contractor," a warning that appears to have been unheeded. As recently as February 2025, a source familiar with the situation told CoinDesk that the USMS could not confirm exactly how much cryptocurrency it held. A Washington Monthly investigation published in February 2026 described the broader situation as a "$22 billion spreadsheet problem."

---

Why This Matters Outside the United States

This case carries direct implications for governments beyond U.S. borders. India's Enforcement Directorate and Central Bureau of Investigation have both seized significant crypto assets in recent years, including assets connected to WazirX-related investigations. Agencies in Nigeria, Kenya, Ghana, and South Africa are simultaneously cracking down on unlicensed crypto activity while developing frameworks to custody the assets they seize. These jurisdictions operate with far less institutional oversight infrastructure than the U.S., which makes the specific failure modes here worth studying closely.

The pattern is not limited to any single country. In January 2026, South Korean authorities reported that approximately $1.4 million in seized Bitcoin had gone missing from custody. The following month, a separate South Korean case revealed a $4.8 million seed phrase leak involving seized assets. These incidents, taken alongside the USMS case, suggest that failures in government crypto custody represent a global pattern rather than an American anomaly.

The Daghita case illustrates what goes wrong when a government outsources crypto custody to a contractor without requiring multi-signature controls (a setup requiring more than one authorized party to approve any transaction), independent auditing, or strict restrictions on insider access. The dust attack tactic is also relevant for compliance teams globally: users in jurisdictions with underdeveloped anti-money laundering screening systems may be especially exposed to third-party contamination of their transaction histories.

---

What Comes Next

The arrest arrives at a pointed moment. President Trump signed an executive order in March 2025 establishing a U.S. Strategic Bitcoin Reserve, built largely from assets managed by the USMS and DOJ. The U.S. government held an estimated 328,372 BTC as of February 2026, part of a total digital asset stockpile valued at roughly $22 billion. The Daghita case now stands as a significant test of whether the custodial infrastructure supporting that reserve is fit for purpose. Extradition proceedings are expected to move forward, but the more durable question is whether the agencies responsible for the world's largest state-held Bitcoin reserve will implement the controls that auditors have been calling for since at least 2022.