The FBI arrested John Daghita on the island of Saint Martin on Wednesday, charging him with stealing more than $46 million in cryptocurrency from the U.S. Marshals Service. The operation was carried out jointly with France’s Groupe d’Intervention de la Gendarmerie Nationale, FBI Director Kash Patel confirmed Thursday.
“Last night, John Daghita – a U.S. government contractor who allegedly stole more than $46 million in cryptocurrency from the U.S. Marshals Service – was arrested on the island of Saint Martin by the French Gendarmerie’s premier elite tactical unit in a joint operation with the FBI,” Patel said.
Photos from the arrest show law enforcement seized an undisclosed amount of U.S. dollars in $100 bank notes, along with multiple hard drives and security keys.
Inside the Alleged Theft
Daghita, who operates online under the handle “Lick,” is the son of Dean Daghita, president and CEO of Command Services & Support (CMDSS). The Virginia-based firm has held a contract with the U.S. Marshals Service since October 2024 to manage and dispose of seized digital assets, reportedly including funds tied to the 2016 Bitfinex hack, in which 120,000 bitcoins were stolen from the Hong Kong-based exchange.
Prosecutors allege John Daghita exploited his access through his father’s company to move the funds. Patel confirmed that the younger Daghita also held status as a U.S. government contractor.
How the Blockchain Trail Led to His Door
The case became public in late January when blockchain investigator ZachXBT published an analysis tracing $23 million in USMS-linked wallet movements to addresses connected to Daghita. The investigator found that Daghita had inadvertently exposed himself during a recorded private Telegram dispute with another threat actor, known as Dritan Kapplani Jr., in which Daghita demonstrated the ability to move large sums between two cryptocurrency wallets in real time.
More Read
That on-chain activity allowed ZachXBT to connect those wallets to government-seized assets from the Bitfinex hack seizure. After ZachXBT reported his findings to authorities, Daghita allegedly began taunting the investigator on Telegram, sending small amounts of the allegedly stolen funds to ZachXBT’s public wallet address, a harassment tactic known as a “dust attack.”
“John then taunted me multiple times via his Telegram channel and dust attacked my public wallet address with stolen funds. Thanks for the last laugh, John,” ZachXBT wrote following news of the arrest.
A Contract Turned Vulnerability
The case raises direct questions about oversight of private contractors managing government-held digital assets. CMDSS held responsibility for some of the most sensitive cryptocurrency the U.S. government controls, including proceeds traced back to one of the largest crypto thefts ever recorded. The alleged breach came from within that trusted chain of access.
Patel credited the International Cooperation Team Serious Crime Unit of the French Gendarmerie National in Saint Martin and the Gendarmerie unit in Guadeloupe for their coordination in the arrest. No formal charges have been publicly detailed beyond the theft allegations. The investigation remains active.
This article is a curated summary based on third-party sources. Source: Read the original article
