Blockchain investigator ZachXBT has linked a malicious actor to over 90 million dollars in alleged cryptocurrency thefts from addresses seized by the US government, allegations that raise questions about custody procedures within the US Marshals Service.
The individual, identified as 'John' or 'Lick', is said to have controlled portfolios related to assets held by the government stemming from the Bitfinex hacking case in 2016.
ZachXBT's investigation emerged after a recorded online dispute, during which the suspect demonstrated control over 23 million dollars in cryptocurrencies during a 'band for band' wealth display with another alleged criminal.
Blockchain analysis traced the funds back through multiple wallets to a U.S. government address that received 24.9 million dollars from seizures related to Bitfinex in March 2024.
USMS Contract and Custody Concerns
Command Services & Support, Inc. won the US Marshals Service contract in October 2024 to manage seized cryptocurrencies class 2 to 4.
This Virginia-based technology services company outpaced Wave Digital Assets, a competitor of Coinbase, during a contested bidding process.
Dean Daghita, president of CMDSS, has been leading the company from Haymarket, Virginia. Public procurement documents show that the company holds a multi-year agreement running until June 2036 to assist the USMS in managing and liquidating seized digital assets.
Wave Digital Assets had previously challenged the contract award, claiming that CMDSS did not have the appropriate licenses from the Securities and Exchange Commission or the Financial Industry Regulatory Authority.
The Government Accountability Office rejected Wave's challenge in March 2025, deeming the USMS's evaluation procedures reasonable.
Read also: Why McLaren Racing Chose Hedera Over Ethereum For Fan Collectibles
Allegations of Unverified Access
ZachXBT mentioned a possible familial link between the alleged thief and CMDSS management, although this relationship has not been confirmed by independent sources.
How the suspect allegedly gained access to government-controlled wallets has not been established.
The suspect reportedly deleted identification information from their social media accounts and changed their Telegram usernames following the publication of ZachXBT's investigation. Approximately 18.5 million dollars remained in the wallet address 0xc7A253fD3C61CF69d043e6184c107dF4E29475B5 as of January 23.
Neither the USMS nor CMDSS responded to requests for comment. The Justice Department has not announced any charges related to the alleged theft.
Read also: MoonPay Secures Eight-Figure X Games Title Sponsorship As League Format Launches