- Hacker stole about $24.9 million in cryptocurrency from wallets overseen by the U.S. Marshals Service, prompting an active investigation
- Security researcher ZachXBT linked the theft to an individual called “Lick,” reportedly related to the CEO of contractor CMDSS, which holds a $4 million Marshals Service contract
In early 2024, a hacker drained roughly $24.9 million in cryptocurrency from wallets overseen by the U.S. Marshals Service, prompting scrutiny of how the agency manages digital assets. The breach, which targeted government-controlled wallets linked to a newly created federal bitcoin reserve, has since sparked questions about potential insider access and the role of a private contractor hired to help handle those funds.
Alleged link between hacker and contractor to the U.S. Marshals Service
Attention on the theft intensified after the security researcher known as ZachXBT alleged a possible family connection between the suspected hacker and a subcontractor to the U.S. Marshals Service. Posting on X, ZachXBT reported that an individual named John Daghita appeared to reveal on Telegram that he controlled the stolen cryptocurrency. According to the researcher, Daghita uses the hacker alias “Lick.”
Public records cited in the discussion indicate that John Daghita is reportedly the son of Dean Daghita, who leads Command Services and Support (CMDSS), a firm based in Virginia. CMDSS secured a $4 million contract from the U.S. Marshals Service in 2024. Under that agreement, the company was tasked with assisting the agency, as primary custodian of the U.S. Bitcoin Reserve, in selling specified categories of cryptocurrency.
Because of that role, CMDSS would likely have had some form of access to the digital wallets managed by the U.S. Marshals, including those connected to the bitcoin reserve. This apparent overlap between the family of a contractor and an individual tied to the stolen funds has raised the possibility of an insider angle, though the evidence remains incomplete.
ZachXBT has emphasized that the information tying John and Dean Daghita together is still only an allegation. He noted that there is no conclusive proof at this stage that the two are in fact related, even though the available data points in that direction. The lack of definitive documentation has left key questions unresolved while the investigation proceeds.
Contract controversy and oversight questions
The $4 million contract between CMDSS and the U.S. Marshals Service was already contentious before the theft came to light. Rival bidders challenged the award, asserting that CMDSS did not hold the required credentials from the Securities and Exchange Commission. They also argued that the company’s hiring of a former U.S. Marshals employee created a conflict of interest surrounding the procurement process.
Those concerns were reviewed by the Government Accountability Office, which issued a decision last year. The GAO concluded that the contract award to CMDSS was not improper, effectively rejecting the formal challenge from competitors. Despite that outcome, the combination of prior objections and the current hacking allegations has renewed debate over the agency’s choice of contractor and its due-diligence standards.
Fortune has attempted to obtain comment from CMDSS about the reported link between the firm’s chief executive and the suspected hacker. Reporters used a phone number that appeared on the company’s website but was removed after initial coverage of the allegations surfaced in January, as well as an online contact form. CMDSS did not provide an immediate response through either channel.
The U.S. Marshals Service has likewise faced questions about its management of the incident and the company’s continued role. Brady McCarron, the agency’s chief of public affairs, told Coindesk last week that an investigation is in progress. However, Fortune reports that repeated follow-up calls seeking updates on the probe and clarification on whether CMDSS remains engaged as a subcontractor went unanswered. The absence of further comment has left the status of both the investigation and the contract unclear.
Broader crypto issues spotlighted alongside the U.S. Marshals Service case
The breach at the U.S. Marshals Service and the questions surrounding CMDSS form part of a wider set of topics examined on the latest episode of Fortune’s Crypto Playbook vodcast. Hosts Jeff John Roberts and Leo Schwartz used the program to dissect the theft, the potential insider element, and what the episode suggests about government handling of digital assets.
Their discussion situates the U.S. Marshals case within a broader moment for crypto oversight, where government agencies increasingly hold and dispose of seized or reserved tokens. With the U.S. Marshals acting as primary custodian for the U.S. Bitcoin Reserve, the hack underscores the security expectations placed on the agency and on any private partners involved.
The same episode also addresses other high-profile crypto storylines. One segment examines what has been dubbed the “Spy Sheikh” scandal, described as connected to former President Donald Trump’s crypto-related activities in the Middle East. Another focuses on the rapid expansion of Tether’s gold reserves, highlighting how stablecoin issuers are diversifying or backing their tokens with alternative assets.
By grouping these narratives together, the program highlights how issues of trust, governance, and transparency are converging across the crypto ecosystem. Whether involving a federal law enforcement agency, a political controversy abroad, or a major stablecoin operator, the stakes for secure and accountable management of digital and related assets are presented as rising in parallel.
Conclusion
The theft of nearly $24.9 million in cryptocurrency from wallets controlled by the U.S. government has placed the U.S. Marshals Service under pressure to explain how its digital holdings are protected and who can access them. Allegations that the suspected hacker may be related to the head of CMDSS, a $4 million contractor tasked with helping manage and sell those assets, have intensified scrutiny, even as investigators stress that the familial link remains unproven. With no detailed public update from the agency or its subcontractor, and with prior objections to the contract still in recent memory, the incident has become a focal point in a wider debate over security, conflicts of interest, and accountability in government-facing crypto operations.
Disclaimer
The information provided in this article is for informational purposes only and should not be considered financial advice. The article does not offer sufficient information to make investment decisions, nor does it constitute an offer, recommendation, or solicitation to buy or sell any financial instrument. The content is opinion of the author and does not reflect any view or suggestion or any kind of advise from CryptoNewsBytes.com. The author declares he does not hold any of the above mentioned tokens or received any incentive from any company.
Featured image created by AI
