Executive Summary
- $24.9 Million Theft: Nearly $25 million in cryptocurrency was stolen from USMS-controlled wallets in 2024.
- Subcontractor Link: Reports allege the hacker is the son of the CEO of CMDSS, a firm contracted to assist the USMS.
- Investigation Underway: The USMS confirmed an active investigation but has not clarified the current status of the CMDSS contract.
- Prior Scrutiny: The CMDSS contract was previously challenged by competitors over credentialing and conflict of interest concerns.
The United States Marshals Service (USMS) is facing intensified scrutiny following allegations that a relative of a federal subcontractor was responsible for the theft of approximately $24.9 million in cryptocurrency from government-controlled digital wallets in 2024. The breach has raised significant questions regarding the security protocols surrounding the agency’s custody of seized digital assets.
According to findings published by security researcher ZachXBT, the theft is linked to an individual using the alias "Lick," identified in the report as John Daghita. The researcher alleges that John Daghita is the son of Dean Daghita, the CEO of Command Services and Support (CMDSS). CMDSS, a Virginia-based firm, was awarded a $4 million contract by the USMS in 2024 to assist with the management of the U.S. Bitcoin Reserve and the sale of cryptocurrency assets.
The report claims that the individual identified as John Daghita inadvertently disclosed control of the stolen funds on the messaging platform Telegram. While ZachXBT emphasized that these findings are currently allegations, the connection to a contractor tasked with assisting the Marshals Service suggests a potential insider vulnerability. Under the terms of its contract, CMDSS would likely have access to crypto wallets controlled by federal authorities.
Brady McCarron, chief of public affairs for the Marshals Service, confirmed that an investigation into the incident is currently underway. The agency declined to provide further details on the status of the inquiry or clarify whether CMDSS remains employed as a subcontractor. CMDSS has not issued a public statement and reportedly removed contact information from its website following the emergence of these reports.
The contract with CMDSS had previously faced opposition. Competitors challenged the initial award, arguing that the firm lacked necessary credentials from the Securities and Exchange Commission and that the employment of former agency staff created a conflict of interest. Despite these protests, the Government Accountability Office (GAO) concluded last year that the contract was not improper.
Operational Oversight and Custody Protocols
This incident underscores the inherent risks associated with third-party vendor access in the management of high-value federal digital assets. As the primary custodian for the U.S. Bitcoin Reserve, the USMS faces pressure to demonstrate that its vetting procedures and access controls are robust enough to prevent unauthorized transfers. The investigation will likely center on whether the agency maintains strict segregation of duties and multi-signature security requirements to mitigate insider threats. It is important to note that all individuals involved in the investigation are presumed innocent until proven guilty in a court of law.
