Arrest of USMS Contractor John Daghita for Alleged $46M Cryptocurrency Theft
US authorities arrested John Daghita, a U.S. government contractor, on allegations he stole more than $46 million in cryptocurrency tied to wallets associated with the U.S. Marshals Service (USMS). The apprehension occurred on the Caribbean island of Saint Martin in a coordinated operation involving the FBI and French law enforcement units (including the French Gendarmerie), and was publicly confirmed by FBI Director Kash Patel, who also shared images of seized items reportedly including hardware wallets and cash.
Reporting and blockchain-tracing details indicate the theft activity was linked to a persona using the handles “John” / “Lick,” with on-chain movements drawing attention after a public “band-for-band” social media exchange; after attribution, the actor allegedly attempted to launder remaining proceeds via mixers and cross-chain transfers. The case has been highlighted as a high-impact insider threat scenario involving access to or association with a firm responsible for safeguarding seized digital assets, underscoring the need for strong access controls, contractor oversight, and monitoring around government-controlled cryptocurrency custody.
Related Entities
Organizations
Sources
Related Stories
Law Enforcement Crypto Custody Failures Lead to Multi-Million Dollar Thefts
US authorities arrested **John Daghita** (online handle **“Lick”**) in Saint Martin for allegedly stealing **more than $46 million** in cryptocurrency tied to the **U.S. Marshals Service (USMS)**. The arrest was conducted in a joint operation between the **FBI** and France’s **Groupe d’Intervention de la Gendarmerie Nationale (GIGN)**, and reportedly involved the seizure of cash, hard drives, and security keys. Reporting links Daghita to a USMS digital-asset management contractor (CMDSS), and notes that blockchain investigator **ZachXBT** publicly traced USMS-linked wallet movements to addresses he associated with Daghita, helping bring attention to the alleged theft. Separately, South Korea’s **National Tax Service** reportedly lost roughly **$5 million** in seized cryptocurrency after officials circulated a press release that exposed a wallet’s **mnemonic recovery phrase/password**, enabling an unknown party to drain the funds. The incident was described as part of a broader pattern of **crypto custody lapses** in South Korean law enforcement, with additional cases cited involving missing seized bitcoin and investigations tied to potential phishing and internal control failures. Together, the incidents underscore that government-held digital assets remain a high-value target and that operational security failures (credential exposure, weak key management, and inadequate redaction/review processes) can directly translate into rapid, irreversible losses.
1 weeks ago
US Law Enforcement Actions Targeting Crypto-Enabled Crime and Illicit Marketplaces
US authorities reported multiple enforcement actions tied to **crypto-enabled crime**. In the Empire Market case, prosecutors said co-creators **Raheim Hamilton** and **Thomas Pavey** designed the dark web marketplace to help users evade law enforcement and launder proceeds; the market allegedly facilitated about **$430M** in transactions (drugs, stolen payment data, counterfeit currency) before disappearing in 2020 in what investigators described as an exit scam that stole an estimated **$30M** in bitcoin. Hamilton pleaded guilty to federal drug conspiracy charges and agreed to forfeit roughly **1,230 BTC** plus **24.4 ETH** and real estate; Pavey previously pleaded guilty and agreed to forfeit about **1,584 BTC** and other assets. Separately, reporting highlighted alleged misuse and laundering of digital assets in other contexts. On-chain investigator **ZachXBT** traced movements from wallets associated with **US-seized crypto** (held under U.S. Marshals Service custodianship) to wallets allegedly linked to **John Daghita**, the son of a federal contractor executive, with claims of roughly **$23M** in diverted cryptocurrency and another wallet holding about **$36M** in Ethereum; ZachXBT said he alerted the **U.S. Marshals Service**. In another DOJ case, **Jingliang Su** (a Chinese national) was sentenced to **46 months** for laundering proceeds from a cryptocurrency investment fraud that authorities said victimized **174** people for **$36.9M**, using social engineering via social media/dating platforms and counterfeit trading sites, with **$26.9M** restitution ordered and multiple US agencies involved in tracing funds and dismantling the network.
1 months ago
Law Enforcement Actions Targeting Cryptocurrency Theft and Fraud Proceeds
South Korean police arrested two suspects over the alleged embezzlement of **22 BTC (~$1.5M)** that had been held in police custody after a virtual asset company turned over a cold wallet during a 2021 hacking investigation. Reporting indicates required procedures to move seized crypto into a police-controlled cold wallet and vault were not followed; instead, the original third party retained control elements and later allegedly provided a **mnemonic seed phrase** to a hacker as part of a purported “loan” arrangement, enabling the attacker to recover the wallet and transfer the funds without police detection. The theft was reportedly uncovered during a National Police Agency audit triggered by a separate January 2026 incident in which **320 BTC** went missing from the Gwangju District Prosecutors’ Office. Separately, the U.S. Department of Justice announced the seizure of **$61 million in USDT (Tether)** tied to **“pig butchering”** cryptocurrency investment scams, stating the funds were traced to addresses used to launder proceeds stolen from victims. The DoJ described typical scam mechanics involving social engineering via dating/social messaging apps, coercion of trafficked workers in Southeast Asia–based scam compounds, and fraudulent investment platforms that display fabricated returns and impose additional “fees” when victims attempt withdrawals, with law enforcement emphasizing cross-border tracing and disruption of laundering infrastructure.
2 weeks ago