John Daghita was arrested on the island of Saint Martin by the French Gendarmerie's elite tactical unit in a joint operation with the FBI, FBI Director Kash Patel announced Thursday.The alleged theft involved more than $46 million in cryptocurrency from the U.S. government's crypto holdings in 2024.
Daghita's recently-deleted LinkedIn page showed he worked for Command Services & Support, a Virginia-based firm run by his father, Dean Daghita, which held contracts with the U.S. Marshals Service that allowed them to manage digital currency seized by the law enforcement agency.U.S. officials have not publicly detailed how Daghita allegedly accessed the crypto or the wallets, nor whether CMDSS's internal controls were bypassed or exploited.
The most striking detail of the arrest speaks to law enforcement's competence on the ground.Authorities who carried out the arrest found a briefcase full of cash as well as multiple USB drives. This is not the work of a sophisticated operator who had vanished into a digital underworld. Daghita fled to the Caribbean with physical cash and storage devices; he was exposed through old-fashioned detective work combined with blockchain analysis.
How a Blockchain Sleuth Found Him
Blockchain investigator ZachXBT broke the case publicly in late January when he published an analysis that traced $23 million in USMS-linked wallet movements to addresses he linked to Daghita. The method of discovery is almost embarrassing for federal security.ZachXBT found that Daghita inadvertently exposed himself during a dispute with another threat actor in a recorded private Telegram chat, where he demonstrated the ability to move large sums between two cryptowallets in real time.
After being publicly accused, Daghita did not quietly disappear.After the investigator reported his findings to authorities, Daghita reportedly taunted him repeatedly on Telegram by sending small amounts of the allegedly stolen funds (a tactic known as a 'dust attack') to ZachXBT's public wallet address. In a March post on X, ZachXBT said Daghita had been arrestedas a result of his exposure in January, after which Daghita had "taunted me multiple times via his Telegram channel and dust attacked my public wallet address with stolen funds".
What This Reveals About Federal Safeguards
The deeper issue here is not Daghita's hubris but rather the government's ability to secure assets held by contractors.The U.S. Marshals Service's cryptocurrency holdings are estimated at over 198,000 BTC, worth tens of billions of dollars. If a contractor's son with family connection to a firm managing seized crypto could siphon off $46 million and then brag about it online, something is broken in the system.
From a fiscal accountability standpoint, this is precisely the kind of insider threat that government agencies must anticipate when they outsource sensitive functions to private contractors.Competitors of CMDSS challenged the initial decision by the Marshals Service to award the contract, claiming the firm lacked appropriate credentials and employment practices created a conflict of interest. The Government Accountability Office last year concluded that the contract was not improper. That verdict warrants reconsideration.
Allegations of insider theft and improper management have intensified calls for reform in how federal agencies secure and track digital assets, especially those seized from criminal activity. The legitimate counterargument is important to acknowledge: restricting what private firms can bid for government work may raise costs, reduce competition, and slow agency operations. Yet the Daghita case shows what happens when oversight lapses.
A Pragmatic Path Forward
The fact that a private blockchain investigator solved this case faster than federal authorities raises hard questions about resource allocation and training at the Marshals Service.U.S. officials have not publicly detailed how Daghita allegedly accessed the crypto or the wallets, suggesting the government may still be working to understand what went wrong. Transparency on this point should be non-negotiable.
Sound contractor governance requires more than legal review of awards. It demands regular security audits, separation of duties, and auditor independence. When a single firm's employee can unilaterally move tens of millions in seized government assets, no review process was adequate. The solution is not to abandon outsourcing but to enforce more rigorous oversight, including independent verification of access controls and regular third-party audits. Daghita's arrest is a win for law enforcement, but the system that allowed him to steal in the first place needs urgent repair.