FBI Director Kash Patel confirmed on March 5, 2026 that John Daghita, the US government contractor accused of stealing more than $46 million in cryptocurrency from the US Marshals Service, was arrested on the island of Saint Martin by the French Gendarmerie's elite tactical unit in a joint operation with the FBI.
The arrest caps a months-long investigation that began after blockchain investigator ZachXBT publicly traced tens of millions in stolen funds back to Daghita, the son of a Virginia-based contractor whose firm held the federal custody contract for seized digital assets.
From Telegram Bragging to an International Arrest Warrant
John "Lick" Daghita first surfaced in January 2026 when ZachXBT published an investigation linking him to wallets holding government-seized cryptocurrency. The trail started with a Telegram argument. In what crypto circles call a "band for band," two individuals challenged each other to prove who controlled more crypto. Daghita allegedly screen-shared his wallets during the recorded exchange, and those wallets were later traced to addresses holding assets seized by the US Marshals Service in 2024 and 2025.
ZachXBT identified at least $23 million flowing through wallets he attributed to Daghita, with one single wallet holding 12,540 ETH, worth roughly $36 million at the time. The total alleged theft figure has since risen to $46 million based on the FBI's own accounting, as of March 5, 2026.
The USMS confirmed it had opened a probe in late January but declined to comment further while the investigation was active. Six weeks later, Daghita was in handcuffs on a Caribbean island.
The Contractor Connection That Made It Possible
The theft was not a remote hack or an external exploit. It was an inside job, according to investigators.
Daghita's father, Dean Daghita, is president of Command Services & Support (CMDSS), a Haymarket, Virginia-based IT firm. In October 2024, the USMS awarded CMDSS a contract to manage and dispose of "Class 2-4" seized cryptocurrencies. These are tokens that mainstream centralized exchanges do not support, requiring specialized custody solutions.
CMDSS is not a small shop. The firm has maintained active contracts with both the Department of Justice and the Department of Defense for years. But the crypto custody contract placed it in a uniquely sensitive position: direct access to wallets containing assets seized in federal criminal investigations.
Wave Digital Assets, a competing bidder, had protested the award to the Government Accountability Office, alleging that CMDSS lacked proper licensing with the Securities and Exchange Commission and the Financial Industry Regulatory Authority. The GAO denied the protest, finding the USMS evaluation reasonable.
Months later, the agency's choice of custodian became the center of one of the largest government crypto thefts on record.
How the FBI and French Forces Coordinated the Takedown
The arrest on Saint Martin required international cooperation. According to Patel's statement, the French Gendarmerie National's Serious Crime Unit on Saint Martin and the Groupe d'Intervention de la Gendarmerie Nationale (GIGN) based in Guadeloupe executed the physical arrest. The GIGN is France's premier counter-terrorism and hostage rescue unit, comparable to the US Delta Force or the UK's SAS.
Deploying that level of tactical force for a crypto theft suspect signals how seriously both governments treated the flight risk. Daghita had fled the United States while the investigation was ongoing, ultimately landing on the French side of Saint Martin, a Caribbean island split between France and the Netherlands.
The FBI facilitated the operation through existing mutual legal assistance channels. Extradition proceedings are expected to follow, though no formal charges have been publicly filed in a US court as of the time of writing.
What This Means for Federal Crypto Custody
The Daghita case exposes a fundamental weakness in how the US government manages its growing stockpile of seized digital assets. The USMS is estimated to hold hundreds of thousands of bitcoin and other cryptocurrencies confiscated in criminal cases, from Silk Road seizures to Bitfinex hack recoveries.
Outsourcing custody of these assets to private contractors introduces counterparty risk that does not exist when the government holds traditional seized property like cash or real estate. A contractor's employee, or their family member, with access to private keys can drain wallets in minutes, with no physical vault to crack and no armored truck to intercept.
The incident has drawn comparisons to the broader self-custody versus custodial debate that plays out in the consumer crypto card market. When a third party controls your keys, whether that party is a startup, an exchange, or a government contractor, you inherit their security posture. The FTX collapse, the Wirecard fraud, and now the CMDSS breach all illustrate the same principle: custody risk is counterparty risk.
For individual crypto holders, the lesson reinforces why self-custody wallets and non-custodial spending solutions continue to attract users who prefer to eliminate intermediaries.
ZachXBT and the Rise of On-Chain Investigators
This is the second major case in recent months where blockchain investigator ZachXBT played a pivotal role in exposing alleged fraud before law enforcement acted. In February 2026, ZachXBT exposed alleged insider trading at Axiom, documenting how employees reportedly used internal tools to front-run user trades.
The pattern is consistent: on-chain forensics catches what traditional auditing misses. Blockchain transactions are permanent, public, and traceable. Daghita's alleged mistake was not just stealing the funds but flashing them on Telegram, creating a direct link between his identity and the wallet addresses.
Law enforcement agencies, including the FBI, have increasingly relied on blockchain analytics firms and independent investigators like ZachXBT to build cases. The transparency of public ledgers makes crypto simultaneously easy to steal and hard to keep.
The Broader Implications for Government Digital Asset Policy
The arrest comes at a sensitive time for US crypto policy. The GENIUS Act is working through Congress to establish stablecoin regulatory frameworks, while the Senate voted to ban a federal CBDC through 2030. Meanwhile, Kraken became the first crypto firm to access the Federal Reserve payment system.
Against that backdrop, a $46 million theft from the government's own crypto vaults undermines confidence in federal digital asset management at the exact moment when policymakers are debating whether the US should hold a strategic bitcoin reserve.
If the government cannot secure its own seized crypto, critics will ask, how can it credibly regulate an industry built on trustless systems?
FAQ
Who is John Daghita? John "Lick" Daghita is the son of Dean Daghita, president of Command Services & Support (CMDSS), a Virginia-based IT firm contracted by the US Marshals Service to manage seized cryptocurrency. He is accused of stealing more than $46 million in digital assets from government-controlled wallets.
Where was he arrested? Daghita was arrested on the island of Saint Martin by the French Gendarmerie's elite tactical unit (GIGN) in a joint operation with the FBI, as confirmed by FBI Director Kash Patel on March 5, 2026.
How was the theft discovered? Blockchain investigator ZachXBT traced wallet addresses holding government-seized crypto back to Daghita after a recorded Telegram argument in which Daghita allegedly screen-shared his wallet holdings to prove his wealth.
What happens next? Extradition proceedings are expected to bring Daghita to the United States for formal charges. No US court filings have been made public as of March 5, 2026.
Overview
The FBI arrested John Daghita on the island of Saint Martin in a joint operation with France's elite GIGN tactical unit. Daghita is accused of stealing $46 million in cryptocurrency from wallets managed by his father's company, CMDSS, which held a US Marshals Service contract for seized digital asset custody. Blockchain investigator ZachXBT first exposed the theft in January 2026 after Daghita inadvertently revealed his wallet holdings during a recorded Telegram argument. The case highlights the counterparty risks of outsourcing crypto custody to private contractors and arrives at a critical moment for US digital asset policy.
Recommended Reading
- ZachXBT Exposes Axiom Employees Allegedly Abusing Internal Tools to Track User Wallets and Insider Trade
- The US Senate Just Voted 84-6 to Ban a Federal Reserve Digital Dollar Through 2030
- Google Uncovers Coruna, a Spy-Grade iOS Exploit Kit That Steals Crypto Wallets From Older iPhones
