Government Contractor’s Son Accused of Massive Crypto Theft
John Daghita, known online as “Lick,” was arrested by the FBI in the Caribbean today. He’s accused of stealing around $46 million worth of cryptocurrency that had been seized by U.S. authorities. The arrest follows an investigation that began when blockchain investigator ZachXBT connected the dots between various wallet addresses.
What makes this case particularly interesting is how Daghita allegedly gained access. His father, Dean Daghita, headed Command Services & Support, Inc., a company contracted by the Department of Justice and Department of Defense to handle asset disposal. John worked there as an employee, and investigators believe he used that position to transfer confiscated cryptocurrencies to his personal wallets.
The Unraveling of the Scheme
The theft apparently started back in 2024, but Daghita remained anonymous until January 2026. That’s when he made what might have been a critical mistake. He reportedly boasted about his success to another confessed thief named Dritan Kapplani Jr. During their conversation, Daghita revealed his wallet address.
ZachXBT, who previously exposed the Axiom insider trading case, obtained a recording of this interaction. He then traced the wallet address and found connections to several scams. More importantly, he linked it to a U.S. government address from which digital assets had been siphoned in 2024. The trail led directly back to the seized assets Daghita’s father’s company was supposed to be managing.
A Pattern of Security Failures
This case isn’t an isolated incident in the crypto world. It highlights what seems to be a recurring problem with security around digital assets, even when they’re in government hands. Just recently, South Korea’s tax agency accidentally revealed its virtual asset wallet seed phrase online, leading to the loss of $4.8 million in tokens.
Earlier this year, Apple warned iOS users about the “Coruna” exploit, which targeted crypto wallet seed phrases on phones running certain iOS versions. That malware affected at least 42,000 devices. These incidents suggest that security practices around crypto storage and management might need more attention, especially when large sums are involved.
Broader Implications
What strikes me about this case is the insider nature of the alleged theft. When contractors handle sensitive assets, there’s always some risk, but $46 million is a staggering amount. It raises questions about oversight procedures for government-contracted crypto management.
The fact that Daghita felt comfortable enough to brag about his theft suggests he might have thought he was untouchable. Or perhaps he underestimated how traceable blockchain transactions can be when someone knows what they’re looking for.
I think this case will likely prompt some reevaluation of how seized crypto assets are handled. When you consider that similar schemes seem to be “running rampant” according to the original article, there’s clearly room for improvement in security protocols. The balance between accessibility for legitimate purposes and protection against theft is tricky, but incidents like this show why it matters.
As more governments and institutions hold cryptocurrencies, whether seized or otherwise, they’ll need to develop more robust systems. The decentralized nature of blockchain doesn’t eliminate the need for traditional security measures around access and authorization. If anything, it might require even more careful attention to who has access to private keys and seed phrases.
