US Government’s Bitcoin At Risk? The Insider Theft That Shocked The Community
On-chain sleuth ZachXBT has revealed the identity of a threat actor who stole over $40 million from the U.S. government’s crypto stash. The White House has confirmed that it is looking into the situation but has not yet said whether its Bitcoin holdings were affected by the theft.
How This Threat Actor Stole Over $40 Million From the U.S. Government Crypto Wallets
In an X post, ZachXBT revealed that threat actor John Daghita, also known as Lick, stole over $40 million from the U.S. government’s seizure addresses, as his dad owns Command Services & Support (CMDSS), which has an active IT government contract. CMDSS was awarded a contract to assist the U.S. Marshals in managing and disposing of seized and forfeited crypto assets. However, the ZachXBT noted that it remains unclear how John obtained access from his dad.
The CMDSS company X account, website, and LinkedIn were all deactivated following ZachXBT’s revelation. Meanwhile, the crypto investigator had first drawn attention to John in an earlier X post, stating that the threat actor had been caught flexing $23 million in a wallet address.
He noted that this wallet was directly tied to over $90 million in suspected thefts from the U.S. Government in 2024 and multiple other unidentified victims from November 2025 to December 2025. John revealed this crypto wallet during a heated argument with another threat actor, Dritan Kapplani Jr., in a group chat about who had more funds in their crypto wallets.
The Source Of The Funds
Following John’s messages, ZachXBT traced the source of the threat actor’s funds to a wallet (0xc7a2) that received $24.9 million from a U.S. Government address in March 2024 related to the Bitfinex hack seizure, which was a theft from the government. John’s wallet (0xd8bc), which he showed off during the heated argument, is also said to be tied to $63 million in inflows from suspected victims and government-seizure addresses in the fourth quarter of last year.
John quickly removed all of the NFT usernames from his Telegram account and changed his screen name after ZachXBT’s post. Meanwhile, it is worth noting that the crypto investigator identified John as John Daghitia after rumors began circulating that the threat actor was the same person previously arrested in September 2025. However, it remains unclear for what John was arrested last year.
Is The U.S. Government’s BTC At Risk?
White House crypto adviser Patrick Witt confirmed in an X post that they are investigating the theft and will provide an update soon. This development is also significant, as U.S. President Donald Trump has already signed an executive order that allocates all U.S. government Bitcoin holdings to the Strategic BTC Reserve.
Based on the timeline of these thefts from the government’s seizure addresses, John looks to have stolen some of these crypto assets after Trump signed the executive order. Meanwhile, part of the theft occurred under the Biden Administration. There has yet to be confirmation from the government on how much BTC it holds. However, BiTBo data shows that the U.S. government currently holds 198,012 BTC.
Featured image from Pixabay, chart from Tradingview.com
Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.
