Molly White
@molly0xfff@hachyderm.io  ·  activity timestamp 2 days ago
The incident has renewed concerns about the US government’s ability to prudently manage crypto. In 2022, a Department of Justice Inspector General report identified “challenges” in the Marshals’ crypto custody practices, including “lack of comprehensive inventory management” and “inadequate, incomplete, and conflicting policies and procedures”.18 Last year, the Marshals struggled to provide even an estimate of how much crypto they held. An IT contractor who was passed over for a contract with the Marshals explained to CoinDesk, “As far as I’m aware, the USMS is currently managing this with individual keystrokes in an Excel spreadsheet. ... They’re one bad day away from a billion-dollar mistake.”19 Later in 2024, the Marshals disclosed in response to a FOIA request that they held around 28,988 BTC (more than $2.5 billion at today’s prices), though they did not provide an accounting of their other tokens.20 After zachxbt’s allegations, a wallet linked to the thefts launched a “John Daghita” token, with the ticker $LICK, on the pump.fun memecoin launchpad. I couldn’t help but laugh when I read reporting from Cointelegraph that “The deployer of LICK held 40% of the total supply at launch, according to blockchain data visualization platform Bubblemaps, a level of concentration often viewed as a red flag in early-stage token launches.”21 I’m not sure the degree of concentration is really the primary red flag here.
The incident has renewed concerns about the US government’s ability to prudently manage crypto. In 2022, a Department of Justice Inspector General report identified “challenges” in the Marshals’ crypto custody practices, including “lack of comprehensive inventory management” and “inadequate, incomplete, and conflicting policies and procedures”.18 Last year, the Marshals struggled to provide even an estimate of how much crypto they held. An IT contractor who was passed over for a contract with the Marshals explained to CoinDesk, “As far as I’m aware, the USMS is currently managing this with individual keystrokes in an Excel spreadsheet. ... They’re one bad day away from a billion-dollar mistake.”19 Later in 2024, the Marshals disclosed in response to a FOIA request that they held around 28,988 BTC (more than $2.5 billion at today’s prices), though they did not provide an accounting of their other tokens.20 After zachxbt’s allegations, a wallet linked to the thefts launched a “John Daghita” token, with the ticker $LICK, on the pump.fun memecoin launchpad. I couldn’t help but laugh when I read reporting from Cointelegraph that “The deployer of LICK held 40% of the total supply at launch, according to blockchain data visualization platform Bubblemaps, a level of concentration often viewed as a red flag in early-stage token launches.”21 I’m not sure the degree of concentration is really the primary red flag here.
The incident has renewed concerns about the US government’s ability to prudently manage crypto. In 2022, a Department of Justice Inspector General report identified “challenges” in the Marshals’ crypto custody practices, including “lack of comprehensive inventory management” and “inadequate, incomplete, and conflicting policies and procedures”.18 Last year, the Marshals struggled to provide even an estimate of how much crypto they held. An IT contractor who was passed over for a contract with the Marshals explained to CoinDesk, “As far as I’m aware, the USMS is currently managing this with individual keystrokes in an Excel spreadsheet. ... They’re one bad day away from a billion-dollar mistake.”19 Later in 2024, the Marshals disclosed in response to a FOIA request that they held around 28,988 BTC (more than $2.5 billion at today’s prices), though they did not provide an accounting of their other tokens.20 After zachxbt’s allegations, a wallet linked to the thefts launched a “John Daghita” token, with the ticker $LICK, on the pump.fun memecoin launchpad. I couldn’t help but laugh when I read reporting from Cointelegraph that “The deployer of LICK held 40% of the total supply at launch, according to blockchain data visualization platform Bubblemaps, a level of concentration often viewed as a red flag in early-stage token launches.”21 I’m not sure the degree of concentration is really the primary red flag here.
Shockingly, Daghita’s father is reportedly Dean Daghita, the owner of an IT company called Command Services & Support (CMDSS). In November 2024, CMDSS began a contract with the US Marshals to provide management services for their seized crypto assets.16 The contract is still active. While Coinbase has since July 2024 managed what the Marshals call their “class 1” crypto assetsc — the most popular cryptocurrencies like bitcoin, ether, and Tether — CMDSS was chosen to manage the “class 2” through “class 4” cryptocurrencies.d While it could be that the younger Daghita gained privileged information or access to the Marshals’ crypto wallets through his father, it’s not clear how that would have enabled thefts in the months prior to the contract award. I am hopeful that a FOIA request I filed with the Marshals earlier this week will shed some light on that. It’s also curious that many of the assets Lick siphoned from government wallets fall into the “class 1” category, which CMDSS is not involved in managing. The Marshals have declined to comment on the matter, citing ongoing investigations.17
Shockingly, Daghita’s father is reportedly Dean Daghita, the owner of an IT company called Command Services & Support (CMDSS). In November 2024, CMDSS began a contract with the US Marshals to provide management services for their seized crypto assets.16 The contract is still active. While Coinbase has since July 2024 managed what the Marshals call their “class 1” crypto assetsc — the most popular cryptocurrencies like bitcoin, ether, and Tether — CMDSS was chosen to manage the “class 2” through “class 4” cryptocurrencies.d While it could be that the younger Daghita gained privileged information or access to the Marshals’ crypto wallets through his father, it’s not clear how that would have enabled thefts in the months prior to the contract award. I am hopeful that a FOIA request I filed with the Marshals earlier this week will shed some light on that. It’s also curious that many of the assets Lick siphoned from government wallets fall into the “class 1” category, which CMDSS is not involved in managing. The Marshals have declined to comment on the matter, citing ongoing investigations.17
Shockingly, Daghita’s father is reportedly Dean Daghita, the owner of an IT company called Command Services & Support (CMDSS). In November 2024, CMDSS began a contract with the US Marshals to provide management services for their seized crypto assets.16 The contract is still active. While Coinbase has since July 2024 managed what the Marshals call their “class 1” crypto assetsc — the most popular cryptocurrencies like bitcoin, ether, and Tether — CMDSS was chosen to manage the “class 2” through “class 4” cryptocurrencies.d While it could be that the younger Daghita gained privileged information or access to the Marshals’ crypto wallets through his father, it’s not clear how that would have enabled thefts in the months prior to the contract award. I am hopeful that a FOIA request I filed with the Marshals earlier this week will shed some light on that. It’s also curious that many of the assets Lick siphoned from government wallets fall into the “class 1” category, which CMDSS is not involved in managing. The Marshals have declined to comment on the matter, citing ongoing investigations.17
In crime Something funky’s been happening with the US Marshals’ pile of seized crypto — the crypto they’re tasked with hanging on to as cases wind through the courts.b In March 2024, almost $25 million was inexplicably removed from a Marshals-controlled wallet containing funds connected to the 2016 Bitfinex hack. In October 2024, crypto sleuth zachxbt noticed that $20 million of the Marshals’ crypto assets had apparently been stolen, with the thief laundering the funds through various exchanges [W3IGG]. The next day, $19.3 million of those funds were mysteriously returned. Now, zachxbt has linked the stolen government funds — as well as stolen assets belonging to other victims — to a man named John Daghita. According to zachxbt, Daghita was previously known only as “Lick” online, and was active in Telegram chat rooms where crypto thieves boasted about their wealth. When another thief taunted Lick for “only having $6 mil”, Lick evidently decided the only way to defend his honor was to go on a screenshare call to show proof of ownership by transferring funds between wallets. In doing so, he exposed several wallet addresses, and zachxbt was able to trace some of the crypto back to the US government wallet addresses.1415
In crime Something funky’s been happening with the US Marshals’ pile of seized crypto — the crypto they’re tasked with hanging on to as cases wind through the courts.b In March 2024, almost $25 million was inexplicably removed from a Marshals-controlled wallet containing funds connected to the 2016 Bitfinex hack. In October 2024, crypto sleuth zachxbt noticed that $20 million of the Marshals’ crypto assets had apparently been stolen, with the thief laundering the funds through various exchanges [W3IGG]. The next day, $19.3 million of those funds were mysteriously returned. Now, zachxbt has linked the stolen government funds — as well as stolen assets belonging to other victims — to a man named John Daghita. According to zachxbt, Daghita was previously known only as “Lick” online, and was active in Telegram chat rooms where crypto thieves boasted about their wealth. When another thief taunted Lick for “only having $6 mil”, Lick evidently decided the only way to defend his honor was to go on a screenshare call to show proof of ownership by transferring funds between wallets. In doing so, he exposed several wallet addresses, and zachxbt was able to trace some of the crypto back to the US government wallet addresses.1415
In crime Something funky’s been happening with the US Marshals’ pile of seized crypto — the crypto they’re tasked with hanging on to as cases wind through the courts.b In March 2024, almost $25 million was inexplicably removed from a Marshals-controlled wallet containing funds connected to the 2016 Bitfinex hack. In October 2024, crypto sleuth zachxbt noticed that $20 million of the Marshals’ crypto assets had apparently been stolen, with the thief laundering the funds through various exchanges [W3IGG]. The next day, $19.3 million of those funds were mysteriously returned. Now, zachxbt has linked the stolen government funds — as well as stolen assets belonging to other victims — to a man named John Daghita. According to zachxbt, Daghita was previously known only as “Lick” online, and was active in Telegram chat rooms where crypto thieves boasted about their wealth. When another thief taunted Lick for “only having $6 mil”, Lick evidently decided the only way to defend his honor was to go on a screenshare call to show proof of ownership by transferring funds between wallets. In doing so, he exposed several wallet addresses, and zachxbt was able to trace some of the crypto back to the US government wallet addresses.1415
Molly White
@molly0xfff@hachyderm.io  ·  activity timestamp 2 days ago
This is Citation Needed’s 100th recap issue (and issue 196 overall)! This newsletter is free because I want it to be accessible to everyone, but it’s also my full-time job. Producing it means paying real costs — from webhosting to PACER fees — and spending substantial time on research, writing, and maintaining related projects like Web3 Is Going Just Great and Follow the Crypto. To celebrate the milestone, I'm running a membership drive with a goal of 50 new paid subscribers by issue #200. Please consider joining today and helping me reach it!
This is Citation Needed’s 100th recap issue (and issue 196 overall)! This newsletter is free because I want it to be accessible to everyone, but it’s also my full-time job. Producing it means paying real costs — from webhosting to PACER fees — and spending substantial time on research, writing, and maintaining related projects like Web3 Is Going Just Great and Follow the Crypto. To celebrate the milestone, I'm running a membership drive with a goal of 50 new paid subscribers by issue #200. Please consider joining today and helping me reach it!
This is Citation Needed’s 100th recap issue (and issue 196 overall)! This newsletter is free because I want it to be accessible to everyone, but it’s also my full-time job. Producing it means paying real costs — from webhosting to PACER fees — and spending substantial time on research, writing, and maintaining related projects like Web3 Is Going Just Great and Follow the Crypto. To celebrate the milestone, I'm running a membership drive with a goal of 50 new paid subscribers by issue #200. Please consider joining today and helping me reach it!
Home Login