The US government has been trying to execute a historic pivot with its Bitcoin holdings, shifting from a messy, case-by-case inventory of seized crypto into a strategic national reserve for almost a year now.
That ambition, often framed as a “digital Fort Knox,” is now facing a credibility test after allegations that roughly $40 million in crypto was siphoned from government-linked seizure wallets.
Even if the reported loss is small relative to the roughly $28 billion in Bitcoin the US is widely believed to control, the episode cuts at the core premise of the new posture. It raises doubts about whether Washington can manage a sovereign-scale Bitcoin balance sheet with reserve-grade security and auditable controls.
The alleged insider breach
Over the weekend, blockchain investigator ZachXBT alleged that more than $40 million in crypto was siphoned from US government-linked seizure wallets.
ZachXBT linked the alleged theft to John Daghita, popularly known as Licks, who he said maintains family ties to the executive leadership of Command Services & Support (CMDSS), a private firm contracted to support US Marshals Service (USMS) crypto seizure operations.
Corporate filings indicate that Dean Daghita serves as president of CMDSS. The firm is based in Haymarket, Virginia, and is contracted by the USMS to manage and dispose of specific categories of seized cryptocurrency.
ZachXBT said he was able to connect John Daghita to the alleged theft after what he described as a “band-for-band” argument on Telegram, a dispute in which two individuals attempted to prove their wealth by comparing wallet balances.
The dispute allegedly culminated in a persona identified as “Lick” screen-sharing an Exodus wallet and moving large sums in real time.
That screen-shared activity provided a trail ZachXBT said he used to trace a cluster of addresses that is linked to more than $90 million in suspected illicit flows. Of this, roughly $24.9 million moved from a US-controlled wallet in March 2024.
This scenario spotlights a vulnerability that has less to do with sophisticated protocol exploits and more with custody governance, contractor access, and the kinds of human failure modes that tend to scale poorly when real money and real operational complexity collide.
Meanwhile, this is also not the first time federal crypto custody operations have faced scrutiny. In October 2024, a wallet linked to the Bitfinex hack proceeds was drained of approximately $20 million, though the funds were largely recovered.
Fragmentation creates risk
In popular imagination, the US government’s roughly $28 billion Bitcoin position sounds like a single stockpile sitting behind a single set of controls.
However, the operational reality for these assets is far more fragmented.
Custody arrangements for seized crypto are a patchwork of agencies, legal statuses, and storage solutions. Funds can sit at different points in the forfeiture pipeline, and “US holdings” is not a single ledger entry but rather a complex operational system.
That variance matters because security in a multi-agency mesh depends on process discipline, consistent standards, and the rapid migration of funds from temporary seizure wallets into long-term cold storage.
This is because a single custodian can be defended with fortress-like protocols.
However, a system involving multiple vendors and handoffs behaves differently. It relies on the consistency of controls across every node in the network, including the people and contractors who touch the process.
So, the ambiguity around which agency holds which keys and when expands the attack surface.
Thus, oversight can slip in the gaps between organizations, between temporary wallets and long-term storage, and between policy ambition and day-to-day operational reality.
In that context, the significance of this reported $40 million loss becomes bigger as it implies a process failure.
Such custody failure suggests unknown exposure elsewhere, especially if the weakness is rooted in vendor governance or insider access rather than a one-off technical exploit.
The contractor’s “hard tail” vulnerability
Contractors like CMDSS are central to understanding this risk profile because they sit where the government’s custody system becomes most complicated.
A Government Accountability Office (GAO) decision from March 2025 confirmed that the USMS awarded CMDSS a contract to manage “Class 2–4 cryptocurrencies.”
The GAO document draws a distinction between asset classes that helps explain why contractors matter.
Class 1 assets are generally liquid and can be readily supported by standard cold storage. Class 2–4 assets, by contrast, are described as “less popular” and require specialized handling, often involving bespoke software or hardware wallets.
That is the hard tail of crypto custody, the long list of assets that are not simply Bitcoin and a handful of other liquid tokens, but the messy inventory that arrives through seizures. Managing those assets can require navigating different blockchains, unfamiliar signing flows, and complex liquidation requirements.
In practical terms, it creates a reliance on external expertise to manage the most challenging aspects of custody. Under this model, the government effectively outsources the messiest corner of crypto operations.
The GAO notes that contractors are strictly prohibited from using government assets for staking, borrowing, or investing.
But contractual prohibitions are not physical controls. They cannot, on their own, prevent misuse of a private key if human controls are bypassed.
That is why the allegations, framed as contractor ecosystem risk and social engineering rather than protocol failure, carry weight beyond the specific theft claim. If the system’s resilience depends on discipline across every vendor and handoff, then the weakest node becomes the most attractive target.
Notably, warnings about custody gaps are not new. A 2025 report highlighted that the USMS could not provide even a rough estimate of its BTC holdings and had previously relied on spreadsheets lacking adequate inventory controls. A 2022 Department of Justice Office of Inspector General audit explicitly warned that gaps like these could result in the loss of assets.
Is the US prepared to hodl?
The stakes of these operational gaps have risen because US policy is shifting.
The White House has moved to establish a Strategic Bitcoin Reserve and a separate Digital Asset Stockpile, with directives for the Treasury to administer custodial accounts where Bitcoin “shall not be sold.”
That policy change shifts the government’s role from a temporary custodian, historically associated with auctions and evidence disposal, to a long-term holder.
For years, the crypto markets treated the US government’s stash as a potential supply overhang, a source of latent selling pressure if seized coins were liquidated.
However, the strategic reserve framing shifts the lens, as the central question becomes custody credibility.
If Bitcoin is to be treated as a reserve asset analogous to gold, the standard investors will implicitly demand is vault-grade security, clear custodianship, consistent controls, and auditable procedures.
So, this alleged $40 million theft draws attention back to whether the infrastructure supporting this ambition still resembles an ad hoc evidence workflow or is being scaled for long-term stewardship.
This is because a large, well-known government Bitcoin hoard could become a prime target for malicious actors seeking to exploit a porous system. Crypto analyst Murtuza Merchant said:
“If criminals believe seized funds can be siphoned from government wallets, they may treat forfeiture as a temporary inconvenience, not an endpoint, especially if laundering routes exist through exchanges and cross-chain hops.”
