Inside the $46M Crypto Heist: Why Your Digital Wallet Could Be Next

• The FBI just nabbed a $46 million crypto thief operating inside a federal asset disposal contract.
• John “Lick” Daghita exploited privileged access to US Marshals seized tokens, exposing a massive governance gap.
• Crypto crime surged to $2.17 billion in 2025, with the “Coruna” iOS exploit threatening 42,000 wallets.
• Regulators and custodians are tightening controls, but new attack vectors keep investors on edge.

You thought your crypto was safe? Think again. The Federal Bureau of Investigation arrested John Daghita—known on the dark web as “Lick”—in the Caribbean, accusing him of siphoning $46 million of seized cryptocurrency that the US Marshals Service had locked away.

Related Reads: Teen Crypto Heist in Arizona: What This Signals for Your Digital Assets

Why John Daghita's $46M Crypto Theft Shakes the Custody Landscape

Command Services & Support, Inc. (CMDSS) won a lucrative contract to dispose of seized digital assets for the Department of Justice and the Department of Defense. As the head of CMDSS, Dean Daghita placed his son John in a role that granted unfettered access to wallet addresses and private keys. Leveraging that privileged position, John allegedly transferred confiscated coins into personal wallets, a move that went undetected until an independent researcher, ZachXBT, traced the flow of funds.

This breach underscores a fundamental weakness: the lack of “separation of duties” in government‑level crypto custody. When a single individual can both authorize and execute transfers, the risk of insider theft spikes dramatically.

Impact on Government Crypto Custody Practices

Following the arrest, the DOJ announced a comprehensive audit of all crypto disposal contracts. Expect tighter KYC (Know‑Your‑Customer) protocols, multi‑signature vaults, and mandatory third‑party oversight. The incident also pushes lawmakers to consider legislation mandating “custody segregation” for digital assets, akin to the segregation rules for fiat funds.

For investors, the takeaway is clear: any platform that claims sole control over your assets must prove it uses industry‑standard checks and balances. Look for multi‑sig wallets, hardware security modules (HSMs), and regular independent audits.

How Competitors Like Coinbase and Binance Are Responding

Both Coinbase and Binance have issued statements emphasizing their “zero‑knowledge” custody solutions. Coinbase, for instance, highlights its use of “cold‑storage” where private keys never touch the internet, and its internal “key‑holder rotation” policy that limits any single employee’s authority.

Binance has accelerated its rollout of “Secure Asset Fund for Users” (SAFU) insurance, positioning it as a hedge against both external hacks and internal fraud. These moves are designed to reassure institutional clients that their digital assets are insulated from the type of insider abuse seen in the CMDSS case.

Historical Parallels: The Mt. Gox Collapse and Lessons Learned

In 2014, Mt. Gox’s mishandling of Bitcoin withdrawals led to a loss of 850,000 BTC—then worth $450 million. The root cause was poor internal controls and opaque accounting, mirroring today’s CMDSS failure. Post‑Mt. Gox, the industry adopted best‑practice frameworks such as the “Crypto Custody Standard” (CCS) and the “Principles for Financial Market Infrastructures” (PFMI) for digital assets.

History repeats when regulators lag behind technology. The Daghita case may be the catalyst that finally forces universal adoption of those standards across federal agencies.

Technical Glossary: Seized Crypto, Seed Phrase, and the “Coruna” Exploit

• Seized Crypto: Digital assets confiscated by law enforcement, typically held in escrow wallets pending legal resolution.
• Seed Phrase: A human‑readable list of 12‑24 words that generate all private keys for a wallet. Possession of the seed phrase equals full control.
• Coruna Exploit: Malware targeting iOS versions 13.0‑17.2.1 that scans device memory for seed phrases, exfiltrating them to attackers.

Investor Playbook: Bull vs. Bear Cases

Bull Case: The crackdown spurs rapid adoption of institutional‑grade custody solutions, boosting revenues for firms like Fireblocks, BitGo, and Ledger. Regulatory clarity also attracts more capital into crypto ETFs, driving price appreciation across major tokens.

Bear Case: Continued high‑profile thefts erode retail confidence, prompting a wave of withdrawals from exchanges. If additional government contracts are frozen pending new compliance rules, crypto‑related service revenues could contract, pressuring valuations.

Bottom line: Monitor the rollout of federal custody reforms and the market’s reaction to new security products. Companies that can demonstrably lock down insider risk are likely to emerge as the sector’s winners.