$46M Crypto Theft: GIGN and FBI Arrest Son of US Government Contractor
📋 En bref (TL;DR)
- $46 million: the amount in cryptocurrencies stolen from US government digital vaults by the son of a US Marshals contractor
- Spectacular arrest: joint GIGN-FBI operation in Saint-Martin (French West Indies) on March 4, 2026, carried out “by ruse and without incident”
- John Daghita, 22: he exploited his father’s company’s (CMDSS) privileged access to government wallets holding seized crypto assets
- ZachXBT, the blockchain detective: the independent investigator unmasked Daghita after he exposed his $23M wallet during a “flexing” session on Telegram
- Systemic failures: a DOJ report revealed that the US Marshals were managing billions in crypto on simple Excel spreadsheets
- Extradition underway: FBI Director Kash Patel confirmed that the United States would initiate extradition proceedings
An Elite Operation in the Caribbean
On the evening of March 4, 2026, about ten personnel from the AGIGN of Guadeloupe — the overseas unit of the prestigious Groupe d’intervention de la Gendarmerie nationale — arrested John Daghita on the French side of the island of Saint-Martin. Three investigators from the local Research Section and three FBI agents coordinated the operation, carried out “by ruse and without incident” according to the gendarmerie.
Law enforcement seized a metal briefcase containing approximately 250,000 euros in $100 bills, several hardware wallets, USB drives, high-end computer equipment, and a loaded Glock-type handgun. FBI Director Kash Patel praised “the exceptional coordination” with French forces and confirmed the initiation of extradition proceedings to the United States.
Privileged Access to the Government’s Digital Vaults
John Daghita is the son of Dean Daghita, president and CEO of Command Services & Support (CMDSS), a Virginia-based company that secured a $4 million contract with the U.S. Marshals Service in October 2024. Its mission: to manage seized digital assets of categories 2 through 4 — the most complex cryptocurrencies stemming from criminal cases.
CMDSS thus had access to wallets holding billions of dollars in digital assets, including funds from the notorious 2016 Bitfinex hack, in which 119,754 bitcoins were stolen. According to on-chain analysis, John Daghita allegedly exploited this privileged access to transfer $24.9 million from a government wallet as early as March 2024. In total, more than $90 million in suspicious activity has been linked to wallets connected to the suspect.
Unmasked by a “Flexing” Session on Telegram
The case was not uncovered by an internal US Marshals audit, but by ZachXBT, an independent blockchain investigator who became well known for his on-chain investigations. In January 2025, during a “band-for-band” exchange on Telegram — a trend in which participants publicly compare the size of their crypto portfolios — Daghita shared his screen live, exposing a wallet containing $23 million.
ZachXBT captured the wallet addresses and transaction hashes, then published his analysis in January 2026. He traced fund movements from wallets linked to the US Marshals to addresses controlled by Daghita, identifying in particular 12,540 ETH transferred to personal wallets. After the publication, Daghita taunted the detective on Telegram and launched “dust attacks” on his wallet — a provocative gesture that only strengthened the evidence against him.
The Gaping Flaws in Government Crypto Management
This case shines a light on structural dysfunctions in the way US authorities manage seized cryptocurrencies. The federal government holds approximately $22 billion in seized digital assets, including more than 198,000 BTC. Yet a 2022 audit by the Department of Justice’s Inspector General had already revealed that the US Marshals were using simple “Excel spreadsheets” to manage these assets — files that could “be edited or deleted without leaving a trace.”
Even more alarming: a February 2025 CoinDesk article revealed that the US Marshals “did not appear to know how much cryptocurrency they held.” Daghita’s theft went undetected for months, until a private investigator published his findings online. Since the revelations, CMDSS’s website has been made private and its social media accounts deactivated.
Toward “Fort Knox-Level” Security?
The case is fueling calls for a complete overhaul of seized crypto management. Several avenues are being discussed by US lawmakers:
- Multi-signature wallets in cold storage, requiring multiple validations for any movement of funds
- Transferring custody to the Department of the Treasury rather than law enforcement agencies
- Automated and transparent on-chain audits
The vast majority of the stolen funds were reportedly returned within 24 hours of the arrest, according to Gizmodo. But the incident remains a warning: in a world where governments are accumulating strategic reserves in Bitcoin, the security of institutional custody is becoming a matter of sovereignty.
📚 Glossary
- Hardware wallet: A physical device (secure USB key) that stores cryptocurrency private keys offline, providing protection against hacking.
- On-chain: Refers to data and transactions recorded directly on the blockchain, publicly verifiable and immutable.
- ZachXBT: A pseudonymous blockchain investigator specializing in tracing stolen funds and identifying fraudsters in the crypto ecosystem.
- Seized digital assets: Cryptocurrencies confiscated by authorities in the course of criminal cases, held under government custody pending liquidation or restitution.
- Multi-signature (multi-sig): A security mechanism requiring multiple cryptographic signatures to authorize a transaction, reducing the risk of theft by a single actor.
- Bitcoin (BTC): The first and largest cryptocurrency by market capitalization, created in 2009 by Satoshi Nakamoto. It operates on a decentralized peer-to-peer network.
Frequently asked questions
How did a contractor’s son manage to steal $46 million from the US government?
John Daghita exploited his father’s company CMDSS’s privileged access to government wallets holding seized cryptocurrencies. CMDSS held a $4 million contract with the US Marshals to manage these digital assets.
Why was the French GIGN involved in this arrest?
The suspect was located on the French side of the island of Saint-Martin, in the West Indies. The operation therefore fell under the jurisdiction of the French gendarmerie, which deployed the AGIGN of Guadeloupe in coordination with three FBI agents.
Who is ZachXBT and how did he uncover the theft?
ZachXBT is an independent blockchain investigator. He identified Daghita after the suspect exposed a $23 million wallet during an exchange on Telegram. ZachXBT then traced fund movements from government wallets to those controlled by the suspect.
Were the stolen funds recovered?
According to multiple sources, the vast majority of the stolen funds were returned within 24 hours of the arrest. Hardware wallets and cash were also seized during the operation.
How does the US government store seized cryptocurrencies?
The government holds approximately $22 billion in seized crypto. A DOJ report revealed that the US Marshals were using Excel spreadsheets to manage these assets — a system deemed inadequate and vulnerable to manipulation.
📰 Sources
This article is based on the following sources:
- Gendarmerie nationale – Official press release on the joint GIGN-FBI operation in Saint-Martin
- The Block – Suspect in alleged $46 million US Marshals crypto theft arrested (March 5, 2026)
- CBS News – Federal contractor arrested in Caribbean (March 5, 2026)
- DOJ Office of Inspector General – Audit of USMS Management of Seized Cryptocurrency
How to cite this article: Fibo Crypto. (2026). $46M Crypto Theft: GIGN and FBI Arrest Son of US Government Contractor. Retrieved March 7, 2026 from https://fibo-crypto.fr
