The FBI arrested John Daghita in Saint Martin over allegations he misappropriated about $46 million in cryptocurrency from wallets managed for the U.S. Marshals Service. The case has quickly become a high-visibility test of how government-seized digital assets are safeguarded when custody responsibilities sit with third-party contractors.

The arrest was confirmed by FBI Director Kash Patel on March 5 and followed an on-chain investigation that traced suspicious transfers to addresses investigators linked to Daghita. Even at this early stage, the episode is already reshaping the risk conversation: government custody isn’t just a technical control problem, it’s an insider-access problem with real money at stake.

Last night, John Daghita – a U.S. government contractor who allegedly stole more than $46 million in cryptocurrency from the U.S Marshals Service – was arrested on the island of Saint Martin by the French Gendarmerie’s premier elite tactical unit in a joint operation with the… pic.twitter.com/3ttochgbjk

— FBI Director Kash Patel (@FBIDirectorKash) March 5, 2026

How investigators say the theft happened

Prosecutors, according to public reporting and blockchain analysis, allege Daghita exploited a family connection to Command Services & Support (CMDSS), whose CEO is Dean Daghita, to access U.S. Marshals Service custody accounts. CMDSS had been awarded a roughly $4 million federal contract in October 2024 to manage complex seized digital assets, including holdings traced to the 2016 Bitfinex hack, which raises the stakes around internal controls and access governance.

At the center of the allegations is a breakdown in custody segregation and access management at a contractor supporting government-held wallets. If the government’s operational perimeter relied too heavily on a small number of privileged access paths, the case will likely become a reference point for how agencies structure vendor permissions, key custody, and oversight when seized assets are both high-value and highly portable.

Detection, notably, did not originate from an internal government alert in the details provided. Blockchain investigator ZachXBT flagged suspicious movement from government seizure accounts in January 2026 and later updated the suspected theft estimate from about $40 million to roughly $46 million as tracing continued. That sequence is a reminder that transparent on-chain evidence can produce investigatory leverage even when traditional controls fail to surface anomalies quickly.

Investigators say the suspicious transfers moved from government-controlled wallets into addresses they associate with John Daghita, which catalyzed a multiagency probe and an international arrest operation involving the FBI and the French Gendarmerie. The operational takeaway for compliance leaders is uncomfortable but clear: the chain is auditable, but custody failures can still happen fast when privileged access is misused.

Custody controls and physical evidence come into focus

Authorities also reportedly seized physical evidence at the time of arrest, and law-enforcement images were cited as showing what prosecutors recovered. The reported items included a suitcase containing stacks of U.S. currency, multiple USB thumb drives, a mobile phone, and three devices resembling hardware cryptocurrency wallets—a combination that underscores how digital-asset incidents often span both cyber and physical vectors.

FBI Director Kash Patel confirmed the detention but did not disclose whether any funds have been recovered, leaving a major open question for stakeholders who care about restitution and asset disposition. In parallel, extradition proceedings were anticipated as U.S. authorities prepared to press charges, which means the near-term timeline is likely to be driven by cross-border legal process rather than market dynamics.

Custody failures can reflect compromised key management, weak segregation of duties, and insufficient vetting of third-party access paths. For custodians and law-enforcement asset teams, the practical response set is well understood—tighter access controls, multi-signature structures where appropriate, continuous on-chain supervision, and strong physical security around recovery materials—but the point is that those measures need to be demonstrably enforced, not just written into policy.

Government agencies overseeing seized crypto and the contractors they appoint will likely face sharper scrutiny, calls for external audits, and pressure to upgrade governance around who can move funds and how quickly anomalies are detected. The arrest moves the criminal case forward, but the broader industry lesson will be determined by what the courts uncover about access controls, audit trails, and whether the custody model was built to withstand insider threats at scale.