On-chain detective exposes the suspect behind the US government’s $40 million theft case: surprisingly the son of an asset management company CEO

According to the latest news, on-chain detective ZachXBT accused the suspect John Daghita of stealing $40 million in cryptocurrency assets from the US government. It was revealed that John Daghita is the son of the CEO of CMDSS. This exposure uncovers a satirical irony: CMDSS had previously secured a US government contract specifically responsible for handling seized cryptocurrencies. The case not only involves asset theft but also exposes vulnerabilities in government asset management systems.

Key Clues in the Identity Exposure

Exposure caused by flaunting wealth

John Daghita’s identity was revealed following an “imprudent display of wealth.” According to ZachXBT’s investigation, the suspect publicly showcased approximately $23 million worth of crypto assets during an online dispute with another hacker. This seemingly boastful act ultimately became his “witness.”

By tracking these wallet addresses, ZachXBT found links to multiple cases. On-chain data shows these funds trace back to several wallets, including a Tron address and an Ethereum address, whose activity history is directly connected to the 2024 theft of over $90 million from the US government, as well as multiple unresolved victim cases from November to December 2025.

Satirical background

More ironically, the suspect’s father is the CEO of CMDSS. CMDSS previously secured a US government contract, with responsibilities including handling seized cryptocurrencies. This means that the son of an executive managing government crypto assets is suspected of stealing assets from the government. This identity conflict exposes trust issues within management hierarchies.

On-Chain Tracking of Fund Flows

Exchanges as “Money Laundering Channels”

Another noteworthy detail in the case is that the suspect transferred funds through the MEXC exchange. According to ZachXBT’s disclosures, on January 24, 2026, MEXC allowed this threat actor to access over $12.4 million of stolen government funds. Even more concerning, the same attacker subsequently deposited over 240 ETH into their MEXC account.

This series of actions indicates that the attacker is not only moving stolen funds but also continuously depositing new assets into exchanges, potentially signaling ongoing money laundering activities.

The reality of exchange regulation

ZachXBT commented bluntly: “Crypto exchanges allowing attackers to access stolen funds is exactly why every crime movie nowadays involves cryptocurrency.” This reflects a deeper issue—the regulatory gaps in preventing stolen funds from flowing into exchanges.

Deep Impacts of the Case

This case exposes multiple layers of issues:

• Government asset management risks: Contractors responsible for managing government crypto assets have serious security vulnerabilities
• Identity verification flaws: CMDSS may have gaps in background checks on senior family members
• Exchange compliance issues: Platforms like MEXC have limited ability to identify stolen funds
• Value of on-chain tracking: ZachXBT and other on-chain detectives provide crucial clues for law enforcement

Future Outlook

This case may trigger stricter scrutiny of anti-money laundering (AML) and Know Your Customer (KYC) procedures at crypto exchanges. The US government might enhance background checks for contractors, especially those handling sensitive assets. Meanwhile, exchanges could face increased pressure from regulators to improve detection and freezing mechanisms for stolen funds.

Summary

The key points of this case are: the importance of identity exposure, the ironic conflicts within the case, and the practical challenges of exchange regulation. Through on-chain tracking, ZachXBT not only identified the suspect’s identity but also provided law enforcement with comprehensive evidence of fund flows. This case reminds us that even in the crypto world, there is no absolute anonymity—an imprudent act can lead to full exposure. It also serves as a stark warning to crypto exchanges and government asset management systems.