​A U.S. government contractor's son, accused of stealing more than $46 million in cryptocurrency from the U.S. Marshals Service, was arrested Wednesday on the island of Saint Martin.

The arrest was the result of a joint operation between the FBI and France's elite Groupe d'Intervention de la Gendarmerie Nationale, FBI Director Kash Patel announced on Thursday.

"Last night, John Daghita – a U.S. government contractor who allegedly stole more than $46 million in cryptocurrency from the U.S Marshals Service – was arrested on the island of Saint Martin by the French Gendarmerie's premier elite tactical unit in a joint operation with the @FBI," Patel said.

"Thanks to the International Cooperation Team Serious Crime Unit of the French Gendarmerie National in Saint Martin, and the Groupe d'intervention de la Gendarmerie nationale of Guadeloupe for the outstanding coordination."

According to photos taken during Daghita's arrest, law enforcement officers also seized an undisclosed amount of U.S. dollars in $100 bank notes, as well as multiple hard drives and security keys.

​John Daghita (who uses the "Lick" online handle) is the son of Dean Daghita, president and CEO of Command Services & Support (CMDSS). This Virginia-based firm has been helping the U.S. Marshals Service manage and dispose of seized digital assets since October 2024.

Those holdings reportedly also include funds tied to the 2016 Bitfinex hack, one of the largest cryptocurrency heists on record, which led to the theft of 120,000 bitcoins from the Hong Kong-based Bitfinex crypto-exchange.

Blockchain investigator ZachXBT broke the case publicly in late January when he published an analysis that ​​​​​​traced $23 million in USMS-linked wallet movements to addresses he linked to Daghita, who is also a U.S. government contractor, according to Patel.

ZachXBT found that Daghita inadvertently exposed himself during a dispute with another threat actor (known as Dritan Kapplani Jr.) in a recorded private Telegram chat, where he demonstrated the ability to move large sums between two cryptowallets in real time.

Further on-chain analysis subsequently enabled ZachXBT to link those wallets to government-seized assets from the Bitfinex hack seizure. After the investigator reported his findings to authorities, Daghita reportedly taunted him repeatedly on Telegram by sending small amounts of the allegedly stolen funds (a tactic known as a "dust attack") to ZachXBT's public wallet address.

"In late January 2026, I exposed how John stole $ 46M+ in seized crypto assets from the US government by abusing access at CMDSS, his father's company, which held a USMS contract," ZachXBT said after Daghita's arrest.

"John then taunted me multiple times via his Telegram channel and dust attacked my public wallet address with stolen funds. Thanks for the last laugh, John."