Thief of $90M in seized U.S.-controlled crypto alleged to be government crypto contractor's son

January 23, 2026

Thief of $90M in seized U.S.-controlled crypto alleged to be government crypto contractor's son

Two crypto thieves decided to settle an argument over who was wealthier by screensharing as they transferred crypto between wallets to prove ownership. In doing so, one of them — known online as "Lick" — revealed a wallet address that crypto sleuth zachxbt quickly tied to the theft of around $90 million from US government wallets containing seized crypto assets, including a $20 million theft zachxbt reported in October 2024.

zachxbt has alleged that "Lick" is a man named John Daghita. After reporting Daghita's identity, "Lick" appeared to try to scrub his Telegram account, then dusted zachxbt's public crypto wallet from one of the theft addresses.

Daghitia is reportedly the son of Dean Daghita, the owner of Command Services & Support (CMDSS). In October 2024, CMDSS landed a contract with the US Marshals to manage seized crypto assets, which is still active. After zachxbt linked the younger Daghita to his father and CMDSS, CMDSS also scrubbed its online presence. Around that time, Lick began trolling zachxbt again, and later sent 0.6767 ETH (~$1,900) of the stolen funds to zachxbt.

CMDSS' website boasts that they are "a proven provider of mission-critical services to the Department of Defense and Department of Justice".

Tweet thread by zachxbt [archive]
Tweet thread by zachxbt [archive]
Command Services & Support, Inc., USASpending.gov [archive]

January 21, 2026

Saga halts blockchain after $7 million theft

(attribution)

The Saga project halted its blockchain after acknowledging that $7 million had been stolen. An attacker was evidently able to mint a large quantity of Saga Dollar tokens, though it's not yet clear whether it was because of a smart contract vulnerability, private key compromise, or some other issue. The attacker was quick to swap most of the assets to ETH to thwart asset freezes or blockchain halts.

The Saga Dollar token lost its peg and fell to around $0.75 after the attack.

January 12, 2026

Former NYC Mayor Eric Adams accused of rug pull as NYC Token crashes

Eric Adams (attribution)

Shortly after losing his campaign for re-election as mayor of New York City, Eric Adams announced he would be launching "NYC Token". He's pitched the project as a fundraising tool to fight "antisemitism" and "anti-Americanism", and as a project to "teach our children how to embrace the blockchain technology."

He launched the project on January 12, and buyers piled in in hopes of being early to a high-profile crypto token endorsed by a public figure. However, within hours, the team began pulling liquidity as the price peaked, extracting around $2.5 million. As the price began to fall, the team added back around $1.5 million, leaving around $1 million unaccounted for.

Additionally, on-chain researchers observed at least one wallet that spent almost $750,000 to purchase around 1.5 million $NYC around 10 minutes before the token was publicly announced, leading to speculation around insider trading. However, because of the token price crash after the team began pulling liquidity, the apparent insider ultimately lost around $500,000.

People were quick to accuse Adams, or his unidentified crypto team, of rug-pulling buyers. Adams and the project's social media account have claimed that the team was simply moving or "rebalanc[ing]" liquidity, though they have not yet offered any explanation as to where the missing $1 million went.

January 10, 2026

Crypto holder loses $283 million to scammer impersonating wallet support

A crypto holder has lost $282 million in bitcoin and litecoin after a scammer impersonating a customer support employee for the Trezor hardware wallet manufacturer successfully convinced them into revealing their seed phrase. After gaining access to the assets, they quickly swapped them to the Monero privacycoin. The volume of assets was so large that the Monero price spiked as the scammer laundered the finds. The scammer also swapped assets using the THORChain project, which boasted on social media about the "World record speedrun. ⚡️" (presumably without realizing they were bragging about a thief using their project to launder money).

Around $700,000 of the stolen assets were frozen thanks to intervention by a security firm called ZeroShadow, although this represents only 0.2% of the total loss.

January 8, 2026

Truebit exploited for over $26 million

(attribution)

A bug in a smart contract belonging to the Ethereum-based Truebit project allowed an attacker to steal 8,535 ETH (~$26.4 million). The thief targeted one of the project's older contracts — deployed in 2021 — which contained a bug in which the price calculation to mint sufficiently large quantities of the protocol's TRU token would overflow, erroneously allowing people to mint large amounts of TRU for next to nothing. The exploiter took advantage of this by minting TRU and swapping it for ETH, ultimately causing the TRU token price to crash 99.9%. Another subsequent attack saw around $300,000 more drained from the project.

Truebit acknowledged the hack and urged users not to interact with the vulnerable smart contract.

December 30, 2025

Unleash Protocol exploited for $3.9 million

(attribution)

Unleash Protocol, a project promising to allow creators to register their intellectual property on the blockchain, has been exploited for around $3.9 million. An attacker was able to gain administrative access, despite the project's governance system ostensibly being protected by a multisignature wallet. They then deployed a new smart contract, which allowed them to siphon assets from the project. The attacker then bridged the funds to ETH and laundered them via the Tornado Cash cryptocurrency mixer.

"Unleash hacker begins laundering $4 million in ETH through Tornado Cash", The Block

December 27, 2025

Flow blockchain exploited for $3.9 million

(attribution)

The Flow blockchain suffered an exploit in which an attacker was able to mint a large number of wrapped FLOW tokens, which they then swapped to tokens on other blockchains. Ultimately around $3.9 million was stolen, and the FLOW token dramatically plunged in price.

Some crypto exchanges, such as Upbit and Bithumb, halted withdrawals and deposits for FLOW after the exploit was discovered. Flow later confirmed the exploit, and said that validators "executed a coordinated halt" of the network to shut down the attack.

"Flow blockchain probes security incident as FLOW token plunges over 40%", The Block

December 25, 2025

Binance's Trust Wallet extension hacked; users lose $7 million

(attribution)

The Trust Wallet Chrome extension was compromised in an apparent supply chain attack. People who used the non-custodial wallet extension after it updated to version 2.68 lost funds after malicious code was introduced to exfiltrate wallet seed phrases so that the attackers could then drain the wallets. Victims have lost a combined $7 million due to the compromise.

Binance founder Changpeng Zhao — who supposedly has no managerial role at Binance after he and the company were criminally charged in the US — announced that Binance would reimburse users who lost funds.

December 19, 2025

Crypto trader loses $50 million to address poisoning attack

A crypto trader lost almost $50 million in the Tether stablecoin after falling victim to an address poisoning attack. Because blockchain wallet addresses are long, random alphanumeric strings, traders often use the first and/or last several characters to quickly recognize wallets, and copy and paste regularly used wallet addresses from their transaction history. This has given rise to a type of scam known as "address poisoning", where scammers generate wallet addresses that share similar beginning and end characters, and use them to send transactions to wealthy victims. If they're lucky, as they were in this case, the victim will accidentally copy the similar looking scammer's wallet address when making a transfer of significant size.

After the theft, the victim sent an on-chain message to the scammer, offering a $1 million "bounty" for the return of the remaining funds. They threatened, "We have officially filed a criminal case. With the assistance of law enforcement, cybersecurity agencies, and multiple blockchain protocols, we have already gathered substantial and actionable intelligence regarding your activities." However, there's been no activity from the wallet since the message, and the thief had long since begun laundering the funds via Tornado Cash.

Thief wallet, Etherscan [archive]
On-chain message, Etherscan

December 16, 2025

Yearn Finance suffers fourth exploit only weeks after third

(attribution)

Only weeks after losing $6.6 million to an infinite mint exploit, a Yearn Finance smart contract has again been exploited, allowing an attacker to make off with around 103 ETH (~$300,000). The affected contract is a legacy contract that was part of the Yearn v1 project (once known as iearn). The attacker used a flash loan to manipulate the price of tokens in the vault, allowing them to withdraw the iearn assets, which they then swapped for ETH.

This is Yearn's fourth hack, following the $6.6 million theft in November, an $11 million exploit in 2023, and an $11 million exploit in 2021. Yearn also lost around $1.4 million in 2023 in connection to the Euler Finance attack.