For nearly a year, the U.S. government has been undergoing a historic shift in its Bitcoin holdings, moving from a messy case-by-case inventory of seized cryptocurrencies to a national strategic stockpile.
This ambition, often framed as a “digital Fort Knox,” is currently undergoing a test of credibility following allegations that around $40 million in cryptocurrencies were siphoned off from seized government-linked wallets.
Even if the reported losses are small compared to the roughly $28 billion in Bitcoin that the United States is widely believed to control, this episode cuts into the core premise of the new stance. This raises questions about whether Washington can manage a sovereign-sized Bitcoin balance sheet with reserve-grade security and auditable controls.
Suspected insider breach
Over the weekend, blockchain researcher Zach
ZachXBT linked the theft charges to John D’Aguita, also known as Rix, who maintains family ties to executives at Command Services and Support (CMDSS), a private company contracted to assist the US Marshals Service (USMS) with crypto seizure operations.
Dean D’Aguita serves as president of CMDSS, according to company filings. The company, based in Haymarket, Virginia, contracts with USSMS to manage and dispose of certain types of virtual currency seized.
ZachXBT said he was able to connect John D’Aguita to the theft charges after what he called a “band-on-band” altercation on Telegram. The dispute involved two individuals attempting to prove their wealth by comparing their wallet balances.
The dispute allegedly culminated when a person identified as “Lick” shared screens of his Exodus wallet and transferred large sums of money in real time.
This screen-sharing activity provided evidence that ZachXBT was tracking a cluster of addresses associated with over $90 million in suspected illicit flows. Approximately $24.9 million of this amount was transferred from U.S.-controlled wallets in March 2024.
This scenario has less to do with exploiting advanced protocols and more to focus on vulnerabilities related to custody governance, contractor access, and types of human failure modes that tend to be less scalable when real money and real operational complexity collide.
Meanwhile, this is not the first time that the federal government’s crypto asset custody operations have come under intense scrutiny. In October 2024, approximately $20 million was leaked from wallets related to Bitfinex hack proceeds, but the majority of the funds were recovered.
Fragmentation creates risk
In the popular imagination, the US government’s roughly $28 billion Bitcoin position sounds like a single stockpile behind a single set of controls.
However, the reality of operating these assets is much more fragmented.
Custody arrangements for seized cryptocurrencies are a patchwork of government agencies, legal statuses, and custody solutions. Funds can exist at different points in the forfeiture pipeline, and “US holdings” is not a single ledger entry, but rather a complex operational system.
This distinction is important because security in a multi-institutional mesh relies on process discipline, consistent standards, and rapid movement of funds from temporary seizure wallets to long-term cold storage.
This is because a single administrator can be protected by a fortress-like protocol.
However, systems involving multiple vendors and handoffs behave differently. This relies on consistency of control across all nodes in the network, including people and contractors involved in the process.
This expands the attack surface due to ambiguity about which entity holds which keys and when.
Surveillance can therefore creep into the gaps between institutions, between temporary wallets and long-term storage, and between policy objectives and day-to-day operational realities.
In that context, this reported loss of $40 million takes on even greater significance as it represents a failure of the process.
Such storage failures suggest exposure in unknown locations, especially when the vulnerability is rooted in vendor governance or insider access rather than a one-time technical exploit.
Contractor “hardtail” vulnerabilities
Contractors like CMDSS play a central role in understanding this risk profile because they are located where government storage systems are most complex.
A March 2025 General Accounting Office (GAO) decision confirmed that the USMS awarded CMDSS a contract to manage “class 2-4 cryptocurrencies.”
The GAO document makes distinctions between asset classes that help explain why contractors are important.
Class 1 assets are typically liquid and can be easily supported in standard cold storage. In contrast, assets in classes 2-4 are said to be “less popular” and require specialized processing involving bespoke software or hardware wallets.
That is the hardtail of crypto asset management: not just Bitcoin or a few other liquidity tokens, but a long list of assets in a messy inventory that arrives via foreclosure. Managing these assets may require different blockchain operations, unfamiliar signature flows, and complex liquidation requirements.
In practice, this means relying on outside expertise to manage the most difficult aspects of custody. Under this model, governments are effectively outsourcing the most laborious parts of cryptocurrency operations.
GAO notes that contractors’ use of government assets for staking, borrowing, or investment is strictly prohibited.
However, a contractual prohibition is not a physical restriction. If human controls are circumvented, private key misuse cannot be prevented on its own.
That’s why this allegation, framed as contractor ecosystem risk and social engineering rather than a protocol failure, carries more weight than the specific allegation of theft. When system resiliency depends on discipline and handoffs across all vendors, the weakest nodes become the most attractive targets.
Notably, warnings about custody gaps are not new. The 2025 report highlighted that the USMS was unable to provide even a rough estimate of its BTC holdings and had previously relied on spreadsheets lacking proper inventory management. A 2022 Department of Justice Office of Inspector General audit explicitly warned that such gaps could lead to loss of assets.
Is the US prepared to hold on?
Shifting U.S. policy makes these operational gaps increasingly dangerous.
The White House has directed the Treasury Department to manage custodial accounts that “must not sell” Bitcoin and has moved to create a Strategic Bitcoin Reserve and a separate digital asset stockpile.
This policy change shifts the government’s role from temporary custodian, historically associated with auctions and disposal of evidence, to long-term custodian.
For years, crypto markets have treated the U.S. government’s stash as a potential oversupply and a potential source of selling pressure if the seized coins were liquidated.
However, the strategic reserve framework changes the perspective, as the central issue becomes the reliability of detention.
If Bitcoin is treated as a reserve asset similar to gold, standard investors will implicitly demand vault-level security, clear custody controls, consistent management, and auditable procedures.
This alleged theft of $40 million therefore once again focuses attention on whether the infrastructure supporting this ambition still resembles an ad hoc evidence workflow or is being scaled up for long-term management.
This is because the large and well-known government holdings of Bitcoin can be a prime target for malicious actors looking to exploit a porous system. Cryptocurrency analyst Murtuza Merchant said:
“If criminals believe that seized funds will be siphoned from government wallets, they may treat forfeiture as a temporary inconvenience rather than an endpoint, especially if money laundering routes exist through exchanges or cross-chain hops.”
(Tag translation)Bitcoin
