FBI Arrested U.S. Government Contractor Who Allegedly Stole More than $46 Million

On March 4, 2026, a major international law enforcement operation led to the capture of John Daghita, a U.S. government contractor.

Daghita is accused of a massive insider theft, allegedly stealing more than $46 million in cryptocurrency from the United States Marshals Service (USMS).

The arrest highlights significant concerns regarding insider threats and the secure management of seized digital assets by federal agencies.

FBI Director Kash Patel publicly confirmed the arrest on March 5, 2026, emphasizing the agency’s dedication to pursuing individuals who attempt to defraud American taxpayers.

This high-profile case brings immediate attention to the vulnerabilities inherent in government supply chains and the strict access controls required to safeguard seized cryptocurrency.

It also shows that internal contractors can pose just as much of a risk as external hackers.

The Arrest and Joint Operation

Daghita’s apprehension was successful on the Caribbean island of Saint Martin. It was a highly coordinated effort between the FBI and elite French tactical units.

Specifically, the operation involved the International Co-operation Team Serious Crime Unit of the French Gendarmerie Nationale in Saint Martin, alongside the Groupe d’intervention de la Gendarmerie nationale (GIGN) of Guadeloupe.

This joint international strike demonstrates the global reach of U.S. law enforcement when tracking down cybercriminals and rogue insiders.

In a post on X (Twitter), Kash Patel noted that the Federal Bureau of Investigation works around the clock with international partners to ensure criminals cannot hide, regardless of the jurisdiction they flee to.

The rapid coordination between U.S. and French authorities was critical in capturing the suspect before he could further launder or disperse the stolen digital funds.

This quick action likely prevented the $46 million in cryptocurrency from disappearing completely into the dark web or being washed through crypto mixers, which is a common tactic used by cybercriminals to hide their tracks.

The theft of $46 million from the U.S. Marshals Service underscores a severe insider threat problem.

The USMS is frequently responsible for managing and liquidating cryptocurrency seized during criminal cyber investigations.

A breach of this magnitude suggests potential gaps in the agency’s digital asset custody protocols, such as privileged access management and multi-signature wallet controls.

Insider threats remain one of the most challenging attack vectors to defend against because the actor already possesses legitimate network credentials and system knowledge.

When contractors are granted high-level access to sensitive government financial vaults, organizations must implement strict zero-trust architectures.

This incident will likely prompt a comprehensive security audit of how the USMS and other federal bodies handle, store, and transfer seized digital currencies.

Ensuring that no single individual has unilateral access to hardware wallets or private keys is a fundamental defense against insider theft.

Moving forward, agencies may need to adopt stricter continuous monitoring and behavioral analytics to detect anomalous asset transfers in real time.

The arrest of John Daghita serves as a strong warning that robust internal security policies are just as important as defending against external cyberattacks.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.