US authorities are investigating claims that digital wallets controlled by the United States Marshals Service (USMS), a federal law enforcement agency responsible for custody and sale of seized cryptocurrency, may have been compromised in late 2025. An on-chain investigator known as ZachXBT said he traced movements of more than $60 million to wallet addresses he identified as linked to government seizure accounts, prompting the USMS to open a probe into the matter.
ZachXBT posted his findings on the social platform X, describing how the suspected theft was uncovered during an online argument between pseudonymous participants in a dark web-linked forum. The investigator said he began tracing transfers after seeing government-linked wallet addresses appear on a livestreamed wallet session. The alleged transfers included funds that he linked back to seized assets from the 2016 Bitfinex exchange hack, part of a broader set of suspected illicit cryptocurrency movements.
The US Marshals Service confirmed to Bloomberg News that it is investigating possible unauthorised access to its digital-asset accounts but declined further comment while the inquiry is ongoing. The agency manages custody and disposal of cryptocurrencies seized or forfeited in federal criminal cases, a portfolio that includes Bitcoin and other tokens held in connection with significant enforcement actions.
Independent reporting has linked some of the traced wallet activity to an individual known online as “John” or “Lick,” whom ZachXBT identified as possibly connected to a private contractor working with the USMS. That individual is said to be the son of an executive at a Virginia-based company under contract with the Marshals Service to help manage digital assets. Claims about his involvement have not been tested in court, and no charges have been publicly filed as of late January 2026.
Blockchain analyses published by multiple observers showed that tracing of transfers highlighted large sums moving through a series of addresses associated with suspected thefts, including some tied to government wallets dating back to wallet activity in 2024 and 2025. These movements were brought to wider attention after on-chain sleuths flagged them in connection with ZachXBT’s initial trace.
The investigation is ongoing and involves tracing the flow of seized digital assets and determining whether insider access or external compromise allowed unauthorised transfers. Federal authorities have not released details of any operational response or asset recovery efforts but have acknowledged that the matter remains under review.
Site Disclaimer
2-remove-virus.com is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.
The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.