Bubblemaps Flags LICK Token as On-Chain Data Links Initiative for Allegedly Stealing US Government $40M

On-chain data revealed a wallet tied to John “Lick” controlling 40% of the LICK supply following the launch of Pump.fun.

A newly launched meme coin called LICK has come under scrutiny after on-chain data linked its creation to John Daghita, also known as “Lick,” who is accused of stealing $40 million from the US government.

In its latest update, blockchain analytics platform Bubblemaps reported that Daghita recently launched LICK on Solana-based meme coin launchpad, Pump.fun, and was live streaming on Telegram to promote the token. According to shared data, a single wallet linked to Daghita holds nearly 40% of LICK’s total assets, which has caused rapid concentration and risk concerns.

Bubblemaps described the situation as “unchanged.”

From Confiscated Funds to Pump. it’s fun

The Bubblemaps update comes just days after prominent on-chain investigator ZachXBT published detailed findings linking “Lick” to wallets tied to suspected major heists and funds linked to US government seizure addresses. ZachXBT said his investigation stemmed from a leaked recording of a private group chat, where a threat actor named “John” was seen sharing wallet ratings and moving millions of dollars worth of cryptocurrency during an argument with another actor.

According to ZachXBT, the dispute has grown into a “gang,” a practice in cybercriminal circles where participants try to prove their wealth by displaying and transferring funds in real time. The investigator said the recordings showed John controlling multiple wallets and moving significant amounts of crypto while being recorded, which led to the wallets being traced afterwards.

After analyzing the footage, an on-chain sleuth reported that the bags revealed in the recording could be linked to more than $90 million in alleged thefts. He said that one fund in the chain of transactions received 1,066 WETH on November 20, 2025, which was followed by a fund that received $24.9 million from a US government address in March 2024.

Commitments with Bitfinex Funds

ZachXBT said this address was linked to funds taken from the Bitfinex hack, which he previously reported on in October 2024. He also said the same fund received more than $63 million from suspected victims and addresses related to government seizures during the fourth quarter of 2025, as well as an additional source of 4,170 ETH, worth about 1 million M12 at the time of M12 ETH.

You may also like:

John had a long history of bragging about his number on Telegram and the shared identifiers tied to those messages, according to ZachXBT, who also added that rumors on cybercrime channels indicated that the person could be John Daghita, who was arrested in September 2025, although he admitted that further confirmation was needed.

The investigator raised more questions about the access to the seized funds, while revealing that John’s father is the owner of CMDSS, the company that holds the contract of the US Marshals Service in relation to the management of lost crypto assets. He emphasized that it was not clear how any access might have occurred.

Meanwhile, public statements from officials confirmed that US government authorities are investigating the matter.