WILMINGTON, Delaware — A key figure in Elon Musk’s US Doge Service team once provided technical support to a cybercrime group that boasted about trafficking stolen data and cyberstalking an FBI agent, according to digital records examined by Reuters. Edward Coristine, a prominent member of the Doge initiative with extensive access to official networks, was previously known for his young age—19—and his nickname, "Big Balls," which became a pop culture reference. Musk praised him on social media platform X, stating, "Big Balls is awesome."

In 2022, while still in high school, Coristine operated a company called DiamondCDN, which offered network services. Digital records and interviews with former associates indicate that one of its clients was a cybercriminal group known as "EGodly." DomainTools and Any.Run tracked the group’s website, dataleak.fun, to IP addresses associated with DiamondCDN and Coristine’s other ventures between October 2022 and June 2023.

A February 15, 2023, Telegram post from EGodly expressed gratitude to DiamondCDN for its security and caching services, which helped them maintain their operations. Some users accessing the EGodly website during that period encountered a DiamondCDN security check. Coristine did not respond to requests for comment, nor did Musk’s team, which informally calls itself the "Department of Government Efficiency." Coristine is listed as a "senior adviser" at the State Department and the Cybersecurity and Infrastructure Security Agency (CISA), according to officials at both agencies. However, CISA declined to comment, and the State Department did not respond to inquiries. On LinkedIn, Coristine describes himself as a "Volunteer (Intern) Plumber" for the US government.

EGodly, whose Telegram channel has been inactive for a year, has previously claimed responsibility for hacking law enforcement emails in Latin America and Eastern Europe, hijacking phone numbers, and stealing cryptocurrency. In 2023, the group doxxed an FBI agent investigating them, sharing his personal details and posting a video of someone driving past his house while shouting threats.

Although Reuters could not verify all of EGodly’s cybercrime claims, it confirmed the authenticity of the video. The targeted FBI agent, now retired, stated that EGodly was known for its involvement in "swatting"—making false emergency calls to provoke armed police responses. He declined to comment on whether the group was under FBI investigation, and the agency did not respond to inquiries.

It remains unclear how long EGodly used DiamondCDN’s services or whether they paid for them. Archived versions of DiamondCDN’s website indicate that the company offered both paid and free services. Cybercrime experts described EGodly as a sophisticated fraud network, and a former CISA official, Nitin Natarajan, expressed concern about Coristine’s past association with the group. Given the recency of these activities, he warned that having someone with such a history involved in sensitive government operations was alarming.

Disclaimer: This image is taken from Reuters.