Fact check: What are the allegations against Big Balls that prompted an FBI investigation?

1. The explosive allegation: a teenage aide linked to a cybercrime ring

Reporting in March 2025 first presented the core allegation: Edward Coristine — known as “Big Balls” — provided tech support to a group calling itself EGodly while he was in high school. Reuters reported that EGodly bragged about hacking government email accounts and cyberstalking an FBI agent, and that the group publicly thanked Coristine’s firm, DiamondCDN, in a February 2023 Telegram post for technical help ^{[1] [2]}. These accounts rest on digital footprints and Telegram messages documented by journalists; the narrative connects a named individual and a commercially registered entity to a criminal forum’s public posts. The claim centers on linkage between corporate services and an extortionate cybercrime collective — not a lone, anonymous hacker.

2. Corroboration across outlets and what each adds

Independent and Fortune reporting independently corroborated elements of the Reuters story, citing corporate and digital records and Telegram messages that show EGodly acknowledging assistance from DiamondCDN ^{[2] [4]}. Fortune added that Coristine later held advisory titles in government cybersecurity and State Department contexts, which raises further questions about vetting and appointment practices given the earlier alleged ties to a criminal group ^[4]. Multiple outlets reporting similar documentary evidence increases the credibility of the base allegation, while also shifting the focus from a teenager’s past to implications for later public-sector roles.

3. Why the FBI opened an inquiry: sensitive access and potential exposure

A July 2025 WIRED investigation documented that Coristine gained access to systems at the Small Business Administration and the National Finance Center — the latter handles payroll for federal law enforcement, including FBI personnel ^[3]. Journalists flagged the speed and depth of that access as unusual, noting that traditional background screening and security-clearance processes were not clearly followed. When combined with the March allegations that his company assisted a group that boasted of targeting an FBI agent, the FBI’s interest appears to focus on whether an individual with alleged ties to a cybercrime ring had access to systems containing information on federal law-enforcement personnel and whether any data exposure occurred ^{[1] [3]}.

4. What sources do not say and gaps reporters flagged

Contemporaneous profiles, including a Wikipedia entry, summarize Coristine’s public biography and associations with figures such as Elon Musk and the Department of Government Efficiency but do not independently verify criminal conduct ^[5]. The reporting that alleges assistance to EGodly rests on a mix of corporate records and public posts by the criminal group; concrete public charging documents or court filings tying Coristine to EGodly were not cited in the reporting available in these analyses ^{[1] [2] [4]}. That leaves open investigatory and legal questions: whether the FBI found evidence of wrongdoing beyond the public-facing records, and whether any formal charges followed those inquiries.

5. Conflicting narratives and potential agendas in coverage

Coverage splits along two axes: outlets focused on documentary technical links between DiamondCDN and EGodly, and outlets emphasizing institutional failures in vetting people who later accessed sensitive systems ^{[1] [2] [3] [4]}. Proponents of urgent action emphasize national-security risk from unvetted access to the National Finance Center and SBA tools; others warn that public reporting based on Telegram posts and corporate ties can conflate association with criminal culpability ^[5]. Readers should note those differing framings: some pieces push for accountability in hiring and vetting, while others stress the need for legal standards and direct evidence before equating assistance with criminal liability.

6. Bottom line: what is established and what remains unresolved

What is established in contemporaneous reporting is that journalists documented Telegram messages and corporate links between DiamondCDN and EGodly, and that Coristine later accessed sensitive federal systems — facts that together drew FBI attention ^{[1] [2] [3] [4]}. What remains unresolved in the public record cited here is whether the FBI’s inquiry produced prosecutable evidence, how much data — if any — was accessed or exfiltrated, and whether vetting processes failed or were circumvented. The documented intersections of alleged cybercriminal assistance and rapid federal-system access justify investigatory scrutiny, but public sources in these analyses stop short of publishing court filings that would definitively prove criminal conduct.