Hacked Lending Pool BigWhale Discloses its Ties with Russia

BigWhale.io is a DeFi staking & lending protocol built on the Binance Smart Chain. The Swiss firm Certik, involved in cryptocurrency expertise and financial brokering since 2020, audited the application prior to its launch. However, such audits aren't always a guarantee of security.

The BigWhale smart contract was deployed in April 2023, but its operations were short-lived.

According to the project's white paper, it has been working with “various under-banked or un-banked businesses & individuals in specific industries.”

BigWhale focuses on  “highly profitable but capital-intensive activities such as THC / CBD Oil / Hemp production & distribution based in South America and other countries, Russian & other oil distributors / transporters, cryptocurrency mining firms & exchanges.”

BigWhale lured borrowers with the promise of dependable off-bank financing and enticed lenders by offering a passive 2% daily return on their lent funds, with an opportunity to boost this yield almost 500-fold (!!!) in a mere three months.

The company remained tight-lipped about its seed capital and refrained from sharing details about the project's funding origins. The identities of the developers, executives, and the company's physical location also remained shrouded in mystery. 

Within its half-year of operations, the project managed to pool in over $6.5 million from about 2,000 lenders.

By the end of September, an independent review substantiated the apprehensions of U.S. regulators: it appeared that profit percentages were being sourced from the capital of BigWhale's newest clients. Furthermore, the platform leaned into a multi-tiered marketing strategy. They enlisted influential figures in the crypto realm to champion their app. On top of this, a dedicated team of marketers was on the project's promotional frontlines. These marketers were lured with hefty rewards — commissions amounting to 10% of the daily earnings of the clients they onboarded, plus an additional 5% daily profit from the referrals of those clientele recruited by these promoters. 

This startup is essentially a textbook Ponzi scheme.

On October 2, the report was handed over to the Commissioner of the Texas State Securities Board. 

In response, the board issued an official directive to freeze all funds associated with the BigWhale lending pool. The order noted that a copy had been dispatched to the domain registrar of BigWhale.io, located in Vilnius, Lithuania.

Just hours later, BigWhale.io's website posted an announcement about a breach.

The founders relayed that due to a cyber attack, every penny within the smart contract, as well as the developer's wallet, had been lost (their preliminary estimate places the loss around $4-5 million). They added that the project team is now collaborating with Binance and regulatory bodies to freeze the assets acquired by the hacker.

On their X account, the founders expressed their commitment to refund every lost cent to their contributors. 

Moreover, the founders ominously hinted at retribution through their russian connections.

The spotlight is once again on the alarmingly high number of fraudulent projects sprouting on the BSC network. All this is unfolding against the backdrop of a legal case accusing Binance of money laundering and potential breaches of sanctions set against russian firms.