Privacy-preserving dollar-cost averaging for Solana.
Beluga enables whales and serious traders to accumulate or exit token positions without detection by copy-trading bots, MEV bots, or on-chain analysts.
When a known whale starts buying a memecoin, copy-trading bots detect the transaction within seconds, front-run subsequent purchases, and inflate the price before the whale can finish accumulating. Beluga breaks this link through multiple privacy layers:
- Zero-Knowledge Mixer — Deposits go into Privacy Cash, a ZK mixer where your deposit becomes indistinguishable from others
- Ephemeral Stealth Wallets — Fresh keypairs with no on-chain history, derived deterministically from your wallet signature
- Durable Nonce Transactions — Pre-sign all withdrawals upfront; orders execute on schedule without expiring
- Randomized Orders — Variable amounts (±5-30%) and timing (5+ min gaps) prevent pattern detection
- Compliance Screening — Range Protocol integration blocks sanctioned wallets while preserving privacy for legitimate users
┌─────────────────────────────────────────────────────────────────────┐
│ BELUGA DCA FLOW │
├─────────────────────────────────────────────────────────────────────┤
│ │
│ Main Wallet ──► Privacy Cash Pool ──► Stealth Wallets ──► Tokens │
│ │ (ZK Mixer) (Fresh keys) (DEX) │
│ │ │ │ │
│ └──────────────────┴───────────────────┘ │
│ Unlinked on-chain (ZK proofs) │
│ │
└─────────────────────────────────────────────────────────────────────┘
| Layer | Technology |
|---|---|
| Backend | Fastify, TypeScript, Prisma, BullMQ |
| Frontend | Next.js 14, React, TailwindCSS, Radix UI |
| Database | PostgreSQL (Supabase) |
| Queue | Redis (job scheduling) |
| Blockchain | Solana Web3.js, Jupiter (swaps), Helius (RPC) |
| Privacy | Privacy Cash (ZK mixer), ShadowWire (encrypted transfers) |
| Compliance | Range Protocol (sanctions screening) |
| Crypto | AES-256-GCM, PBKDF2, HKDF (key derivation) |
beluga/
├── apps/
│ ├── api/ # Fastify backend
│ │ ├── src/
│ │ │ ├── routes/ # API endpoints
│ │ │ ├── jobs/ # BullMQ workers
│ │ │ └── lib/ # Database, Redis clients
│ │ └── prisma/ # Database schema
│ │
│ └── web/ # Next.js frontend
│ └── src/
│ ├── app/ # Pages (App Router)
│ ├── components/ # React components
│ ├── hooks/ # Custom hooks
│ └── lib/ # Utilities, API client
│
└── packages/
├── shared/ # Types, constants
├── crypto/ # Client-side encryption
├── privacy/ # Privacy Cash SDK wrapper
└── solana/ # Jupiter, Helius, Range, ShadowWire
Core privacy layer. SOL deposits enter a shared ZK pool; withdrawals use zero-knowledge proofs to verify deposits without revealing which one was yours.
// Deposit to pool
await privacyCashClient.depositSol(lamports);
// Withdraw with ZK proof to stealth wallet
await privacyCashClient.withdrawSol(lamports, stealthWalletAddress);Compliance screening before DCA creation and wallet funding. Checks against OFAC sanctions lists and fraud indicators.
const result = await checkCompliance(walletAddress, 0.5); // 50% threshold
if (!result.passed) {
// Block the operation
}Primary RPC provider for all Solana operations—balance checks, transaction submission, priority fee estimation.
DEX aggregator for optimal swap routing. Executes the actual token purchases in stealth wallets.
Optional Bulletproof-encrypted transfers for consolidation. Hides transfer amounts on-chain (1% fee).
- Client-side key derivation — Ephemeral keys derived via HKDF from wallet signature
- Client-side encryption — Keys encrypted with AES-256-GCM before storage
- Password never sent to server — Server only sees encrypted blobs
- Deterministic recovery — Same wallet + same signature = same keys (always recoverable)
- No custodial risk — Users control all funds at all times
- Node.js ≥ 22
- pnpm 9.x
- PostgreSQL database
- Redis instance
- Helius API key
# Clone the repository
git clone https://github.com/your-username/beluga.git
cd beluga
# Install dependencies
pnpm install
# Set up environment variables
cp .env.example .env
# Edit .env with your credentials
# Generate Prisma client and push schema
pnpm db:generate
pnpm db:push
# Start development servers
pnpm dev# Database
DATABASE_URL=postgresql://...
DIRECT_URL=postgresql://...
# Redis
REDIS_URL=redis://...
# Helius RPC
HELIUS_API_KEY=your-api-key
HELIUS_RPC_URL=https://mainnet.helius-rpc.com/?api-key=...
# Authentication
JWT_SECRET=minimum-32-characters
JWT_EXPIRY=7d
# Frontend
NEXT_PUBLIC_API_URL=http://localhost:3001
NEXT_PUBLIC_SOLANA_NETWORK=mainnet-betaThe API and worker run as separate processes:
# Build
pnpm build
# Run API server
node apps/api/dist/index.js
# Run worker (separate process)
node apps/api/dist/worker.jsOr use Docker:
# API
docker build -t beluga-api .
docker run -e RUN_MODE=api beluga-api
# Worker
docker run -e RUN_MODE=worker beluga-api| Method | Endpoint | Description |
|---|---|---|
POST |
/api/auth/nonce |
Generate SIWS nonce |
POST |
/api/auth/login |
Verify signature, get JWT |
POST |
/api/dca |
Create DCA schedule |
GET |
/api/dca |
List user's DCAs |
GET |
/api/dca/:id |
Get DCA details |
POST |
/api/dca/:id/cancel |
Cancel DCA |
POST |
/api/dca/out |
Create DCA Out (sell) |
POST |
/api/session/unlock |
Decrypt keys |
POST |
/api/session/start |
Start order execution |
GET |
/api/wallets/holdings |
Get aggregated holdings |
POST |
/api/wallets/consolidate |
Transfer to destination |
POST |
/api/compliance/check |
Screen wallet |
| Parameter | Min | Max |
|---|---|---|
| Amount | 0.1 SOL | 100 SOL |
| Duration | 1 hour | 1 week |
| Orders | 3 | 20 |
| Slippage | 0.1% | 5% |
| Order Gap | 5 minutes | — |
MIT
Built with Privacy Cash, Range Protocol, Helius, Jupiter, and ShadowWire.