US crypto exchange Kraken and Deutsche Börse Group have announced a wide-ranging strategic partnership that links crypto-market plumbing with Europe’s most regulated market infrastructure. The deal spans FX liquidity, crypto access for institutional clients, custody rails, tokenization—and (crucially) a potential path to Eurex derivatives on Kraken, subject to approvals. Key Facts Phase 1: Kraken integrates with 360T to tap “bank-grade” FX liquidity and improve fiat on/off-ramps. Distribution: “Kraken Embed” is positioned as a white-label crypto trading/custody stack for banks/fintechs across Europe and the U.S. Derivatives (planned): Make Eurex-listed derivatives tradable on Kraken—explicitly subject to regulatory approvals. Custody & tokenization: Leverage Clearstream and Crypto Finance and explore tokenized distribution of Clearstream-held securities; integrate tokenization standards (xStocks/360X). Context: Clearstream has been building institutional crypto custody/settlement capabilities (BTC/ETH) via Crypto Finance. Why this matters for Kraken (strategy) Kraken gains a credible “TradFi interface”: deeper FX pools, institutional distribution via Deutsche Börse’s network, and a blueprint to move from “crypto venue” toward multi-asset market access (crypto + tokenized assets + possibly regulated derivatives). If executed, it strengthens Kraken’s pitch to banks and asset managers that need familiar execution, custody, and risk workflows. Compliance lens: the upgrade Kraken can’t dodge This partnership also tightens the compliance vise. Offering Eurex derivatives would drag Kraken into MiFID II-style product governance, market integrity controls, suitability/appropriateness expectations (where applicable), surveillance, and strong conduct standards—with little tolerance for the “crypto-only” compliance playbook. Tokenized securities distribution adds another layer: disclosure, investor classification, custody segregation, and clear lines between exchange, broker, and custodian roles. Actionable Insight If Kraken wants the institutional upside, it must treat this as a control transformation project: governance, surveillance, AML/sanctions, and custody arrangements need to match the expectations of Deutsche Börse-grade counterparties—not just retail crypto norms. Call for Information Have you seen Kraken (or partners) pitching Eurex access, 360T-based rails, or white-label “Embed” offerings to EU clients already? Send tips (docs/screenshots welcome) via Whistle42. Share Information via Whistle42

FinTelegram is evolving. Instead of treating illegal offshore casinos as isolated stories, we now investigate them as repeatable payment architectures—the rails that keep them alive. Our new Rail Atlas consolidates evidence-based “rail patterns” (open banking gateways, fake-fiat onramps, payee substitution, gateway meshes) into evergreen hubs—so enforcement, banks, and readers can see the system, not just the symptom. Key Facts FinTelegram ’26 focuses on cyberfinance chokepoints: payments, open banking, stablecoin rails, and gateway stacks enabling illegal casinos. We convert recurring tactics into Rail Hubs (evergreen pages) under the Rail Atlas. We operate an Airtable Case Register to track cases, entities, evidence, and rail mappings consistently. Whistleblower information via Whistle42 is recorded and triaged into Airtable as strategic intelligence. FinCrime Observer will increasingly handle financial-crime coverage, separate from FinTelegram but connected via Whistle42. Whistle42 is being developed into a cross-platform whistleblower hub; a C42 reward token is planned for Q1 2026. Short Analysis Illegal offshore casinos and other grey- and dark-side schemes no longer rely on a single payment provider. They run multi-layer payment stacks: open banking consent screens that look “regulated,” “bank transfer” options that are actually stablecoin purchases, and e-wallet flows where the payee is not the casino operator at all. This is not random. It is engineering. FinTelegram’s response is to document and publish these systems as rails—repeatable patterns that can be verified, compared, and mapped across brands. The Rail Atlas is our way of turning scattered exposures into structured compliance intelligence. Extended Analysis Why We Built the Rail Atlas Traditional reporting often stops at: “This casino is illegal.” That may be true—but it’s incomplete. The operational truth is: illegal casinos survive because their payment rails survive. When one gateway is blocked, another appears. When card acquiring gets difficult, open banking consent flows fill the gap. When disputes rise, “crypto purchase + wallet transfer” flows reduce chargeback risk by reframing the transaction. Visit the Rail Atlas Hub The Rail Atlas captures these mechanics as evergreen hubs—so readers don’t have to relearn the same tricks in every case. Each hub explains: How the rail works (step-by-step) What evidence proves it (screenshots, redirects, descriptors, on-chain settlement) What chokepoint actions exist (banks, PSPs, gateways, onramps, enforcement) Where it appears (a living Case Index) How we investigate: “Follow the Conversions” Our method is simple and repeatable: Identify the casino or scheme and its licensing/claims Walk the cashier flows and capture UI evidence Map redirects, domains, and provider roles (gateway, facilitator, agent) Capture descriptors and settlement endpoints (including wallets and tokens) Classify the observed behavior under one or more rails Publish a case report—and link it back to the Rail Atlas hubs This is compliance intelligence built for action: it helps banks, fintechs, and regulators see the enabling infrastructure. Airtable: the case register behind the reporting To make this systematic, we use Airtable as our internal case register. It is where we track: Cases, entities, domains, and role assignments Evidence artifacts (screenshots, links, descriptors, wallet addresses, TX hashes) Rail classifications (which pattern applies, with confidence grading) Investigation status and next steps (what we still need to verify) Airtable is not “admin.” It’s the engine that turns new findings into a repeatable investigative pipeline—and it allows us to expand quickly from a single casino to an entire cluster when the rails match. Whistle42: strategic intelligence, systematically captured Whistleblower submissions are increasingly decisive because the most valuable facts are often hidden behind contracts, account structures, and internal policies. Whistle42 has therefore been revised to serve as a cross-platform whistleblower system. Information submitted via Whistle42 is not just “read.” It is structured and recorded in Airtable: linked to cases and entities, assigned confidence grades, and converted into investigative tasks. This is why whistleblowers are strategically important to our work: they reduce uncertainty where the public surface ends. FinCrime Observer: Where Financial Crime Coverage Expands FinTelegram will stay focused on cyberfinance compliance intelligence—the chokepoints and rails. In parallel, FinCrime Observer will increasingly handle financial crime reporting. It is a separate platform with different operators, but it also uses Whistle42 and is part of the same broader ecosystem. The separation is deliberate: compliance intelligence and criminal case coverage require different editorial structures, standards, and workflows. C42 token: rewarding high-quality whistleblower intelligence (Q1 2026) Finally, we plan to introduce the C42 token as a reward token for whistleblowers in Q1 2026. The purpose is not hype. The purpose is incentives: high-quality, actionable intelligence should be recognized and rewarded—especially when it helps expose systemic payment enabling of illegal activity. Actionable Insight If you work at a PSP, open banking gateway, e-wallet, crypto onramp, or acquiring bank: stop looking only at single merchants. Look for rail patterns. The same deposit architecture repeats across multiple brands—and that repetition is the investigative signal. Call for Information If you have insider knowledge about offshore casino payment stacks—merchant-of-record setups, gateway contracts, descriptor logic, “crypto purchase” flows, stablecoin settlement, wallet operations, or compliance overrides—submit securely via Whistle42.com. Your information is recorded systematically in our case register and can materially accelerate enforcement-grade reporting. Share Information via Whistle42

Since 1 January 2026, crypto platforms serving EU residents must start collecting tax identity data under DAC8—and can be required to block “reportable transactions” after two reminders and 60 days if users don’t provide the required information. The UK is running a parallel track via CARF reporting to HMRC, with first reports due in 2027. This is not a “new crypto tax,” but a major enforcement upgrade. Key Points EU DAC8 starts data collection in 2026; first EU-wide exchange of the 2026 reporting data is due by 30 Sept 2027. If a user fails to provide required info after two reminders (and not before 60 days), the provider must prevent the user from performing “Reportable Transactions.” Reporting scope includes crypto-fiat, crypto-crypto, and transfers, including certain withdrawals to “unhosted” (self-custody) addresses. UK CARF requires platforms to collect user + transaction data and report to HMRC; first submission window: 1 Jan–31 May 2027 for calendar year 2026. This is part of a global convergence: OECD tracks many jurisdictions committed to CARF exchanges in 2027–2029. Short Narrative A viral claim framed January 2026 as “the end of crypto privacy in Europe.” The reality is more precise — and for compliance teams, more operationally painful: the regulated on/off-ramps have become standardized tax sensors. Under DAC8, platforms must collect tax-residency identifiers (including TINs) and report aggregated transaction data annually, including categories that can cover withdrawals to self-custody. For users who refuse to provide required details, platforms face a hard rule: after reminders and a 60-day clock, access to “reportable transactions” must be switched off. Extended Analysis 1) What exactly changed on 1 January 2026 in the EU? DAC8 (Directive (EU) 2023/2226) expands the EU’s “administrative cooperation” rules so that Member States can automatically exchange crypto-asset information for tax compliance. The European Commission’s DAC8 guidance is explicit: data collection starts 1 January 2026, the first reporting year is 2026, and reporting is due within 9 months after year-end — i.e., by 30 September 2027 for the first cycle. Compliance translation: 2026 is not “instant enforcement day”; it is the mandatory capture year that determines what tax authorities can match at scale once exchanges begin in 2027. 2) Which providers are covered? DAC8 targets Reporting Crypto-Asset Service Providers (RCASPs) — broadly, entities (and in some cases individuals) that effectuate exchange/transfer transactions in reportable crypto-assets for users. The Commission notes DAC8 builds on MiCA definitions and covers a broad set of crypto-assets, including stablecoins (incl. e-money tokens) and certain NFTs. Practical perimeter: centralized exchanges, broker-style trading platforms, and custodial/intermediated transfer services are the primary “in-scope” population. Pure self-hosted wallet software (with no custody and no transaction-effectuating intermediary) is typically not the reporting chokepoint — but the moment users touch a reporting provider, the trail restarts. 3) What must providers collect — and do they report automatically? Yes. Under DAC8, RCASPs must collect identification data for reportable users (including TINs and residence information) and report annually to their national tax authority, which then exchanges the information with the user’s tax-residence Member State. The Directive also specifies what gets reported and how it’s structured: aggregated gross amounts for acquisitions/disposals against fiat and other crypto-assets, plus fair-market-value metrics for transfers and certain payment transactions. Crucially, it also includes reporting for transfers to distributed ledger addresses “not known to be associated with a [service provider] or financial institution” — i.e., the regulatory “hook” for many self-custody withdrawals. 4) The 60-day countdown: what platforms must do The “countdown” isn’t a new power to seize wallets — it’s an access-control obligation. The Directive states that if a user does not provide required information after two reminders, but not before 60 days, the provider must prevent the user from performing “Reportable Transactions.” Depending on platform design, that can effectively mean no trading and no withdrawals that fall inside reportable scope until compliance data is provided. 5) EU only — or also UK and other countries? EU: DAC8 applies across EU Member States from 2026 (implemented in national law via transposition), with EU-to-EU exchange of data. UK: The UK is implementing the OECD Cryptoasset Reporting Framework (CARF) with HMRC guidance requiring platforms to collect user/transaction data and file their first report 1 Jan–31 May 2027 covering 2026. Required user data includes (for individuals) name, DOB, address, residence, and for UK residents NI number or UTR; for non-UK residents, TIN + issuing country. Global: OECD and the EU both point to a wide group of jurisdictions committed to CARF exchanges in 2027–2029 (OECD’s commitment list is updated regularly). Bottom line: If your platform serves customers cross-border, assume tax reporting convergence is becoming the norm — not a regional anomaly. 6) What does this mean for offline wallets like Ledger? Self-custody is not banned by DAC8. But the compliance impact is real: If you withdraw from an exchange to a Ledger address, DAC8 reporting can capture that as a reportable transfer (with value and other standardized fields), because the destination address is not “hosted” by the same provider. Transactions entirely within self-custody are not automatically reported by the wallet, but they become visible again when you re-enter a reporting provider (deposit, convert to fiat, use a custodial service, etc.). For users, the compliance message is simple: self-custody reduces counterparty risk, not tax obligations. The reporting perimeter is the on/off-ramp. Actionable Insight For exchanges / crypto platforms (2026 compliance checklist) TIN & tax-residency capture: update onboarding flows, remediation journeys, and “two reminders → 60 days → restrict reportable transactions” logic. Transaction classification & valuation: map events to DAC8/CARF categories; implement consistent fair market value methodology at transaction time. Self-custody transfer reporting: ensure your system can tag and aggregate withdrawals to “unhosted” addresses per the Directive’s reporting fields. Cross-border strategy: if you serve EU residents, plan for DAC8 registration/reporting and for “qualified non-union jurisdiction” equivalents where relevant. Privacy/GDPR + audit trail: reporting is mandatory, but the data lifecycle must be defensible (minimization, access control, retention, breach playbooks). For customers Expect platforms to request TIN / tax identifiers and residency details — and treat non-response as a service continuity risk (trading/withdrawal restrictions). Keep your own records; reporting increases mismatch detection. In the UK, platforms will report summaries to HMRC and penalties exist for inaccurate or late reporting by providers, raising the compliance bar across the ecosystem. Call for Information Are platforms using DAC8/CARF as a pretext for over-collection, selective freezes, or discriminatory de-risking? If you are a compliance insider, affected customer, or vendor with evidence of implementation gaps or abusive practices, send information securely via Whistle42.com (anonymity options available). Share Information via Whistle42

The U.S. has revived its 2020 “narco-terrorism” case against Venezuelan leader Nicolás Maduro—now in U.S. custody after a military operation in Caracas that Washington frames as law enforcement. But FinTelegram’s prior reporting suggests the courtroom story may be only half the plot: heavy crude, USDT settlement rails, and China’s oil foothold sit uncomfortably close to the timing, tactics, and messaging of this escalation. Key Points The charges: U.S. prosecutors accuse Maduro (and others) of narco-terrorism and cocaine importation conspiracy (among further counts in filings) (Source: US DOJ) The operation: U.S. forces captured Maduro and Cilia Flores in Caracas on Jan 3; the administration publicly framed it as an anti-drug/anti-“narco-terror” campaign (Source: TIME). Oil reality check: U.S. Gulf Coast refineries were built for heavy grades like Venezuela’s; much U.S. shale output is lighter, which keeps imports structurally relevant (Source: U.S. Energy Information Administration). The stablecoin angle: PDVSA’s increased reliance on USDT for oil-related settlement was widely reported in 2024, raising sanctions-and-AML scrutiny questions (Source: Reuters). The China angle: Reuters has documented China as a major buyer/investor in Venezuela’s oil sector, and the post-Maduro reshuffle is explicitly being framed as a blow to Beijing’s position. Reuters+1 Short Narrative This case didn’t start this week. It started in March 2020, when the DOJ unsealed charges portraying Maduro and allied officials as leaders of a transnational narcotics enterprise and paired the legal attack with a State Department rewards push (Source: US DOJ) Fast-forward: sanctions, offshore trading workarounds, and a familiar dynamic—resource pressure meets financial-rail innovation. PDVSA’s move toward stablecoin settlement (USDT) for oil exports was reported in 2024 as a sanctions-era attempt to reduce funds getting stuck or frozen in traditional banking channels. Then came the kinetic crescendo: a U.S. operation in early January that ended with Maduro and Flores in U.S. hands—an act many observers immediately framed as a sovereignty-shredding “law enforcement” hybrid. FinCrime Observer has focused on the criminal case mechanics; FinTelegram is looking at the political economy behind the trigger. Extended Analysis 1) Heavy crude: the unglamorous driver Washington won’t headline The U.S. produces a lot of oil—but not all barrels are operationally equal. The EIA has long noted that the U.S. produces lighter crude while importing heavier crude that many refineries are configured to process. Reuters explicitly ties the post-Maduro shock to refinery economics: Gulf Coast plants were built for heavy-grade crude like Venezuela exports, and even with shale, many still “require heavy grades to optimise operations.” So when commentators say “the U.S. needs Venezuelan oil because its own oil isn’t the right quality,” that’s not conspiracy—it’s refinery physics. The question is whether this physics helped shape the policy timeline. 2) “De-dollarization” via USDT: escaping banks, not the unit of account Venezuela’s USDT pivot is often described as “moving away from the dollar.” The irony: USDT is a dollar proxy—but it can move outside the classic U.S.-influenced correspondent banking grid. Reuters reported PDVSA would increase digital-currency usage for oil exports amid sanctions churn, and experts warned that such rails require sharper AML scrutiny. FinTelegram previously framed this as “petro-dollar from within”: not replacing USD pricing, but relocating the plumbing into crypto settlement paths that are harder to freeze, slower to attribute, and easier to launder through intermediaries (Source: FinTelegram). If that analysis is directionally correct, then Maduro’s legal exposure and PDVSA’s stablecoin rails are not separate stories—they are the same chokepoint story, just told with different labels. 3) China: the other defendant sitting in the gallery Reuters describes China as a major buyer and investor in Venezuela’s oil sector and presents the recent U.S. posture as explicitly aimed at pushing Beijing out of its foothold. This matters because Washington’s messaging around the operation has not been only about drugs; it has repeatedly drifted into oil control and “running” transitions. So here’s the provocative question regulators and investors should ask: Was the “narco-terrorism” indictment the legal lever—and oil/USDT/China the strategic payload? The U.S. can insist both are true. Courts may be asked to decide whether that insistence survives due-process scrutiny. Call for Information Have documentation on PDVSA’s USDT settlement flows, intermediary trading desks, shipping/STS activity, escrow structures, or legal filings tied to the Maduro/Flores case? Submit securely via Whistle42.com. We verify sources before publication. Share Information via Whistle42

A Singapore court has sentenced British citizen James Henry O’Sullivan to 6½ years in prison for abetting the falsification of Wirecard-linked escrow/balance confirmation letters—paperwork used to convince auditors that hundreds of millions of euros sat safely in escrow accounts. The FinCrime Observer (FCO) brief covered the verdict and defendants. FinTelegram’s angle is different: Singapore is doing what Germany’s watchdogs and parts of its justice system refused to do for years—treat Wirecard’s “Asia cash” narrative as a criminal red-flag, not a PR nuisance. Key Points Singapore sentencing (Jan 6, 2026): O’Sullivan 6½ years; Citadelle director Rajaratnam Shanmugaratnam 10 years (appeals announced) (Source: Reuters, Financial Times). Core conduct: falsified confirmations (2016–2018) meant to mislead auditors into believing Wirecard held large sums in Singapore escrow accounts. Why this matters for Munich: German prosecutors allege Wirecard’s profits were inflated by invented “third-party acquiring” (TPA) business “especially in Asia,” with group accounts 2015–2018 misstated and the fraud culminating in the €1.9bn hole revealed in June 2020 (Sources: Justiz Bayern). Regulatory failure (Germany): BaFin and prosecutors spent key periods targeting journalists and short sellers; BaFin even imposed a Wirecard short-selling ban in Feb 2019. Accountability moment: BaFin president Felix Hufeld ultimately left his post after the Wirecard collapse exposed supervisory failure (Source: Reuters). Short Narrative Singapore’s verdict reads like a compressed anatomy lesson: fake paper → fake cash → audit comfort → market deception. O’Sullivan and Shanmugaratnam were convicted over letters that “confirmed” escrow balances Wirecard did not have (Source: Reuters). In Germany, the same “cash-in-Asia” storyline metastasized into one of the biggest post-war corporate frauds. And here is the uncomfortable part: the scandal is not only about Wirecard’s executives—it is also about Germany’s regulators and parts of its justice apparatus choosing the wrong enemy (Source: Reuters). Extended Analysis 1) What exactly was proven in Singapore According to Reuters and Financial Times reporting, the Singapore case focused on falsified escrow/balance confirmations used to mislead Wirecard’s auditors (commonly referenced as EY in coverage) about the existence of large Wirecard-linked funds in Singapore. This is important: Singapore did not “try the whole Wirecard collapse.” It convicted a high-leverage document-fraud mechanism that made a broader fraud believable. 2) Munich: what German prosecutors say (and what the indictment covers) The Staatsanwaltschaft München I has publicly stated (in its 2022 announcement of the first main indictment) that Wirecard executives and associates allegedly fabricated highly profitable business—“especially in Asia”—and that consolidated accounts 2015–2018 were false because they booked revenue attributed to TPA business. That framing matters for the Singapore connection: escrow confirmations functioned as “cash proof” for the very Asia-centric partner narrative prosecutors describe. FinTelegram’s critique remains: even this large indictment window risks being too narrow for a structure that—by multiple public accounts and earlier red flags—shows warning signs before 2015/2016. The public record of “why didn’t anyone stop this earlier?” remains a governance scandal in its own right. 3) How Singapore and Munich are connected They are connected by the same underlying claim: Wirecard’s “third-party business in Asia” (and the associated cash story) was propped up with manufactured evidence. Munich prosecutors allege the group’s financial picture was distorted by fabricated TPA business and misstated accounts. Singapore courts have now delivered convictions on a key supporting artifact: forged/falsified confirmations designed to persuade auditors the money was there. So yes: the Singapore conviction is directly related to the “non-existent third-party business in Asia” and the “missing millions/billions” thesis as advanced by German prosecutors—because it targets the documentary scaffolding that made those numbers auditable and sellable. 4) BaFin + German judiciary: the shameful inversion Wirecard is now widely described as Germany’s biggest post-war corporate fraud. Yet in 2019—after Financial Times reporting and short-seller scrutiny—BaFin’s reflex was to shield “market confidence,” not interrogate the issuer: BaFin banned short-selling of Wirecard shares in February 2019 (Source: Reuters). German prosecutors later dropped the probe into FT journalists; Reuters reported the Munich prosecutor said the FT’s reporting was “fundamentally correct,” and the FT statement called BaFin’s complaint “unfounded” (Source: Reuters). Reuters also documented the broader pattern: for years, BaFin and prosecutors focused on investors and journalists who highlighted irregularities (Source: Reuters). This is why Hufeld’s departure wasn’t “just personnel.” It was a delayed admission that Germany’s supervisory model—and the prosecutorial instincts around Wirecard—failed at a systemic level. Call for Information Do you have documentation on Citadelle confirmations, escrow account claims, TPA counterparties, or German supervisory/prosecutorial decision-making pre-2016 (including interactions with BaFin, FREP, prosecutors, or political offices)? Send tips securely via Whistle42.com. Share Information via Whistle42

Hyperliquid‘s utility token HYPE is no longer trading anywhere near the “>$40 in June 2025” regime that many holders still anchor to. Using widely-cited price points, HYPE traded around $41.50 on June 10, 2025 (after breaking $40) and is now around $24.5–$24.6 on January 2, 2026. That’s roughly a -40.6% drawdown from the June 2025 “$40+” zone—and a much larger ~58.8% drawdown from the Sep 18, 2025 ATH (~$59.30) (Source: CoinGecko). The uncomfortable takeaway: even with Hyperliquid’s “poster-child” status for this cycle’s perps-DEX narrative and a high-profile stablecoin partner (Circle), HYPE still trades like a high-beta exchange token—reflexive to (1) market regime, (2) platform flows/volumes, and (3) supply shocks (Sources: FinTelegram, Circle). Price Snapshot: June 2025 vs. Jan 2, 2026 Reference point (June 10, 2025): HYPE hits ~$41.50 after breaking $40. On Jan 2, 2026: HYPE day stats show open ~$24.28 / close ~$24.64 (with live aggregates ~$24.5) (Source: CoinMarketCap). Performance (approx.): $41.50 → $24.64 = -$16.86 (~-40.6%) (Source: CCN.com). ATH ~$59.30 (Sep 18, 2025) → $24.6 ≈ -58.8% (Source: CoinGecko). Also worth correcting the framing: HYPE’s lifecycle clearly predates June 2025 (CoinGecko shows an ATL in Nov 2024), so June was not a “genesis listing” moment—it was a cycle acceleration moment. Why is HYPE so far below the June 2025 “$40+” zone? 1) Macro regime risk: the market started pricing a risk-off / bear transition A growing set of analysts has argued that Bitcoin demand dynamics are weakening and the market may already be shifting into a bear-cycle posture—exactly the environment where leverage-heavy venues and their tokens tend to de-rate fastest (Source: Binance). If BTC is the tide, HYPE is the small boat: it doesn’t need “bad news” to fall—it only needs the tape to turn. 2) Hyperliquid-specific stress: $430M weekly net outflows hit the narrative FinTelegram’s report (Dec 21, 2025) frames the >$430M weekly net outflow as a visible stress test for Hyperliquid’s “perps-DEX poster child” status, especially with intensifying competition and a risk-off macro backdrop (Source: FinTelegram).Outflows matter because they’re not just sentiment—they can translate into lower collateral, lower activity, and weaker fee generation, which is fatal for any token story that implicitly depends on “venue flywheel” economics. 3) Competition is no longer theoretical: perps-DEX market share is being contested Hyperliquid has been described as the dominant perps-DEX by volume (e.g., one market update cited ~79% share among decentralized perps at one point in 2025), but late-2025 reporting increasingly highlights rivals closing the gap (or temporarily overtaking in certain windows). Translation: traders are less ideological than narratives suggest. If incentives, UX, or perceived safety improve elsewhere, flow migrates. 4) Tokenomics overhang: large unlocks create supply shocks at the worst possible time Late 2025 saw a very large unlock event highlighted in market coverage: 9.92M HYPE (reported around $251M value) unlocking into circulation—exactly the kind of supply event that can pressure price in thin/risk-off conditions. Even if some recipients stake or hold, markets tend to price the sellable float, not the best-case behavior. 5) “Strong partners” don’t immunize the token—sometimes they raise the bar Yes: Circle has deepened integration with Hyperliquid (native USDC/CCTP on HyperEVM, “network utility” messaging) and public reporting indicates Circle also became a HYPE stakeholder (Sources: Circle, Circle). But ask the harder question: does this reduce risk, or does it raise expectations (compliance, controls, governance maturity)? In a tightening regulatory climate, the market can assign a bigger risk discount to venues that are “too visible to ignore.” The constellation around HYPE: dominance + reflexivity + regulatory perimeter HYPE increasingly trades like a reflexive proxy for: Perps volumes / fee intensity (the “exchange token” dynamic), Net flows (collateral in/out), Competitive positioning (DEX-perps wars), Regulatory risk premium (especially where access is perceived as permissive). FinTelegram has already put the regulatory question on the table: perps access without meaningful geo/KYC friction pushes the venue toward a derivatives-perimeter problem (e.g., MiFID II exposure in the EU framing) (Source: Fintelegram). Investor Hypothesis: What’s the most likely path from here? Base-case (most likely): Hyperliquid survives, but HYPE remains a high-beta, regime-sensitive token that can stay suppressed as long as (a) the broader cycle is risk-off, (b) outflows/competition remain visible, and (c) unlock narratives keep resurfacing. Bear-case: If the bear-market thesis hardens and regulators begin to seriously target offshore/permissionless perps distribution, HYPE could face a longer “exchange-token winter” where each rally is sold into. Actionable Takeaways (non-advice) Treat HYPE less like “a tech token” and more like a leveraged bet on onchain perps activity. Watch three signals: net flows, competitive share, and unlock calendar—they often lead price. Assume the Circle integration is a strategic positive, but not a near-term price floor. Reference: FinTelegram prior coverage This update builds on FinTelegram’s December 21, 2025, report on the $430M weekly outflow and the broader “double whammy” (bear regime + regulation risk) framing. Read the Hyperliquid reports here. Call for Information Are you a market maker, integrator, or trader with insight into Hyperliquid’s real collateral movements, incentive spend, jurisdictional controls, or any enforcement outreach? Share documents and screenshots securely via Whistle42.com. We protect sources. Share Information via Whistle42

In a comprehensive compliance investigation, FinTelegram has documented that MiFinity—a regulated Electronic Money Institution operating under FCA and MFSA licenses—is systematically facilitating payments for unlicensed offshore casinos operating illegally in the UK and EU. The 2024 financial statements reveal a 307% explosion in net income (to £8.6 million), driven by aggressive expansion into high-risk gambling merchants. Simultaneously, the group has concealed £22.6 million in undisclosed inter-company flows to unregulated support entities. The underlying beneficial ownership remains opaque, and the death of founder Mike Busher in summer 2024 removes the primary witness to the group’s offshore structuring. EXECUTIVE SUMMARY FinTelegram Intelligence has completed a comprehensive compliance review of the MiFinity Group, a multi-jurisdictional payment processor operating with regulatory licenses in the United Kingdom (FCA) and Malta (MFSA). The investigation reveals: KEY FINDINGS 1. Documented Illegal Gambling Facilitation MiFinity is a primary payment processor for offshore casinos operating illegally in regulated markets: Legiano Casino: Licensed in Anjouan/Curacao, illegally accepting UK and EU players without local gambling licenses Winning.io: Curacao-licensed operator facilitating global payments including to restricted jurisdictions Documented presence across 650+ gambling websites, many operating without adequate local licensing Regulatory Violation: UK Gambling Commission and EU national gambling authorities require payment processors to refuse merchants operating without local licenses. MiFinity’s facilitation of Legiano and Winning.io violates these regulatory obligations. 2. Explosive 307% Growth Correlated with High-Risk Merchant Expansion Net Income (2024): £8.6 million (+307% YoY from £2.1M in 2023) Total Assets (2024): £77.0 million (+231% YoY from £23.2M in 2023) Gross Profit Margin (2024): 52.1% (compared to 2–5% standard for legitimate payment processors) Timing: Growth explosion immediately followed the October 2023 appointment of Jim Purcell (former CFO of EBET Inc., a gaming operator) as Chief Operating Officer Compliance Insight: The anomalously high gross margin (52.1%) indicates premium pricing for high-risk merchants—casinos unable to access banking rails through legitimate processors. This is consistent with a business model targeting “merchants of last resort.” 3. £22.6 Million in Undisclosed Inter-Company Flows The 2024 audited financial statements reveal massive inter-company transactions without transparent business rationale: Payment DirectionAmount (GBP)NatureMiFinity UK → Concentric Data Services (Ireland)£6.8 million“Service & Technology Fee” (79% of net income)MiFinity Malta → MiFinity UK£14.4 millionPayable Due (undisclosed purpose)MiFinity Payments (Ireland) → MiFinity UK£1.4 millionPayable Due (undisclosed purpose)TOTAL£22.6 million+Undisclosed interdependencies Compliance Red Flag: The £6.8M annual fee to Concentric Data Services—an unregulated entity with no public business description—suggests outsourcing of critical compliance functions (merchant onboarding, KYC, AML/CFT) to an entity outside regulatory oversight. Read the MiFinity Financial Analyses here. 4. Opaque Corporate Structure & Beneficial Ownership Ultimate Beneficial Owners: Not publicly disclosed. While Paul Kavanagh (CEO) and Kieron Nolan (CFO) are identified as controllers, precise equity percentages and additional UBOs remain unknown Founder Death: Mike Busher (American, b. 1951), founder and original majority shareholder (>75%), died in an aircraft accident in summer 2024. His death removes the key witness to the group’s 2017 control transfer and offshore structuring Offshore Links: Busher is listed in the ICIJ Offshore Leaks (Paradise Papers) database as a shareholder of Concentric Data Services Malta Ltd, confirming historical use of offshore secrecy jurisdictions Holding Company Opacity: MiFinity Payments Limited (Malta) serves as group parent but provides no public financial disclosures 5. Regulatory Arbitrage Through Multi-Jurisdictional Structure The group exploits differences in regulatory stringency: Merchant Onboarding in Malta (MFSA, historically permissive) → Execution through UK (FCA) Technology services outsourced to Ireland (Concentric, unregulated) → Limited FCA/MFSA visibility Holding company in Malta → Opaque beneficial ownership and transfer pricing Result: The structure creates systematic gaps in regulatory oversight, allowing high-risk merchants to be onboarded in jurisdictions with weaker enforcement while accessing UK banking infrastructure. FULL COMPLIANCE REPORT SUMMARY The MiFinity Group Compliance Report 2026 provides a comprehensive 26-page analysis covering: Part 1: Corporate Structure Detailed mapping of the group’s seven entities across four jurisdictions, identification of the holding company structure in Malta, and analysis of the inter-company financial relationships totaling £22.6 million. Part 2: Beneficial Ownership & Key Individuals Profiles of current controllers (Kavanagh, Nolan), historical founder (Busher, deceased), and management team including Jim Purcell (COO, gaming sector background) and Franklin Cachia (Chief Compliance Officer, Malta, with dual role at consulting firm CSB Group). Part 3: Business Activities & Merchant Exposure Documentation of MiFinity’s explicit focus on online gambling, detailed case studies of Legiano and Winning.io (illegal offshore casinos), evidence of presence across 650+ gambling websites, and analysis of the compliance gaps that allow illegal operators to be onboarded. Part 4: Regulatory Environment & Gaps Analysis of FCA oversight (MiFinity UK, Reg. 900090) and MFSA oversight (Mifinity Malta, Reg. C64824), identification of group-level compliance gaps (no consolidated AML/CFT policy, undisclosed merchant screening procedures, opaque transaction monitoring), and evidence of regulatory arbitrage opportunities. Part 5: Compliance Hypothesis Hypothesis: The 307% 2024 growth is directly correlated with aggressive acquisition of offshore gambling merchants (specifically Legiano, Winning.io, Dama Group) that cannot access banking services through legitimate processors. The 52.1% gross margin reflects premium pricing charged to these high-risk merchants. Evidence: COO appointment (Oct 2023) from gaming sector immediately preceded growth explosion Documented facilitation of illegal operators (Legiano, Winning.io) Lack of compliance scaling proportional to 231% asset increase £6.8M annual payments to unregulated support entity (Concentric) Part 6: Corporate Opacity & Red Flags Multiple entities with unclear operational roles receiving millions in payments Paradise Papers link confirming historical offshore structuring Deceased founder removing key witness to beneficial ownership Ireland-Malta-UK jurisdictional structure enabling regulatory arbitrage Minimal compliance infrastructure relative to transaction volume Part 7: Summary Findings & Enforcement Recommendations The report identifies critical compliance concerns requiring investigation by: UK Gambling Commission: Illegal gambling facilitation FCA: Merchant due diligence adequacy and AML/CFT controls MFSA: Group-level compliance coordination UK National Crime Agency: Money laundering risks EU Financial Intelligence Units: Cross-border transaction patterns COMPLIANCE RISK ASSESSMENT Risk Level: CRITICAL Risk CategoryAssessmentEvidenceMerchant Due DiligenceCRITICALDocumented facilitation of Legiano, Winning.io (illegal in EU/UK)AML/CFT AdequacyCRITICALNo public disclosure of transaction monitoring, SAR filing, sanctions screening standards; Concentric outsourcing to unregulated entityBeneficial Ownership OpacityCRITICALUltimate UBOs not disclosed; holding company in permissive jurisdiction; founder death removes witnessTransfer Pricing & Fund FlowsHIGH£6.8M annual payments to unregulated entity lack business rationale; £14.4M inter-company payables undisclosedConsumer ProtectionHIGHFacilitation of unlicensed gambling violates UK Gambling Commission regulations and harms consumersRegulatory CoordinationHIGHNo evidence of group-level AML/CFT; multi-jurisdictional structure creates oversight gapsFinancial Crime RiskMEDIUM-HIGHStructure and transaction patterns consistent with money laundering schemes; opacity enables hidden beneficial ownership Regulatory Enforcement Urgency: IMMEDIATE The documented facilitation of illegal gambling operators (Legiano, Winning.io) constitutes a clear regulatory violation that should trigger: Immediate investigation by UK Gambling Commission and FCA Merchant compliance audit examining Legiano, Winning.io, and similar onboarding Beneficial ownership disclosure request to Malta parent company Concentric Data Services investigation regarding unregulated compliance functions Transaction pattern analysis for money laundering indicators DOWNLOAD THE FULL COMPLIANCE REPORT [DOWNLOAD: MiFinity Group Compliance Report 2026 (PDF)]26-page comprehensive analysis with detailed evidence, regulatory framework citations, and enforcement recommendations Download the full MiFinity Compliance Report 2026 here. CALL TO WHISTLEBLOWERS: SUBMIT EVIDENCE VIA WHISTLE42 FinTelegram is actively seeking information from MiFinity insiders, former employees, merchants, and partners regarding: [ACCESS WHISTLE42 SECURE PLATFORM] FinTelegram will respect whistleblower confidentiality to the maximum extent possible while ensuring information reaches appropriate regulatory and law enforcement authorities for investigation and potential enforcement action. Share Information via Whistle42 ABOUT THIS REPORT FinTelegram Intelligence is a leading investigative organization specializing in financial crime, cryptocurrency compliance, and high-risk payment processor analysis. This compliance report represents 6 months of independent research, source verification, and regulatory analysis. Report Prepared By: FinTelegram Intelligence DivisionDate: January 2, 2026Distribution: FinTelegram, Regulatory Authorities, Law Enforcement, Media Partners

The 2024 financial statements for MiFinity UK Limited reveal an explosion in growth, with net income rising by over 300% to £8.6 million and total assets reaching £76.96 million. This analysis hypothesizes that such abnormal gains are driven by the processor’s aggressive pivot toward facilitating payments for offshore and unlicensed casinos like Legiano and Winning.io. Financial Analysis 2024: An “Explosive” Year Filings with Companies House in October 2025 confirm that MiFinity UK Limited (controlled by Irish nationals Paul Kavanagh and Kieron Nolan) has shifted gears from steady growth to hyper-expansion. Download Mifinity UK Ltd Financial Statements 2024 The numbers are striking. Total assets on the balance sheet surged from £23.23 million in 2023 to £76.96 million in 2024—a massive 231% increase. Net income followed a similar trajectory, quadrupling from £2.11 million to £8.60 million.​ Perhaps most telling is the Gross Profit Margin, which the report cites at a staggering 52.1%. In the low-margin world of standard payment processing (where margins often sit below 5-10%), such profitability is an anomaly typically reserved for high-risk sectors where merchants pay premium fees for access to banking rails. Compliance Hypothesis: The “High-Risk” Premium We hypothesize that this financial explosion is not the result of organic retail growth, but rather a strategic decision to dominate the high-risk offshore gambling market. Our intelligence confirms MiFinity as a primary payment gateway for casinos operating with weak or non-existent EU licenses, such as Legiano (Anjouan/Curacao licensed). These operators, often blocked by mainstream processors, rely on MiFinity to move funds from restricted jurisdictions (including the UK and EU). The “risk premium” charged to these illegally operating merchants likely fuels the 52.1% gross margin and the sudden accumulation of £77M in assets.​ While MiFinity UK holds an FCA license, its parent Mifinity Payments Limited (Malta) and its ultimate Irish controllers appear to be leveraging the UK entity to process volumes that arguably bypass the spirit, if not the letter, of UK gambling regulations. Key Financial Data (GBP) Metric2023 (Audited)2024 (Audited)ChangeTotal Assets£23,234,953£76,960,000+231.2%Net Income£2,109,639£8,600,000+307.6%Gross Profit Margin~29.4%52.1%+22.7 pp Related Party Transactions According to point “14. Related Party Transactions” of MiFinity UK’s financial statements, the MiFinity Group also includes Concentric Data Services Ltd in Ireland and Concentric Data Services Malta Ltd; MiFinity Payments Ltd in Ireland and MiFinity Payments Ltd in Malta. MiFinitec Caada Ltd According to the 2024 Financial Statements, the financial (and therefore also operational) interdependencies were intense and remarkable: MiFinity UK owed Concentric Data Services over GBP 6.8 million; MiFinity Payments Ltd, in turn, owed MiFinity UK more than GBP 1.4 million (at the end of 2024). MiFinity Malta Ltd, in turn, owed MiFinity UK more than GBP 14.4 million at the end of 2024. In this respect, the balance sheets of the individual companies are only of limited significance; rather, one must look at the MiFinity Group as a whole. Mike Busher, an American born in June 1951, was the founder of MiFinity and was a director of MiFinity UK between 2012 and 2016. At that time, the company was still called NXSYSTEMS LTD. With more than 75% of the shares, Busher was also the controlling entity until February 2017. The ICIJ Offshore Leaks database shows that Michael Christopher “Mike” Busher is or was also a shareholder in Centric Data Services Malta Ltd. Mike Bushner is believed to have died in a plane crash in the summer of 2024. Key Data MiFinity Group ItemDetailsBrandMiFinity (global e‑wallet and payment services brand focused on online payments and gambling sectors).​Primary domainshttps://mifinity.com (including sub‑paths such as /legal, /about, /news, /personal etc.).​https://www.concentric.globalCore legal entitiesMiFinity UK Limited – incorporated in Northern Ireland, trading as MiFinity; authorised by the UK Financial Conduct Authority under the Electronic Money Regulations 2011, Registration No. 900090.​Mifinity Malta Limited – incorporated in Malta; authorised by the Malta Financial Services Authority (MFSA) as a financial institution/e‑money institution under the Financial Institutions Act, Reg. No. C64824.​MiFinity Payments Ltd (Ireland)MiFinity Payments Ltd (Malta)Concentric Data Services Ltd (Ireland) Concentric Data Services Malta Ltd (Malta)Jurisdictions & regulatorsUnited Kingdom – MiFinity UK Limited is an authorised Electronic Money Institution supervised by the FCA under the Electronic Money Regulations 2011.​Malta – Mifinity Malta Limited is authorised and regulated by the MFSA as a financial institution / EMI, with passporting for cross‑border services in the EEA.​Key individualsPaul James Kavanagh – Irish national; CEO and director of MiFinity UK Limited; publicly identified as co‑founder and key controller of the MiFinity group.​Kieron (Kieren) John Nolan – Irish national; CFO, director, and co‑founder; identified as person with significant control in UK company data.​Jim Purcell – Irish national; COO.Business activitiesE‑money issuance, e‑wallet services, payment processing, and merchant acquiring‑type services; supports card payments, bank transfers, alternative methods, and in some constellations crypto‑linked flows.​Operates as a high‑risk payment processor, with a pronounced focus on online casinos, gambling, and sports‑betting platforms, including operators in weakly regulated or unlicensed offshore jurisdictions.​Primary client segmentOnline gambling and betting operators (including Curacao/Anjouan and other offshore‑licensed casinos), casino affiliates and related high‑risk merchants that require cross‑border payment processing into and out of the EU/UK.​End‑users are retail customers using the MiFinity e‑wallet to deposit to and withdraw from these gambling platforms, often in jurisdictions where local licensing is absent or unclear.​ Whistleblower Call to Action The explosion in MiFinity’s numbers raises urgent compliance questions. We call on insiders, former employees, and partners to share information regarding MiFinity’s onboarding of offshore gambling merchants. If you have information, please contact us anonymously via Whistle42. Share Information via Whistle42

1. Case Summary — Germany Ends Sanctions Probe via Monetary Settlement German prosecutors in Munich have formally discontinued a criminal investigation into Russian‑Uzbek billionaire Alisher Usmanov concerning alleged violations of sanctions and the German Außenwirtschaftsgesetz (Foreign Trade and Payments Act), on the condition that Usmanov pays €10 million (Source: SZ). The case stemmed from allegations that Usmanov, who has been subject to EU and U.S. sanctions since 2022, arranged payments (~€1.5 m) through foreign‑based firms for security services at properties near Tegernsee and allegedly failed to declare valuable assets to German authorities — conduct prosecutors viewed as potential sanctions/non‑compliance (Source: n-tv). Prosecutors and the Munich Regional Court (Landgericht München II) agreed that in light of “special circumstances of this individual case” and unresolved legal questions around sanctions application, the matter could be closed under German criminal procedural law through a monetary condition (Geldauflage), without a conviction or penalty (Source: Deutschlandfunk). The payment is not treated as a fine or punitive sanction; the presumption of innocence remains intact, and the prosecution cannot be reopened on the same facts once the payment is completed (Source: DIE WELT). According to prosecutors, €8.5 m of the €10 m will go to Bavaria’s treasury and €1.5 m to social support charities (e.g., prisoner welfare and victim support) (Source: Reuters). This resolution follows a previous 2024 German discontinuation of a money‑laundering investigation against Usmanov on similar terms (payment of ~€4 m), again without admission of guilt. 2. Legal and Procedural Context Under German law, prosecutors may discontinue proceedings by imposing a Geldauflage — a conditional financial contribution — when it serves procedural efficiency and public interest, and where outright prosecution may not be warranted or legally certain. Such an arrangement: is not a conviction; does not establish guilt or liability; and maintains the presumption of innocence under criminal law. German authorities highlighted unresolved questions relating to sanctions rules and formal requirements, particularly concerning how EU sanctions obligations intersect with German law and reporting duties. This sort of prosecutorial discretion is relatively rare in high‑profile sanctions cases, especially involving politically exposed persons (PEPs) with frozen assets, leading to divergent reactions in legal and policy circles. 3. Usmanov’s Broader Sanctions and Legal Challenges Sanctions status: Usmanov was placed on the EU sanctions list in February 2022 following Russia’s invasion of Ukraine; similar sanctions were imposed by the U.S., UK, and Canada. He has challenged his sanctions designations, including an appeal to the EU General Court (dismissed in 2025) and legal actions against the EU Council and media outlets over alleged defamatory reporting (Source: Wikipedia). Litigation history in Germany: German courts previously found aspects of law enforcement conduct — including property search warrants — to be unlawful, citing formal violations and legal shortcomings. Some cases involved alleged misattribution of property ownership and contested links between Usmanov and entities purportedly connected to him. Ongoing enforcement landscape: At present, there is no public indication of equivalent criminal sanctions or prosecutions against Usmanov continuing in other jurisdictions directly tied to the German case. However: EU and U.S. sanctions remain in force, including asset freezes and travel bans. Compliance and sanctions enforcement agencies in various jurisdictions continue to monitor and enforce restrictions against sanctioned individuals, and legal challenges may continue indirectly through administrative sanctions proceedings. Wikipedia 4. Compliance Implications and Evaluation For sanctions compliance analysts and investigators, this development underscores several important themes: a. Sanctions Enforcement Complexity Sanctions cases involving PEPs and globally diversified asset structures pose unique legal challenges, particularly when: ownership structures involve trusts and indirect holdings, and the application of reporting obligations across jurisdictions remains legally unsettled. Wikipedia Courts may scrutinize enforcement mechanisms and procedural requirements, affecting prosecutorial strategies. b. Prosecutorial Discretion vs. Public Policy The use of a monetary settlement (Geldauflage) in lieu of prosecution — without a formal penalty — raises policy questions: Does such a settlement effectively enforce compliance norms? Might it create perceptions of unequal treatment for high‑net‑worth PEPs? How should sanctions enforcement balance legal certainty, resource allocation, and enforcement impact? These questions are increasingly relevant in cross‑border sanctions enforcement. c. Asset Freezes vs. Criminal Liability Sanctions regimes (EU, U.S., UK) can operate independently of criminal prosecutions. Freezes restrict economic interaction, while criminal liability requires proof of specific statutory violations. Usmanov’s case illustrates how sanctions obligations may intersect with domestic criminal law, but regulatory enforcement does not automatically lead to conviction. 5. Conclusion The termination of the German proceedings against Alisher Usmanov against a €10 million monetary condition — without conviction or admission of guilt — reflects a legal compromise shaped by unresolved legal questions, procedural considerations, and prosecutorial discretion. While this preserves Usmanov’s presumption of innocence, it also highlights the challenges regulators face in enforcing sanctions and foreign trade laws against sophisticated global actors. The sanctions frameworks under which Usmanov remains designated continue to have legal force, and compliance scrutiny persists, even as discrete criminal proceedings are resolved. For FinTelegram intelligence and compliance monitoring, this case demonstrates the nuanced interplay of sanctions enforcement, legal defenses, and prosecutorial strategy — and underscores the need for continued observation of how such high‑profile sanctions matters evolve across jurisdictions. Share Information via Whistle42.

Offshore casinos are no longer “just unlicensed websites.” They are increasingly engineered systems designed to be hard to regulate: anonymous operator presentation, jurisdiction-neutral legal clauses, and—most importantly—multi-layer payment architectures that turn a “casino deposit” into something else entirely. FinTelegram’s recent Stellar investigation illustrates how crypto rails (including bridged stablecoins like USDC.e), open-banking style flows, and payment intermediaries can effectively free offshore operators from meaningful constraints—raising an uncomfortable question: does regulation still work if enforcement can’t touch the rails? Read our Stellar Report here. Key Facts Offshore casinos can swap domains and brands quickly; enforcement measures like warnings and blacklists are often slow, fragmented, and easy to route around. Modern payment stacks split a single “deposit” into multiple counterparties (on-ramp, PSP rail, wallet transfer, settlement layer), obscuring merchant-of-record and weakening consumer redress. In the Stellar cluster documented by FinTelegram, recurring patterns include “fake bank transfers” that are actually crypto purchases (e.g., USDC.e) followed by automatic transfers to casino wallets—plus repeated appearances of the same facilitators. The competitive distortion is structural: regulated operators bear licensing and compliance cost; offshore operators externalize cost to consumers and the financial system. Short Analysis 1) The enforcement gap is structural, not accidental Classic gambling enforcement assumes an operator has identifiable ownership, a stable jurisdiction, and bank rails that regulators can pressure. Offshore casino networks increasingly avoid all three. They “export” gambling into regulated markets while keeping legal entities, infrastructure, and settlement arrangements outside practical reach. Regulators can publish warnings—but warnings do not stop payments. 2) Payment architecture has become the real regulatory battleground The crucial shift is the replacement of direct gambling payments with proxy transactions. “Deposits” are re-framed as: crypto purchases (sometimes bridged variants like USDC.e), open-banking style payments through intermediaries, or e-wallet/aggregator flows where the payee is a third party and the casino receives crypto or pooled settlement elsewhere. This doesn’t only complicate chargebacks. It breaks the supervisory levers regulators historically relied on: the purpose becomes blurry, the merchant-of-record becomes debatable, and the jurisdictional hook disappears. 3) Why offshore casinos are getting bolder When enforcement is slow or ineffective, the economics shift. Offshore operators rationally become more aggressive: expanding into restricted markets, scaling affiliate distribution, and hardening deposit flows against reversal. Over time, “compliance” becomes a cost center for regulated firms—and a competitive handicap. 4) Does regulation still make sense? Yes — but only if it targets chokepoints This is not an argument for deregulation. It is a warning that enforcement must migrate from the casino brand to the rails. Offshore casinos can rotate domains cheaply; they cannot operate without: payment gateways and PSPs enabling disguised deposits, crypto on-ramps and stablecoin rails used as “fake-fiat,” open banking facilitators and consent flows, affiliates and traffic brokers powering distribution. If regulators focus only on the offshore “operator” while ignoring the chokepoints, the outcome is predictable: more volume, more harm, less redress. Call for Information FinTelegram is building case files on the payment chokepoints that enable offshore gambling at scale. If you have evidence on gateway operators, on-ramps, merchant descriptors, acquiring banks, open-banking facilitators, affiliate networks, or withdrawal failures linked to “fake-fiat” deposit flows (including USDC.e), please submit it via Whistle42.com. Share Information via Whistle42

FinTelegram has expanded its review beyond Legiano and observed a repeatable pattern across multiple casino brands attributed to the operator Stellar Ltd: near-identical site structures, minimal operator disclosure, boilerplate “applicable law” clauses, and the same payment rails—most notably “fake bank transfers” facilitated by Polish Chainvalley that convert fiat into USDC.e and forward it to casino wallets. This report consolidates the pattern and explains why USDC.e adds bridge-risk on top of the already deceptive “fake-fiat” UX. Key Facts Casino review aggregators attribute brands such as Ragnaro, Astromania, SpinFin (and others) to Stellar Ltd (Source: Online Casino Groups). Across Stellar-branded sites we reviewed, operator/jurisdiction disclosure is weak, and legal language is often generic or template-like—e.g., SpinFin’s terms literally include a placeholder “laws of [insert jurisdiction]” (Source: SpinFin Casino). The Legiano rail (already published) appears reusable across the network: utPay/Chainvalley checkout → Skrill/Neteller funding → USDC/USDC.e purchase → automatic transfer to casino walle (Source: FinTelegram, Chainvalley) In MiFinity-branded flows, FinTelegram again observed the payee CANAMONEY EXCHANGE LTD (Canada) d/b/a CenturaPay (Source: CenturaPay). Read our Legiano reports here. Short Analysis 1) “Anonymity by Design.” A legitimate gambling operator typically discloses the licensed entity, the licensing authority, and a concrete governing law/jurisdiction. In the Stellar cluster, those anchors are frequently missing or diluted into non-answers (“applicable law”)—or left as template placeholders. This is not a cosmetic defect; it is a dispute and enforcement obstacle. 2) The Payment Architecture is the Same—Because it’s a Template What players experience as a “bank transfer” or “fiat deposit” is, in practice, a crypto purchase executed through a third-party on-ramp and forwarded to a casino wallet. Chainvalley’s own terms contemplate delivering virtual currency to a user-specified wallet address and even freezing crypto/fiat under its rules—confirming the flow is built as an exchange/on-ramp product, not a casino deposit product. For the player, the consequence is predictable: the transaction becomes “I bought crypto and received it,” not “I paid a gambling merchant,” which can undermine chargeback narratives and complicate complaints. 3) Why USDC.e is a second risk layer FinTelegram’s screenshots show USDC.e being purchased in these cashier flows. USDC.e is typically “bridged USDC”—a representation created via third-party bridge mechanics, not native issuance on that chain. Circle’s own documentation and legal terms state that bridged USDC is not issued/redeemed by Circle and is not backed by Circle’s USDC reserves, adding dependency on bridge integrity (“bridge risk”) (Sources: Circle, Circle, USDC, Avalanche).In short: fake-fiat rail + bridged stablecoin = less transparency, weaker redress, more technical failure modes. Call for Information FinTelegram is expanding the Stellar/Legiano case into a broader investigation of this casino template and its payment chokepoints. If you are a player, affiliate manager, PSP/acquirer insider, or have evidence about merchant descriptors, settlement accounts, token contract addresses for the “USDC.e” used, wallet clusters, chargeback outcomes, or payout/withdrawal issues across Legiano/SpinFin/Ragnaro/Astromania/MonsterWin and related brands, submit securely via Whistle42.com. We will publish dedicated deep-dive compliance notes on Chainvalley and CenturaPay/CANAMONEY as this case expands. Share Information via Whistle42

Daftcode’s Kryptonim: How a Warsaw Venture Builder’s Crypto Payment Processor Enables Offshore Casino Fraud Through Deceptive Banking Infrastructure Despite publishing explicit prohibitions against gambling transactions in its Terms of Service, Kryptonim sp. z o.o.—a cryptocurrency payment processor owned by Warsaw-based venture builder Daftcode—systematically processes cryptocurrency payments for illegally operating offshore casinos, including Neon54, LuckyWins (Dama N.V.), and Winning.io. FinTelegram’s latest compliance investigation documents how Kryptonim‘s technical infrastructure, combined with deliberate obfuscation through payment aggregators, enables players to believe they are making bank transfers while actually purchasing stablecoins that bypass traditional chargeback protections. INVESTIGATION SUMMARY FinTelegram’s compliance research division has completed a comprehensive investigation into Kryptonim sp. z o.o. (KRS 0001017630), a Polish virtual asset service provider incorporated February 3, 2023, and documented systematic facilitation of cryptocurrency payment flows for illegal offshore casinos operating without proper licenses in EU member states and Canada. FinTelegram’s complete 40-page compliance profile—“Systematic Facilitation of Illegal Gambling Payments: A Comprehensive AML/CTF Compliance Analysis of Kryptonim sp. z o.o.”—is now available for download. The profile includes: Complete beneficial ownership analysis and Daftcode venture builder governance structure Detailed documentation of payment flows through Neon54, LuckyWins, and Winning.io Screenshots showing fake banking infrastructure and merchant integration AML/CTF control gap assessment Regulatory enforcement risk analysis comparing KuCoin precedent Operational recommendations for compliance remediation Download the Full Kryptonim Compliance Report here. Key Findings: 1. Controlled by Daftcode Venture Builder Network Kryptonim operates as a portfolio company of Daftcode sp. z o.o., a Warsaw-based venture builder founded in 2011 by Kacper Szcześniak (Malta resident), Jędrzej Szcześniak, Daniel L., and Jarek Berecki. Unlike traditional venture capital (10-30% ownership stakes), Daftcode’s venture building model retains 50%+ control of portfolio companies, including Kryptonim. This structure ensures Daftcode’s founders exercise substantive decision-making authority over Kryptonim’s compliance approach, merchant acceptance policies, and operational risk tolerance. Kacper Szcześniak, primary Kryptonim shareholder (96% disclosed ownership), simultaneously serves as Oxla CEO and investor across 25+ Daftcode portfolio companies. This concentration of authority among founding partners with competing portfolio interests creates organizational conflicts that systematically devalue specialized compliance expertise in favor of portfolio-wide revenue optimization. 2. Fake Banking Infrastructure at Winning.io FinTelegram’s uploaded screenshots document Kryptonim’s technical integration with Winning.io casino (operated by Scatters Group). Players selecting “Instant Banking” or “Wise – Instant Banking” deposit options are redirected through Rillpay (Costa Rica-registered payment aggregator) to Kryptonim’s checkout page, where they unknowingly purchase USDC stablecoins (108.16 USDC for 100.00 EUR) that are automatically transferred to Winning.io’s pre-configured wallet address. This architecture accomplishes three compliance violations simultaneously: (1) it mischaracterizes the merchant category code as “purchase of digital assets” rather than “gambling payment,” (2) it eliminates players’ ability to initiate chargebacks by establishing the contractual relationship with Kryptonim rather than the casino, and (3) it uses false “Wise” and “Revolut” branding to suggest legitimacy from regulated payment service providers. Kryptonim’s system displays warnings when players attempt to modify the pre-populated destination wallet address (“may cause transaction to fail or result in loss of funds”), creating friction that discourages address modification while maintaining plausible deniability about merchant integration. 3. Regulatory Violation and Control Deficiencies Kryptonim’s Terms of Service explicitly prohibit “using credit cards for online gambling, betting, or any other iGaming activities.” Yet documented transactions for Neon54, LuckyWins, and Winning.io demonstrate systematic processing of precisely this prohibited category. The company lacks adequate merchant due diligence procedures, transaction monitoring controls, and suspicious activity reporting (SAR) protocols to prevent or detect casino-pattern transactions. Kryptonim faces regulatory transition to EU’s Markets in Crypto-Assets (MiCA) licensing regime by Q2 2025, requiring capital injection (EUR 50,000+ minimum), independent board oversight, and remediation of documented control gaps. CALL FOR INFORMATION FinTelegram seeks additional information from players, compliance professionals, and industry insiders regarding: Experiences with Kryptonim payment processing for offshore casinos (Neon54, LuckyWins, Winning.io, or others) Technical evidence documenting additional casino operators using Kryptonim or Rillpay infrastructure Documentation of payment failures, fund loss, or difficulty withdrawing deposited funds through Kryptonim Information about other crypto payment processors facilitating illegal gambling in EU/Canada Regulatory correspondence or complaints filed with KNF (Poland), FINTRAC (Canada), or FCA (UK) regarding Kryptonim Submit information confidentially to: [FinTelegram contact information] Share Information via Whistle42

FinTelegram is seeing a growing pattern in offshore casino cashier flows: what looks like a normal fiat deposit (e.g., via Skrill) is quietly re-routed into a crypto purchase—often USDC.e—that is then sent to a prefilled casino wallet. This “fake banking rail” reduces chargeback leverage and adds a second risk layer: USDC.e is bridged USDC, not native issuance. Key Facts In cashier flows like the Legiano / Chainvalley setup, the user pays fiat (e.g., 150 EUR via Skrill) while the checkout states they are buying USDC.e and sending it to a specified wallet address—with the consent checkbox already ticked. This is not a “casino deposit” in the traditional sense; it is a crypto purchase + transfer, which can materially weaken dispute/chargeback narratives. USDC.e is typically a bridged form of USDC moved from Ethereum to another chain via third-party bridging infrastructure—not issued by Circle (Sources: USDC, Circle). Short Analysis 1) The “fake-fiat” rail:This flow is designed to feel like a bank/PSP deposit to a gambling account, but it functions as a consumer crypto purchase. The UX does the rest: minimal disclosure, a pre-ticked consent statement, and a prefilled destination wallet that the user is effectively discouraged from changing. The result is predictable: the player sees a casino balance credit, but the payment trail is now “fiat → crypto purchase,” not “fiat → gambling merchant.” That distinction matters for consumer protection, dispute handling, and AML controls—especially in offshore gambling contexts where card acquiring and banking rails are often constrained. 2) Why “USDC.e” raises the stakes:USDC.e explainer: USDC.e usually denotes bridged USDC (ported from Ethereum), meaning it is a different token contract than “native” USDC on that chain and introduces an additional bridge-risk layer on top of the deposit flow. Circle and USDC documentation explicitly distinguish bridged forms (commonly branded “USDC.e”) from native USDC and note that bridged forms are not issued by Circle and rely on third-party mechanisms. 3) The compliance angle (why processors should care):When regulated PSP rails (or PSP-adjacent e-money rails) are used to fund crypto purchases that immediately feed offshore gambling wallets, the risk profile changes. Key concerns include: inadequate informed consent, purpose/merchant-of-record opacity, potential circumvention of gambling-payment restrictions, and elevated AML exposure. If the casino later faces payout friction, players may only discover after the fact that their “deposit” was a crypto transaction—often involving a bridged asset with its own infrastructure dependencies. Call for Information FinTelegram is expanding its mapping of USDC.e “casino rails.” If you are a player, PSP insider, compliance officer, or former contractor with information about Chainvalley-style checkouts, merchant descriptors used on Skrill/Neteller statements, the token contract address (to verify whether it is canonical USDC.e or a lookalike), the chain/network used, or payout/withdrawal issues linked to these flows, please report securely via Whistle42.com. Share Information via Whistle42

The offshore casino Legiano, operated by Stellar Ltd under an Anjouan Gaming Board licence, has been found using deceptive “fake-fiat” deposit mechanisms that systematically mislead players about the true nature of their transactions. This compliance analysis examines the payment infrastructure and identifies substantial regulatory violations by both the casino operator and its on-ramping partners. Our Legiano (legiano.com / legiano-1212.com) reviews shows a recurring “fake-fiat” deposit pattern: what is presented as a normal fiat top-up is, in reality, an embedded crypto purchase (USDC) that is automatically routed to the casino’s wallets via app.chainvalley.pro—with only minimal, pre-ticked disclosure. This setup shifts the transaction from “deposit to a casino” into “consumer bought crypto,” materially weakening chargeback and complaints leverage and raising AML/consumer-protection red flags for the payment processors involved. Key Facts Three deposit options at Legiano are branded as UTRG (Lithuania) d/b/a utPay, yet route users to app.chainvalley.pro (Source: utPay) The checkout includes a small consent line (“buy crypto and send to the specified address”) that is already ticked; changing the destination wallet triggers warnings and appears effectively blocked. Users ultimately purchase USDC, which is then transferred to casino wallets (example wallet provided: 0x7519…4496). Funding for the USDC purchase is processed via Skrill/Neteller (embedded e-money rails). Card deposits and “Jeton Bank” deposits are routed via api.payment-gateway.io “MiFinity” deposits appear payable to CANAMONEY EXCHANGE LTD (Canada) operating as CenturaPay (Source: CenturaPay). Anjouan’s license register lists Stellar Ltd, but legiano.com does not appear among the authorized URLs shown for Stellar Ltd (as of the register’s latest update displayed) (Sourcde: Anjouan Gaming). Short Analysis 1) Why this is “fake-fiat” (and why it matters): A player believes they are depositing fiat into a gambling account. Instead, the flow converts them into a crypto purchaser, then immediately forwards the crypto to the casino. This creates a compliance “shield”: the player received the crypto they “ordered,” so chargebacks/disputes become structurally harder—precisely the opposite of what regulators expect in high-risk gambling payments (clear consent, transparent merchant purpose, and effective consumer redress). chainvalley.pro+1 2) Likely compliance breaches and control failures (operator + on-ramper): Misleading presentation / inadequate consent: pre-ticked crypto-purchase consent and low-salience disclosure raise unfair-commercial-practice concerns and undermine “informed authorization.” AML/CTF & sanctions exposure: embedded on-ramps enabling offshore gambling flows demand enhanced merchant due diligence, transaction monitoring, and clear purpose labeling—especially where the end beneficiary is an offshore casino wallet. Gambling-payments facilitation: when processors knowingly (or negligently) provide rails into unlicensed/offshore gambling, they invite regulatory scrutiny, de-risking actions, and partner terminations. Entity Profiles (short) Chain Valley Sp. z o.o. (chainvalley.pro / app.chainvalley.pro) — Poland Incorporated in Poland on May 16, 2023, Chain Valley positions itself as a compliant fiat-to-crypto bridge, claiming “comprehensive legal compliance” and “streamlined KYC/AML” on its website. Key Findings Identified in Chainvalley policies as a Polish company (KRS 0001036419, Warsaw address) collecting extensive KYC/SOF data (Source: chainvalley.pro). Listed in Poland’s register for virtual-currency activity (entry shows CHAIN VALLEY Sp. z o.o., KRS 0001036419) (Source: slaskie.kas.gov.pl).Key questions: Who is the “merchant of record” in these Legiano flows, why is utPay branding used at selection, and what controls stop “embedded crypto buys” from being used as gambling-payment circumvention? CANAMONEY EXCHANGE LTD d/b/a CenturaPay (centurapay.com) — Canada Incorporated under the Canada Business Corporations Act, CenturaPay markets itself as a FINTRAC-registered Money Services Business and claims compliance with PCI DSS, KYC/AML, and GDPR standards. At Legiano, deposits made via the MiFinity e-wallet option are routed to CenturaPay, which acts as the payment processor of record. Key Findings CenturaPay states it is a trading name of CANAMONEY EXCHANGE LTD (Corp. No. BC1465281) with MSB Registration Number C100000299 and a North Vancouver business address (Source: centurapay.com) FINTRAC notes MSBs must register and that registration is a compliance obligation (not a “quality stamp” on risk controls) (Source: fintrac-canafe.canada.ca).Key questions: What is CenturaPay’s exact role behind MiFinity-routed deposits, and what gambling-merchant screening/monitoring is applied? Conclusion The Legiano case exemplifies a growing compliance blind spot: offshore casinos using crypto on-ramps to disguise the nature of player deposits, thereby bypassing traditional payment-processor controls and eliminating consumer recourse. Both Chain Valley and CenturaPay appear to prioritize transaction volume over due diligence, enabling a casino that operates without credible oversight. Key Data Table Brand / Role in flowDomains observedLegal entity (as known)JurisdictionRegulatory / licensing posture (relevant)Payment facilitators / gatewaysKey notes (compliance relevance)Legiano (offshore casino)legiano.comStellar Ltd (operator, per your review)Anjouan / Union of Comoros (offshore)Offshore gambling licence regime (“Anjouan Gaming” / similar)Uses multiple rails incl. crypto + PSPs belowPresents fiat-style options but routes users into crypto purchase/transfer flows (“fake-fiat”).utPay (payment option label at casino)utpay.ioUtrg, UAB (d/b/a utPay)LithuaniaCrypto/on-ramp positioning (CASP/VASP-type activity implied by service + T&Cs)Routes into Chainvalley checkout (per your screenshots)Three “utPay” options appear in Legiano’s cashier, but actual execution is via Chainvalley.Chainvalley (crypto on-ramp / checkout)chainvalley.pro, app.chainvalley.proChain Valley Sp. z o.o.PolandListed in Poland’s virtual-currency activity register (per public register)Skrill / Neteller fund the crypto buy; USDC forwarded to casino walletCore “fake-fiat” component: user is converted into “crypto buyer,” then USDC is auto-sent to casino wallet. Consent box is pre-ticked; wallet-change is practically blocked (per your screenshots).Stablecoin used in deposit(on-chain transfer)USDC (stablecoin)(issuance is non-local; token flows are global)Cryptoasset transfer; consumer redress differs materially from card/bank depositsBought via Chainvalley flow; then transferred to casino walletFunctional outcome: player can’t credibly pursue classic chargeback because they “received crypto,” which was then sent onward.Destination wallet (casino)(example) 0x7519d6836d1Adc49aa524840A4b0e7b471634496(wallet beneficiary: casino operator side)(on-chain)Outside card scheme redress mechanismsReceives USDC from on-ramp flow“Wallet hard-lock” warnings suggest intent to prevent user-controlled destination changes.Card / “Jeton Bank” deposit gatewayapi.payment-gateway.io (and payment-gateway.io)Unknown / not transparently disclosed (from public-facing domain)UnknownUnknownProcesses card deposits + deposits presented as “Jeton Bank”Gateway domain repeatedly appears in gambling-related traffic/infra; needs KYB/KYT mapping in follow-up.MiFinity (e-wallet option at casino)(brand-level) mifinity.com(e-wallet operator not analysed here)(varies)(varies)Player payments routed to CenturaPay/CANAMONEY (per your screenshots)MiFinity option appears to pay an external processor, not directly the casino—needs merchant-of-record clarity.CenturaPay (payment processor / payee in MiFinity flow)centurapay.comCANAMONEY EXCHANGE LTD (trading name: CenturaPay)Canada (BC)States MSB registration (FINTRAC MSB no. shown on site)Receives player funds via MiFinity option (per your review)High-risk role if servicing unlicensed gambling flows; KYB/merchant screening and transaction monitoring questions.Skrill / Neteller (funding rails inside “crypto buy”)skrill.com, neteller.com(brand-level; group entity varies)(varies)(typically e-money/regulated PSP rails; depends on entity)Used as payment methods to fund USDC purchaseKey risk: regulated rails potentially being used to “launder” gambling deposits into crypto transfers.PaysafeCard (deposit option at casino)paysafecard.com(brand-level)(varies)(varies)Voucher-based deposit methodIf offered into offshore gambling, raises merchant acceptance / purpose-labelling questions. Source notes (for the “known” legal-entity fields) Chain Valley Sp. z o.o. (KRS 0001036419, Warsaw address) is stated on Chainvalley’s policy pages. Chain Valley is listed in Poland’s “Rejestr działalności w zakresie walut wirtualnych” (virtual-currency activity register) with KRS 0001036419. utPay.io Terms: “utPay.io refers to the company Utrg, UAB …” Lithuanian company directory entry for UTRG, UAB shows website utpay.io and registration details. CenturaPay site states it is a trading name of CANAMONEY EXCHANGE LTD, with MSB registration number displayed. payment-gateway.io / app.payment-gateway.io appears in gambling-related scans/traffic context (useful as an OSINT pointer; operator still needs identification). Call for Information FinTelegram will publish detailed compliance reports on both Chain Valley and CenturaPay in the coming weeks. If you are a Legiano player, a processor insider, or a merchant-risk/AML professional with knowledge of Chainvalley, utPay/UTRG, CenturaPay/CANAMONEY, or api.payment-gateway.io (merchant descriptors, acquiring banks, KYB files, screenshots, correspondence, blocked withdrawals, dispute outcomes), please submit information via Whistle42.com. FinTelegram will follow up with dedicated deep-dive compliance reports on Chainvalley and CenturaPay. Share Information via Whistle42

Former Alameda Research CEO Caroline Ellison—one of the central insiders in the FTX collapse—is scheduled to leave federal custody in January 2026, according to updated Bureau of Prisons records cited by multiple outlets. Her early release, after extensive cooperation, re-raises the core question: Was FTX a politically targeted crypto casualty—or a classic, old-school fraud wearing a “new finance” hoodie? Key Points Ellison pleaded guilty, cooperated heavily, and testified against Sam Bankman-Fried (SBF); she is now set for release around Jan. 21, 2026 (BOP-record reporting) (Source: Yahoo Finanzen). SBF was convicted on 7 counts and sentenced to 25 years for misappropriating customer funds and related fraud conspiracies (Source: US DOJ). SBF’s playbook now: appeal (seeking a new trial) + a parallel pardon/clemency campaign aligned with a “politicized prosecution” narrative (Sources: ft.com, Reuters). The “Biden was hostile to crypto, therefore I’m innocent” thesis conflicts with the trial record: insider testimony, controlled backdoors, fabricated lender materials, and customer-asset misuse are governance and fraud facts, not ideology (Source: US DOJ). Ellison’s Situation: Early Release, But Not a Clean Reset Ellison was sentenced to two years in September 2024 after pleading guilty to multiple fraud/conspiracy counts and providing what the court called substantial assistance—yet the judge still imposed prison time given the scale of harm. Her custody status has already shifted toward community confinement, consistent with “end-of-sentence” federal practice (Source: Business Insider). Now, late-December reporting—citing updated BOP records—puts her release in January 2026 (some earlier reporting showed later projected dates, illustrating how BOP projections can move). Separately, the SEC has pursued/secured officer-and-director bars against key FTX/Alameda executives; Ellison agreed to a multi-year restriction from leadership roles at public companies (Source: US SEC). What FTX Was: The Case in Plain Language The government’s theory—accepted by the jury—was not complicated crypto theology. It was misappropriation + concealment: FTX (the exchange) held customer assets. Alameda Research (the affiliated trading firm) received special privileges and access. Billions in customer deposits were allegedly routed/used to plug Alameda losses, make investments, buy assets, and fund political influence—while customers were told their money was safe and liquid. SBF was found guilty on two counts of wire fraud and five conspiracy counts (including securities/commodities fraud and money laundering conspiracy) and sentenced to 25 years. Other insiders split into two buckets: Cooperators (e.g., Gary Wang, Nishad Singh) who received time served / no prison outcomes after assisting prosecutors (Source: Courthouse News). Non-cooperator/other track (e.g., Ryan Salame) who received a substantial custodial sentence (90 months). Ellison’s role, per courtroom testimony and public case narratives, sat at the center: she ran Alameda and admitted to decisions and communications used to mask Alameda’s true risk and funding—including the kind of lender-facing picture management that compliance teams treat as a “do not pass go” red flag (Source: The Guardian). SBF’s Current Exit Strategy: Appeal + Pardon Narrative On the legal track, SBF is pursuing an appeal arguing he did not get a fair trial (including complaints about evidentiary rulings). The Second Circuit heard arguments in November 2025; reporting describes judges as skeptical (Source: Reuters). On the political track, reporting says SBF’s family and representatives have explored Trump-era clemency/pardon channels, a marketplace increasingly shaped by access, intermediaries, and narrative alignment (Source: Bloomberg). Media coverage also frames SBF’s public messaging as a PR campaign designed to make clemency thinkable (Source: WIRED). And yes—SBF has tried to brand himself as a victim of a “crypto-hostile Biden administration,” implying political bias drove his conviction (Source: DL News). Was FTX “Just” a Victim of Biden’s Crypto Stance? A hostile regulatory climate can shape industry growth. It does not explain away customer-asset misuse, deception to lenders/investors, and concealed related-party privileges. The FTX prosecution was built on: insider testimony (including Ellison and others), internal controls/permissions evidence, and classic fraud elements—misrepresentation, reliance, concealment, and diversion. Calling that “a Biden problem” reads less like a legal argument and more like a clemency pitch tailored to a political moment. Even if some FTX customers may ultimately recover funds through bankruptcy processes, that does not retroactively legalize how the funds were allegedly taken and used. FinTelegram view: FTX wasn’t “cancelled.” It failed the oldest compliance test in finance—segregation of client assets and conflicts-of-interest controls—and then allegedly lied about it at scale. Call for Information (Whistle42) Do you have firsthand information about cyberfinance wrongdoing—exchange/prime broker conflicts, payment-rail laundering, stablecoin settlement abuse, offshore casino or shadow trading flows, or compliance cover-ups? FinTelegram is building case files on the sector’s chokepoints. Submit tips—anonymously if needed—via Whistle42. Share Informtion via Whistle42

FinTelegram has completed an in‑depth compliance investigation into Lithuanian VASP UTRG UAB d/b/a utPay. The findings indicate that utPay has evolved into a high‑volume payment hub for unlicensed online casinos and sports betting operators, particularly targeting German players through deceptive “fake bank transfer” schemes.​ Summary of the Compliance Report FinTelegram’s long‑form compliance report on UTRG/utPay, now available as a downloadable document linked in this article, reconstructs the group’s structure, licensing status, traffic patterns, and merchant portfolio using registry data, Similarweb analytics, and previous investigative work on NovaForge and associated casino networks. The report identifies UTRG UAB as a Lithuanian‑registered virtual currency exchange and depository wallet operator whose payment gateway app.utpay.io processed more than 720,000 visits in November 2025, nearly 80% of which originated from Germany.​​ Traffic and referral analysis shows that at least 58% of utPay’s observed traffic is driven by casino, gambling, and sports betting sites, with the top five referrers all being offshore casinos such as Legiano and BetAlice. These flagship merchants are operated by Marshall‑Islands entities within the NovaForge network and licensed in high‑risk jurisdictions like Anjouan or via non‑EU regulators such as PAGCOR, meaning they are not authorized to serve German players under the GlüStV 2021 regime.​​ Analysis and Interpretation The report documents how utPay’s checkout is embedded in casino cashier pages as a “bank transfer” or card deposit option, while the underlying transaction is in fact a crypto purchase from UTRG followed by an on‑chain transfer to the casino operator. This structure allows offshore casinos to route German player deposits via regulated SEPA and card rails while formally categorizing the payment as a crypto exchange transaction rather than gambling, effectively bypassing German payment blocking measures and bank‑side gambling controls.​​ FinTelegram’s analysis highlights that 42% of utPay’s referral traffic in November 2025 came from BetAlice and Legiano (connected to Fat Pirate), both linked to NovaForge Ltd, a Marshall Islands vehicle previously exposed by FinTelegram as the successor structure to the collapsed Rabidi Group network of illegal casinos. Combined with the complete lack of publicly disclosed beneficial owners, overdue financial filings in Lithuania, and the imminent MiCA licensing deadline, the pattern strongly suggests a business model optimised for regulatory arbitrage rather than long‑term, compliant operations.​​ Compliance Hypothesis Download the full UTRG Compliance Report 2025 here. Based on the compiled evidence, FinTelegram formulates the following working compliance hypothesis: UTRG UAB d/b/a utPay operates as a crypto‑based payment facilitator whose core business consists in processing German player deposits for unlicensed offshore casinos through deceptive “fake bank transfer” flows, thereby enabling large‑scale violations of German gambling law and creating a high‑risk channel for money laundering and player‑loss recycling. This hypothesis is supported by: The overwhelming German traffic share to app.utpay.io and the exclusive referral pattern from gambling domains.​​ The integration with NovaForge‑controlled casinos documented as part of an illegal, multi‑jurisdictional network using Cyprus‑based payment agents and high‑risk processors such as MiFinity and Binance.​​ The structural opacity around UTRG’s beneficial owners and the lack of current audited financial statements despite very strong growth in transaction volumes.​ The report concludes that UTRG/utPay should be classified as a critical‑risk counterparty for banks, payment institutions, and crypto exchanges and that Lithuanian and German authorities, in cooperation with other EU supervisors, should review the case in the context of MiCA licensing and GlüStV 2021 enforcement.​ Call to Whistleblowers and Insiders FinTelegram’s investigation into utPay and the NovaForge casino network is ongoing. The current report is built on open‑source intelligence, registry data, traffic analytics, and previous enforcement precedents, but important questions remain unanswered—especially regarding internal ownership structures, banking relationships, and the exact flow of customer funds between UTRG, casino operators, and associated payment agents in Cyprus and elsewhere.​ If you have insight into utPay, NovaForge, or their banking and payment structures, visit Whistle42 and help FinTelegram shed more light on this suspected high‑risk payment gateway. Your information may be crucial for regulators, affected players, and future enforcement actions. Share Information via Whistle42

After nearly twelve years of legal limbo, Austria’s justice system is now reportedly paying back €125 million—the record bail posted by Ukrainian oligarch Dmytro Firtash after his 2014 arrest in Vienna. The repayment lands right after an Austrian appeals court definitively blocked his extradition to the U.S.—partly because prosecutors missed a deadline. A Christmas present, and a compliance scandal in slow motion. Key Facts Bail repayment: Austrian media reported that courts must repay Firtash his €125M record bail after the extradition saga effectively ended (Source: Krone) Extradition to the U.S. blocked: Vienna’s Higher Regional Court rejected prosecutors’ final appeal as inadmissible—widely reported as linked to a missed appeal deadline and/or procedural defects (Source: Reuters). Core U.S. case: Firtash was indicted in the U.S. over an alleged bribery conspiracy tied to Indian titanium mining licenses (often described as ~$18.5M in bribes); he denies wrongdoing (Source JUS. DOJ). Immunity angle: Austrian proceedings referenced claimed international-law immunity linked to a Belarus representative role (Source: AP News). Ukraine angle: Reuters reports Firtash is also wanted in Ukraine (separate allegations) and yet was not extradited there either (Source: Reuters). Vienna residency & networks: Multiple reports over years place Firtash in Vienna-Hietzing, renting a villa linked to Austrian investor Alexander Schütz (politically connected donor in past reporting) (Sources: Austrian Parlament, Profil). Short Analysis Austria has now delivered a remarkable double outcome: no extradition and (reportedly) €125 million returned—a sum that was once justified as the “seriousness premium” needed to keep a globally-connected oligarch from vanishing. If this repayment is correct, it raises the obvious question: what exactly did twelve years of Austrian proceedings achieve—other than turning Vienna into a long-term safe base for a high-risk political-business actor? The compliance red flag is the procedural core: Austria’s final “no” was widely reported as not primarily a substantive vindication, but the consequence of formal barriers—including prosecutors missing deadlines. That is not a technicality in a case of this magnitude; it is a governance failure. When the state loses a decade-long extradition fight through avoidable procedure, “rule of law” starts to look like rule-by-process. Then there is the geopolitical asymmetry: Firtash fought U.S. extradition for years, while Ukraine also wanted him back and President Zelensky publicly pressed Austria to help return fugitive oligarchs—Firtash included in Ukrainian media coverage. Yet Austria remained the end-station. For FinTelegram, this is the real “Firtash case”: Vienna’s ability (or willingness) to enforce cross-border accountability when power, money, and local networks collide. Call for Information Do you have first-hand knowledge about Firtash’s residency arrangements in Vienna, his local facilitators, legal/PR intermediaries, or any political/economic networks that influenced this outcome? FinTelegram invites insiders, affected parties, and whistleblowers to submit information securely via Whistle42.com. Share Information via Whistle42

PlatinCasino is an offshore casino without regulatory permission in the UK or the EU. Its cashier labels a deposit option “Sofort,” but our testing indicates a very different mechanism: an open-banking style bank-selection and authorization flow via secure.bankgate.io, leading into a user’s bank (e.g., Revolut) to approve a third party. This is a classic chokepoint: regulated rails enabling offshore gambling deposits. Key facts (what we observed) Selecting “Sofort” on PlatinCasino opens a pop-up at secure.bankgate.io (bank selection / routing UI). (Confirmed) Choosing a bank (e.g., Revolut) redirects to the bank’s Open Banking domain (e.g., oba.revolut.com) for login and authorization. (Confirmed) The Revolut authorization screen shows the user is asked to authorize a third party (e.g., “PERSPECTEEV SAS” in our capture). (Confirmed) A bankgate endpoint returns a SALTEDGE-branded error page (404), suggesting infrastructure linkage between bankgate.io and SALTEDGE. (Corroborated) This rail can operate even when the casino itself appears offshore and accessible across EU/UK jurisdictions with limited friction at onboarding. (Confirmed in our deposit UX tests; merchant-of-record details remain Unknown) Rail Map Mini (hop sequence) platincasino.com (cashier) → “Sofort” secure.bankgate.io (bank picker / gateway) oba.revolut.com (bank login + consent) → “Authorize [third party]” Return to gateway/casino flow (completion/confirmation step) (Indicated; receipt evidence pending) Why this matters This is not just “another payment option.” It’s a compliance chokepoint: open-banking rails can become a high-velocity funding path into offshore gambling, shifting the risk burden to intermediaries (gateway/TPP/banks) while players may assume “Sofort” means a familiar consumer method. Read more We publish the full SALTEDGE Compliance Note with entity transparency, risk flags, and evidence gaps to resolve (merchant-of-record, payee details, contracting chain). Read the full report here. Call for Information (Whistle42) Worked at SALTEDGE / bankgate.io, in onboarding, risk, compliance, or partnerships? Or deposited via this “Sofort” flow and can share receipts/merchant descriptors? Submit securely via Whistle42.com. Share Information via Whistle42

Our PlatinCasino review indicates that the casino’s “Sofort” deposit option is not Klarna’s Sofort in the traditional sense, but a bank-to-bank open-banking rail that runs through secure.bankgate.io, a gateway branded to SALTEDGE (Salt Edge Limited). The flow redirects users into Revolut’s Open Banking authorization to approve a third party—creating a sophisticated domain-hop sequence that allows an unlicensed Curaçao offshore casino to tap regulated EU/UK financial infrastructure for player deposits. Key points Salt Edge Limited (UK) presents itself as an FCA-authorised open-banking provider and publicly positions Payment Initiation as a solution for iGaming deposits and payouts (Sources: Salt Edge Blog, Salt Edge Blog, Salt Edge Case Study). Companies House shows Tamara Royz (Canada) as the Person with Significant Control (PSC), holding >75% of shares/voting rights (Sources: UK Companies House). Salt Edge’s filed accounts show a small balance sheet and negative equity (~£41.6k)—not a big firm operationally, yet linked to a high-risk vertical rail (Source: UK Companies House). In the PlatinCasino “Sofort” flow, secure.bankgate.io appears to broker the bank selection and handoff into bank authorization—an A2A deposit rail that can bypass classic card-acquiring friction and KYC expectations at the casino layer (per your tests). The branding/UX suggests a white-label open-banking payment interface. Whether Salt Edge is acting as a regulated TPP in this specific flow—or as a technical service provider behind another regulated PISP—requires clarification. What we observed in the PlatinCasino deposit rail In PlatinCasino’s cashier, “Sofort” is presented as a familiar consumer payment brand. In practice, the deposit path we tested routes users into an open-banking style journey: PlatinCasino → secure.bankgate.io: a pop-up payment window opens where the user selects their bank (e.g., Revolut). The user is then redirected into the bank’s Open Banking authorization flow (e.g., oba.revolut.com) to approve a third party (e.g., PERSPECTEEV SAS). After authentication/consent, the user is returned to the payment journey—effectively enabling an offshore casino to receive funds through a regulated, bank-native flow. This is the compliance crux: a Curaçao-licensed (often EU-unlicensed) gambling operator appears able to use regulated open-banking rails to accept EU/UK deposits, even where the casino itself remains outside meaningful EU supervision. SALTEDGE profile and risk interpretation Regulatory posture vs product reality Salt Edge publicly states that Salt Edge Limited is authorised by the FCA and positions itself as an open-banking platform offering Account Information and Payment Initiation, including UK/EU payment initiation documentation. Critically, Salt Edge also markets open-banking payments directly into the iGaming sector—explicitly describing deposits/top-ups and payouts via Payment Initiation as an iGaming use case. That doesn’t prove wrongdoing. But it raises the probability that bankgate.io is not an accidental appearance; it may represent a deliberate high-risk vertical integration pathway. Ownership & financial signal Companies House lists Tamara Royz as the PSC with >75% control. In fact, SALTEDGE appears to be a Canadian scheme. Its LinkedIn profile lists Ottawa, Canada, as its headquarters. Royz also lists Canada as her place of residence in her LinkedIn profile. Crunchbase names Dmitrii Barbasura, Garri Galanter, Tamara Royz as the founder of SALTEDGE. Salt Edge’s accounts show negative equity of ~£41,553, indicating a thin capital base for a firm that—at least in market positioning—touches high-risk payment flows. This matters because thinly-capitalised fintech intermediaries can be more vulnerable to high-risk merchant concentration, complaints escalation, and compliance strain. The “bankgate.io” question Your screenshots show secure.bankgate.io as the operational gateway UI, and a SALTEDGE-branded 404 page appears when probing the domain/path—supporting an operational linkage between “bankgate” and SALTEDGE branding. (Internal test evidence.) However, to be precise and defensible in compliance terms, FinTelegram should frame this as: Confirmed: PlatinCasino deposit flow uses secure.bankgate.io and redirects to bank Open Banking authorization (e.g., Revolut). (Your test evidence.) Corroborated: SALTEDGE branding appears on a bankgate.io error page and Salt Edge publicly offers payment initiation products for iGaming (Source: saltedge.com). Open question: Is Salt Edge the TPP of record (PISP/AISP) in this exact PlatinCasino flow, or an underlying technical provider for another regulated entity? Compliance conclusion If an EU/UK-regulated open-banking stack is enabling deposits into a Curaçao offshore casino that appears accessible without meaningful KYC at onboarding, regulators and banks should treat this as a “chokepoint” exposure. The compliance risk is not merely “illegal gambling,” but also: merchant due diligence / high-risk merchant acceptance misleading UX (“Sofort” branding implying a familiar consumer method while actually running an open banking consent rail) AML/CTF and source-of-funds expectations displaced from the casino onto fragmented intermediaries potential licensing perimeter questions depending on who is the regulated payment initiator of record. FinTelegram will continue investigating who the merchant of record is, which entity receives funds, and which compliance controls (if any) screen offshore gambling merchants in the bankgate stack. Summarizing Table Brand / ProductLegal entityJurisdictionRegulatory posture (public)Key individuals / controlDomains / endpoints observedRole in PlatinCasino railSALTEDGE (open banking platform)www.saltedge.comSalt Edge Limited (Company #11178811), United KingdomCanada (HQ)FCA-authorised Account Information Service Provider(Ref No (822499).PSC: Tamara Royz (>75% control). Salt Edge founder (link): Dmitrii Barbasurasecure.bankgate.io; (SALTEDGE-branded 404 page observed on bankgate path); saltedge.com product/docsGateway UI for “Sofort” option: bank selection + redirect into bank Open Banking authorizationPlatinCasino (offshore casino)Latiform B.V. (operator stated by you)Curaçao (offshore gaming environment)Not an EU/UK licensed casino in your tests; accessible across EU/UK with deposit options—platincasino.com (cashier flows open multiple gateway domains)Origin merchant / cashier initiating the open banking flowBridge (authorization counterparty shown)Perspecteev SASFranceRegulated fintech (per public legal mentions on bridgeapi.io)—oba.revolut.com shows “Authorize PERSPECTEEV SAS” in the flow (your screenshot)Third party presented in Revolut Open Banking consent step Rail Mini StepUser-facing labelDomain hopWhat the user seesLikely functionEvidenceConfidence1Deposit method: “Sofort”platincasino.comCasino cashier shows “Sofort” as payment optionInitiates A2A/open banking deposit flow (not classic Klarna checkout)Your cashier screenshot + test descriptionConfirmed2Redirect / pop-upsecure.bankgate.ioBank selection screen (Italy + banks incl. Revolut, UniCredit, Poste, etc.)Open banking gateway UI / bank picker + consent journey launcherYour secure.bankgate.io screenshotConfirmed3Select bankoba.revolut.comRevolut login/consent pageBank Open Banking authorization (SCA + consent)Your Revolut OBA screenshot(s)Confirmed4Authorize third partyoba.revolut.com“To authorise PERSPECTEEV SAS”Consent to TPP / payment request initiator shown by the bankYour “Perspecteev SAS” screenshotConfirmed5Return / completionsecure.bankgate.io → platincasino.comUser returns to gateway/casino flow after consentFinalizes payment initiation / confirmation back to merchant flowFlow inference based on standard OB journey; requires transaction receipt proofIndicated Call for Information (Whistle42) Have you processed payments, onboarding, compliance, risk, or partner management for SALTEDGE / Salt Edge / bankgate.io? Are you a player who deposited via “Sofort” on PlatinCasino (or other casinos) and can share receipts, merchant descriptors, confirmation emails, or bank references? Please contact FinTelegram via Whistle42 with documents/screenshots. Anonymous submissions welcomed. Share Information via Whistle42

Hyperliquid markets itself as a non‑custodial, permissionless DEX for perpetual futures, thereby positioning its high‑risk leverage products outside traditional licensing regimes. In substance, however, Hyperliquid operates a foundation‑controlled Layer‑1 with closed‑source infrastructure, a concentrated validator set, and discretionary market intervention powers that closely resemble a centralized exchange (CEX) without formal custody. From a European regulatory perspective, such a structure is more appropriately assessed under MiCA and, where relevant, MiFID II, rather than treated as exempt “DeFi.”​ Structural Analysis: CEX in DeFi Clothing Hyperliquid publicly describes itself as a decentralized, non‑custodial derivatives exchange running on its own high‑performance blockchain. Users deposit collateral into protocol smart contracts and maintain legal ownership of assets, which is then used as margin for leveraged perpetual futures.​ Read our Hyperliquid reports here. However, key structural elements are neither open nor credibly decentralized: Closed‑source node code and HyperBFT: The consensus client, including the HyperBFT implementation and critical logic (oracle, matching, liquidations), is closed source and distributed as a single binary, making independent technical audit impossible and creating a “black‑box” trading venue.​ Validator concentration and foundation control: Public validator letters and analysis report that approximately 80% of staked HYPE, and thus effective consensus power, is controlled by foundation‑linked nodes. The foundation also designs the delegation program and sets qualification criteria, enabling it to gate access to the validator set.​ Discretionary market intervention: In past stress events, Hyperliquid validators/foundation have intervened by delisting markets, fixing settlement prices and altering liquidation outcomes via validator votes, demonstrating centralized decision‑making that goes beyond “code‑is‑law” execution.​ Functionally, this is equivalent to a CEX with: Internal matching and risk engines, Centralized control over listing, liquidations and oracle behavior, But implemented via foundation‑controlled infrastructure rather than a traditional corporate IT stack.​ Download our Hyperliquid Compliance Report 2025 here. Hyperliquid in Numbers From a financial‑stability perspective, Hyperliquid is no niche experiment but a systemic player in on‑chain leverage. As of mid‑2025, public analytics place its total value locked (TVL) in the range of 3.5–4.3 billion USD, with the core HLP and related pools alone accounting for several hundred million in user collateral. Daily notional derivatives volumes oscillate between roughly 4 and 20 billion USD, with open interest figures reported in the high single‑ to low double‑digit billions, ranking Hyperliquid among the top three crypto derivatives venues globally and the clear market leader among so‑called perpetual DEXs. Cumulative perp volume has crossed the trillion‑dollar mark in recent months, illustrating that this foundation‑controlled venue is already a trading giant in the cyber‑finance segment, operating effectively under regulators’ radar while offering high‑risk leverage products to EU and global clients.​ The “Unknown Foundation”: Governance Without Transparency A striking feature of Hyperliquid’s setup is the opacity surrounding the Hyper Foundation (website), the entity presented as steward of the protocol and ecosystem. Public materials describe it as a Cayman‑based foundation company that “supports development of the Hyperliquid protocol and ecosystem,” but offer no detailed corporate registry data (e.g., LEI, registration number, directors, or audited financials). Ecosystem profiles and the foundation’s own website likewise omit beneficial ownership disclosure, group structure, and governance arrangements, leaving regulators and compliance officers without the basic counterparty information normally expected for an operator of a multi‑billion‑dollar trading venue.​ Despite this lack of transparency, the Hyper Foundation explicitly positions itself at the center of network control. Official documentation (whitepaper here) shows the foundation designs and runs the validator delegation program, sets eligibility criteria (including jurisdictional and KYC/KYB filters), and reserves the right to change these criteria at any time, making it the effective gatekeeper for consensus participation. It is also the focal point for institutional partnerships and incentive schemes: reports on Circle’s strategic HYPE investment and prospective validator role describe Circle as becoming a “direct stakeholder in the Hyperliquid ecosystem” through engagement with the foundation, underlining its central coordinating function.​ This combination—opaque Cayman foundation, closed‑source infrastructure, and foundation‑curated validator set—means that public claims such as “no single entity owns or operates the Hyperliquid network” are, at best, incomplete. From a compliance and supervisory standpoint, the Hyper Foundation is the de facto operator and governance nexus of a global, highly leveraged trading platform, yet it does not currently meet even minimal transparency standards expected of a regulated market operator in the EU or comparable jurisdictions. Regulatory Hypothesis: MiCA / MiFID II Applicability MiCA expressly targets crypto‑asset service providers (CASPs) that operate trading platforms, with only fully decentralized models potentially falling outside scope. Hyperliquid’s governance and validator structure clearly fails this “fully decentralized” threshold: a known foundation coordinates development, controls most consensus stake, and administratively shapes validator composition and protocol parameters.​ Accordingly: For non‑financial‑instrument crypto derivatives, Hyperliquid should be assessed as a MiCA‑regulated CASP operating a trading platform and providing execution of orders for third parties, irrespective of its non‑custodial design.​ Where underlyings or structured products qualify as financial instruments, operators and controlling entities fall within the MiFID II perimeter (e.g., operation of a multilateral system and investment services in derivatives), with associated organizational, conduct and prudential requirements.​ The decisive regulatory test is control, not marketing labels: Hyperliquid’s effective centralization means it should be treated as a CEX‑like venue without custody, not as an exempt DeFi protocol.​ Call for Information FinTelegram invites insiders, former team members, validators, technical contractors and counterparties with knowledge of Hyperliquid’s validator arrangements, governance structures, and intervention practices to provide information in confidence via our whistleblower platform Whistle42. Share Information via Whistle42