FinTelegram’s casino mystery-shopping and payment-stack reviews keep surfacing the same pattern: Revolut appears as a funding option for offshore casinos that seem accessible from restricted EU markets, with deposits executed via open-banking “pay-by-bank” flows. In the Contiant/Yapily cascade, users are routed from a casino cashier to paywith.contiant.com, then into a Yapily consent step (“Authorize Yapily Connect UAB”), and finally into the Revolut environment—linked to Revolut’s open-banking infrastructure (including references to oba.revolut.com). Background In parallel, FinTelegram has documented Revolut/“Revolut Pay” showing up at checkout via UtPay for Santeda-linked brands (e.g., Donbet, Rolletto), despite the compliance expectations around blocking unlicensed gambling access in certain jurisdictions. Read our report on utPay and Revolut here. We are now investigating whether this is an unintended partner-channel blind spot (weak KYB / oversight of intermediaries) or whether parts of the ecosystem are economically incentivized to tolerate high-risk gambling volumes. At this stage, intent is not established—but the recurring rails and the intermediated structure warrant scrutiny. Revolut advertises a Gambling Block and says some countries require it to block transactions to illegal operators (Source: Revolut). However, it seems that Revelut itself systematically utilizes open banking to access the segment of illegally operating casinos. Mini Rail Map (Observed: Oct–Dec 2025, UTC) Brand/domains: Revolut (open-banking touchpoint oba.revolut.com) — Indicated; Contiant paywith.contiant.com — Confirmed Payment options: Pay-by-bank / Open Banking (PIS); Revolut as funding choice — Confirmed/Indicated Named rails: Yapily Connect UAB (PISP) — Confirmed; UtPay gateway — Confirmed (checkout exposure) Call for Information (Whistle42): Players, insiders, compliance staff—please share screenshots (cashier + consent), redirect domains, Revolut payment references, descriptors, and any partner/KYB documentation (PII redacted). Share Information via Whistle42

FinTelegram’s latest compliance analysis flags Contiant Ltd (Bulgaria) as a technical service provider sitting in front of Yapily Connect UAB’s PSD2 rails, enabling pay-by-bank deposits for offshore casino brands apparently offered into restricted/unauthorized markets—notably the Netherlands (based on traffic signals). Read the Contiant Compliance Report here. Risk Signal The key risk isn’t a single casino domain. It’s the stack: casino checkout → paywith.contiant.com → Yapily consent/authorization flow (including “Powered by Yapily” UI) → bank approval (e.g., Revolut user journeys referenced in the report). This structure can create plausible distance between the licensed rail provider and the gambling merchant—while the regulated rails still settle the underlying transaction. FinTelegram also notes traffic intelligence suggesting casino-only referral traffic into Contiant’s payment subdomain and a strong NL concentration, which—if sustained—should trigger enhanced partner due diligence and transaction-monitoring escalations at multiple points in the chain. Mini Rail Map (Observed Dec 16, UTC) Brand/domains: Contiant — www.contiant.com, paywith.contiant.com (Confirmed) Payment options: Pay-by-bank / Open Banking (PIS); bank authorization flows incl. Revolut journeys (Confirmed/Indicated) Named rails: Contiant (TSP) (Confirmed); Yapily Connect UAB (PISP) (Confirmed); Revolut open-banking touchpoint (Indicated) Risk signals: licensing/market mismatch; proxy layering; casino-only traffic profile; NL targeting signal (Indicated) Monitoring cues:” [redirect host patterns / ‘Powered by Yapily’ consent screen / paywith.contiant.com referrals / descriptor samples requested] Call for Information Are you at Contiant, Yapily, Revolut, or an affected bank/PSP? Share due-diligence files, partner contracts, consent-screen evidence, and descriptor samples via Whistle42. Share Information via Whistle42 We publish evidence-led compliance intelligence on the payment rails behind illegal gambling.

How Estonian Legitimacy Conceals a Multi-Jurisdictional Regulatory Evasion Scheme FinTelegram has completed a comprehensive compliance investigation into the Estonian Sisu Group—a sophisticated offshore gambling empire orchestrated by Coolbet founder Jan Svendsen that exploits regulatory arbitrage, payment processor complicity, and deliberately obscured ownership structures to operate unlicensed gambling services across restricted EU and UK markets. The investigation reveals a paradigmatic case of how modern offshore gambling operations weaponize corporate structure, payment technology, and regulatory gaps to build criminal enterprises hidden behind facades of legitimacy. The Central Scandal: The Missing Link While Sisu Group maintains ostensible regulatory legitimacy through Estonian-licensed entities (Anya Holdings OÜ, Sisu Tech OÜ, and Ducks In A Row OÜ), the actual consumer-facing casino operations—Epicbet.com and ReSpin.com—are controlled by Hot Streak Ltd, a Nevis-registered entity with an Anjouan gaming license that has zero documented ownership connection to the Estonian parent structure. This “missing link” is not accidental. It is the architectural centerpiece of systematic regulatory evasion, enabling: Regulatory arbitrage between Estonian legitimacy and offshore anonymity Payment processor deception via MoonPay, Banxa, and Changelly integration Consumer protection elimination across multiple jurisdictions Enforcement evasion through deliberately obscured ownership trails Systematic violations of EU gambling laws, payment directives, and AML frameworks What the Full Compliance Report Reveals The downloadable “The Sisu Shadow Empire” report (24 pages, professionally formatted for regulators and compliance professionals) provides: TIER 1: The Sisu Group Ecosystem – Architecture of Deception Jan Arthur Svendsen’s industry history and calculated transition from legitimate gambling to regulatory evasion Anya Holdings OÜ as the parent holding company incorporating sophisticated ownership structures designed to obscure beneficial ownership €14 million funding structure split between Level Up Entertainment (€9M, led by former ComeOn! and Cherry Spelglädje CEO Hans Martin Nakkim) and a fragmented “Sisu 100 Network” (€5M from 100+ small shareholders across multiple jurisdictions) Compliance implications of fragmented ownership and the deliberate rejection of higher funding bids to maintain ownership obscuration TIER 2: The Missing Link – Offshore Operations Layer Hot Streak Ltd (Nevis C 60238) operating Epicbet.com and ReSpin.com with undisclosed beneficial ownership Zero documented connection between Estonian entities and the Nevis entity despite public attribution to Sisu Group Strategic use of Nevis (zero beneficial ownership disclosure) and Anjouan licensing (minimal regulatory oversight) Comeback N.V. (Curaçao) as secondary offshore licensing layer Coins R Us OÜ (Estonia) – former payment agent for ReSpin. TIER 3: Consumer-Facing Brands – The Operational Facade Epicbet.com (launched June 2024): flagship operation with 3,000+ games and Ninjas in Pyjamas esports sponsorship ReSpin.com (launched January 9, 2024): crypto-focused predecessor with identical deceptive licensing claims TIER 4: The Payment Facilitator Scandal – The Chokepoint FinTelegram’s December 16, 2025, compliance testing: successful registration and cryptocurrency deposits from Austria, Italy, and the UK—all explicitly prohibited jurisdictions—with zero geographic controls MoonPay (US-regulated): generating 1-5% transaction fees while systematically enabling players in restricted jurisdictions to fund unlicensed gambling using credit cards, Apple Pay, Google Pay, and bank transfers Banxa (Australian-regulated): providing identical fiat-to-crypto gateway with full awareness of gambling usage patterns Changelly: the technical orchestrator providing API integration that makes the entire scheme seamless The regulatory accountability crisis: Why payment processors knowingly enable illegal gambling while maintaining regulatory credentials TIER 5: Systematic Regulatory Violations Direct compliance testing results confirming zero geographic blocks, zero KYC requirements, zero self-exclusion integration, and zero segregated player funds Violations of: EU Payment Services Directive (PSD2), Anti-Money Laundering Directive, national gambling regulations (Austria, Italy, UK, Germany, France), Estonian licensing territorial limits, FATF anti-money laundering standards Consumer protection failures: no self-exclusion integration (GAMSTOP, OASIS), no player fund segregation, no independent dispute resolution TIER 6: Broader Compliance Implications The Sisu Model as industry blueprint: How Jan Svendsen’s structure is being replicated across offshore gambling The Level Up Entertainment factor: How institutional investors with gambling industry expertise knowingly fund regulatory evasion structures Why regulators are failing: Jurisdictional fragmentation, payment system gaps, resource constraints, and industry lobbying Summary Table: Complete Compliance Data All corporate entities, licenses, beneficial owners, payment facilitators Key dates, funding structures, and regulatory status FinTelegram testing results from restricted jurisdictions OSINT Methodology Note – Transparency and Rigor The report explicitly addresses that connections between Sisu Group and Hot Streak Ltd / Epicbet / ReSpin are based on consistent open-source intelligence (OSINT) from multiple independent casino review portals (CasinoJan, Rodeo Casinos, Casinogamesonnet, Tribuna, GMBLRS, and others). However, the complete absence of documented ownership connections in Nevis and Curaçao registries is itself a significant compliance finding—the deliberate lack of transparency is the architecture enabling regulatory evasion. The report invites whistleblower confirmation of the ownership linkage while emphasizing that the OSINT evidence is strong and consistent across independent sources. Urgent Call: Close the Missing Link The missing link between Estonian entities and Hot Streak Ltd cannot be definitively established through public records because Nevis maintains zero beneficial ownership disclosure requirements. This is intentional—the opacity is the design feature enabling systematic regulatory evasion. FinTelegram is calling for insiders, employees, former staff, payment processors, regulators, and affected players to provide the documentation that closes this gap. What We’re Looking For: Hot Streak Ltd formation documents showing beneficial ownership Service agreements between Ducks In A Row OÜ and Hot Streak Ltd Board meeting minutes from Anya Holdings OÜ discussing offshore operations Payment processor agreements between MoonPay/Banxa/Changelly and Sisu Group entities Merchant onboarding documents showing payment processors’ knowledge of gambling usage Financial flow documentation tracing money movement between jurisdictions Cryptocurrency wallet addresses for player deposit receipt and fund distribution Bank account information for Hot Streak Ltd showing settlement institutions Evidence of self-excluded players accepted from restricted jurisdictions Documentation of confiscated winnings and arbitrary account closures SUBMIT INTELLIGENCE SECURELY All information can be submitted anonymously and securely through FinTelegram’s Whistle42 whistleblower platform: Share Information via Whistle42 Download the Full Compliance Report [DOWNLOAD: The Sisu Shadow Empire – Complete Compliance Report] The comprehensive 24-page report is formatted for distribution to regulators, compliance officers, lawyers, law enforcement agencies, and financial crime specialists. Professional document suitable for confidential briefings, legal proceedings, and regulatory submissions. Download the Sisu Compliance Report This is the third major investigation in FinTelegram’s ongoing “Crypto Payment Processor Watch” series, following our exposés on Kingdom Casino/UtPay, Rainbet, GamDom, BC.Game, Roobet, and 1xBet. The Sisu investigation represents the most comprehensive case study to date of how legitimate regulated payment processors systematically enable offshore gambling violations through regulatory arbitrage. The missing link awaits closure. Your information matters. Submit intelligence via Whistle42.

Italian prosecutors in Trento have moved to drop the heaviest “mafia-style criminal organisation” allegations against former tycoon René Benko in the Romeo investigation. But an investigating judge is pushing back, while in Austria Benko faces two non-final convictions for fraudulent bankruptcy and remains in pre-trial detention over the wider Signa collapse. Key Points Italian retreat – but no clean slate yet: The Trento prosecutor’s office has filed a 24-page request to drop the “mafia paragraph” and the core allegation of a criminal association using mafia-like methods around Signa projects such as Waltherpark and “Gries Village” (Source: Kurier, DER STANDARD). Judge resists archiving: A giudice per le indagini preliminari (investigating judge) has reportedly refused the archiving request and wants to keep the serious charges on the table, with a key hearing scheduled for 5 February 2026 (Source: RaiNews). Original Italian narrative: Benko was previously described as the “head of a mafia-like criminal association” alleged to have bought influence over permits and concessions via a network of businessmen, officials, and local politicians; a European arrest warrant and around 100 searches followed. Two Austrian convictions, both under appeal: October 2025: 24 months’ unconditional prison for betrügerische Krida over a €300,000 payment to his mother before personal insolvency (Source: Legal Tribune Online). December 2025: 15-month suspended sentence plus fine for hiding luxury watches and cufflinks from creditors; his wife Nathalie Benko was acquitted. Both Benko and the WKStA have lodged Nichtigkeitsbeschwerde and appeals. U-Haft continues: Despite the Italian development, Austrian courts have extended pre-trial detention until at least 12 January 2026, citing risk of further offences and ongoing mega-investigations into the Signa collapse (Source: VZ VermögensZentrum). Read our reports on the Rene Benko Case here. Short Narrative For a year, the Italian Romeo investigation was one of the most explosive components of the Signa complex. Prosecutors in Trento accused Benko of heading a mafia-style structure that allegedly used donations, promises of jobs and a tightly knit local network to push through projects such as Waltherpark and airport expansions in South Tyrol. Now, that narrative is wobbling. The prosecution has concluded that the evidence does not support a conviction under the mafia statute or for criminal association, and therefore wants most of the 35 accusation points against 77 suspects dropped; only minor offences such as secrecy breaches or procurement irregularities might remain. For Benko, his defence already speaks of the prospect that “no relevant charge will survive” in Italy. However, the legal story is not over: the investigating judge has refused to rubber-stamp the retreat and insists the serious allegations should not be shelved at this stage. The decision has been effectively kicked to a February 2026 hearing. Extended Analysis From a FinTelegram perspective, the Italian move is best read as prosecutorial de-escalation, not exoneration. The mafia framing was always ambitious: complex zoning, lobbying and donations are notoriously hard to convert into “mafia-type association” convictions, especially without clear evidence of violence or extortion. At the same time, the Austrian risk profile for Benko remains extreme. Two Innsbruck courts have now found – albeit non-finally – that he stripped assets out of his personal insolvency estate, first via a €300,000 gift to his mother, then via luxury watches and cufflinks parked in a family safe. These are comparatively small numbers, but they create an important pattern: courts accepting the WKStA’s core thesis of deliberate creditor harm. The real Signa causa is still ahead. The WKStA and German partners in Joint Investigation Teams are running more than a dozen large files on fraudulent bankruptcy, breach of trust, serious fraud, creditor favouritism and subsidy abuse with a current damage estimate around €300 million – against a total Signa collapse of up to €40 billion. Against this background, Benko’s latest push to leave pre-trial detention – arguing that the Italian retreat and the partial acquittals remove any “danger of further offences” – is far from a done deal. The WKStA publicly maintains that detention grounds continue to exist and notes that the defence has so far not systematically attacked Vienna’s detention orders. For creditors, investors and political stakeholders, the message is clear: Italy may be stepping back from the mafia narrative, but the Austrian and German insolvency- and fraud-tracks are very much alive. Call for Information We invite insiders, former employees, advisers, public officials and counterparties in Austria, Germany, Italy or elsewhere who have information on Signa-related asset transfers, political influence channels, side letters, or offshore structures to contact us securely via Whistle42.com. Documents, emails, and transaction records are particularly valuable for mapping the Signa Crime Case. Share Information via Whistle42

Germany’s BaFin has imposed a fresh package of supervisory measures on neobank N26 after a 2024 special audit and the 2024 annual-accounts review flagged “serious deficiencies” in governance, risk/complaints handling, and the organisation of its lending business. The most striking element: BaFin is now curbing N26’s mortgage expansion in the Netherlands—an unusually explicit cross-border intervention. Key Facts New measures (Dec 2025): BaFin ordered additional own-funds/capital requirements, appointed a special representative/monitor, and restricted N26’s lending business (Source: Reuters). Dutch dimension: N26 is prohibited from originating new mortgage loans in the Netherlands and is also barred from securitising mortgage receivables linked to that Dutch business (Source: DIE WELT). Regulatory history: This is the second time since 2021 that BaFin has deployed an external monitor-like mechanism around N26. Prior sanctions: BaFin previously fined N26 €4.25m (2021) and later €9.2m (2024) for late suspicious activity reporting related to 2022 cases (Source: BaFin). Short Analysis BaFin’s message is that N26’s “bank-as-an-app” growth story still breaks on classic control failures: risk governance, complaints management, and credit-process organisation. This time, BaFin didn’t just re-tighten Germany-centric remediation—it also attacked a specific cross-border product line (Dutch mortgages) and related balance-sheet engineering (securitisation). The “Dutch dimension” matters because it underscores how a home supervisor (BaFin) can effectively throttle EU-passporting/branch activity when it concludes the institution’s organisation is not “orderly” enough to safely run higher-risk lending at scale. In plain terms: if the control framework is weak, cross-border growth is the first privilege to be suspended. Actionable Insight If you are a partner, broker, warehouse/servicer, or funding counterparty to N26’s Dutch mortgage channel, reassess: (i) pipeline continuity, (ii) complaint/forbearance handling, (iii) governance evidence trails, and (iv) any securitisation-adjacent representations. Expect intensified supervisory scrutiny of “fast-growth” control environments across EU neobanks (Source: Banking Dive). Call for Information Are you an N26 customer, former employee, vendor, or compliance/audit insider with documents on control failures, SAR backlogs, complaints handling, or cross-border lending operations (incl. the Netherlands)? Submit securely via Whistle42. Share Information via Whistle42

Compliance Analysis Date: December 16, 2025 This report profiles Contiant Ltd, a Bulgaria-based payment processor that has emerged as a critical financial gateway for illegal offshore gambling operators. Our investigation confirms that Contiant acts as a “Technical Service Provider” (TSP), effectively piggybacking on the regulated open banking infrastructure of Yapily Connect UAB to process high-risk transaction volumes from prohibited jurisdictions like the Netherlands. 1. Corporate Profile & Business Model Contiant Ltd markets itself as an “Open Banking Services Provider” specializing in high-risk verticals, including iGaming, Forex, and Crypto.​ Legal Entity: Contiant Ltd. Registration: Registered in Bulgaria (UIC/Tax Number: 207006641).​ Headquarters: Sofia, Bulgaria.​ Regulatory Status: Contiant appears to operate without its own financial license. Its Terms of Use explicitly state that it provides “technical services and implementation” for Open Banking. It relies entirely on the license of third-party regulated entities (primarily Yapily) to touch the actual funds.​ 2. The Yapily Connection: A “Borrowed” License The most critical compliance finding is Contiant’s structural reliance on Yapily, a major UK/Lithuanian open banking infrastructure provider. The Mechanism: When a player deposits at an offshore casino like Winning.io via Contiant, the actual Payment Initiation Service (PIS) is executed by Yapily Connect UAB (authorized by the Bank of Lithuania). The user interface explicitly states “Powered by Yapily” and redirects players to “Authorize Yapily Connect UAB” via their banking app. The Regulatory Gap: By acting as a “technical” layer, Contiant effectively insulates Yapily from direct exposure to the casino. However, the result is that Yapily’s regulated rails are being used to settle illegal gambling debts. The volume of traffic suggests that Yapily is either failing to monitor its agent/partner activity or is knowingly accepting this high-risk flow via the Contiant proxy. 3. Traffic Intelligence & High-Risk Focus Our analysis confirms that Contiant is almost exclusively dedicated to high-risk and offshore gambling traffic. Referral Sources: 100% of referral traffic to the payment subdomain paywith.contiant.com originates from unregulated offshore casinos, including Skyhills, Epicbet, Shakebet, WBetz, and Winning.io. Geographic Targeting: Over 95% of traffic originates from the Netherlands, a jurisdiction with strict gambling regulations (KSA). This indicates that Contiant is the primary gateway for Dutch players to access illegal casinos. Banking Connections: The top outgoing links from Contiant are to major Dutch and European banks (ING, Rabobank, Revolut, KBC), confirming its role in facilitating prohibited bank-to-casino transfers. 4. Leadership Public records identify the following individuals behind Contiant:​ Ivo Dimitrov: Co-Founder & CEO. Dimitar Kostov: Co-Founder & CTO. George Matev: Co-Founder & Partner. Revolut and the “Open Banking Game” The transaction cascade visualized in the “Open Banking Game” graphic reflects a layered structure in which Revolut’s open‑banking infrastructure is ultimately used to fund deposits at illegal offshore casinos such as Winning.io and LuckyWins, without Revolut having a direct contractual relationship with these operators. In this model, offshore casinos integrate Contiant as their front‑end payment gateway; Contiant in turn relies on Yapily Connect UAB as the licensed PSD2/Open Banking provider, which finally connects to Revolut via the oba.revolut.com API to initiate account‑to‑account payments from EU players’ Revolut accounts.​ Read our report on Winning.io and its shadow banking approach. Player journeys observed during the Winning.io test clearly show this cascade: after selecting “instant banking” or Revolut as the funding option, users are redirected to paywith.contiant.com, then to a Yapily consent screen (“Sign in to Revolut to authorize Yapily Connect UAB”), and finally into the Revolut environment to approve the payment. Similar flows have been documented for LuckyWins and other offshore brands that use Contiant, with traffic intelligence (Similarweb, November 2025) indicating that nearly all referral traffic to paywith.contiant.com originates from unlicensed casinos, and more than 95% of users come from the Netherlands—a jurisdiction where these operators are explicitly illegal.​ From a compliance standpoint, this layered structure creates a situation in which Revolut economically benefits from payment flows that in substance represent gambling deposits to unlicensed operators, while being able to point to Yapily (as PISP) and Contiant (as “technical gateway”) as intermediaries. Nonetheless, Revolut remains responsible for robust AML/CTF and transaction‑monitoring controls over outgoing payments and for risk‑based oversight of third‑party providers accessing its open‑banking APIs. Sustained high‑volume flows via Yapily to Contiant, combined with the clear casino‑only traffic profile of paywith.contiant.com and the concentration in a high‑risk market like the Netherlands, constitute a pattern of elevated risk that should reasonably trigger enhanced due diligence, restriction of specific counterparties, or termination of high‑risk partners. Summary Data: Contiant CategoryDetailsLegal EntityContiant Ltd (Bulgaria)RegistrationUIC 207006641 (Sofia, Bulgaria)​ActivityTechnical Service Provider (TSP) for Open BankingKey Executives– Ivo Dimitrov (CEO) – LinkedIn– Dimitar Kostov (CTO) – LinkedIn– George Matev (Co-Founder)​ – LinkedInRegulated PartnerYapily Connect UAB (Lithuania / UK)– License: Electronic Money Institution / PIS​Target VerticalsiGaming, Forex, Crypto (High-Risk)​Known ClientsWinning.io, LuckyWins, Skyhills, Epicbet, WBetzPrimary MarketNetherlands (>95% of traffic)Primary Domainwww.contiant.comPayment Subdomainpaywith.contiant.com Call to Whistleblowers Are you an employee at Yapily or Contiant? Do you have information regarding the due diligence (or lack thereof) performed on these offshore casino clients? Help us expose the facilitators of illegal gambling.We treat all information with strict confidentiality. Submit your documents and insights via our secure platform: Share Information via Whistle42

Compliance Analysis Date: December 15, 2025 This report provides a compliance analysis of DEPASIFY S.L., a “Crypto-as-a-Service” provider registered in Spain. Our investigation reveals that despite its status as a regulated Virtual Asset Service Provider (VASP), Depasify’s infrastructure serves as a critical backend for anonymous payment gateways that facilitate illegal online gambling transactions across the European Union. 1. Corporate and Regulatory Profile DEPASIFY S.L. operates as a financial technology company offering fiat-to-crypto exchange, custody, and payment gateway infrastructure via a single API. Legal Entity: DEPASIFY S.L.​ Registration: Registered in the Mercantile Registry of Valencia, Spain (NIF: B-67823831).​ Regulatory Status: Registered as a Virtual Asset Service Provider (VASP) with the Bank of Spain under code D705. This registration obligates the company to adhere to stringent Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) regulations as mandated by the EU’s 5th Anti-Money Laundering Directive (AMLD5).​ 2. Leadership and Management Public records and professional networking sites identify the following key individuals associated with the company: Alberto Martín Mazaira: Listed as a Founder of Depasify.​ Daniel Terrasa: Listed as an experienced FinTech Leader at the company.​ Manuel Roche del Fraile: Holds the position of Compliance Officer & MLRO, and is ICA certified.​ 3. The High-Risk Payment Network Our investigation into the offshore casino Winning.io first flagged Depasify’s connection to high-risk payment processing. Further traffic intelligence analysis (Similarweb, November 2025) of the subdomain backoffice.depasify.com—which appears to be a merchant backend portal—confirms a symbiotic relationship with “notorious” anonymous payment gateways. gate.commercebooth.io: Used by Winning.io to process Google Pay deposits via the UK shell company OPEN WAY LTD. api-payrequest.com: A generic payment link creator that facilitates transactions for various online services.​ pay.paidpays.com: Another anonymous gateway identified in the payment flow for Winning.io’s Apple Pay deposits. Key Traffic Data (Nov. 2025): Referral Traffic: Over 81% of traffic to backoffice.depasify.com originated from gate.commercebooth.io and api-payrequest.com. Outgoing Traffic: 100% of outgoing traffic from backoffice.depasify.com was directed back to these two gateways. This data establishes a clear and undeniable link: these high-risk payment gateways are key clients of Depasify’s “Crypto-as-a-Service” infrastructure. Depasify provides the rails that allow these gateways to convert fiat from sources like Google Pay into crypto, which is then used to fund offshore gambling accounts. 4. Compliance Risk Assessment The evidence presents a severe compliance paradox. While DEPASIFY S.L. is a regulated entity under the Bank of Spain, its primary business activity, based on traffic analysis, appears to be the provision of critical payment infrastructure to high-risk, anonymous gateways processing transactions for illegal online casinos. This raises critical questions about Depasify’s client due diligence and Know-Your-Business (KYB) processes. A regulated VASP is expected to understand the nature of its clients’ business and monitor for illicit activity. The high-volume traffic from gateways with no transparent ownership and a clear connection to the illegal gambling sector strongly suggests that Depasify is either willfully blind to its clients’ activities or is actively complicit in facilitating them.​ The presence of a certified Compliance Officer & MLRO makes this situation even more concerning, as the company cannot plausibly claim ignorance of its AML obligations. 5. The Initial Funding Alberto Martin Mazeira raises E22m for Depasify to build a digital assets banking platform In January 2024, Depasify successfully raised €2.2 million in a seed funding round. The round was led by prominent venture capital firms JME Ventures and GoHub Ventures (a corporate venture fund based in Valencia), with additional participation from Wayra (Telefónica’s innovation hub), Actyus, and Lanai Partners. This substantial capital injection was earmarked for “massive international expansion” and team growth, signaling strong institutional backing for the company’s “Crypto-as-a-Service” vision.​ 6. Corporate Structure & The “Depa” Transition Rebranding & Legal Complexity: Recent corporate communications and LinkedIn activity indicate that Depasify is actively transitioning to, or operating under, the abbreviated brand “Depa” (or “Depa Finance“). Alberto Martín Mazaira, the founder and CEO of Depasify, now lists his role on LinkedIn under the “Depa” brand, explicitly linking the two entities.​ Strategic Shift to Stablecoins: While Depasify was originally marketed as a broad digital asset infrastructure for banks, the Depa brand appears to focus heavily on stablecoin payment rails for B2B cross-border transactions. Marketing materials for “Depa Finance” emphasize replacing “costly correspondent banking with stablecoin rails” and enabling compliant fiat-to-crypto flows for fintechs and Web3 companies.​ The New Legal Entities Depasify is currently undergoing a significant corporate restructuring and rebranding to “Depa” (or Depa Finance). While the regulated Spanish entity DEPASIFY S.L. remains the core VASP for European operations, the new brand structure introduces a complex web of legal entities across multiple jurisdictions, including Canada and the United States. Hodl the Lab Holding S.L.: This Spanish holding company (Tax ID: B21844014) is now listed as the copyright owner of the Depa Finance website and the parent entity for the group.​ Plenifi Payments Ltd (Canada): Services for non-US and potentially non-EEA clients are now contracted through this Canadian entity, which is registered as a Money Services Business (MSB) with FINTRAC. This off-shoring of liability to Canada is a common tactic used by high-risk payment processors to arbitrage regulatory oversight.​ Depa US, Inc.: A US-based entity designated for American residents.​ Compliance Implication: The rebranding to “Depa” and the specific pivot toward stablecoin settlements for B2B clients aligns with the observed traffic patterns. High-risk payment gateways often use stablecoins (like USDT or USDC) to settle funds to offshore merchants (casinos) to avoid the scrutiny of traditional SWIFT networks. The fact that a VASP backed by major Spanish investors is potentially providing the “stablecoin rails” for anonymous gateways adds a significant layer of reputational risk to its shareholders. Summary Data: Depasify & Depa Ecosystem CategoryDetailsPrimary BrandDepasify (transitioning to Depa / Depa Finance)Key Domainsdepasify.com, depa.finance, backoffice.depasify.comSpanish VASP EntityDEPASIFY S.L.– Reg. No: B-67823831 (Valencia)– VASP Code: D705 (Bank of Spain)​Holding CompanyHodl the Lab Holding S.L.– Tax ID: B21844014 (Valencia)– Role: IP Owner & Parent Entity​Intl. Operating EntityPlenifi Payments Ltd– Jurisdiction: Canada– Role: MSB for non-US/non-EEA clients​US EntityDepa US, Inc. (United States)​Key Executives– Alberto Martín Mazaira (Founder & CEO)– Daniel Terrasa (FinTech Leader)– Manuel Roche del Fraile (Compliance Officer & MLRO)​Investors– JME Ventures (Lead)– GoHub Ventures (Lead)– Wayra (Telefónica)– Actyus / Lanai Partners​High-Risk Connections– gate.commercebooth.io (Anonymous Gateway)– api-payrequest.com (Payment Link Generator)– Winning.io (Illegal Offshore Casino) Whistleblower Call to Action Do you have information regarding the relationship between Depasify S.L. and Plenifi Payments Ltd? Are you an insider aware of how Depa Finance screens its “high-risk” clients? Help us expose the shadow banking of offshore gambling.Submit your data anonymously via our whistleblower platform: Share Information via Whistle42

Analysis by FinTelegram Compliance Team (December 15, 2025) Despite operating without a license in key European jurisdictions, the offshore casino Winning.io (part of the Scatters Group network) successfully onboards players from France, the Netherlands, Italy, and Germany with zero KYC requirements. Our latest compliance review exposes a sophisticated network of payment facilitators—including regulated European VASPs—that mask these illegal gambling transactions as “digital asset purchases.” Read our initial Winning.io Compliance Report here. The “Wise” Facade: Rillpay & Kryptonim The Winning.io payment page Winning.io’s cashier is a masterclass in transaction laundering. When European players select “Instant Banking” or the brand name Wise, the transaction is not a direct bank transfer. The Mechanism: The user is redirected to Rillpay, an “on-ramping” service. The Processor: Behind the scenes, Rillpay routes the funds to Kryptonim, a crypto service provider. The Result: What appears on the player’s bank statement is a purchase of digital assets, not a gambling deposit. This successfully bypasses banking blocks in strict jurisdictions like the Netherlands and Norway. This confirms our ongoing investigation into Kryptonim acting as a high-risk payment rail for offshore casinos. Read our Kryptonim reports here. The Big Tech Leak: Depasify & Open Way Ltd Perhaps the most alarming finding is the exploitation of Google Pay and Apple Pay to fund illegal gambling balances. The Gateway: Google Pay deposits are routed through an anonymous gateway, gate.commercebooth.io. The Merchant: The beneficiary appears as OPEN WAY LTD, a UK shell company controlled by Ilze Rudzite (Latvia).​ The Infrastructure: Our traffic intelligence links this gateway to backoffice.depasify.com. Depasify is a registered VASP in Spain (Bank of Spain Code: D705). This connection suggests that a regulated Spanish crypto infrastructure provider is effectively powering the payment rails for an unlicensed casino targeting French and Dutch consumers.​ The Cyprus Connection: Wagercraft Services Ltd For Revolut users, the payment path is facilitated by open banking provider Yapily, which connects to Contiant. The merchant of record here is Wagercraft Services Ltd, a Cyprus-registered entity (HE 455954). This entity acts as the payment agent for the St. Lucia-based operator, completing the classic “offshore license / EU payment agent” structure used to secure access to the European banking system.​ Identified Payment Facilitators Table Brand / GatewayLegal EntityJurisdictionRole / MechanismKryptonim (via Rillpay)Kryptonim sp. z o.o.Poland (VASP)Crypto-on-ramp masking “Instant Banking” deposits.Google Pay (via Commercebooth)OPEN WAY LTD (Controller: Ilze Rudzite)UK / LatviaGateway merchant linked to Depasify infrastructure.DepasifyDepasify S.L. (VASP Code D705)SpainInfrastructure provider linked to gate.commercebooth.io.Revolut (via Contiant)Wagercraft Services LtdCyprusPayment agent for Winning.io; processed via Yapily.MiFinityMiFinity Malta LtdMalta / UKHigh-risk e-wallet aggregating unlicensed gambling payments.Apple PayUnknown (Gateway: paidpays.com)AnonymousMobile wallet gateway for gambling deposits. Conclusion The ease with which Winning.io accepts deposits from prohibited jurisdictions highlights a catastrophic failure in merchant category code (MCC) monitoring by major fintechs like Wise, Revolut, and Google. By layering transactions through intermediate gateways (Rillpay, Commercebooth) and regulated VASPs (Depasify, Kryptonim), Winning.io has effectively neutralized EU AML controls. Whistleblower Call to Action Do you have information on the operational links between Depasify, Open Way Ltd, or Kryptonim? Are you an insider at Wagercraft Services Ltd in Cyprus? Help us expose the shadow banking of offshore gambling.Submit your data anonymously via our whistleblower platform: Share Information via Whistle42

Market intelligence suggests that the online casino Winning.io and its operating partner, Scatters Group, are replicating the high-risk, multi-brand offshore model previously popularized by Gammix Limited. Our analysis reveals a distinct pattern of “jurisdictional arbitrage,” where established brands like Scatters Casino and Locowin have been migrated from the regulated Malta Gaming Authority (MGA) environment to offshore entities in St. Lucia and Kahnawake. This structure allows the network to aggressively target grey markets—including the Netherlands and Norway—while shielding beneficial owners from direct EU regulatory enforcement. The “New Gammix” Thesis The comparison to Gammix Limited is not merely anecdotal; it is structural. Gammix became infamous for operating a massive network of white-label casinos that aggressively targeted regulated European markets without local licenses, eventually incurring record fines from the Dutch regulator (KSA). Scatters Group appears to be executing a nearly identical playbook, but with a new layer of corporate obfuscation. The Pivot: Brands that were historically operated by Gammix Limited (e.g., Scatters Casino, Locowin, Vegadream) have been quietly transferred to a St. Lucia-registered entity, Starscream Limited, which holds a license from the Kahnawake Gaming Commission (KGC). The Network: Winning.io, the group’s newer “crypto-friendly” brand, operates under a parallel St. Lucia entity, Wagercraft Limited. Despite the different shell company, it shares the same affiliate infrastructure and operational DNA as the Starscream brands.​ Structural Analysis: The Shell Game The “Scatters Group” presents itself publicly as a Malta-based consultancy led by industry veterans like Alexis Wicén (LinkedIn profile). However, the actual operational liability has been shifted offshore.​​ BrandFormer Operator (License)Current Operator (License)Scatters CasinoGammix Limited (MGA)​Starscream Limited (Kahnawake)​LocowinGammix Limited (MGA)​Starscream Limited (Kahnawake)​VegadreamGammix Limited (MGA)​Starscream Limited (Kahnawake)​Winning.ioN/A (New Launch)Wagercraft Limited (Kahnawake/Curacao)​ This migration from MGA to Kahnawake allows the operators to bypass strict European player protection mandates (such as centrally excluded player registries) while continuing to accept deposits from high-value European markets. Risk Indicators & Regulatory Red Flags 1. Dutch Enforcement ActionsJust like Gammix before it, this network is already in the crosshairs of regulators. The Dutch Gambling Authority (Kansspelautoriteit – KSA) has already issued a cease-and-desist order against Starscream Limited for offering illegal gambling in the Netherlands. This confirms that the “offshore pivot” has not gone unnoticed by EU authorities.​ 2. Jurisdictional Confusion & Opaque OwnershipWinning.io displays conflicting ownership signals—a classic compliance red flag. While some documents list Wagercraft Limited (St. Lucia) as the owner, other sources and affiliate materials link it to Dama N.V. (Curacao) or the Starscream affiliate network. This dual-identity structure makes it difficult for players and regulators to pinpoint the liable entity.​ 3. Player Protection IssuesEarly reports on Winning.io and Scatters brands echo the “Gammix legacy” of friction-heavy withdrawals. Complaints cite “unfinished KYC verification” loops and delays in payouts, a tactic often used by high-velocity offshore operators to stall withdrawals in hopes that players will gamble away their balances.​ Conclusion Winning.io and Scatters Group are not just “new players”—they appear to be the successor state to the Gammix business model. By moving established brands to offshore shells like Starscream Limited and Wagercraft Limited, they have created a “compliance firewall” that allows them to operate in grey markets with reduced regulatory oversight. Call to Whistleblowers Are you an insider at Scatters Group, Starscream Limited, or Wagercraft Limited? Do you have information regarding the beneficial ownership of these entities or their payment processing networks? FinTelegram wants to hear from you.We are dedicated to exposing the structures behind high-risk offshore gambling networks. You can share information anonymously and securely via our whistleblower platform: Share Information via Whistle42

The Russian-linked payment processor Payeer is now formally hit by an EU transaction ban—a move that, in practice, cuts off payment rails and counterparties across Europe. While Payeer blames sanctions-driven partner blocks and has announced shutdown timelines, FinTelegram continues to receive whistleblower complaints about frozen accounts and unpaid balances. The key question is no longer “is Payeer high-risk?”—but who is still exposed, and where the trapped funds actually sit. Key Points EU transaction ban: Payeer is added to Annex XLV (Part A) with entry into force on 25 November 2025, prohibiting EU persons/entities from engaging in transactions with Payeer (Source: Альта-Софт Payeer’s wind-down messaging: Payeer first said it would discontinue services for EU/Russia users with withdrawals until 24 November 2025, then later announced a broader shutdown and urged users globally to withdraw funds until 05 January 2026 (Source: PAYEER). “Partners blocked our accounts” claim: Payeer states “key partners” blocked Payeer accounts—some allegedly together with users’ assets—raising urgent questions about where funds are custody-held and under which legal entity (Source: PAYEER). Prior enforcement signal: Lithuania’s FCIS (FNTT) imposed a record fine (~€9.3m) on Payeer UAB for sanctions and AML/CFT breaches—well before the EU-wide transaction ban (Source: FNTT). Long-running opacity concerns: FinTelegram has documented Payeer’s Russian-linked control history and repeated jurisdiction/entity shifts as a recurring risk pattern (Source: FinTelegram). Short Narrative Payeer’s current situation looks like a classic “compliance endgame”: regulators escalate, counterparties de-risk, and users discover that the platform they treated as a functional wallet is, in reality, a counterparty risk—especially once sanctions bite. The EU’s 19th Russia sanctions package introduced a transaction ban tool and explicitly added Payeer to the targeted list with an effective date of 25 November 2025. In parallel, Payeer publicly communicated withdrawal windows (EU/RU until 24 Nov 2025) and later a broader shutdown timeline (withdraw until 05 Jan 2026, then “support only”). Extended Analysis 1) The transaction ban is operationally devastating (even without an “asset freeze” label).For EU counterparties—banks, PSPs, CASPs, merchants, vendors—“transaction ban” effectively means: stop touching it. Once enforcement dates hit, legitimate off-ramps and settlement partners disappear fast. 2) The EU also tightened the net around rebrands and “successor” setups.The amended framework explicitly extends the prohibition to actors operating on behalf of a listed entity and introduces criteria for “mirror or successor” entities (e.g., continuity of branding/UI, overlapping control, infrastructure continuity, user migration). That matters in ecosystems where payment/crypto services can reappear under fresh wrappers. 3) The Lithuania case was the early red flag—customers ignored it at their peril.Lithuania’s FCIS (FNTT) penalty against Payeer UAB (sanctions + AML/CFT failings) was already a strong supervisory signal that Payeer’s controls and governance were not where a high-volume payment/crypto platform should be. 4) Why the whistleblower complaints matter now.FinTelegram has received multiple reports describing frozen accounts, delayed withdrawals, and unpaid balances—a pattern that becomes especially critical when the platform itself states that partners blocked accounts and that some user assets may be locked at third parties. That turns the real question into a tracing exercise: Which entity contracted with the user, which partner custodied the funds, and under what jurisdiction can recovery even be pursued? Key Data Table Trading namePayeerBusiness activityhigh-risk payment processor, crypto exchange,merchant service prodiverDomainhttps://payeer.comhttps://payeer.ccLegal entitiesPayeer E.A.S. (Paraguay)Payeer OÜ (Estonia)Payeer UAB (Lithuania)PayCorp Limited (Vanuatu)Fincana OÜ (Estonia)Runwill Sp. z o. o. (Poland)PAYEER LLC (Georgia)FINGATE LLC (Georgia)AKKORD WELT LP (Scotland)Worldwide System K/S (Denmark)Mayzus Financial Services Ltd (UK)PAYMENT SOLUTIONS LTD (BVI)PAYEER RUS LLC (Russia)PB24 CORP (Panama)Related individualsAnton Stjopotškin, Estonia (UBO)Joseph Olatilewa Jaiyeola, EstoniaEkaterina Olegovna Gorshkova, RussiaLiubov Svezhentseva, Russia Kosolapova Evgenia Nikolaevna, RussiaElena Kulbikova, RussiaSergey Mayzus, RussiaDmitri Allikas (old)Stanislav Lattu (old)JurisdictionsEstonia, Vanuatu, Russia,BVI, Poland, Panama, Georgia,DenmarkRegulatorsFIU Estonia renounced in Jan 2023FCIS (Financial Crime Investigation Service) LithuaniaVFSCTrustpilot rating4.6-star rating with an “Excellent” trust levelFacilitated schemesPO Trade, Pocket Option,Capital Letter, FXTradePremiums, Deal TradeOptimus Markets, Spintop Capital, SuperForexand counting Call for Information FinTelegram is actively collecting evidence-grade information on Payeer’s current operations and the fate of customer funds. If you are a client, merchant, banking/PSP partner, exchange/CASP partner, affiliate, or insider, please submit information via Whistle42 (anonymity-supported). Share Information via Whistle42

The U.S. Securities and Exchange Commission (SEC) has charged Canadian citizen Nathan Gauvin and three affiliated entities—Blackridge, LLC, Gray Digital Capital Management USA, LLC, and Gray Digital Technologies, LLC—over two allegedly fraudulent securities offerings marketed to retail investors through Discord and other social channels. The SEC alleges more than $18 million was raised, with investor funds misappropriated and performance claims manufactured to keep the scheme alive. Key Points Two offerings, one ecosystem: (1) unregistered interests in the “Gray Fund” (Sept 2022–Nov 2024) and (2) a “seed stock” offering (starting May 2024) (Source: SEC). Distribution channel: Gauvin allegedly built credibility inside Discord communities and pushed the offering via a website and social channels. Core deception claims: fabricated credentials/AUM, inflated performance reporting, and allegedly fictitious account statements. Funds flow red flags: investors allegedly paid via stablecoins, wires, and credit cards; funds allegedly were not placed into a segregated “fund” account. Parallel criminal case: EDNY prosecutors announced criminal charges the same day; DOJ says Gauvin was arrested in England. Short Narrative According to the SEC, Gauvin cultivated an online following by portraying himself as a high-performing investment professional operating through “Blackridge,” which the SEC describes as a shell entity. 1 From there, the alleged pitch was classic: a professionalized pooled product (“Gray Fund”), marketed as diversified and sophisticated—spanning debt/equity securities, derivatives, and crypto—wrapped in social proof from an active Discord community. The SEC alleges that investors were shown eye-catching performance metrics (including double-digit monthly returns) and portfolio scale claims (e.g., fund assets purportedly “over $78 million”), while actual trading performance and assets were materially lower. When withdrawal pressure rose, the SEC claims withdrawals were restricted and explanations shifted—often a late-stage hallmark in online “fund” frauds. Extended Analysis This case matters beyond the headline numbers because it demonstrates how “finfluencer mechanics” can be operationalized into an unregistered securities distribution machine: 1) The community is the funnel; “performance reporting” is the lock-in.The SEC alleges Gray Digital published monthly metrics and disseminated account statements that did not reflect reality, including altered brokerage documentation. Even more telling: participation was allegedly restricted to “members” paying a $200/month subscription, a structure that can create perceived exclusivity and suppress skepticism (“I’m in the inner circle”). 2) Payments by stablecoin + mixed rails = compliance smoke screen.The complaint states investors could fund via stablecoins, wires, and credit cards—a combination that may reduce friction for retail deposits and complicate the investor’s ability to understand custody, segregation, and control of funds. From a compliance lens, the absence of clear custodial disclosures and segregated accounts is not a “minor” paperwork issue—it is often the difference between an investment operation and a pooled misappropriation pipeline. 3) The “seed stock” add-on illustrates how scams monetize hope when liquidity breaks.The SEC alleges Gauvin launched a second offering in May 2024: $30,000 “seed preferred” shares in Gray Digital Technologies, pitched with a $60 million valuation and claims of >$12 million annual revenue, while the issuer allegedly had no operations/assets/revenue. Notably, the SEC says the “proof of ownership” was framed as an NFT-based digital certificate—which allegedly was never delivered—leaving investors without even the marketed “on-chain” tokenized representation. 4) Legal posture: broad antifraud + unregistered offering theories.The SEC complaint includes claims under Exchange Act Section 10(b)/Rule 10b-5, Securities Act Section 17(a), Advisers Act Sections 206(1), 206(2), 206(4) and Rule 206(4)-8, and Securities Act Sections 5(a) and 5(c) (unregistered offers/sales). The SEC seeks permanent injunctions, disgorgement, penalties, and an investment-adviser bar for Gauvin, among other relief. Call for Information FinTelegram continues to investigate “Discord-first” investment schemes and the service providers that enable them (payment rails, OTC desks, stablecoin on/offramps, promoters, and offshore entities). If you have information about Nathan Gauvin, Blackridge, Gray Digital, Gray Digital Technologies, related Discord groups, payment processors, or investor communications, please reach out via Whistle42.com (anonymous submissions welcome). Share Information via Whistle42

Venom Foundation was established in Abu Dhabi, UAE in 2022 as a Layer-0 and Layer-1 blockchain platform, positioning itself as a next-generation scalable blockchain solution. It became the first crypto foundation licensed by Abu Dhabi Global Market (ADGM), later voluntarily exited ADGM, and relocated its operations to the Cayman Islands. However, Venom is also a crypto crime story! The crypto crime story around Venom (website) unfolded between its alleged founder/investor, Alibek Garcia Isaaev, and the project’s reported links to Ilya Kligman, a Russian banker tied to major bank-fraud allegations and cross-border enforcement actions. Key points Regulatory identity confusion: ADGM confirmed Venom Foundation ADGM ceased activities and is winding down; ADGM also warned the public about unrelated “Venom” launch claims on social media (Source: adgm.com). Founder/investor opacity allegations: Investigative reporting describes Alibek (Isaaev/Issaev/Isaev) as the “mastermind” behind Venom and highlights “murky” ownership/representation issues in fundraising narratives (Source: Whale Hunting). Kligman linkage centers on litigation + capital: Russian media reporting (citing Lenta.ru) describes Kligman-controlled Adventor Management Ltd as a major investor in Isaaev projects since 2014 and outlines IP/theft allegations and multi-jurisdiction threats (Source: Рамблер/личные финансы). Kligman risk profile: Multiple Russian outlets report Kligman as wanted/linked to large banking losses and enforcement proceedings (Sources: FinTelegram, 2Банки.ру). Malta angle (Papaya): Maltese reporting says investigators suspected a hidden Russian beneficial owner behind MFSA-licensed EMI Papaya (ownership contested/opaque in public narratives). Kligman has been speculatively linked in some ecosystem reporting, but identity is not confirmed by Maltese authorities in public documents(Sources: Times of Malta). What ADGM actually put on the record In a public notice, ADGM’s Registration Authority stated that Venom Foundation ADGM is no longer conducting any activities in ADGM, having cancelled its commercial licence in February 2024 and appointed a liquidator in March 2024. ADGM added that two associated ADGM companies—Venom Blockchain Holding Limited and Venom Blockchain Holding 2 Limited—also appointed a liquidator to wind down. ADGM also warned that the ADGM entities were not associated with “recent social media announcements” about launching Venom Blockchain, explicitly flagging name/brand confusion as a public-risk issue (Source: Gulfnews). For any exchange, OTC desk, VC, payment provider, or “partner program,” this is a textbook trigger for enhanced due diligence: when the “regulated” story is used as marketing collateral, but the regulator later publishes an official notice that the licensed entity is in liquidation and not connected to ongoing launch communications. Isaaev’s role—and the “representation” red flag While ADGM’s notice does not name individuals, investigative reporting has repeatedly tied Alibek Issaev/Isaaev (spelling varies across outlets) to Venom’s behind-the-scenes control. A detailed investigation by Project Brazen’s Whale Hunting describes being introduced to Issaev as the “mastermind” behind Venom—and highlights alleged promotional misrepresentation (including an investor’s image used in press coverage despite denial of any investment). Alibek Isaev operates under multiple identities and birth dates, raising significant red flags (Source: TrinityBugle):​ Alibek Garcia Isaev (born February 27, 1971) Alibek Gasanovich Isaev (born April 27, 1969) According to multiple reports, Isaev is wanted by Interpol for murder and terrorism charges originating from Russia. An arrest warrant was allegedly issued in the UAE on November 23, 2022, in connection with fraud involving 242 million dirhams (approximately $66 million) stolen from the Russian banker Ilya Kligman (see more below). Separately, The Block chronicled the broader opacity around the much-publicized Venom-linked “$1B” venture narrative, noting the absence of expected transparency and follow-through (Source: TheBlock). None of this alone proves criminality. But from a compliance standpoint it fits a familiar pattern: credential marketing (licence/sovereign “halo”) + thin verifiable governance + aggressive ecosystem promotion, followed by corporate restructuring, silence, or jurisdictional hopping. The Kligman connection: investment capital, litigation, and an enforcement backdrop The Venom Blockchain case represents one of the most controversial chapters in the criminal career of the Russian banker Ilya Kligman, involving allegations of a $70 million loan to Alibek Garcia Isaev, subsequent legal battles in UAE courts, and competing narratives about fraud, extortion, and money laundering. The case is particularly significant because it resulted in a UAE court conviction of Kligman in absentia in December 2023, with a reported $940 million compensation order—though the reliability and enforceability of this judgment remain contested. Russian media reporting (via Rambler/finance, citing Lenta.ru) described a dispute in which Adventor Management Ltd, said to be controlled by Ilya Kligman, accused Alibek Isaaev of attempting to misappropriate intellectual property and claimed Kligman invested around $60 million into joint UAE projects since 2014, with litigation and criminal-complaint threats spanning multiple jurisdictions (Sources: Рамблер/личные финансы). Kligman’s name is not a neutral counterpart in such disputes. Russian business/legal outlets have reported him as wanted internationally and linked him to large-scale banking losses and legal actions tied to failed banks and deposit-related schemes. (Source: FinTelegram.com 2Банки.ру). The UAE Court Case: Competing Narratives The court proceedings in the UAE between Kligman and Isaev generated two entirely contradictory narratives, making it difficult to establish definitive facts: Narrative 1: Isaev’s Initial Loss (Mid-2023) According to reports from July-August 2023 (Source: TrinityBugle):​ UAE court ruled against Alibek Isaev in the fraud case Isaev was ordered to repay Kligman $100 million (the original $70 million plus interest, legal costs, and damages) Failure to repay would result in multi-year prison sentence for Isaev The escalation to $100 million reflected interest rates, legal expenses, and confrontations with organized crime networks An arrest warrant was issued for Isaev on November 23, 2022 Court documents cited: Case involving 242 million dirhams ($66 million) in fraud Additional claims bringing total exposure to $100 million Risk of deportation to Russia to face murder charges Narrative 2: Dramatic Reversal (December 2023) In a stunning reversal, reports from December 2023 claimed (Source: LARA):​ All charges against Alibek Isaev were dropped in both civil and criminal courts Ilya Kligman was found guilty and sentenced to prison in absentia Kligman was ordered to pay Isaev compensation of $940 million in damages The UAE court allegedly ruled that Kligman had engaged in “extortion, blackmail, and obstructing normal business functioning” Kligman faces prison term, potential extradition from Germany to UAE, and then to Russia Papaya Ltd (Malta) would be seized as part of asset recovery Critical Analysis: Red Flags Suggesting Disinformation Campaign 1. Source Quality Concerns: The websites publishing these reports lack established journalistic credibility: Trinity Bugle (no established reputation) Sokal Info (unknown provenance) Repost News (minimal track record) Various crypto news aggregators republishing without verification 2. Timing Coincidences: The reversal occurred precisely when Venom Foundation was facing: ADGM license challenges Executive departures (Mustafa Kheriba resignation) Public scrutiny over Isaev’s criminal background Need to restore investor confidence 3. Lack of Official Verification: No official UAE court records, ADGM statements, or law enforcement announcements confirm: The existence of the criminal conviction The $940 million compensation order Extradition proceedings from Germany Seizure orders for Papaya Ltd 4. Inconsistent Legal Framework: The UAE legal system typically does not issue criminal convictions in absentia for foreign nationals without substantial evidence of jurisdiction. The claim that Kligman—residing in Germany—would face UAE criminal prosecution without prior extradition attempts is legally implausible. Our Assessment Evidently, this is a conflict between two Russian citizens of different ethnic backgrounds: Ilya Kligman, an ethnic Jewish Russian banker with alleged connections to the ethnic Russian Tambov organized crime organization, and Alibek Garcia Isaev, a businessman of likely North Caucasian (Dagestani or Chechen) origin, over a $70 million loan dispute that escalated into competing legal claims in UAE courts. Below, we outline the individual points in the battle between Kligman and Isaaev over the credibility of the Venom scheme. Confidence Levels: ElementConfidence LevelBasisKligman provided substantial funding to IsaevHighMultiple independent sources corroborateInitial loan amount ~$70 millionMedium-HighConsistent across sources, though exact amount variesCourt case existed in UAE (2022-2023)HighRussian court documents reference caseIsaev lost initial ruling (mid-2023)MediumConsistent with earlier reporting timelineReversal: Kligman convicted, $940M compensation (Dec 2023)Low-MediumQuestionable sources, no official confirmation, implausible amountKligman used Venom for money launderingMedium-HighConsistent with established pattern, circumstantial evidence strongIsaev has criminal history of project fraudHighWell-documented across multiple sourcesVenom Foundation exited ADGM (2024)ConfirmedOfficial ADGM statements The Venom Scheme Despite its controversial origins involving fugitive Russian banker Ilya Kligman and North Caucasian entrepreneur Alibek Isaev, Venom Blockchain operates as a functional, technically capable Layer-0/Layer-1 blockchain platform as of December 2025. The project maintains 99.99% uptime, processes 150,000-200,000 daily transactions, and has attracted institutional partnerships including with the Philippines government. However, unresolved questions about beneficial ownership, the sudden ADGM exit, and a 79% price collapse from launch highs suggest ongoing regulatory, legal, and market confidence issues that warrant continued investigative scrutiny. Legal entities explicitly named in official/regulatory or first-party materials Venom Foundation (ADGM) → in liquidation; licence cancelled, per ADGM RA public notice. adgm.com+1 Venom Blockchain Holding Limited (ADGM) → in liquidation (named in the same ADGM context). adgm.com+1 Venom Blockchain Holding 2 Limited (ADGM) → in liquidation (named in the same ADGM context). adgm.com+1 VNM Vault Ltd → named as the contracting party across venom.foundation legal documents; Cayman Islands governing law/arbitration is specified. venom.foundation+1 People-of-interest overlay Alibek (Garcia) Issaev/Isaaev → described in investigative reporting as a central figure in Venom’s origin story and ownership ambiguity. Ilya Kligman → frequently referenced in adverse-media narratives around offshore banking/crypto schemes; any “ownership” or “court outcome” claims should be framed as reported/alleged unless you have court documents. (For Papaya in Malta specifically, Times of Malta reports a probe into suspected concealed Russian ownership, while public-facing ownership is contested in public debate.) Call for Information (Whistle42) FinTelegram is seeking documents and first-hand accounts related to: Venom’s true controlling persons (past and present), cap table, and treasury movements Any UAE court filings/judgments involving Alibek Isaaev/Issaev and Ilya Kligman (especially any “in absentia” criminal ruling references) Kligman’s historic crypto ventures (including Swiss Crypto Alliance AG / Crypto Alliance GmbH) and any links to Malta-based structures or nominees If you have relevant information, please submit it securely via Whistle42 (anonymous submissions welcome). Share Information via Whistle42

A Vienna court has finally shut the door on U.S. efforts to put Ukrainian oligarch Dmytro Firtash on trial – with a justification that even Austrian media now call bizarre: Firtash is said to enjoy diplomatic immunity as an “advisor” to the Belarusian mission to UNIDO in Vienna. Officially, however, Austria does not even recognise him as a diplomat. Key Points The Vienna Regional Court ruled on 4 November 2024 that Firtash cannot be extradited to the U.S., arguing he enjoys immunity as advisor to Belarus’s permanent mission to UNIDO in Vienna (Source: Kurier). Austria’s Foreign Ministry told the court that Firtash is not properly accredited, has no diplomatic ID card and is therefore not considered a diplomat (Source: Kurier). The Higher Regional Court has now dismissed the prosecution’s appeal as inadmissible after a missed deadline – making the 2024 decision final (Sources: DER STANDARD). Belarus reportedly granted Firtash this “diplomatic” function in 2021, widely seen as a move to shield him from U.S. corruption charges (Source: RadioFreeEurope). Austria has previously refused a Spanish extradition request and now effectively guarantees luxury exile in the EU to a man wanted for large-scale bribery and embezzlement (Source: Reuters). Short Narrative: Legal Aburdism With the 9 December 2025 ruling by the Vienna Higher Regional Court, the Firtash saga has entered a new phase: legal absurdism. Prosecutors’ last appeal against the 2024 non-extradition decision was thrown out on formal grounds – a missed deadline. Substantively, however, the lower court’s reasoning is what shocks observers: Firtash allegedly enjoys diplomatic immunity as an advisor to Belarus’s permanent mission to UNIDO. The anonymised ruling, reported by Kurier, states that this advisory role shields him from U.S. extradition. At almost the same time, Austria’s Foreign Ministry and Justice Ministry confirmed that Firtash is not properly accredited to UNIDO, holds no MFA diplomatic card and is not considered a person entitled to diplomatic privileges. In other words: the court treated him as a diplomat even though the Austrian state does not. Extended Analysis: Austria Does Not Recognize Firtash Under international law, members of permanent missions to international organisations enjoy immunity only if they are formally notified and accepted by the host state. Here, the host state – Austria – explicitly told the court that Firtash is not recognised as such. Yet the Vienna Regional Court still used this supposed Belarusian “advisor” status to declare extradition inadmissible. This is not a legal nuance; it is the core of the case. Belarus, an authoritarian ally of Russia, appears to have handed a fugitive Ukrainian oligarch a tailor-made role in Vienna precisely to sabotage U.S. proceedings. Austrian ministries flagged that the accreditation was defective. The court nevertheless sided with Minsk’s paper construct over its own government’s position – and then the higher court sealed the deal due to a procedural failure by prosecutors. Read the FinCrime Observer report on the Firtash Case here. The political signal is devastating. Austria is part of the EU sanctions regime against Russian and Belarusian elites and officially supports Ukraine. Yet one of Kyiv’s most notorious ex-gas oligarchs, long aligned with pro-Russian president Viktor Yanukovych and wanted for bribery and alleged embezzlement of hundreds of millions from Ukraine’s gas transit system, remains safe in Vienna behind a Belarusian “diplomatic” fig leaf. Add to this earlier refusals to extradite Firtash to Spain over money-laundering allegations, and the picture is clear: Austria has become a premium safe harbour for post-Soviet oligarchs with the right lawyers, lobbyists and – in this case – a friendly authoritarian regime willing to制造 diplomatic paperwork. Call for Information FinTelegram will continue to investigate the Firtash network in Vienna – including his Belarusian “advisor” status, his business ties, and his political protectors in Austria and abroad. We explicitly call on insiders in Austrian ministries, UNIDO-related circles, the Belarusian mission, banks, law firms and advisory shops to share information, documents or leads with us confidentially. If you have knowledge about Dmytro Firtash’s activities, his alleged diplomatic status or other oligarch safe-harbour structures in Austria, please contact FinTelegram via our whistleblower channels. Share Information via Whistle42

A U.S. federal judge in Manhattan sentenced Terraform Labs founder Do Kwon to 15 years in prison, concluding that the TerraUSD/LUNA implosion was not a bad-product accident but a fraud that wiped out roughly $40 billion in market value and devastated real victims. The sentence lands as a defining “Startup on Trial” moment for crypto’s algorithmic-stablecoin era. Key Points Sentence: 15 years, imposed by U.S. District Judge Paul A. Engelmayer in Manhattan (Source: Reuters). Criminal posture: Kwon pleaded guilty (Aug 2025) to wire fraud and conspiracy; sentencing exceeded the government’s recommendation (Source: Reuters). Core finding: the court accepted that Kwon repeatedly misled investors and that the harm was “real money,” not “paper” losses (Source: AP News). Regulatory overlap: Terraform previously faced SEC action and agreed to a $4.55B settlement framework (including an $80M civil penalty and a crypto-activity ban for Kwon). Cross-border arc: extradited to the U.S. after detention in Montenegro; South Korea still looms as a separate exposure (Source: US DOJ). Short Narrative Terraform marketed a vision: a “self-healing” algorithmic stablecoin (TerraUSD/UST) paired with LUNA, promising a decentralized financial system that could keep stability through code and incentives. In May 2022, the promise collapsed—UST lost its peg, LUNA spiraled, and the shock radiated through the broader crypto market. Prosecutors framed what followed as a deception campaign, not merely a volatile unwind, and Engelmayer’s sentence signals the court agreed with that characterization. Extended Analysis 1) What the government said was fraudulent (beyond “UST depegged”)The DOJ’s sentencing release lays out a pattern of alleged misrepresentations, including: “Stablecoin misrepresentations”: claiming Terra Protocol restored UST’s peg after a 2021 wobble, while prosecutors allege a high-frequency trading firm secretly bought large amounts to prop it up. Reserve/governance claims around the Luna Foundation Guard (LFG): prosecutors allege Kwon presented LFG as independent while controlling it, moving funds as if interchangeable, and laundering misappropriated assets. Mirror Protocol: marketing synthetic stock exposure as decentralized while allegedly retaining control and using bots to manipulate prices/metrics. Chai payments narrative: claiming real-world transaction volume on Terra while prosecutors allege transactions were processed conventionally and then “mirrored” onto the chain to simulate usage. 2) Why this became a “startup” case with classic securities/commodities hooksThis wasn’t prosecuted as “crypto is risky.” It was prosecuted as fraud + market manipulation, packaged through instruments and narratives that touched securities-like expectations and commodities theories (as reflected in the charging posture and the DOJ’s description of the conspiracy). The legal lesson is blunt: a token’s technical novelty does not immunize misstatements about mechanism, reserves, governance, adoption, or market support. 3) Sentencing signals: deterrence over “crypto exceptionalism”Engelmayer rejected both the idea that 12 years was enough and the defense’s push for a far shorter term—calling the conduct an “epic” fraud and emphasizing the scale of human harm. That judicial language matters because it frames future cases: algorithmic design failure may be tolerated; concealment of interventions, fictive adoption metrics, and governance theater is not. 4) “Startup on Trial” takeaways for founders and investors Stress events are disclosure events: a peg break, liquidity rescue, or market-maker intervention must be treated like a material incident, not PR. Governance claims must be auditable (who controls keys, reserves, and decision rights). Adoption proof must be verifiable (no synthetic “usage” narratives). Investors should treat “algorithmic stability” as marketing, unless the issuer can evidence resilience under adversarial conditions and disclose all backstops. Actionable Insight For crypto startups: build compliance like a public company before you need it—incident logs, market-structure policies, reserve/governance attestations, and a hard rule that any external “support” (market makers, loans, buy programs, stabilization trades) is tracked and disclosed with legal review. For investors: diligence the backstop reality—who can intervene, when, and with what funds—because courts increasingly treat hidden backstops as core fraud facts, not footnotes. Call for Information FinTelegram is tracking Terra/LUNA-related enforcement and the broader “Startup on Trial” pipeline. If you are a former employee/contractor, a market-structure counterparty (MM/HFT/OTC), a protocol integrator, or an affected investor with documentation on Terraform’s communications, stabilization efforts, or governance controls, share your information via Whistle42.com (anonymity available). Share Information via Whistle42

The Innsbruck Regional Court in Austria has convicted former real-estate tycoon René Benko for a second time for fraudulent bankruptcy (betrügerische Krida), handing down a 15-month suspended sentence over hidden cash and luxury items in a family safe. His wife, Nathalie Benko, was acquitted. The ruling is not final and touches only a small asset-transfer strand, not the core Signa investigations. Key Facts Verdict: 15 months imprisonment, fully suspended with a three-year probation period, plus a fine of 360 daily rates (reported at €12 each) (Source: Die Presse). Offence: Insolvency fraud / fraudulent bankruptcy (betrügerische Krida) for hiding assets from creditors in his personal insolvency (Source: DIE WELT). Acquittal for Nathalie: The jury acquitted Nathalie Benko “in dubio pro reo”; the court did not see her complicity as proven (Source: Die Presse). Facts of the case: Around €120,000 in cash and 11 luxury watches plus cufflinks and other valuables worth roughly €250,000 were stored in a safe at relatives of Nathalie, instead of being made available to the insolvency estate (Source: Reuters). First conviction: In October 2025, Benko was already sentenced to two years’ imprisonment (not final) for moving €300,000 to his mother and other asset shifts around his personal insolvency (Source: Reuters). Short Analysis With this second non-final conviction, the picture painted in FinTelegram’s earlier “Safe Full of Luxury” report is now confirmed by a criminal court: Austria’s ex-billionaire twice found guilty of stripping assets out of reach of creditors while his empire collapsed (Source: FinTelegram). For now, however, we are still in the “mini-proceedings” phase. Both convictions concern personal asset transfers in Benko’s private insolvency—relatively small amounts compared to the tens of billions in claims surrounding the Signa collapse and the roughly €300 million damage estimate currently in the WKStA files (Source: DER STANDARD). The true Signa causa—suspected large-scale fraud, breach of trust and money laundering across complex structures—is still being investigated in at least 14 separate strands by Austria’s Wirtschafts- und Korruptionsstaatsanwaltschaft (WKStA), while prosecutors in Italy (Trento anti-mafia) and Germany (Munich public prosecutor’s office) are pursuing their own high-stakes probes into alleged corruption, “mafia-like” structures and triple-digit-million fraud and embezzlement (Source: Tagesspiegel). Procedurally, the suspended 15-month sentence does not end Benko’s pre-trial detention: he remains in custody because of the risk of evidence tampering and further offences in the broader Signa complex, as stated by WKStA (Source: justiz.gv.at). The decisive question is how future indictments in the Signa strands will interact with the existing sentences when they are finally aggregated. Call for Information FinTelegram will continue to treat the Signa Case as a long-term investigation. Insiders, advisers, employees, lenders, and counterparties with information on asset shifts, foundations, side agreements, or international structures around René Benko and the Signa Group are invited to submit documents and evidence securely via Whistle42.com. Share Information via Whistle42

The dramatic U.S. seizure of the supertanker Skipper off Venezuela’s coast—personally announced by President Donald Trump and amplified by Attorney General Pam Bondi’s helicopter-raid video—is officially framed as a sanctions and counter-terrorism operation. In reality, it sits at the intersection of three fault lines: Washington’s dependence on heavy Venezuelan crude, Venezuela’s slow exit from the classic petrodollar system, and PDVSA’s growing use of USDT stablecoins and Chinese channels to move oil money outside the reach of the U.S. banking system. The Strategic Perfect Storm: Quality, Currency, and Hegemony Venezuela presents the United States with a double vulnerability that intensifies pressure on an already heavily indebted superpower. First, Venezuela produces super-heavy, high-sulfur crude grades—particularly Merey, Boscan, and Hamaca—that are ideally suited to the complex coking units of U.S. Gulf Coast refineries. As Mexican heavy crude production declines and Canadian pipeline flows remain constrained, Venezuelan barrels have become irreplaceable for optimal refinery operations and diesel output. The loss of up to 200,000–300,000 barrels per day of Venezuelan heavy crude has already tightened U.S. refinery feedstock markets, driving up costs and threatening fuel price stability—a politically sensitive issue for any administration.​ Second and more strategically threatening, Venezuela under Maduro has systematically abandoned the petro-dollar. Since 2024, state oil company PDVSA has required new customers to prepay up to 50% of spot crude shipments in Tether’s USDT stablecoin via digital wallets, with over half of all crude shipments now involving USDT payments by mid-2025. Venezuela also shifted to pricing and settling oil in Chinese yuan as early as 2017, deepening financial integration with Beijing. In September 2025, approximately 84% of Venezuela’s crude exports flowed to China—either directly or via shadowy intermediaries—paid in yuan or converted through USDT.​ This combination undermines two pillars of U.S. financial hegemony simultaneously: it deprives U.S. refiners of optimal crude while routing oil revenues outside dollar-denominated banking channels that traditionally recycle petrodollars into U.S. Treasuries.​ USDT as the New Petro-Currency Infrastructure Venezuela’s reliance on USDT represents more than sanctions evasion—it constitutes a parallel petro-currency infrastructure that bypasses U.S. control while still referencing dollar value. By July 2025, an estimated $119 million in USDT flowed into Venezuela’s private sector in a single month, with the government quietly authorizing select banks to exchange bolívars for USDT since June 2025. PDVSA uses USDT to avoid the risk that oil proceeds will be frozen in foreign bank accounts subject to OFAC jurisdiction, effectively creating a “digital dollar” market that operates outside traditional correspondent banking and SWIFT.​ This model mirrors strategies deployed by Iran and Russia, which increasingly use crypto and stablecoins to conduct sanctioned energy trade. For the United States, the danger is not nominal de-dollarization—oil is still priced in dollar-equivalent USDT—but operational de-dollarization: the flows no longer pass through New York clearing banks, no longer generate demand for U.S. Treasuries, and no longer submit to U.S. financial surveillance and enforcement. Each barrel settled in USDT marginally weakens the structural demand for dollars and Treasuries that has enabled the U.S. to sustain $35 trillion in national debt and run persistent deficits without triggering a currency or bond crisis.​ Economic Pressure on a Heavily Indebted United States The erosion of petro-dollar recycling comes at a particularly vulnerable moment. The U.S. national debt surpassed $35 trillion in 2024, having nearly doubled from $14.8 trillion a decade earlier, sustained largely by Federal Reserve quantitative easing and robust foreign demand for Treasuries—much of it driven by petrodollar recycling from oil exporters. J.P. Morgan Research estimates that each 1-percentage-point decline in foreign Treasury holdings relative to GDP (roughly $300 billion) would drive yields up by more than 33 basis points, raising borrowing costs across the economy and constraining fiscal space. If major energy exporters systematically shift settlement outside the dollar banking system, the resulting reduction in Treasury demand would exert upward pressure on U.S. interest rates, crowding out domestic investment and destabilizing state and federal budgets already stretched by deficit spending.​ Venezuela’s pivot to USDT and yuan thus threatens not only dollar prestige but the fiscal arithmetic underpinning U.S. debt sustainability. Control over Venezuelan oil—the world’s largest proven reserves—would allow Washington to dictate currency terms for a substantial share of global heavy crude supply, reinforcing structural dollar demand and shoring up Treasury inflows.​ From Sanctions Enforcement to Military Action The 10 December tanker seizure must be understood in this dual economic context. While Attorney General Pam Bondi justified the operation as enforcement against a vessel “sanctioned for its involvement in an illicit oil shipping network supporting foreign terrorist organizations,” the execution involved Coast Guard personnel, Marines, special forces, two helicopters, and Department of Defense assets—an operation of military scale and character. Trump himself declared, “We keep the oil, I guess,” a statement that frames the seizure not as law enforcement but as resource appropriation.​ Senator Chris Van Hollen characterized the seizure as evidence that U.S. military operations in the Caribbean—including over 22 boat strikes killing at least 87 people since September 2024—are not primarily about drug interdiction but about regime change by force. The tanker seizure, combined with the deployment of the USS Gerald Ford carrier strike group, fighter jet overflights of the Gulf of Venezuela, and Trump’s stated intention to conduct land strikes, constitutes a campaign of escalating military pressure aimed at restoring U.S. control over Venezuelan oil and, by extension, over the currency terms of that oil’s sale.​ Hypothesis: Strategic Resource Seizure to Counter Financial Erosion The hypothesis emerging from these dynamics is stark: the United States, facing the twin pressures of irreplaceable heavy crude needs and eroding petro-dollar flows, has escalated from economic sanctions to quasi-military resource seizure in an attempt to reassert control over Venezuelan energy and re-anchor oil transactions within dollar-clearing infrastructure. The tanker seizure is not an isolated enforcement action but a signal of willingness to use military force to defend financial hegemony when economic levers prove insufficient.​ If Venezuela—and by extension China, Russia, and other USDT-adopting energy exporters—succeeds in normalizing stablecoin settlement outside U.S. banking rails, the resulting erosion of structural Treasury demand could trigger a fiscal crisis for a United States already burdened by unsustainable debt levels. In this framing, the Skipper seizure represents not law enforcement but a new form of economic warfare: the physical interdiction of energy flows to prevent their settlement in non-controlled digital currencies, even when those currencies are nominally pegged to the dollar.

Austria’s appeals court has definitively stopped the extradition of Ukrainian businessman Dmytro Firtash to the United States, closing a decade-long case and sharpening doubts about Vienna’s willingness to confront entrenched oligarch networks. The Firtash Case On 9 December 2025, the Vienna Higher Regional Court rejected prosecutors’ appeal and confirmed a 2024 ruling: Firtash will not be surrendered to the U.S (Source: Reuters). A 2013 indictment in Chicago accuses him of orchestrating an $18.5 million bribery scheme to secure titanium mining rights in India, in breach of the U.S. Foreign Corrupt Practices Act (Source: US Indictment). He denies the charges as politically motivated. In parallel, Ukrainian and U.S. authorities accuse him of embezzling nearly $500 million from Ukraine’s gas transit system (Source: Reuters). Arrest and Extradition Procedures Arrested in Vienna in 2014, Firtash has fought extradition ever since. A Vienna court first refused the U.S. request in 2015 as partly political, an assessment that already raised eyebrows among anti-corruption experts (Source: Euronews). Later, higher courts – and the then justice minister – signalled that extradition was legally possible, before new defence motions, a 2023 reopening of proceedings and renewed rulings produced the current refusal (Source: RadioFreeEurope). A Spanish extradition request on money-laundering allegations was also rejected, leaving Firtash still in comfortable exile on the Danube (Source: The Local Austria). Firtash built his fortune as an intermediary for Russian gas and was a key sponsor of former Ukrainian president Viktor Yanukovych. cdn.csd.bg Vienna’s tolerant environment for post-Soviet capital – with willing banks, prestige lawyers and ex-ministers for hire – has long made the city attractive to oligarchs he is often grouped with. Kremayr & Scheriau+1 Concluding assessment In March 2015, Firtash hired former foreign and finance minister Michael Spindelegger to run the Firtash-funded Agency for the Modernisation of Ukraine (AMU), just weeks before an Austrian court first refused extradition (Source: en.dmitryfirtash.com). Spindelegger is a long-time associate and former university “Cartellbruder” of then-justice minister Wolfgang Brandstetter (Source: parlament.gv.at). Ukrainian politicians already criticised the AMU at the time as a project to polish Firtash’s image and fend off extradition (Source: Vorarlberger Nachrichten). According to a 2015 CIA report seen by FinTelegram, U.S. intelligence assessed that Firtash enjoyed unusually good access to Austrian judges and senior politicians; that report explicitly links the Spindelegger appointment to his extradition fight (Source: Wiener Zocker). Austrian journalist Florian Horcicka has likewise argued that bringing Spindelegger on board substantially improved Firtash’s chances of avoiding a U.S. courtroom, fitting a broader pattern of oligarchs using Vienna’s political class as legal and reputational shields (Source: Kremayr & Scheriau). This ruling therefore reinforces the picture of Austria as a jurisdiction where money, influence and revolving doors can blunt international anti-corruption efforts at the expense of Ukraine, the U.S. and the credibility of the rule of law. FinTelegram calls on insiders, advisers and officials with knowledge of Firtash’s networks in Austria and Ukraine to contact us confidentially and provide further information about his activities and protection structures. Share Information via Whistle42

Venezuela, sitting on one of the world’s largest oil reserves, is no longer just selling crude in dollars. Under Nicolás Maduro, state oil company PDVSA is increasingly settling exports in Tether’s USDT, a dollar‑pegged stablecoin, to bypass U.S. sanctions and banking controls. This shift does not end dollar influence in oil, but it moves critical flows off the U.S.‑controlled banking grid and into opaque crypto rails—posing new challenges for Washington’s already strained, debt‑laden financial hegemony.​ USDT vs Petro‑Dollar: A Sanctions‑Driven Pivot Since 2024, PDVSA has re‑engineered its contracts to require that around half of many spot crude shipments be prepaid in USDT via digital wallets, pushing new clients into crypto‑based settlement and away from traditional correspondent banking. By 2025, more than 50% of crude shipments were reportedly partially or fully paid in USDT, with stablecoin inflows of roughly 119 million dollars reaching the private sector in a single month.​ This marks a decisive break with the classic petro‑dollar model, in which oil is invoiced, cleared, and stored in the U.S. banking system and Treasuries. Venezuela still references the dollar as unit of account, but execution now occurs on blockchains rather than via banks subject to OFAC and SWIFT. The strategy serves three objectives: Sanctions evasion and asset protection: USDT payments reduce the risk that proceeds are seized in foreign bank accounts under U.S. measures.​ Parallel “digital dollar” market: Caracas resells USDT domestically for bolívars, injecting hard‑currency liquidity while bypassing official FX channels.​ Template for other sanctioned oil exporters: Russia and others are already experimenting with crypto and stablecoins for energy trade, embedding de‑dollarisation into commodity flows.​ Strategic Risk for a Heavily Indebted U.S. For the United States, the danger is less about losing the dollar as unit of account in oil, and more about erosion of control over dollar‑linked flows. If major energy exporters can routinely clear large volumes via private stablecoin issuers outside the regulated banking core, U.S. sanctions, surveillance, and—ultimately—demand for U.S. Treasuries are gradually weakened.​ Yet Venezuela’s bet is fragile. USDT is centralized: Tether has already frozen addresses linked to sanctioned Venezuelan activity, proving that Washington can still exert pressure through issuers and key compliance choke points. A single freeze event could instantly strand millions in oil revenue, underscoring the geopolitical and counterparty risk of building an oil strategy on a private stablecoin.​ Conclusion Venezuela’s move to a USDT‑denominated oil trade is a live‑fire test of how far stablecoins can chip away at the operational dominance of the petro‑dollar without replacing the dollar itself. In a world of weaponised finance and mounting U.S. debt, every barrel settled in off‑bank “crypto dollars” marginally reduces Washington’s leverage—while pushing sanctioned regimes into a precarious dependency on opaque, privately run digital dollar infrastructures. The real contest is no longer dollar vs non‑dollar, but on‑shore dollar law vs off‑shore dollar technology. Share Information via Whistle42

Austria’s fallen real-estate tycoon René Benko and his wife Nathalie Benko are facing a second indictment for fraudulent bankruptcy (betrügerische Krida). Prosecutors allege that cash and luxury assets were secretly moved into a family safe to keep them out of the insolvency estate. The case escalates Benko’s already serious criminal exposure after a first, non-final prison sentence. Key Facts Forum & timing: Second criminal trial opens today before the Regional Court in Innsbruck; Benko remains in pre-trial detention since January 2025 (Sources: kurier.at, FinTelegram). Accused: René Benko as main defendant; wife Nathalie as alleged accomplice (Beitragstäterschaft) (Source: kurier.at). Core allegation: Concealment of approx. €120,000 cash plus luxury watches, cufflinks, and jewellery worth about €250,000–370,000 in a safe at relatives’ home, thereby reducing the pool available to creditors. Legal qualification: Fraudulent bankruptcy / insolvency-related asset transfer (betrügerische Krida), with a 1–10 year sentencing range (Source: DIE WELT). First trial: In October 2025, Benko was convicted in Innsbruck and sentenced to 24 months imprisonment over a €300,000 transfer to his mother; judgment not yet final (Source: Reuters). Short Analysis FinTelegram has documented for months how the Signa collapse evolved from a corporate insolvency into a full-blown criminal complex, with creditor claims approaching €40 billion and multiple WKStA investigation strands (Source: fintelegram). The new “safe case” fits the broader pattern already highlighted in previous FinTelegram reports: targeted asset shifts, opaque family-foundation structures, and luxury items quietly removed from the reach of insolvency administrators. Here, prosecutors allege a joint plan: Nathalie is said to have organised the safe at relatives, moved cash and watches there, and even asked that paperwork be destroyed to obscure the timing around Benko’s personal insolvency filing (Source: Kurier). Legally, this second indictment is critical. If the new charges also end in a conviction, courts will have to aggregate sentences. Against the backdrop of ongoing investigations into foundations, gold transfers, and advisory networks, the Benko proceedings increasingly define how Austria handles high-profile asset stripping in mega-insolvencies. Call for Information FinTelegram will continue to follow the Benko trials and the wider Signa Crime Case. Insiders, former employees, advisers, and counterparties who have information on asset transfers, foundations, or hidden valuables around René and Nathalie Benko are invited to share documents and evidence securely via Whistle42.com. Share Information via Whistle42

Noda, which poses itself as a payments service provider, recently saw some leadership reshuffling. As is evident from LinkedIn, a number of senior leaders left Noda in October 2025 – including CEO Igor Loktev (one of the co-founders), CRO Michael Bystrov, COO Anastasija Tenca, and many others. What has happened to the payments company, and who really runs it now? Noda’s Shareholders & Key People Firstly, let’s establish Noda’s registered locations. On its website, it is stated that for the payment initiation within the UK, the company’s official name is Naudapay Limited registered in London. Meanwhile, for the tech services within the EU, it’s Noda Holdings Limited, registered in Nicosia, Cyprus. One of the directors of the UK company NaudaPay (incorporated in 2018) was former COO Anastasija Tenca, yet in October 2025, her appointment was terminated (as is evident from LinkedIn too). Currently, the director of the UK company is Irina Konstantinova, a Latvian citizen. According to LinkedIn, she’s been in that position for seven years. Meanwhile, Noda’s co-founder Lasma Kuhtarska – who appears to be the only person from the original team still at Noda – is stated as the person with significant control, with 75% or more ownership of shares. Previously, entrepreneur Dmitri Volkov was one of the major shareholders too, yet his control ceased in 2023. Leadership Shifts to the UK There are two new UK-based leadership team members – financial director Ksenia Cohen and executive advisor Alex Batlin, who recently wrote an article about what the latest AWS outage means for the payments sector. NamePositionLocationPrevious relevant experienceKsenia CohenFinance DirectorUKEYAlex BatlinExecutive AdvisorUKBitpanda, UBS There are also a few UK-based leadership jobs advertised on LinkedIn. For example, Head of Analytics, Data Analyst, AML/KYC Risk Analyst, Product Designer – which suggests Noda may be shifting more of its team to the UK. Additionally, there are rumors that the expected Managing Director will be UK-based, along with the rest of the decision-making team. Noda’s UK address is 162 Buckingham Palace Road, which appears to be a “stylish co-working space”. What Has Changed with Noda Product? Are these position and location changes normal scaling adjustments or signs of deeper restructuring? Is there any disruption to the client-facing side of Noda, and what are the key changes to Noda’s product? Noda’s offering hasn’t changed. Its products still include open banking and card payments and payouts, checkout form, no-code pages, payment links and QR codes, interactive donation buttons (Noda Prime), sign-in via bank, and data enrichment. This suggests there hasn’t been a major disruption to Noda’s product.  Noda’s open banking network covers 2,051 banks across 28 countries – 250 in Europe, and full bank coverage in the UK. In the latest LinkedIn post, Noda stated that 1.7 million new users paid with Noda in the past six months, with 60% of them returning to this payment method. Possible Motives Behind Noda’s Restructuring So, if nothing else has changed with the product, what were the reasons for Noda’s leadership team restructuring in October-November 2025? As pointed out by Noda’s co-founder in the latest interview, Noda was built as an IT company, and its current competitive advantage lies in technology and accessibility. As for the future of Noda, she said that Noda will keep its focus on the UK and European payments. It’s possible that the current restructuring is strategy-lead or to refine corporate governance, yet there were no comments about this in the interview. Share Information via Whistle42