Financial Intelligence Commentary Donald Trump’s “victory” over Iran appears to have produced an unusual post-war ritual: the alleged loser gets oil waivers, sanctions relief, renewed access to global markets, a 60-day negotiation window, and a proposed reconstruction plan worth at least $300 billion. The alleged winner, meanwhile, is busy explaining the victory on Truth Social — and arguing with Italy’s Giorgia Meloni. It is, by any ordinary standard of power politics, a strange victory. The latest episode began not in Tehran, Washington, or the Strait of Hormuz, but in a diplomatic quarrel between Trump and Meloni after the G7 summit in France. Trump claimed that Meloni had repeatedly sought a photograph with him to improve her domestic popularity and that, after the US had “defeated Iran militarily,” she now wanted to be friends again. Meloni rejected the claim sharply, telling Trump that her popularity was none of his concern and that being his friend had certainly not helped her in Italy. That exchange matters because it exposes the deeper problem with Trump’s Iran narrative. If this was such a clean American victory, why are allies distancing themselves, conservative voices questioning the deal, and the terms of the framework agreement looking less like surrender and more like a financially engineered exit ramp? The Victory Narrative Meets the Deal Sheet Trump presents the Iran framework as a hard-won military and diplomatic success. The deal itself tells a more complicated story. According to the published summaries of the 14-point memorandum of understanding, the agreement provides for an immediate and permanent end to military operations, including in Lebanon. Iran may begin exporting oil and petroleum products once the memorandum is signed. The Strait of Hormuz is to be reopened for safe commercial passage for 60 days without charge. The parties are to resolve the disposition of Iran’s stockpiled enriched material in further negotiations. Sanctions relief is linked to nuclear compliance and a final agreement, but temporary waivers for Iranian oil exports and associated services — including banking, insurance, and transport — are to be issued immediately. That is not the architecture of an unconditional surrender. It is the architecture of a negotiated pause. The core nuclear questions are not finally resolved. The future of enriched material remains to be negotiated. Iran’s broader strategic infrastructure — its missile capability, regional proxy relationships, and political system — remains intact. The framework appears to restore the negotiating table rather than impose defeat. Trump may call it victory. A balance-sheet analyst might call it liability management. The Meloni Moment Meloni’s rebuttal was politically significant because she is not an obvious anti-Trump figure. She has long been viewed as one of Trump’s closest ideological counterparts in Europe. Yet the Iran war placed her in an awkward position: close enough to Trump to be associated with the consequences, but not willing to subordinate Italian sovereignty to Washington’s war strategy. Trump criticized Italy for not allowing the use of U.S. military bases in Italy during the Iran war. Meloni responded that the use of such bases is governed by agreements that Italy has always respected and that cannot simply be violated. “As long as I am prime minister, Italy remains a sovereign nation,” she said in substance. That is the real Meloni moment. It is not about a photo. It is about the political cost of being seen as too close to Trump when the war’s economic and strategic outcome is contested. Meloni’s message was clear: if Trump wants to sell the Iran framework as a glorious victory, he should not expect Italy to become part of the marketing campaign. The Global Bill: Hormuz, Oil, Inflation The Iran war was never just a military event. It was a global financial shock. The effective disruption of the Strait of Hormuz — one of the most important energy chokepoints in the world — created a historic oil and gas crisis. Before the war, the passage handled a major share of traded oil and natural gas. Its disruption pushed energy markets into crisis mode, drove oil and gas prices sharply higher, depleted emergency stockpiles, and fed directly into inflation expectations. Even after the peace framework, the recovery is not automatic. Energy markets may welcome the reopening of Hormuz, but supply routes, insurance markets, shipping confidence, depleted inventories, and damaged infrastructure do not normalize by press release. A temporary reopening of the strait is relief, not resolution. The economic mechanics are straightforward. Higher oil prices increase transport costs. Higher transport costs increase food, fertilizer, logistics, aviation, and industrial input costs. Inflation rises. Central banks hesitate. Growth slows. Consumers pay. Governments subsidize. Bond markets reprice risk. In other words: the war may have been fought in the Gulf, but the invoice was sent worldwide. This is where the “victory” narrative becomes financially uncomfortable. If the war was won, it was won at the price of a global energy shock and a new inflationary impulse — precisely the kind of macroeconomic damage that political leaders usually try to avoid before elections. The $300 Billion Question The most striking part of the framework agreement is the proposed reconstruction and economic development plan for Iran worth at least $300 billion. The agreement does not formally describe this as “reparations.” That legal distinction matters. But economically and politically, it has the look and feel of reparation-like reconstruction finance: a post-war funding architecture for the country Trump claims was defeated. The administration has suggested that Gulf Arab states, not U.S. taxpayers, may provide much of the funding. That raises another question: why would Gulf states eagerly finance Iranian reconstruction after a war in which their own energy infrastructure and security model were exposed to severe risk? Even if the United States does not directly write the check, Washington appears to be enabling the financial architecture. The deal opens pathways for Iranian oil exports, banking services, transport, insurance, potential asset access, and reconstruction capital. The defeated side is not being asked to pay. It is being offered mechanisms to recover. That is a curious form of victory. Oil Waivers: The Leverage Problem The timing of the oil waivers is particularly important. Under classic sanctions diplomacy, economic relief is the prize at the end of verified compliance. Under this framework, Iran receives immediate oil-export breathing space at the beginning of a 60-day negotiation period. That reverses the leverage sequence. If Iran can sell oil more freely, access associated financial services, and wait for negotiations to unfold, Washington’s pressure tool weakens before the most difficult concessions are secured. The enriched uranium question remains open. The broader military and regional questions remain open. The final agreement remains open. Trump argues that the United States can resume military pressure if Iran fails to comply. That may be true in theory. But once oil flows restart, shipping normalizes, markets stabilize, and allies breathe a sigh of relief, the political cost of renewed escalation rises dramatically. The framework therefore gives Trump an immediate domestic talking point — lower oil prices, reopening Hormuz, “peace” — while giving Iran time, liquidity, and negotiating space. Even Trump’s Allies Are Not Convinced The criticism is not limited to Democrats or foreign-policy liberals. Conservative and Republican voices have also attacked the deal, arguing that Iran receives huge financial benefits without immediate dismantlement of its nuclear infrastructure, missile program, enriched uranium stockpile, or proxy networks. That internal backlash is telling. When critics inside Trump’s own political ecosystem describe the framework as weakness, appeasement, or even “American surrender,” the word “victory” becomes less an analytical conclusion than a branding exercise. Trump’s response has been characteristically combative: he has attacked the critics as fools, jealous, stupid, or bad people. But insulting critics does not resolve the balance sheet. If a victory needs this much explanation, perhaps it is not a victory. Perhaps it is a ceasefire packaged as triumph. Conclusion: The War Won on Truth Social Trump may have won the war on Truth Social. He may even win the domestic narrative if oil prices fall and voters accept the image of a president who bombed, negotiated, and declared victory. But the actual terms of the peace framework tell a less cinematic story. Iran survives. Iran negotiates. Iran exports oil. Iran may receive access to enormous reconstruction capital. The nuclear question is deferred. Hormuz remains a strategic lever. Allies are uneasy. Conservative critics are restless. Meloni is not volunteering for the victory parade. That is not necessarily defeat for America. But it is certainly not the clean triumph Trump claims. It is a strange victory — expensive, conditional, heavily financed, and suspiciously generous to the side that was supposedly beaten. Share Information via Whistle42

A new annex to FinTelegram’s Zentoria / NALMI report adds preserved HTML, configuration-level markers, API dependencies, and direct catalogue-asset links around the Spinsopotamia anchor. FinTelegram has publishing a new Technical Annex as a companion annex to its recently released “Zentoria / Spinsopotamia and the NALMI Casino Network” Compliance Intelligence Report. The new dossier does not replace the main report; it deepens the public-source technical case around the Spinsopotamia.com anchor with preserved HTML, exact telemetry and configuration markers, cross-domain API dependencies, and direct catalogue-level asset links that were not fully developed in the broader June report. The central conclusion remains unchanged. The evidence supports a strong technical and operational relationship between the Zentoria-facing Spinsopotamia anchor and a wider casino infrastructure concentrated inside the Marshall Islands-based NALMI / AS213846 – 185.207.196.0/22 environment, while stopping short of claiming that Zentoria Limited legally owns every correlated domain or that a single ultimate beneficial owner controls the entire ecosystem. Key findings 83-domain strict configuration cluster: Across 166 preserved result pages, 83 public domains co-exposed the same exact CSPER reporting account, the same exact SEON DNS token, the same non-financial seasonal-promotion response hash, and the same NALMI /22 network envelope. Preserved anchor evidence: Two preserved URLScan result pages show Spinsopotamia with exact public identifiers, including a CSP reporting endpoint, SEON token, GTM container, GA4 measurement ID, Hotjar site identifier, CookieScript resource, and repeated platform-host family markers. API dependency graph: The dossier records 67 additional API hostnames and 98 direct cross-domain dependency pairs, supporting a rotating facade / canonical-host model rather than isolated standalone domains. Direct catalogue linkage: Six byte-identical public asset groups connect Spinsopotamia with comparison families including Kingmaker, BillyBets, 100Neon, BigClash, DuoSpin, LunuBet, and MyEmpire. Broader NALMI continuity: 495 of 496 investigated domains remain inside the same 185.207.196.0/22 routed envelope attributed to AS213846 / NALMI LIMITED. Legal-safe boundary preserved: The dossier strengthens technical correlation, but it still does not establish common legal ownership, customer-account identity, or UBO attribution without provider-side records. What the Technical Annex Adds! The strongest new contribution is the strict 83-domain shared-configuration cluster. Across 166 preserved result pages, the same exact CSPER reporting account, the same exact SEON DNS token, the same non-financial seasonal-promotion response hash, and the same compact NALMI network environment recur together across 83 public domains. This is materially stronger than generic provider overlap because these are account- or project-style markers, not merely ordinary use of common cloud or CDN infrastructure. Download the Zentoria / NALMI Technical Annex here The dossier also documents preserved Spinsopotamia HTML evidence from two distinct URLScan result pages, one from October 2025 and one from March 2026, showing endpoint continuity from 185.207.197.250 to 185.207.197.216, both inside the same 185.207.196.0/22 routed envelope. At the same time, the public HTML captures exact telemetry and configuration identifiers, including the CSPER reporting endpoint, the SEON DNS token, a Google Tag Manager container, a Google Analytics measurement ID, a Hotjar site identifier, and repeated platform hosts such as pg-nmga.com, pgf-euy2bt.com, and pgwhois.com. Facade and canonical hosts The new dossier goes beyond static asset comparison by modelling a visible cross-domain API structure. Across the strict cluster, the preserved evidence records 67 additional API hosts, 150 unique technical nodes, and 98 direct cross-domain dependency pairs, showing that many public-facing casino domains rely on alternate or canonical backend hosts rather than serving as isolated sites. This matters because it supports a rotating facade / canonical-host architecture. In practical terms, public brand domains can change while the deeper API and operational structure remains stable, which is precisely the kind of pattern that regulators, PSPs, banks, and acquirers should treat as a high-priority disclosure target. Direct cross-brand asset links A further step forward is the dossier’s exact cross-brand catalogue evidence. It identifies six byte-identical public asset groups that directly connect Spinsopotamia with brands and families including Kingmaker, BillyBets, 100Neon, BigClash, DuoSpin, LunuBet, and MyEmpire. These are not visual similarities or naming overlaps. They are exact SHA-256-level matches in publicly delivered language and game-related assets, which materially strengthens the case that Spinsopotamia is embedded in a shared operational and content-delivery environment rather than standing alone as a separate casino endpoint. What remains unchanged The broader model from the main report still stands. The NALMI environment contains 495 of 496 investigated domains inside the same 185.207.196.0/22 routed allocation, while a separate application-build supercluster links 98 domains through 120 meaningful byte-identical first-party asset groups across 16 technical components. Just as importantly, the new dossier explicitly corrects several overbroad interpretations. It confirms that the verified target population is 496 domains, not 994; that generic regional support hosts do not prove a common tenant; that no raw technical identifier in the evidence directly proves NovaForge, Quadcode, Payabl, or Zentoria as technical owner; and that the evidence should not be stretched into a claim that all 495 NALMI-hosted domains are controlled by Zentoria. That narrowing is not a weakness; it improves the evidentiary quality of the case. Download both reports To help regulators, payment institutions, banks, legal counsel, and investigative journalists assess the full record, FinTelegram is making both documents available together: Main report: Zentoria / Spinsopotamia and the NALMI Casino Network – Compliance Intelligence Report. Technical annex: Zentoria / Spinsopotamia External Technical Evidence Dossier.Download the main report here:[Insert main report download link]Download the technical evidence dossier here:[Insert annex download link] Read together, the two reports provide a layered public-source record: the main report maps the broader NALMI casino-domain environment, while the new dossier deepens the anchor case around Spinsopotamia itself. Call for whistleblowers Public-source OSINT can establish technical correlation, but provider-side records remain decisive for legal attribution. FinTelegram therefore calls on whistleblowers, former employees, PSP insiders, acquirer staff, wallet operators, and affected players to share information about Zentoria Limited, Spinsopotamia.com, NALMI, and the related casino brands through Whistle42. Particularly relevant are: Merchant IDs, gateway IDs, route IDs, or settlement-beneficiary details. Internal onboarding, compliance, or risk-review records involving Spinsopotamia, Zentoria, or NALMI-hosted brands. Platform, support, telemetry, or hosting account records identifying the actual contracting entity behind the observed technical markers. Card statements, bank records, deposit screens, cashier screenshots, or internal communications showing descriptor or payee relationships.Submit information securely via Whistle42:https://whistle42.com Whistle42 is FinTelegram’s evidence-first whistleblower platform for financial crime and compliance failures, allowing sources to share documents, screenshots, emails, contracts, wallet or transaction IDs, and other unique identifiers securely and discreetly. Share Information via Whistle42

Public‑source OSINT model links a Zentoria‑facing billing descriptor into a tightly concentrated casino infrastructure – without yet proving ownership or a single UBO. For months, FinTelegram has been tracking how Irish‑licensed bookmaker Zentoria Limited and its billing descriptor “Spinsopotamia.com Dublin” appear in connection with offshore casino brands within the NovaForge network. Earlier reporting showed how deposits into brands such as Robycasino and Spinsy surfaced Zentoria and Spinsopotamia on player card statements, positioning the combo as an EU‑facing payment façade rather than a conventional operator brand. A newly completed FinTelegram Compliance Intelligence Report now adds a dense technical OSINT layer to this story. Based on four isolated collection runs and 496 casino‑related domains, the report maps how the Zentoria‑facing anchor SPINSOPOTAMIA.COM currently resolves into the same NALMI / AS213846 – 185.207.196.0/22 infrastructure envelope as 495 of 496 investigated domains, with 120 byte‑identical application‑asset groups connecting 98 of them into 16 deployment components across 29 brand families. Key findings – Zentoria / Spinsopotamia / NALMI report SPINSOPOTAMIA.COM, used as billing descriptor and casino entry point for Zentoria Limited, currently resolves to 185.207.197.216, inside the same 185.207.196.0/22, AS213846 (NALMI) infrastructure envelope as 495 of 496 investigated casino‑related domains. The dominant casino endpoints sit in 185.207.196.0/24 (491 domains), with only a handful of domains in 197/24, 198/24 and 199/24 – indicating a highly concentrated casino infrastructure routed through a single provider and prefix. After removing generic Cloudflare and third‑party assets, 120 meaningful SHA‑256 hash groups were identified, forming 16 technical components that connect 98 domains across 29 observed brand families via byte‑identical first‑party application bundles. The largest application component links 36 domains from ten brands (including BoaBoa, Boomerang Casino, BuranCasino, Cadoola, CasinoInfinity, CasinoUnlimited, Castyr, Fezbet, Librabet, Rabona) through dozens of identical JavaScript bundles, consistent with a shared multi‑skin casino platform. Fifty‑one domains across fourteen brand families expose identical Sentry Replay sampling values (for both session and error replay), providing a telemetry‑layer correlation that overlaps with the application‑layer components and reinforces the shared‑platform pattern. Platform and service‑layer artefacts (including an explicit SPTPub host and recurring integrations such as analytics, Hotjar‑style behavioural tools, SEON, MiFinity, PaymentIQ, Anjouan components, Sportradar, Zendesk and mail providers) point to a templated, centralised casino‑platform environment used across many brands. Spinsopotamia.com itself did not produce meaningful shared‑asset hashes in the analysed snapshot due to incomplete public asset collection; its correlation with the wider network is therefore established through DNS, prefix and ASN rather than application‑layer matches, and this absence is treated as incomplete data, not as disproof. The report uses a tiered evidence weighting system (PRIMARY/SECONDARY/LEAD/BACKGROUND) and explicitly warns against silently converting a match on one layer (e.g. prefix, application bundle, telemetry configuration) into presumed matches on every other layer. Legally, the report does not claim common ownership of all 496 domains, does not identify a single UBO, and does not assert that Zentoria Limited controls all NALMI customer accounts or that any criminal or regulatory breach has been proven; it instead defines a high‑correlation infrastructure environment and a set of high‑value disclosure targets. Primary disclosure targets identified include NALMI (185.207.196.0/22 customer and abuse records), Cloudflare (zone and origin history), SPTPub and other platform/telemetry/support providers (tenant ownership and authorised users), and payment/cashier providers (MIDs, routing parameters, acquirers, and settlement beneficiaries), which together hold the records needed to move from technical correlation to any legal attribution. Read our Zentoria Reports here. High correlation – without overstepping into ownership claims At the infrastructure layer, the strongest finding is concentration, not exact‑IP identity. The majority of observed casino endpoints sit in 185.207.196.0/24, while Spinsopotamia.com currently resolves to 185.207.197.216 – a different host, but within the same 185.207.196.0/22 prefix and the same NALMI provider envelope. This creates a narrow, clearly defined target area for regulators and payment institutions: an entire casino ecosystem routed through one infrastructure provider, with the Zentoria‑facing descriptor sitting inside that same block. Above that, the new report documents 120 meaningful cross‑domain SHA‑256 hash groups that bind 98 domains into 16 application‑layer components, including large clusters spanning brands such as BoaBoa, Boomerang Casino, BuranCasino, Cadoola, CasinoInfinity, Casinoly, Joker8, Frumzi, BetRiot, GreatWin, PowerUpCasino, ExciteWin, Playzilla, PolestarCasino, FunID, LegendPlay, PowBet and others. Fifty‑one domains across fourteen brand families also expose identical Sentry Replay sampling values, while recurring platform and service‑layer components (for example SPTPub, MiFinity, SEON, analytics and support tooling) point to a templated, centralised casino‑platform environment. Crucially, the report is explicit about what it does not do. It does not establish that Zentoria Limited legally owns or operates every domain in the NALMI /22 cluster; it does not identify a single ultimate beneficial owner; and it does not assert criminal or regulatory liability as a matter of law. Instead, it converts a very large body of public‑source technical evidence into a compact correlation model and a set of primary disclosure targets – notably NALMI as infrastructure provider, Cloudflare at the edge, SPTPub as platform host, Sentry and Zendesk as telemetry/support tenants, and the payment and wallet providers underpinning the cashier layer. Why this matters for regulators and payment institutions For gambling and financial regulators, acquiring banks, wallet providers, and card schemes, the significance is twofold. First, the infrastructure and application‑layer correlation narrows down where to ask questions: who controls the customer accounts behind 185.207.196.0/22, who owns the platform tenants, and who benefits from the settlement flows behind these rotating casino domains. Second, the presence of a licensed EU bookmaker at the visible payment layer – Zentoria Limited – raises classic questions about shadow processing, descriptor‑laundering and mixed‑risk merchant portfolios, similar to patterns previously observed in other FinTelegram cases. The new report is therefore not a verdict but a map: it highlights the rails, entities, and ecosystems that regulators and PSP compliance teams should now interrogate with their own legal powers and customer‑information records. Download the full report FinTelegram has decided to make the full “Zentoria / Spinsopotamia and the NALMI Casino Network” Compliance Intelligence Report available as a downloadable document for regulators, payment institutions, banks, crypto exchanges, legal counsel, and investigative media partners. Download the full Zentoria / NALMI Compliance Report here. The report sets out the methodology, data scope, infrastructure and application‑layer findings, telemetry and platform‑layer markers, a detailed correlation matrix, and a dedicated limitations and legal‑boundary section. Call for whistleblowers: help close the gaps As always, public‑source OSINT can only go so far. The decisive pieces – merchant IDs, gateway and routing IDs, settlement beneficiaries, internal platform tenants, and contract structures – sit with providers, insiders, and affected customers. FinTelegram therefore calls on whistleblowers, former employees, payment insiders, and affected players: Have you seen “Spinsopotamia.com Dublin”, Zentoria Limited, or NALMI‑hosted casino brands on your card or bank statements? Do you have onboarding emails, checkout screenshots, merchant receipts, or internal documents referencing Zentoria, Spinsopotamia.com, NovaForge, NALMI, or their payment providers? Do you know which acquirers, PSPs, wallet providers, or EMI/PI entities are actually processing and settling these flows? Please submit your information securely and anonymously via our whistleblower platform Whistle42. Share Information via Whistle42

By FinTelegram Editorial Desk The Austrian Financial Market Authority (FMA) has granted a MiCAR authorisation to WB-Shield Innovations GmbH, the Austrian entity operating as WhiteBIT EU. The approval strengthens WhiteBIT’s regulated European footprint and confirms Vienna’s growing role as a MiCA gateway for major crypto platforms. However, the authorised service scope deserves close reading. FMA has alreay issued several MiCA licences over the last couple of months to large crypto exchange operators, including KuCoin or ByBit. Key Findings WhiteBIT EU has received a MiCAR authorisation in Austria through WB-Shield Innovations GmbH, registered under FN 649506g. The FMA authorisation covers custody, crypto/fiat exchange, crypto/crypto exchange, placement of crypto-assets, and transfer services. The published FMA scope does not explicitly list “operation of a trading platform” or “execution of orders” as authorised services. WhiteBIT positions itself as one of Europe’s largest crypto exchanges, part of W Group, with a major global user base and strong sports-sponsorship visibility. Austria’s FMA has become a significant MiCA licensing venue, with previous authorisations including Bitpanda, Bybit EU, KuCoin EU, AMINA Austria, Coinfinity, FIOR Digital, DADAT Krypto, Cryptonow, and Validvent. The WhiteBIT Licence The Austrian FMA has granted WB-Shield Innovations GmbH authorisation as a crypto-asset service provider under Article 63 MiCAR. The entity operates as WhiteBIT EU and is positioned as the regulated European vehicle for the WhiteBIT group. WhiteBIT has announced the preparation of whitebit.eu, a dedicated platform for users in the European Economic Area. This is a strategically important step: once properly passported and operationalised, a MiCAR authorisation from one EU member state can become the regulatory basis for broader EEA market access. From a compliance perspective, the exact service perimeter matters. The FMA’s published authorisation covers custody and administration, exchange against funds, exchange against other crypto-assets, placement, and transfer services. It does not, based on the published notice, expressly include the operation of a crypto-asset trading platform. FinTelegram will therefore monitor whether the final WhiteBIT EU offering is structured as a brokerage/exchange service within the authorised scope or whether additional permissions become relevant. Market Position Whitebit founder Volodymyr Vosov WhiteBIT was founded in 2018 and is led by the Ukrainian Volodymyr Nosov, founder and president of W Group. The company presents itself as the largest European crypto exchange by traffic and part of a broader fintech ecosystem serving more than 35 million customers globally. The group has built a strong public brand through sports and entertainment partnerships, including FC Barcelona, Juventus, FACEIT, and the Ukrainian national football ecosystem. These partnerships have given WhiteBIT visibility far beyond the crypto-native trading audience. Public market-position claims should nevertheless be treated with caution. Crypto-exchange rankings are volatile and depend heavily on methodology, reported volume, traffic metrics, liquidity scoring, and wash-trading controls. For compliance analysis, the more relevant question is not only size, but whether governance, AML, sanctions controls, market-integrity monitoring, custody safeguards, complaints handling, and cross-border onboarding are robust enough for EEA operations under MiCAR. Key People And Austrian Entity Person / EntityRoleRelevanceVolodymyr Nosov(website)Founder / President of W Group; founder/CEO figure behind WhiteBITStrategic leader and public face of the WhiteBIT ecosystemWB-Shield Innovations GmbHAustrian MiCAR licence holderWhiteBIT EU operating entity for the regulated EEA setupATWHITE-Tech GmbHListed shareholder in Austrian company dataAustrian ownership vehicle of WB-Shield Innovations GmbHFlorian ErlachListed managing directorAustrian management / governance functionOleksii ChubarovListed managing directorAustrian management / governance functionMichael FischerListed managing directorAustrian management / governance function Austria As A MiCA Hub The WhiteBIT authorisation confirms a broader trend: Austria’s FMA has become a relevant MiCA licensing gateway for both domestic and international crypto firms. This is not merely a local Austrian story. Under MiCAR, a national authorisation can become the basis for EEA-wide service provision, making the choice of regulator strategically important. Austria has already granted MiCAR authorisations to prominent names such as Bitpanda, Bybit EU, and KuCoin EU, as well as banking, brokerage, and specialist crypto entities. However, the Austrian hub narrative also comes with supervisory pressure. The KuCoin case shows that a licence is not the end of the compliance story: after granting authorisation, the FMA imposed restrictions linked to AML, sanctions and governance key functions, later lifting the new-business ban while still keeping the start of operations restricted due to outstanding supervisory requirements. That is the real MiCA lesson: authorisation is only the entry ticket. Ongoing governance is the actual test. Compliance Assessment WhiteBIT’s Austrian authorisation is a positive regulatory milestone and strengthens the company’s European credibility. It also gives Austria another high-profile global crypto player under its supervisory perimeter. At the same time, FinTelegram sees three points to monitor: Service-scope alignment: WhiteBIT EU’s final product offering must match the services actually authorised by the FMA. Cross-border onboarding: Passporting, customer migration, risk disclosures, and legacy-user treatment must be transparent. Governance resilience: The Austrian entity must demonstrate sustainable AML, sanctions, compliance, IT-security, and management structures — not merely documentation at licence date. FinTelegram Working Hypothesis WhiteBIT’s MiCA licence is part of a broader regulatory migration by global exchanges seeking a compliant EEA base before the end of the MiCA transitional phase. Austria is emerging as one of the more attractive gateways for serious applicants, but also as a jurisdiction that will be judged by how rigorously it supervises high-profile crypto groups after authorisation. Whistle42 Call For Information FinTelegram invites insiders, former employees, compliance officers, onboarding partners, and affected users with information on WhiteBIT EU, WB-Shield Innovations GmbH, or other FMA-licensed crypto exchanges to share documents, onboarding materials, internal compliance memos, customer-migration notices, or regulatory correspondence via Whistle42. Share Information via Whistle42

Spread financial intelligence Following the publication of FinTelegram’s compliance investigation into Stardust Global CCS Ltd, STAKES.com payment-rail allegations, and the broader Cyprus–Curaçao casino structure, FinTelegram has received right-of-reply statements from Cyprus-based service providers referenced in the investigation. The responses came from Dimitris Dimitriou / D. Dimitriou & Co LLC / POLYCON SERVICES LTD and from McMillan Woods Cyprus Ltd. FinTelegram has updated the original investigation report to reflect these clarifications. At the same time, our payment-rail review continues, with a focus on the alleged roles of Stardust Global CCS Ltd, BRB24 TECH N.V., STAKES.com, MiFinity, Volt.io, and related payment, merchant, KYB, and transaction infrastructure. This update demonstrates the editorial process FinTelegram applies in compliance investigations: allegations are recorded, documentary evidence is reviewed, right-of-reply statements are reflected, and whistleblowers are invited to provide additional material that supports, contradicts, or clarifies the evidence record. Right Of Reply Received After publication, Dimitris Dimitriou stated that neither he personally, nor D. Dimitriou & Co LLC, nor POLYCON SERVICES LTD had any involvement in the operational activities, management, payment processing, commercial affairs, customer transactions, or business decisions of Stardust Global CCS Ltd or any related entity. He clarified that the role of POLYCON SERVICES LTD was limited to routine corporate secretarial and administrative services, including filings with the Cyprus Registrar of Companies and the maintenance of corporate records. McMillan Woods Cyprus Ltd, through Managing Director Angelo Aristodimou, stated that its role in relation to Stardust Global CCS Ltd was strictly limited to acting as a correspondence address for the submission of documentation to the Cyprus Registrar of Companies. McMillan Woods Cyprus Ltd further denied having provided accounting, audit, tax, advisory, restructuring, ownership-decision, payment-processing, customer-transaction, commercial, operational, or business-activity services to Stardust Global CCS Ltd or related entities in connection with the matters discussed in FinTelegram’s investigation. FinTelegram Updated The Report FinTelegram has updated the original Stardust/STAKES.com investigation report to include the right-of-reply statements and to make clear that FinTelegram does not allege that McMillan Woods Cyprus Ltd, POLYCON SERVICES LTD, D. Dimitriou & Co LLC, or Dimitris Dimitriou operated STAKES.com, processed player payments, managed customer transactions, or made commercial decisions for Stardust Global CCS Ltd. Their relevance in the current investigation is limited to the roles appearing in Cyprus Registrar filings and the associated corporate-services perimeter. This distinction is important. FinTelegram’s investigation is not designed to imply operational wrongdoing by every service provider appearing in corporate records. The purpose is to map the infrastructure, identify relevant corporate and payment touchpoints, and determine where responsibility, compliance obligations, and transaction-level evidence may exist. The Payment-Rail Review Continues The core of the Stardust investigation remains unchanged. FinTelegram is reviewing whistleblower allegations that European player deposits into STAKES.com may have been routed through payment channels involving Stardust Global CCS Ltd, MiFinity, and Volt.io, using e-wallet, open-banking, or related payment infrastructure. The investigation continues to examine: the corporate structure and ownership history of Stardust Global CCS Ltd; the transfer of shares from STARSCREAM LIMITED of St. Lucia to BRB24 TECH N.V. of Curaçao; the alleged role of Stardust Global CCS Ltd as a payment, merchant, or corporate layer; the alleged use of MiFinity, Volt.io, e-wallet, and open-banking channels; whether European players were able to register, deposit, and fund casino accounts through these payment channels; whether merchant onboarding, KYB, AML, or payment-monitoring red flags were identified or ignored; whether the underlying payment descriptors, merchant IDs, settlement records, or transaction references point to Stardust Global CCS Ltd or related entities. FinTelegram has not yet published a final compliance finding. The investigation remains open. Why This Matters Unauthorized or illegal online gambling is not only a player-protection issue. It is also a payment-integrity, AML, and market-transparency issue. Offshore casino networks often depend on infrastructure that sits around the casino brand itself: corporate agents, payment processors, e-wallets, open-banking gateways, banking partners, legal-service providers, corporate-service firms, domain networks, and technical vendors. FinTelegram’s role is to map this infrastructure, distinguish documented facts from allegations, publish right-of-reply statements fairly, and continue asking the central compliance question: Who enabled the payment flows, who knew what, and what evidence exists at transaction level? Whistleblowers: The Investigation Is Moving The immediate responses from Cyprus service providers show that FinTelegram’s staged compliance-investigation model works. Publication creates movement. Right-of-reply statements clarify roles. Further questions can be asked. New whistleblowers may come forward. The evidence record becomes more precise. FinTelegram is now calling again on insiders, payment professionals, compliance officers, affected players, former employees, corporate-service professionals, and regulators to provide information. We are particularly seeking: bank statements showing deposits to or from STAKES.com; MiFinity transaction records; Volt.io payment confirmations or open-banking records; payment descriptors, merchant names, merchant IDs, settlement references, or transaction IDs; screenshots from the STAKES.com cashier showing available deposit methods; IBANs, beneficiary names, virtual accounts, or PSP reference data; merchant agreements involving Stardust Global CCS Ltd, BRB24 TECH N.V., STAKES.com, MiFinity, Volt.io, or intermediaries; KYB files, UBO declarations, risk assessments, or internal compliance approvals; correspondence with payment providers, banks, casino support, regulators, ombudsman bodies, or corporate-service providers; evidence that supports, contradicts, corrects, or adds nuance to the allegations. FinTelegram is not only looking for incriminating evidence. We are equally interested in exculpatory material, corrections, clarifications, and documents that help establish the accurate scope of each party’s role. Coming Compliance Intelligence Report FinTelegram is preparing a full Stardust Global / STAKES.com Compliance Intelligence Report. The report will address the Cyprus corporate structure, Curaçao and St. Lucia ownership connections, the alleged payment rails, merchant-onboarding and AML questions, player-access evidence, e-wallet and open-banking infrastructure, and the broader role of Cyprus corporate structures in offshore casino operations. Before publication of the full report, FinTelegram will continue its editorial verification process and will reflect substantiated right-of-reply statements, clarifications, corrections, and documentary evidence. Whistleblowers, payment insiders, compliance officers, affected players, and service providers: help us map the rails. Submit information via Whistle42. Share Information via Whistle42

A new FinTelegram forensic report maps strong technical links between Betzter and a wider casino platform environment through shared telemetry, byte-identical application assets, and direct SPTPub infrastructure markers. The report stops short of alleging common legal ownership, but identifies significant compliance, data-protection, and payment-transparency questions that merit regulatory and provider-side scrutiny. 2-Minutes Briefing FinTelegram is making available for download its new report, “SPTPub Platform Cluster and the Betzter Network: A Technical Correlation Analysis.” The report presents the results of a passive OSINT correlation scan of 17 online casino domains and focuses on reproducible technical links between Betzter, several related casino brands, and a broader SPTPub-linked platform environment. The analysis is based exclusively on public technical artefacts. No login was performed, no account was created, no deposit or payment flow was initiated, and no authentication endpoint or non-public system was accessed during the investigation. Across the completed evidence run, FinTelegram recorded 711 deduplicated technical markers, 55 hashed public assets, 559 certificate-transparency rows, and 133 URLScan references. Download the SPTPub Report here. Key Findings Betzter, Aphrodite, Gambiva, MadCasino, and Dracula were found to share core telemetry and deployment markers, including the same FullStory organisation ID, the same Sentry project, the same InvisibleSport and Pusher hosts, and a byte-identical Livewire application bundle. Four reference domains, namely BCGame, PlayGlobal, Spartibet, and RoxCasino, expose direct SPTPub API or start-host integrations tied to the stable cluster marker c7818b61, which is consistent with a shared multi-tenant platform structure. Betzter’s public application layer contains player-linked telemetry markers such as Player.uuid, Player.email, private player-account channel patterns, and the event marker PlayerAccountUpdatedBalance, indicating a detailed player-event and telemetry architecture. Betzter’s recovered Sentry Replay configuration showed maskAllInputs false, maskAllText false, and blockAllMedia false, which raises material questions about session replay, identity-linked profiling, and GDPR-grade data governance. The endpoint api.sptpub.com was observed resolving to 159.69.41.140 and 159.69.41.141 in Hetzner AS24940, making it the strongest current direct non-Cloudflare infrastructure lead in the dataset. Despite extensive public checks, no confirmed cashier provider, PSP, merchant ID, gateway ID, connector ID, route UUID, acquirer, or Apple Pay merchant association was identified for Betzter, leaving the payment route as a documented and highly relevant disclosure gap. Compact report description The report identifies technical risk indicators, not proven wrongdoing. It establishes a strong technical relationship between several named domains through shared telemetry identifiers, direct platform markers, and byte-identical public assets, but it does not establish common legal ownership, beneficial ownership, or any regulatory breach as a matter of law. From a compliance perspective, the relevance is clear. The findings raise questions about cross-brand telemetry aggregation, session replay, player profiling, opaque platform tenancy, and undisclosed payment-routing structures, all of which are directly relevant to regulators, payment institutions, hosting providers, and data-protection authorities. The most decisive next evidence is likely held by providers rather than by further passive scanning. According to the report, the key disclosure targets are SPTPub, FullStory, Sentry, Pusher, Hetzner, and any payment or cashier providers that hold tenant records, account ownership data, routing metadata, and settlement information. Whistleblower call FinTelegram encourages whistleblowers with additional information on SPTPub, Betzter, Softon Ltd, InvisibleSport, NovaFlick, related casino brands, platform tenancy, payment routing, PSP relationships, acquirers, telemetry ownership, or internal compliance concerns to submit material securely via Whistle42. Particularly valuable are internal contracts, onboarding records, merchant-routing data, tenant and Brand ID mappings, PSP and acquirer correspondence, telemetry account ownership records, hosting-provider disclosures, and communications with regulators or service providers. Share Information via Whistle42

Binance’s European MiCA strategy is now in crisis mode. According to Reuters and Bloomberg Law, the Greek regulator Hellenic Capital Market Commission (HCMC) is unlikely to approve Binance’s MiCA licence application. If confirmed, the world’s largest crypto exchange would lose the legal basis to serve EU clients from 1 July 2026, unless it can present another authorised MiCA path before the deadline. This is not a routine licensing delay. It is the first major stress test for the EU’s new crypto regime. MiCA is designed to end the old model of fragmented national registrations, regulatory shopping, and offshore group structures serving EU clients through loose legal gateways. Binance appears to have bet on Greece as its EU passporting hub. That bet is now turning into a regulatory cliff edge. Key Facts ItemFindingApplicantBinance, reportedly through its Greek structure connected to Binary GreeceRegulatorHellenic Capital Market Commission (HCMC)RegimeEU Markets in Crypto-Assets Regulation (MiCA)Deadline30 June 2026 for authorisation; hard stop from 1 July 2026Current statusReported rejection / no public approvalBinance positionApplication allegedly considered compliant; update promised before 30 JuneCompliance impactWithout MiCA authorisation, Binance cannot continue normal EU client servicesFinTelegram risk ratingRED — EU Authorisation Failure / Client Migration Risk The MiCA Cliff MiCA creates a simple legal outcome: a crypto-asset service provider either has an authorised EU CASP licence and can passport its services across the EU, or it must stop serving EU clients. The transitional period ends on 1 July 2026. There is no informal grace period for a global exchange that is still “in dialogue” with regulators. ESMA has already told the market what must happen: unlicensed CASPs must have credible, executable wind-down plans; client assets must be protected; client migration must be controlled; and unauthorised third-country entities cannot continue business-as-usual through reverse solicitation narratives or group outsourcing structures. For Binance, this creates an immediate operational question: Which authorised EU legal entity, if any, will serve its EU users after 30 June? Why Greece Matters Binance selected Greece as its MiCA home base rather than a larger or more established crypto supervisory jurisdiction. That choice was unconventional. Greece had not been among the leading MiCA authorisation centres, while competitors had already secured licences in jurisdictions such as Luxembourg, Ireland, Malta, and Austria. FinTelegram’s interpretation: Binance’s Greek route looked like a strategic licensing shortcut. The reported rejection suggests that EU regulators are not prepared to treat MiCA as a passport-shopping exercise for high-risk global platforms. The Greek decision, if confirmed, is therefore larger than Binance. It sends a message to the market: MiCA authorisation is not a branding exercise. It is a supervisory gate. The Binance Legacy Problem Binance is not a clean applicant. Its compliance history is part of the regulatory file. The group previously resolved major U.S. criminal, AML, and sanctions violations. Its founder Changpeng Zhao stepped down as CEO after pleading guilty to U.S. Bank Secrecy Act violations. The U.S. settlement imposed massive penalties and a compliance monitorship. That history matters under MiCA. A European CASP authorisation is not only about systems, policies, and capital. It is about governance, ownership, fitness and propriety, AML controls, outsourcing, custody arrangements, conflicts of interest, sanctions screening, and the real ability of supervisors to control the EU-facing business. For a global exchange with complex group structures, offshore operations, multiple product lines, and a history of regulatory clashes, the burden is heavy. Binance may have expanded its compliance team and infrastructure, but MiCA regulators are not required to accept a transformation narrative at face value. Competitive Impact If Binance loses EU access, the immediate winners are licensed competitors. Coinbase, Kraken, OKX, Bybit and other MiCA-authorised platforms will benefit from forced client migration, liquidity redistribution, and institutional preference for regulated venues. This is the moment MiCA changes the competitive map. The EU crypto market moves from scale-based dominance to licence-based legitimacy. FinTelegram Assessment Binance is facing a decisive European compliance test. The issue is not whether Binance is large, liquid, popular, or technologically capable. The issue is whether it can pass the EU’s new gatekeeping regime for crypto service providers. If the Greek rejection is confirmed, Binance will have three realistic options: stop serving EU clients; migrate EU users to an authorised CASP structure; attempt a last-minute alternative licensing route, which appears operationally and procedurally weak given the deadline. FinTelegram’s bottom line: No MiCA licence, no EU business. The old crypto playbook — global platform, offshore structures, national registrations, and aggressive market access — is over in Europe. Binance is now the test case for whether MiCA will be enforced as a real supervisory regime or diluted into another regulatory passport market. Compliance Rating RED — High Regulatory Risk Reason: no publicly confirmed MiCA authorisation, reported rejection risk in Greece, hard EU cut-off on 1 July 2026, unresolved client migration exposure, and legacy AML/sanctions risk. FinTelegram Call For Information FinTelegram invites Binance users, former employees, compliance staff, payment partners, banking partners, and regulatory insiders to provide information on: Binance’s EU client migration plans; internal communications regarding the Greek MiCA application; instructions given to EU users; payment, custody, and fiat withdrawal arrangements; any alternative licensing or white-label arrangements; regulatory communications with HCMC, ESMA, AMF, BaFin, CONSOB, CNMV or other EU regulators. Information can be submitted confidentially via Whistle42. Share Information via Whistle42

Spread financial intelligence FinTelegram has opened a formal compliance investigation into Stardust Global CCS Ltd, a Cyprus-registered company that appears in corporate filings connected to offshore structures and alleged online casino payment flows involving STAKES.com. We have received a detailed whistleblower submission, Cyprus corporate registry material, and preliminary payment-rail allegations concerning BRB24 TECH N.V., STAKES.com, MiFinity, Volt.io, and a Cyprus-based corporate-services layer involving McMillan Woods Cyprus Ltd, POLYCON SERVICES LTD, and related legal-service providers. At this stage, FinTelegram is not publishing a final compliance finding. We are opening a structured investigation and are calling on whistleblowers, insiders, affected players, payment professionals, compliance officers, corporate-service providers, and regulators to assist with additional evidence. For the avoidance of doubt: this investigation concerns STAKES.com and the entities and payment structures described below. It should not be confused with similarly named brands or operators unless expressly referenced in verified evidence. We Are Investigating FinTelegram’s EU iGaming Payments Desk is reviewing whether Stardust Global CCS Ltd functioned as part of a cross-border payment or corporate-services layer for offshore casino activity targeting consumers in regulated European jurisdictions. The investigation focuses on the following areas: the corporate structure and ownership history of Stardust Global CCS Ltd in Cyprus; the documented transfer of shares from STARSCREAM LIMITED of St. Lucia to BRB24 TECH N.V. of Curaçao; the role of Stardust Global CCS Ltd as an alleged payment or merchant layer connected to STAKES.com; the involvement of Cyprus-based professional-service providers, including correspondence, secretarial, legal, and administrative functions; the alleged use of EU payment infrastructure, e-wallets, and open-banking rails involving MiFinity and Volt.io; whether European players were able to register, fund accounts, and deposit through payment channels despite local licensing requirements; whether payment providers, corporate-service providers, or intermediaries received sufficient compliance red flags and how they responded. The core question is whether a Cyprus corporate vehicle and associated professional-service infrastructure were used as a regulatory arbitrage layer between offshore casino operations and European player funds. What The Cyprus Filings Indicate So Far Cyprus corporate filings reviewed by FinTelegram indicate that Stardust Global CCS Ltd was incorporated in Cyprus in 2023. The filings show a structure involving offshore and professional-service entities. The documents reviewed by FinTelegram indicate: STARSCREAM LIMITED, a St. Lucia entity, appears in the shareholder history of Stardust Global CCS Ltd; in September 2024, shares in Stardust Global CCS Ltd were transferred to BRB24 TECH N.V., a Curaçao entity; STARKEAST MANAGEMENT B.V., with Curaçao address details, appears in early filings as a director; POLYCON SERVICES LTD appears as corporate secretary; McMillan Woods Cyprus Ltd appears as correspondence contact in several filings; in 2026, STARKEAST MANAGEMENT B.V. was replaced by SOTU26 LTD, a Nevis entity, as director. These corporate records do not, by themselves, prove wrongdoing. However, they raise legitimate compliance questions when viewed together with the whistleblower allegations concerning online casino deposits, EU payment rails, and offshore licensing structures. Payment-Rail Allegations Under Review The whistleblower submission alleges that European player deposits into STAKES.com were routed through payment channels involving Stardust Global CCS Ltd, MiFinity, and Volt.io. According to the whistleblower, payment flows may have involved a combination of: a Cyprus corporate or merchant layer; e-wallet funding or transfer functionality; open-banking payment infrastructure; casino cashier interfaces; payment descriptors or merchant records allegedly connected to Stardust Global CCS Ltd or associated entities. FinTelegram has not yet completed its verification of these alleged payment flows. We are therefore requesting additional evidence from affected users, payment insiders, compliance officers, former employees, banking partners, open-banking providers, and corporate-service professionals. Transparency Matters! Illegal or unauthorized online gambling is not only a consumer-protection issue. It is also a payment-integrity and AML issue. Where offshore casino operators accept deposits from consumers in regulated European markets without appropriate local authorization, payment providers and intermediaries may face serious compliance questions, including: merchant onboarding and KYB failures; weak monitoring of high-risk gambling merchants; improper reliance on offshore licenses; failure to detect or stop transactions linked to unauthorized gambling; use of corporate-service structures to obscure the true operating model; inadequate responses to consumer complaints and AML red flags. FinTelegram has repeatedly observed that offshore casino networks often depend less on the casino website itself than on the surrounding infrastructure: corporate agents, payment processors, open-banking gateways, wallets, legal-service providers, domain networks, and technical vendors. That infrastructure is what we are now mapping. We Need More Evidence Investigations of this kind depend on documents and first-hand accounts that cannot be obtained from public registries alone. FinTelegram is specifically looking for the following material: 1. Payment-Flow Evidence bank statements showing deposits to or from STAKES.com; MiFinity transaction records; Volt.io payment confirmations or open-banking records; payment descriptors, merchant names, merchant IDs, settlement references, or transaction IDs; screenshots from the STAKES.com cashier showing available deposit methods; IBANs, beneficiary names, virtual accounts, or PSP reference data; refund, chargeback, failed-payment, or withdrawal records. 2. Merchant Onboarding and KYB Material merchant agreements involving Stardust Global CCS Ltd, BRB24 TECH N.V., STAKES.com, MiFinity, Volt.io, or intermediaries; KYB files, UBO declarations, risk assessments, or internal compliance approvals; licensing representations made to banks, payment institutions, e-wallet providers, or open-banking platforms; documents describing the role of Stardust Global CCS Ltd as merchant, payment agent, payment facilitator, nominee, or corporate services vehicle. 3. Internal Compliance and Legal Communications AML red-flag assessments; internal warnings or escalations concerning STAKES.com or Stardust Global CCS Ltd; correspondence with McMillan Woods Cyprus Ltd, POLYCON SERVICES LTD, D. DIMITRIOU & CO LLC, BRB24 TECH N.V., STARSCREAM LIMITED, STARKEAST MANAGEMENT B.V., SOTU26 LTD, MiFinity, Volt.io, or related parties; board minutes, legal opinions, or onboarding memoranda; communications discussing EU player traffic, geoblocking, licensing, or payment restrictions. 4. Player and Consumer-Complaint Evidence STAKES.com account records; registration screenshots showing EU or UK residence acceptance; live-chat transcripts; KYC requests; complaint correspondence with MiFinity, Volt.io, banks, regulators, ombudsman bodies, or casino support; account closures, blocked accounts, or refusal-to-refund communications after complaints were filed. 5. Contradictory or Exculpatory Evidence FinTelegram is not only looking for incriminating evidence. We also want information that corrects, contradicts, or adds nuance to the allegations. If you represent or have worked with any of the named entities and believe the whistleblower allegations are inaccurate, incomplete, or misleading, we want to hear from you as well. Entity & Role Map — Stardust Global / STAKES.com Compliance Investigation NameTypeDomain / IdentifierJurisdictionRole / RelevanceCurrent Evidence StatusSTAKES.comBrand / Casino Platformstakes.comUnder review; allegedly offshore / Curaçao-linkedOnline casino brand at the center of the whistleblower allegations. Allegedly accepted European player deposits through payment channels involving Stardust Global CCS Ltd, MiFinity, and Volt.io.Under review / whistleblower allegationStardust Global / Stardust Global CCS LtdLegal EntityHE 443351CyprusCyprus company allegedly used as payment, merchant, or corporate layer for offshore casino-related payment flows. Central entity in the investigation.Registry-confirmed; payment role under reviewBRB24 TECH N.V.Legal EntityN/ACuraçaoNew shareholder of Stardust Global CCS Ltd after the September 2024 share transfer. Alleged operator or corporate node behind STAKES.com; this specific casino-operator role requires additional verification.Shareholder link registry-confirmed; casino-operator role under reviewSTARSCREAM LIMITEDLegal EntityIncorporation No. 2023-00007, per whistleblower submissionSt. LuciaFormer shareholder / original offshore ownership layer of Stardust Global CCS Ltd. Transferred shares to BRB24 TECH N.V.Registry-confirmed as transferor / former shareholderSTARKEAST MANAGEMENT B.V.Legal Entity / Corporate DirectorN/ACuraçao address in filingsInitial director of Stardust Global CCS Ltd. Resigned on 18 February 2026.Registry-confirmedSOTU26 LTDLegal Entity / Corporate DirectorN/ANevisAppointed as director of Stardust Global CCS Ltd on 18 February 2026, replacing STARKEAST MANAGEMENT B.V.Registry-confirmedPOLYCON SERVICES LTDLegal Entity / Corporate SecretaryHE 418229CyprusCorporate secretary of Stardust Global CCS Ltd. Filed/confirmed the 2026 officer changes. Also appears as part of the Cyprus professional-services layer.Registry-confirmedMcMillan Woods Cyprus LtdCorporate Services / Accounting / Advisory Firmmcmillanwoods.com.cy / McMillan Woods networkCyprusAppears in Stardust Global CCS Ltd filings as correspondence contact. Relevant as corporate-services / administrative contact, not yet as proven payment operator.Registry-confirmed correspondence role; broader role under reviewD. DIMITRIOU & CO LLCLaw Firm / Legal Services EntityN/ACyprusAppears as correspondence contact in the share-transfer filing. Allegedly involved in legal restructuring / share-transfer process.Registry-confirmed filing involvement; broader role under reviewDimitris “Dimi” DimitriouIndividualN/ACyprusAlleged legal counsel / professional-services figure connected to D. DIMITRIOU & CO LLC and POLYCON SERVICES LTD. Role requires careful verification and right of reply.Partly open-source indicated; full role under reviewMenno JordaanIndividualN/ANetherlands / Curaçao / St. Lucia connection allegedNamed by whistleblower as associated with Starkeast Management B.V. and the initial offshore setup. Needs independent verification before publication as a factual role.Whistleblower allegation / verification pendingMarina DimitriouIndividualN/ACyprusNamed by whistleblower as witness/certification-layer participant in constitutional or setup documents.Whistleblower allegation / verification pendingAnastasia TsolakiIndividual / LawyerN/ACyprusNamed by whistleblower as lawyer acting in connection with constitutional/certification documents.Whistleblower allegation / verification pendingAndreas P. Siapanis & Associates DYPELaw Firm / Legal Services EntityN/ACyprusNamed by whistleblower as law firm allegedly connected to the certification layer for constitutional documents.Whistleblower allegation / verification pendingMiFinityPayment Brand / eWalletmifinity.comUK / Malta group structureAlleged payment/eWallet rail used by players for STAKES.com deposits. Officially offers eWallet and online payment functionality. Specific transaction role in this case requires payment evidence.Regulated payment brand; case-specific role under reviewMiFinity Malta LimitedLegal Entity / Financial InstitutionRegistration No. C64824MaltaMiFinity entity authorised by the Malta Financial Services Authority as a financial institution. Relevant for EEA payment-services perimeter review.Open-source verifiedMiFinity UK LimitedLegal Entity / EMIFCA Ref. 900090United Kingdom / Northern IrelandMiFinity entity authorised by the FCA to issue e-money. Relevant for UK/EEA payment-services perimeter review.Open-source verifiedVolt.ioPayment Brand / Open-Banking Platformvolt.ioUK / Poland group structureAlleged open-banking / account-to-account payment rail involved in player deposits. Case-specific role depends on transaction records, payment confirmations, and merchant relationship evidence.Regulated payment brand; case-specific role under reviewVolt Technologies LimitedLegal Entity / EMIFCA FRN 982594United KingdomVolt entity authorised by the FCA as an Electronic Money Institution. Relevant for UK-regulated payment and merchant-funds questions.Open-source verifiedVolt Technologies Holdings LimitedLegal Entity / Payment InstitutionFCA FRN 925340United KingdomVolt entity authorised by the FCA as a Payment Institution with account information / payment initiation permissions.Open-source verifiedVolt Technologies Sp. z o.o.Legal Entity / Payment InstitutionKNF ID 635816PolandVolt EU entity regulated by the Polish KNF as a National Payment Institution. Relevant to the Polish Ombudsman and EU payment-perimeter allegations.Open-source verifiedStake.comSeparate Casino Brand / Disambiguationstake.comCuraçao / internationalSeparate and similarly named casino brand operated by Medium Rare N.V. Included only to avoid confusion with STAKES.com. Not part of the Stardust/STAKES.com allegations unless separate evidence emerges.Disambiguation / not target of this reportMedium Rare N.V.Legal Entity / DisambiguationN/ACuraçaoOperator of Stake.com according to Stake.com’s own public terms/provider pages. Included to prevent confusion between Stake.com and STAKES.com.Disambiguation / not target of this reportMedium Rare LimitedPayment Agent / DisambiguationHE 410775CyprusNamed by Stake.com as payment-processing subsidiary for Stake.com. Included only for disambiguation; not connected to Stardust/STAKES.com unless new evidence appears.Disambiguation / not target of this reportMRS Tech LtdPayment Agent / DisambiguationHE 477481CyprusNamed by Stake.com as payment-processing subsidiary for Stake.com. Included only for disambiguation; not connected to Stardust/STAKES.com unless new evidence appears.Disambiguation / not target of this report How To Submit All submissions are handled through Whistle42, FinTelegram’s confidential whistleblower channel. Anonymous submissions are accepted and encouraged. Source protection is a non-negotiable editorial principle at FinTelegram. Submissions may include documents, screenshots, emails, transaction records, chat logs, or written accounts. If you previously submitted material and want to add more, please use the same secure channel. Do not send original devices or physical documents without prior coordination. Submit via Whistle42. Right Of Reply Before publishing the full compliance intelligence report, FinTelegram intends to extend a right-of-reply opportunity to relevant parties where contactable, including entities and providers named in the investigation. The purpose of this investigation is not to prejudge the matter, but to establish a verifiable evidence record. Any substantiated response, correction, clarification, or denial will be reviewed and reflected in our reporting. What Happens Next FinTelegram is preparing a full Stardust Global / STAKES.com Compliance Intelligence Report. The report will examine: the Cyprus corporate structure; the Curaçao and St. Lucia ownership connections; the role of professional-service providers; the alleged EU payment rails; potential merchant-onboarding and AML red flags; player-access evidence from regulated European jurisdictions; the role of e-wallets, open-banking infrastructure, and payment intermediaries; the broader question of Cyprus as a corporate-services layer for offshore casino operations. The report will be published after completion of our editorial verification process and right-of-reply procedure. If you have evidence that supports, contradicts, or expands this investigation, FinTelegram wants to hear from you. Whistleblowers, payment insiders, compliance officers, former employees, affected players, service providers, and regulators: help us map the rails. Share information via Whistle42

FinTelegram has published a new Compliance Intelligence Report on Softon Ltd, the Cyprus-registered company publicly identified by Betzter.com as its owner and operator. The report is now available for download and provides a structured review of a broader risk environment involving Cyprus corporate structures, offshore gambling narratives, EU-facing activity indicators, payment-route opacity, technical infrastructure, and player-data telemetry. The central finding is not a simple “one casino, one operator” story. The report maps a layered compliance picture around Softon Ltd, Betzter, KingdomCasino, SPTPub, InvisibleSport, NovaFlick, Transferop, and related infrastructure or payment indicators. The report does not allege proven criminal conduct by any named person or entity. It raises serious compliance questions that regulators, payment providers, banks, hosting providers, and data-protection authorities should examine. The Softon Layer: Cyprus Company, Offshore Casino Narrative, EU-Facing Risk According to the documented materials reviewed by FinTelegram, Softon Ltd was incorporated in Cyprus on 9 August 2024 with a share capital of EUR 2,000. The company is publicly named by Betzter.com as the platform’s owner and operator. The report examines whether this Cyprus corporate layer is part of a broader online casino and payment environment that may involve: an Anjouan licence narrative for gambling operations; EU-facing accessibility and market indicators; possible reliance on EU payment rails; links or references to Kaspela Labyrinth OÜ in Estonia; unresolved questions around cashier infrastructure, merchant routing, acquirer chains, settlement beneficiaries, and payment-service providers. The report’s most important payment finding is not that a final PSP chain has been proven. Rather, the report shows that key payment infrastructure questions remain opaque at precisely the points where transparency is most important: cashier provider, merchant ID, gateway identifiers, PSP route, acquirer chain, and settlement beneficiary. Technical Findings: Player Telemetry, Application-Layer Signals And German Hosting Lead The report also highlights technical indicators that should matter to gambling regulators, AML supervisors, payment institutions, hosting providers, and data-protection authorities. Publicly accessible application-layer indicators reviewed in the investigation point to a real-time player-account architecture and telemetry configurations involving tools such as FullStory, Sentry Replay, Pusher, and player-linked fields including Player.uuid and Player.email. These indicators create a potentially significant privacy and compliance risk surface. If player-linked identifiers and behavioural telemetry are processed in connection with an offshore casino environment, the relevant questions include: who controls the player data; where the data is stored and processed; whether EU players are involved; whether privacy disclosures are adequate; whether session replay or telemetry tools capture sensitive account or payment-related information; whether service providers have been properly informed of the gambling and compliance context. The strongest direct infrastructure lead currently identified in the report is the api.sptpub.com endpoint resolving into Hetzner-hosted IP space in Germany. This makes the case relevant not only for gambling and AML supervisors, but also for infrastructure and hosting-provider compliance teams. Methodology: Whistleblower Material, OSINT, Technical Review And AI-Assisted Structuring The Softon Compliance Report was built from multiple intelligence layers: whistleblower submissions; corporate-registry analysis; passive OSINT collection; application-layer and infrastructure review; technical correlation work; structured evidentiary grading; AI-assisted organisation and cross-checking of findings. FinTelegram applied its usual evidence framework and separated confirmed facts, strong indicators, investigative leads, and unresolved questions. This distinction is important. The purpose of the report is not to overstate attribution, but to identify the compliance issues that require further scrutiny. A specialised network and systems expert contributed to the technical review of the infrastructure and application-layer findings. This contribution helped ensure that the technical section remained anchored in reproducible artefacts, reasonable evidentiary boundaries, and clearly defined disclosure targets for providers, payment institutions, regulators, and infrastructure operators. Why This Report Matters The Softon case is a good example of how modern offshore casino structures may operate across multiple layers: LayerCompliance RelevanceCyprus company layerSofton Ltd as publicly identified operator / owner of BetzterOffshore licence narrativeAnjouan licence context and regulatory-perimeter questionsEU-facing indicatorsPotential exposure to EU players, regulators, PSPs and data-protection rulesPayment opacityCashier, PSP route, MID, acquirer chain and settlement beneficiary not publicly transparentTechnical infrastructureapi.sptpub.com and Hetzner-hosted IP space as relevant infrastructure leadPlayer telemetryFullStory, Sentry Replay, Pusher and player-linked fields create privacy and compliance questionsWhistleblower inputSource material points to broader casino and payment structures requiring verification This is exactly the type of structure that often remains invisible when regulators, banks, payment schemes and infrastructure providers review only one domain, one corporate entity, or one payment screenshot in isolation. No Final Allegation — But A Serious Compliance Warning FinTelegram emphasises that the report should not be read as a final finding of criminal conduct by any named person or entity. It should be read as a compliance warning and a call for scrutiny. The documented combination of a Cyprus corporate vehicle, offshore gambling narrative, EU-facing indicators, application-layer telemetry exposure, hosting infrastructure in Germany, and opaque payment routing deserves immediate attention from: gambling regulators; AML supervisors; payment institutions and acquiring banks; hosting and infrastructure providers; data-protection authorities; compliance teams at technology and telemetry vendors; consumer-protection bodies. Download The Report The full Softon Compliance Intelligence Report is available for download here: Download the Softon Compliance Report Call For Information FinTelegram invites whistleblowers, former employees, players, affiliates, payment insiders, PSP compliance officers, hosting providers, technical service providers, and regulators to provide verifiable information on: Softon Ltd; Betzter; KingdomCasino; SPTPub; InvisibleSport; NovaFlick; Transferop; Cyprus-linked casino and payment structures; cashier providers, PSPs, MIDs, gateways, acquirers and settlement beneficiaries; KYC/KYB files, merchant records, contracts, platform-account records and compliance memoranda; technical documentation, telemetry configurations, hosting records and provider communications. FinTelegram protects confidential sources and evaluates all credible submissions in the public interest. Whistleblower-derived claims are handled under strict source-protection standards and clearly distinguished from verified findings, strong indicators, and investigative leads. Share Information via Whistle42

Latvijas Banka has issued a payment institution licence to SIA Fibonatix (LV), authorising the company to provide payment acceptance and acquiring services for merchants. On paper, this is another fintech licensing success story for Latvia. From FinTelegram’s compliance perspective, however, the decision deserves a much closer look. FinTelegram has monitored Fibonatix for years as a high-risk payment processor with historical exposure to the binary options and broker-scam era. Earlier FinTelegram reports linked Fibonatix to payment flows around the Yukom/BinaryBook binary options fraud case and later to the ecosystem around Gal Barak’s E&G Bulgaria and related high-risk broker structures. A new EU licence does not erase that legacy. It increases the supervisory relevance of the legacy. Key Data ItemInformationLicensed entitySIA Fibonatix (LV)RegulatorLatvijas BankaLicence statusAuthorized Payment InstitutionLicence No.27-55/2026/12Valid from11 June 2026Permitted activityAcquiring of payment transactions / payment acceptance servicesTarget clientshigh-risk MerchantsKnown group footprintFibonatix has historically operated through UK, German and Israeli-linked structuresFinTelegram statusHigh-Risk Legacy Processor — Under Monitoring The Licensing Event According to Latvijas Banka, its Supervision Committee issued the licence to SIA Fibonatix (LV) on 11 June 2026. The licence allows the Latvian entity to provide payment acceptance services to merchants. In the official register, the entity is listed as an authorised payment institution with permission for acquiring of payment transactions. This is a meaningful development. Payment acquiring is a critical chokepoint in the financial system. It determines which merchants can accept card and other electronic payments, how risk is monitored, how chargebacks are handled, and how suspicious transaction patterns are detected or ignored. For a normal low-risk merchant acquirer, the licence would be a routine fintech item. For Fibonatix, the historical context makes it a compliance story. The FinTelegram Background FinTelegram first reported on Fibonatix in the context of the Yukom Enterprise binary options fraud case. The FinTelegram money-flow analysis identified payment service providers and facilitators that allegedly enabled deposits into brands such as BinaryBook, BigOption, and BinaryOnline. Fibonatix appeared in that context as one of the processors around the payment infrastructure used by the scheme. Read our Fibonatix reports here. FinTelegram later reported that Fibonatix had been active in high-risk verticals such as binary options, forex, gambling, gaming, and cryptocurrencies. In the December 2021 and September 2022 updates, FinTelegram described Fibonatix as a notorious high-risk payment processor and referred to its exposure to Yukom, E&G Bulgaria, Tradotrax, Alpha Capital House, and other broker-scam environments. These reports do not mean that the newly licensed Latvian entity has committed wrongdoing. They do, however, form part of the relevant compliance history. A regulator assessing fitness, governance, AML controls, merchant onboarding, and risk appetite should not treat this history as irrelevant. The Core Compliance Question The central question is not whether Fibonatix can be licensed. Latvijas Banka has made that decision. The question is whether a payment group with such a high-risk legacy can now demonstrate a materially different governance, compliance, onboarding, monitoring, and reporting culture. For high-risk processors, the critical test is not the licence itself. The critical test is the merchant book after licensing. FinTelegram would expect particular attention to the following areas: Merchant onboarding controlsWhich merchant verticals will Fibonatix (LV) accept? Will it process for gaming, gambling, crypto, forex, investment platforms, lead-generation networks, affiliate-driven offers, or other high-risk merchants? Legacy and related-party reviewDid the licensing process include a structured review of the historical Fibonatix group activities, including its binary options-era exposure and prior FinTelegram reports? Cross-border acquiring modelWill the Latvian licence be used mainly for Latvian merchants, or as a broader EU acquiring hub for international high-risk merchants? Transaction monitoring and chargeback intelligenceHow will Fibonatix detect fraud patterns, refund abuse, victim complaints, mismatched merchant descriptors, and suspicious chargeback spikes? Regulatory cooperationGiven the prior UK, German and Israeli-linked footprint of the Fibonatix brand, will Latvijas Banka coordinate with other supervisory authorities where relevant? Why This Matters The binary options era showed that payment processors were not neutral bystanders. In many broker-scam cases, the processors were the operational gatekeepers that allowed fraudulent platforms to collect money from victims across borders. Without payment access, many of these schemes could not have scaled. That is why FinTelegram has long argued that payment rails are accountability rails. Licensing a historically high-risk payment processor creates a public-interest question: has the business genuinely changed, or has it simply moved into a new regulated jurisdiction? Latvia has positioned itself as a fintech-friendly jurisdiction. That strategy can be legitimate and economically useful. But fintech licensing must not become regulatory rehabilitation without public transparency. A licence should be the beginning of enhanced scrutiny, not the end of the discussion. FinTelegram Assessment FinTelegram classifies the Latvian licensing of SIA Fibonatix (LV) as a Compliance Watch event. The licence may represent a legitimate new regulatory chapter for Fibonatix. However, given the historical FinTelegram reporting, the binary options-era exposure, and the high-risk merchant acquiring context, the case deserves close monitoring by regulators, banks, card schemes, merchant partners, and compliance officers. A regulated payment institution is not automatically a low-risk payment institution. In the case of Fibonatix, the opposite question must be asked: can a historically high-risk processor prove that its new regulated structure has moved beyond the practices and networks of the past? Call for Information FinTelegram invites former employees, merchants, payment partners, victims, compliance officers, banks, acquirers, and insiders with knowledge of Fibonatix, its merchant portfolio, historic payment flows, or current Latvian acquiring setup to share information confidentially via Whistle42. We are particularly interested in information about merchant onboarding, high-risk vertical exposure, processing partners, chargeback patterns, related entities, and cross-border acquiring activity. FinTelegram will continue to monitor Fibonatix and the broader payment-processing infrastructure serving high-risk merchants in Europe. Share Information via Whistle42

Editorial note: Following publication, a representative of The Kingdom Bank contacted FinTelegram and denied that The Kingdom Bank, its management, employees, or team were involved in the email-bombing, DDoS pressure, or the Whistle42 threat message received by FinTelegram. The representative suggested that the message may have originated from a competitor, former employee, or unrelated third party. FinTelegram notes this denial. Shortly after FinTelegram published its Rail Atlas report on The Kingdom Bank, Financial House, Jeton / La Orange, Speedy, Banky, and related payment-rail actors, FinTelegram experienced a wave of disruptive activity, including email-bombing and DDoS-style pressure. On top of this, FinTelegram received a message through Whistle42 from a sender referencing “TheKingdomBank”. The message demanded that FinTelegram remove all articles about The Kingdom Bank and threatened continued “stress testing,” disruption of FinTelegram’s email systems, and legal action. FinTelegram has preserved the message and related technical evidence. At this stage, FinTelegram has not independently verified whether the sender is authorised by, employed by, or formally connected to The Kingdom Bank. However, the message appears to link the ongoing disruption campaign with a demand to remove FinTelegram’s reporting. FinTelegram will not remove evidence-based reporting in response to anonymous threats, cyber pressure, email-bombing, or intimidation attempts. The Threat Message The message submitted through Whistle42 stated, in substance: “If you don’t remove all your articles about TheKingdomBank we will keep stress testing you, killing your emails and we will start moving legally against you.” The sender identified the relevant brand or entity as “TheKingdomBank” and referenced FinTelegram’s published Rail Atlas report. This is not a normal correction request. It is not a formal right-of-reply communication. It is not a structured legal notice. It is a threat-style message that appears to demand removal of journalistic reporting under pressure. Read our The Kingdom Bank” report here. FinTelegram’s Position FinTelegram welcomes legitimate corrections, legal notices, right-of-reply submissions, and factual clarifications. We routinely review such submissions and correct material where appropriate. However, FinTelegram does not accept threats, cyber intimidation, email-bombing, DDoS-style disruption, or anonymous pressure campaigns as a basis for removing evidence-based reporting. If The Kingdom Bank, Financial House, Jeton, La Orange, Speedy, Banky, Plato / GoodFintech, or any related party believes that FinTelegram’s reporting contains factual inaccuracies, they are invited to submit a detailed, attributable, evidence-based response. FinTelegram will review any such response under its editorial standards. Why This Matters The timing of the message is significant. FinTelegram’s Rail Atlas report mapped a payment and offshore-banking network involving: The Kingdom Bank (www.kingdombank.com), a Dominica offshore / international banking platform; Financial House Limited (www.financialhouse.io), a UK FCA-authorised Electronic Money Institution currently subject to severe FCA supervisory restrictions; Speedy (www.speedy.io), a Financial House trading name and Speedy-branded payment rail; La Orange / Jeton, an e-money services and wallet/payment ecosystem; Jeton Bank, another Dominica offshore-banking node in the Jeton environment; Banky, observed in The Kingdom Bank’s instant-bank-transfer flow; Plato / GoodFintech / KYXPlatform, observed in The Kingdom Bank’s KYC and biometric-verification flow. The report raised questions about offshore-to-EU payment rails, EU-facing onboarding, KYC outsourcing, Speedy-linked deposit infrastructure, Financial House’s FCA restrictions, and the wider network-risk profile. Instead of a formal factual response, FinTelegram received a threat-style message demanding deletion. No Attribution Without Evidence FinTelegram is careful with attribution. We do not currently state that The Kingdom Bank itself, its management, employees, contractors, agents, affiliates, or service providers were behind the email-bombing or DDoS-style disruption or this message. What we can say is this: FinTelegram experienced disruptive cyber pressure after publication of the Rail Atlas report. FinTelegram then received a Whistle42 message referencing “TheKingdomBank.” The message demanded removal of all articles about The Kingdom Bank. The message threatened continued “stress testing” and disruption of FinTelegram’s emails. The message also threatened legal action. FinTelegram has preserved the submission and related evidence. This is sufficient to classify the incident as a cyber-intimidation event connected to FinTelegram’s The Kingdom Bank reporting. Evidence Preservation FinTelegram has preserved the Whistle42 submission, screenshots, timestamps, and relevant technical logs. We are also preserving related email-bombing, server, firewall, and traffic evidence. Where appropriate, FinTelegram may provide evidence to hosting providers, email infrastructure providers, cybersecurity specialists, regulators, law-enforcement agencies, and legal advisers. FinTelegram will not publish technical indicators that could compromise ongoing mitigation, source protection, or forensic preservation. Message To The Network FinTelegram’s position is simple: Cyber pressure will not remove evidence-based reporting. Threats and disruption attempts will be documented, preserved, and, where appropriate, reported publicly. If any person or entity wishes to challenge FinTelegram’s reporting, the proper path is clear: send a factual, attributable, evidence-based response. FinTelegram will review it. What will not work is anonymous intimidation. Call For Information FinTelegram invites whistleblowers, customers, former employees, compliance officers, payment insiders, cybersecurity specialists, hosting providers, and affected parties to provide information about: The Kingdom Bank; Financial House Limited; La Orange / Jeton; Speedy and Speedy AG; Banky / JSC CH GmbH; Jeton Bank; Plato / GoodFintech / KYXPlatform; cyber pressure, email-bombing, DDoS attempts, or intimidation campaigns connected to financial reporting; payment flows involving offshore banks, EU payment rails, crypto, gambling, iGaming, forex, or high-risk merchants. Whistleblowers may contact FinTelegram via Whistle42. FinTelegram protects sources and distinguishes between documented facts, source-provided material, open-source intelligence, technical evidence, and editorial assessment. Share Information via Whistle42

Following FinTelegram’s recent reporting on SOFTON LTD, Betzter, KingdomCasino and related offshore casino infrastructure, the FinTelegram platform has been hit by sustained email bombing and significant DDoS attacks. The attacks have temporarily affected access to the website. FinTelegram continues its reporting and will not be intimidated. Cyberattack Notice: FinTelegram Targeted by Email Bombing and DDoS Attacks After Softon Reports FinTelegram informs its readers, whistleblowers, sources and partners that the platform has been facing sustained cyberattacks following our recent reporting on SOFTON LTD, Betzter, KingdomCasino, and related offshore casino and payment infrastructure. Read our Softon reports here. Over the past days, FinTelegram has been confronted with a combination of email bombing and significant DDoS attacks. These attacks have, at times, made the FinTelegram website temporarily difficult or impossible to access for some readers. We have activated Cloudflare’s “Under Attack” mode and additional protective measures. While these measures help, the attacks remain disruptive. FinTelegram does not attribute responsibility for these attacks to any specific person, company or network at this stage. However, the timing is notable: the attacks started after FinTelegram intensified its reporting on the Softon casino cluster, including questions around Cyprus corporate structures, Anjouan licence claims, hidden cashier and PSP routes, player telemetry systems, open infrastructure leads, and EU consumer exposure. DDoS attacks and email bombing are not arguments. They are digital pressure tactics. Their purpose is usually simple: overload systems, disrupt access, intimidate journalists, and make public-interest reporting more difficult. They will not stop FinTelegram. In the coming days, FinTelegram will publish a comprehensive Softon Compliance Report, mapping the broader infrastructure around SOFTON LTD, related casino brands, telemetry systems, technical leads, unresolved payment routes, and regulatory questions. We ask our readers for patience if access to FinTelegram is temporarily disrupted. We are working to keep the platform online, preserve evidence, protect sources, and continue publication. To whistleblowers and insiders: your information remains essential. If you have documents, payment records, technical evidence, KYC/KYB files, corporate records, internal correspondence, casino cashier data, telemetry information, or knowledge about Softon, Betzter, KingdomCasino or related brands, please contact us securely via Whistle42. FinTelegram will continue to follow the rails — including the data rails, payment rails, corporate rails, and now the attack rails. Investigative journalism is not a crime. Cyber intimidation will not stop public-interest reporting. Share Information via Whistle42

Softon Ltd’s offshore casino is not only a licensing problem. Technical evidence reviewed by FinTelegram suggests that Betzter may also operate a player-behaviour intelligence stack capable of linking identity, session replay, account events and sportsbook infrastructure outside the EU’s licensed gambling perimeter. Betzter is not only a gambling-licence story. It is a data-protection story, a player-protection story, a behavioural-surveillance story, and a payment-transparency story. Betzter.com, publicly operated by Cyprus-registered SOFTON LTD (HE 463977), presents itself as an Anjouan-licensed online casino. But the compliance problem may go far beyond gambling licensing. According to technical evidence reviewed by FinTelegram, Betzter’s public application layer exposes a reported telemetry stack involving FullStory, Sentry Replay and Pusher / Laravel Echo private player-account channels. If confirmed, the configuration could enable identity-linked behavioural session recording, realtime balance and account-event tracking, and player-level profiling in an offshore casino environment outside the EU’s licensed gambling and self-exclusion perimeter. Key Findings Operator anchor confirmed. Betzter.com publicly identifies SOFTON LTD, Cyprus registration number HE 463977, Nicosia, Cyprus, as owner/operator. This is the cleanest legal-operator anchor currently available for Betzter. Anjouan licence claim, not EU market access. Betzter publicly displays an Anjouan licence/seal surface referencing ALSI-202409012-FI1 and a unique seal identifier. FinTelegram treats this as a confirmed public licence claim, not as confirmation of licence validity, scope, covered domains, or authorisation to serve regulated EU markets. Reported dual session-replay stack. Technical evidence reviewed by FinTelegram reports the presence of FullStory and Sentry Replay in the Betzter application layer. This finding should be treated as a technical-source lead pending independent reproduction and preservation. Reported Sentry masking concern. According to the technical source, Sentry Replay was configured with maskAllInputs:false, maskAllText:false and blockAllMedia:false. If confirmed, this would represent a high-risk configuration for an online casino environment, particularly where player identity or account context is present. Identity linkage risk. The reported FullStory integration checks or maps player.uuid and player.email, potentially converting behavioural telemetry into an account-linked player dossier rather than anonymous analytics. Realtime account-event stream. The Network Engineer Report identifies Pusher / Laravel Echo private player-account channel architecture, including playerAccount-style channels and account/betting event logic. This suggests that Betzter is not a static casino facade but a realtime account and player-event application. Sportsbook / infrastructure bridge. Sentry configuration references sptpub.com and ui.invisiblesport.com, creating a sportsbook/infrastructure bridge lead. This is not ownership proof, but it expands the data-perimeter and disclosure-target question. GDPR and player-protection risk. The central issue is not merely that Betzter appears to operate outside EU gambling licensing regimes. The further issue is whether EU players are being observed, replayed, profiled and account-linked by an offshore operator outside the official CRUKS/OASIS self-exclusion architecture. Payment and AML black box remains. The public/static evidence identifies visible payment-method branding but does not identify the cashier provider, PSP, merchant ID, gateway ID, connector ID, route UUID, acquirer or settlement bank. This makes the telemetry stack even more sensitive: player behaviour may be visible, while the supervised payment and KYC/CDD chain remains opaque. Executive Summary FinTelegram’s is currently investigating the casino operator SOFTON LTD: a Cyprus company, an Anjouan licence narrative, EU-facing casino access, and unresolved payment infrastructure. This first report addresses a second, under-reported layer: player surveillance infrastructure. According to technical evidence reviewed by FinTelegram, Betzter’s public application layer reportedly includes a combination of: FullStory behavioural session analytics; Sentry Replay error/session replay telemetry; Pusher / Laravel Echo realtime private player-account channels; player UUID and email-context logic; sportsbook/infrastructure markers referencing SPTPub and InvisibleSport. This architecture would allow reconstruction of what a player did, saw, clicked, typed, attempted, failed, deposited, lost, won or triggered at account-event level — while that player may be interacting with an offshore casino outside the EU’s licensed gambling perimeter. This is the core FinTelegram finding: The illegal-casino problem is only the first layer. The second layer is the behavioural-surveillance problem. An offshore operator that is not licensed in the Netherlands, Germany, Austria or other regulated EU markets may nevertheless maintain persistent player identities, session histories, behavioural patterns, balance updates and betting-event data. In other words, the operator may know the player in extraordinary detail — without being integrated into the official player-protection systems designed to protect that player. FinTelegram does not allege that SOFTON LTD has committed a criminal offence or that the telemetry was misused. The issue is the risk architecture: a high-risk gambling environment, reported identity-linked session replay, reported masking-disabled replay configuration, private realtime account channels, and an unresolved payment/KYC chain. That combination should concern data-protection authorities, gambling regulators, payment supervisors and consumer-protection agencies. Why Session Replay Matters In Online Gambling Session replay is not ordinary page analytics. Properly configured, it may help a website operator debug errors, improve user experience and detect friction. Poorly governed, it can reconstruct a user’s digital behaviour at individual-session level: clicks, scrolls, navigation paths, visible text, form interactions, error states and interface context. In ordinary e-commerce, that is already sensitive. In online gambling, it becomes far more serious. A casino session is not a normal shopping journey. It may reveal: impulsive betting behaviour; failed deposits; repeated failed bets; bonus-seeking or loss-chasing patterns; account balance changes; betting limits; session duration and late-night play; payment attempts; withdrawal friction; possible indicators of gambling disorder; identity-linked emotional or behavioural vulnerability. In a licensed environment, gambling regulators impose controls around player protection, responsible gambling, self-exclusion, affordability, AML and complaint handling. In an offshore casino environment, those protections may be absent or structurally weakened. That is why the reported Betzter stack matters. The Reported Player-Telemetry Stack Data LayerReported Tool / MechanismWhy It MattersEvidentiary StatusSession behaviourFullStoryPotentially reconstructs clicks, scrolls, navigation and user interaction sequenceTechnical-source leadError/session replaySentry ReplayReconstructs user sessions around errors and events; privacy depends heavily on masking configurationTechnical-source leadIdentity mappingplayer.uuid / player.emailMay convert behavioural telemetry into account-linked player dataTechnical-source leadRealtime account eventsPusher / Laravel Echo private channelsSupports balance updates, session events, failed-bet events and account-state signalsPrimary technical evidenceSportsbook bridgesptpub.com / ui.invisiblesport.comExtends the infrastructure/data perimeter beyond Betzter’s own domainPrimary technical leadPayment surfaceCard/crypto/alternative payment brandingPublic payment methods visible but cashier/PSP route remains undisclosedPrimary gapCashier/PSP routeUnknownMerchant ID, gateway ID, connector ID, acquirer and settlement path not visibleMissing nuclear evidence The critical point is the combination. A single analytics tool can be lawful and legitimate. Realtime account events can be normal. Error monitoring can be necessary. But when these tools operate together in an offshore casino environment, with reported identity mapping and unclear masking, the compliance risk changes. The system becomes capable of creating an identity-linked behavioural dossier on each player. GDPR Risk Assessment Assessed against Regulation (EU) 2016/679 as initial regulatory risk, not a legal opinion. Two parallel session-replay systems are hard to reconcile with data minimisation (Art. 5(1)(c)); a single, properly masked system would satisfy any UX or debugging purpose. The reported masking-disabled Sentry configuration runs against the expectation — expressed by the CNIL and other EU authorities — that individual-level session replay is high-risk processing requiring comprehensive masking and, ordinarily, prior consent (Art. 6). The reported absence of any consent or disclosure layer on the public surface is a material transparency concern (Arts. 13–14), and disabling masking by default inverts data-protection-by-default (Art. 25). Routing email/UUID to US processors is not unlawful per se. The EU–US Data Privacy Framework remains a valid adequacy decision — it survived the Latombe challenge before the General Court in September 2025 and is under appeal to the CJEU (Case C-703/25 P). Transfers are lawful where the recipient is DPF-certified or covered by SCCs plus a transfer impact assessment. The genuine risk is the absence of any disclosed transfer mechanism and FullStory’s public documentation still citing the defunct Privacy Shield rather than current DPF certification. Large-scale, systematic, identity-linked behavioural monitoring in a high-risk sector squarely triggers the Art. 35 DPIA obligation. Here are our questions in this context: 1. Lawful Basis The first question is simple: on what lawful basis does SOFTON LTD process session-replay and player-level behavioural telemetry? For a normal analytics cookie, consent may be required depending on local implementation and ePrivacy rules. For identity-linked session replay in a gambling context, legitimate interest becomes much harder to sustain without a detailed balancing test, clear disclosure, strict minimisation and robust masking. A high-risk offshore casino cannot treat behavioural session reconstruction as invisible background plumbing. 2. Transparency Players must be told what is being collected, by whom, for what purpose, for how long, and with whom the data is shared. If Betzter’s public surface does not clearly disclose the use of session replay, behavioural analytics, realtime account-event monitoring and processors such as FullStory, Sentry or Pusher, the transparency risk is serious. The fact that a tool is common in software development does not remove the controller’s GDPR transparency obligations. 3. Data Minimisation The reported dual-replay setup raises a basic minimisation question: Why would a casino need both FullStory and Sentry Replay running in parallel on player sessions? A single properly masked tool may be sufficient for debugging or user-experience analysis. Two overlapping systems may create redundancy, but redundancy is not the same as necessity. Under GDPR, the operator must be able to explain why the data is adequate, relevant and limited to what is necessary. 4. Masking and Data Protection by Default According to the technical source, Sentry Replay was configured with: maskAllInputs:false; maskAllText:false; blockAllMedia:false. If confirmed, this would be a major red flag. Sentry’s own privacy-oriented baseline masks text and blocks media by default. Turning masking and blocking off, especially in an online casino interface, materially increases the risk that player-visible text, account context, balance information, interface states or other sensitive data could be reconstructed. This does not prove that passwords, payment credentials or documents were captured. It does mean that the operator and processor must explain the configuration, masking rules, field exclusions and actual data captured. 5. DPIA Requirement Large-scale, systematic, identity-linked behavioural monitoring in an online gambling environment should trigger serious consideration of a GDPR Article 35 Data Protection Impact Assessment. The DPIA question is unavoidable: Was a DPIA conducted? Did it assess session replay? Did it assess identity mapping? Did it assess gambling vulnerability? Did it assess EU player exposure? Did it assess international transfers? Did it assess processor access? Did it assess retention and deletion? If no DPIA exists, that would be a significant governance failure. 6. International Transfers The transfer issue should be framed accurately. The use of U.S.-linked processors such as FullStory or Sentry is not automatically unlawful. The EU-U.S. Data Privacy Framework remains in force following the General Court’s September 2025 Latombe judgment, although an appeal is pending before the Court of Justice of the European Union. Transfers may be lawful where the recipient is DPF-certified or where Standard Contractual Clauses and a transfer impact assessment are properly implemented. The relevant question is not whether every U.S.-linked processor transfer is per se unlawful. The relevant question is whether SOFTON LTD disclosed the transfer mechanism, identified the processors, documented the legal basis, and implemented adequate masking and minimisation controls for high-risk gambling telemetry. GDPR Risk Rating Overall GDPR Risk: HIGH Escalation to CRITICAL if independently confirmed: Sentry Replay masking disabled; FullStory identity mapping to player.email and player.uuid; absence of player-facing disclosure or consent; absence of DPIA; broad processor access to EU-origin gambling behavioural data. Self-Exclusion and Player-Protection Risk The concern is not that the telemetry stack proves active circumvention of CRUKS or OASIS. The concern is more structural. CRUKS in the Netherlands and OASIS in Germany are official self-exclusion frameworks within licensed gambling markets. Offshore operators outside those licensed perimeters are typically not integrated into these systems. If Betzter reaches EU players without local licences, it sits outside the very protection architecture designed to prevent self-excluded or vulnerable individuals from gambling. At the same time, according to the technical evidence reviewed by FinTelegram, the operator may maintain its own persistent player identity, session history and account-event stream. This creates the paradox: The regulator may not see the player — but the offshore casino may see everything. A player excluded from a licensed market could still be tracked by an offshore operator through email, UUID, session replay, account events and behaviour patterns. That does not prove exploitation. It does show why unlicensed casino telemetry is a consumer-protection problem, not merely a privacy topic. Player-Protection Risk Rating HIGH The risk is highest where the same system can identify player behaviour, account state, betting failures, balance changes, and session patterns without being subject to licensed-market responsible-gambling controls. AML and Payment-Transparency Risk The AML concern is not that session replay is a laundering tool. The concern is that the same environment which appears capable of maintaining identity-linked behavioural and account-event data does not disclose, at public level, the supervised payment, KYC/CDD, merchant-of-record and settlement chain. The Network Engineer Report identifies a payment black box: payment methods are visible; cashier provider not identified; PSP not identified; MID not identified; gateway ID not identified; connector ID not identified; route UUID not identified; acquirer not identified; Apple Pay merchant ID not identified. In an offshore gambling environment, this opacity prevents external assessment of whether player identity, deposits, withdrawals, AML risk signals, chargebacks, refunds and complaints are subject to proper regulated monitoring. A licensed operator should be able to explain who processes payments, who holds merchant accounts, what merchant category code is used, who performs KYC/CDD, and which regulator supervises the payment chain. AML / Payment Risk Rating MEDIUM–HIGH The high component is structural: offshore gambling, visible payment surface, hidden payment route, and identity-linked account architecture. The telemetry-specific AML inference remains medium-confidence until payment and KYC flows are obtained. The SPTPub / InvisibleSport Perimeter Question The Network Engineer Report identifies references to sptpub.com and ui.invisiblesport.com in the Betzter technical layer. It also identifies api.sptpub.com resolving to a direct Hetzner infrastructure lead in Germany. This matters for privacy and compliance because it expands the perimeter. A player may believe they are interacting with Betzter. In technical terms, the application may involve multiple infrastructure and telemetry parties. Without processor disclosure, contractual transparency and data-flow mapping, neither players nor regulators can assess: who receives data; who controls the processing; which processors are involved; where data is hosted; what retention applies; whether data is used across brands; whether sportsbook, casino, CRM and payment systems share identifiers. FinTelegram does not claim that SPTPub or InvisibleSport owns Betzter. They are disclosure targets. Regulatory Referral Recommendations Dutch Autoriteit Persoonsgegevens The AP should assess whether Dutch data subjects are exposed to session replay, identity-linked behavioural telemetry or private account-event monitoring by an offshore casino operator outside the licensed Dutch gambling perimeter. Cypriot Commissioner for Personal Data Protection SOFTON LTD is a Cyprus company. The Cypriot data protection authority should assess controller status, processor disclosures, DPIA, session-replay safeguards, transfer mechanisms, and whether the one-stop-shop framework is applicable. Irish Data Protection Commission If FullStory, Sentry or other processors rely on an Irish establishment for EU processing operations, the DPC may be relevant for processor-side compliance, transfer documentation and cross-border coordination. Dutch Kansspelautoriteit The KSA should assess whether Betzter reaches Dutch consumers without a Dutch licence and whether its telemetry architecture creates additional risks for self-excluded or vulnerable players outside CRUKS. German GGL The GGL should assess the German self-exclusion and player-protection dimension, including whether German players can access Betzter or related brands outside the OASIS framework. European Data Protection Board The EDPB should consider the broader policy issue: session replay and identity-linked behavioural monitoring in unlicensed or offshore gambling environments that serve EU data subjects. Europol EC3 EC3 should be notified of the broader cyberfinancial structure: offshore casino, Cyprus operator, direct infrastructure lead, telemetry stack, undisclosed payment route, and potential cross-brand operational pattern. Questions for SOFTON LTD / Betzter Does SOFTON LTD confirm that it operates Betzter.com? Which domains and casino brands are operated by SOFTON LTD? What licence covers Betzter, and which domains and markets are included? Does Betzter use FullStory? Does Betzter use Sentry Replay? Does Betzter use Pusher / Laravel Echo private player-account channels? What data fields are mapped to session replay or behavioural analytics? Is player.email mapped to FullStory or Sentry context? Is player.uuid mapped to FullStory or Sentry context? Are session-replay fields masked by default? Why are two session-replay or replay-like tools necessary? Was a GDPR Article 35 DPIA conducted? Which processors receive player behavioural data? Which international transfer mechanisms apply? What is the retention period for session replay and player-event data? Are EU players informed before session recording begins? Which PSP, cashier, acquirer and payment gateway process deposits? What safeguards exist for self-excluded or vulnerable players? Coming Next: The Full Softon Compliance Report This Betzter telemetry review is only one layer of a broader FinTelegram investigation. In the coming days, FinTelegram will publish an extensive Softon Compliance Report mapping the wider casino infrastructure around SOFTON LTD, including its Cyprus corporate structure, Anjouan licence narrative, related casino brands, SPTPub/InvisibleSport infrastructure leads, Hetzner-hosted API exposure, unresolved cashier and PSP routing, and the broader question of how offshore casino operators use EU-facing corporate, data and payment infrastructure while remaining outside national gambling supervision. The upcoming report will not focus on one casino skin alone. It will examine the machinery behind the brand: operator anchors, player telemetry, sportsbook infrastructure, hidden payment routes, regulatory gaps and the providers that may hold the missing evidence. FinTelegram invites insiders, payment providers, hosting providers, telemetry vendors, former employees and affected players to submit information via Whistle42 before publication. Whistleblower Call — Whistle42 Do you have first-hand knowledge of SOFTON LTD, Betzter, FullStory, Sentry, Pusher, SPTPub, InvisibleSport, the Betzter cashier, or the payment/KYC architecture behind this casino cluster? FinTelegram is seeking: unminified JavaScript; browser network captures; session-replay configuration evidence; FullStory, Sentry or Pusher account screenshots; processor agreements; DPIAs; data processing agreements; payment routing records; cashier provider data; PSP contracts; merchant IDs; gateway IDs; connector IDs; route UUIDs; KYC/CDD records; internal responsible-gambling logs; customer complaint and refund records; evidence of cross-brand telemetry reuse. Confidential submissions can be made via Whistle42, FinTelegram’s secure whistleblower channel. Sources may remain anonymous. Verifiable technical evidence is especially valuable because it allows FinTelegram to upgrade leads into confirmed findings under its evidentiary standards. Share Information via Whistle42

How a Curaçao-linked casino environment, a Cyprus-facing payment vehicle, recurring fiduciary-service providers, and open-banking payment leads raise urgent questions for EU gambling, AML, and PSD2 supervisors. 2-Minutes Briefing FinTelegram has reviewed Cyprus registry documents, whistleblower submissions, open-source casino disclosures, and correspondence concerning Trueluck Casino, Gadzooks Limited, and a recurring fiduciary-service structure in Larnaca, Cyprus. The available records identify Gadzooks Limited — a Cyprus private company registered under HE 438503 — as a Cyprus-facing vehicle within the Luckywayz casino environment. Registry filings reviewed by FinTelegram show that Gadzooks was previously wholly owned by Luckywayz Limited B.V., a Curaçao entity, before a minority shareholding was transferred to Richard John Green, a UK national resident in Malta, on 31 May 2024. The documents further show that Georgia Nikoletti, formally described in Cyprus registry filings as ΥΠΑΛΛΗΛΟΣ — employee — was appointed sole director of Gadzooks Limited on 10 October 2023. On the same date, P.Z.T. Services Ltd became corporate secretary, while the previous director and secretary were removed. This coordinated fiduciary handover mirrors patterns identified by FinTelegram in other casino-linked Cyprus structures. The significance of this third instalment is not that one more offshore casino brand has surfaced. It is that the available registry pattern points to a recurring Larnaca-based fiduciary hub servicing multiple casino-linked Cyprus vehicles connected to offshore ownership structures, EU-facing payment flows, and open-banking payment rails. Whistleblower material further alleges a three-layer payment architecture involving PAYTECH LTD as a possible routing/orchestration layer, Yapily / Yapily Connect UAB as an open-banking front-end, and ISX Financial EU PLC as a potential banking or EMI endpoint. FinTelegram has not independently verified the alleged PAYTECH or ISX links and treats them as investigative leads requiring confirmation through payment records, KYB files, settlement reports, or right-of-reply responses. The Yapily element is supported by correspondence reviewed by FinTelegram, but the precise merchant, platform, or partner relationship through which the transactions allegedly entered Yapily’s rails remains to be established. FinTelegram makes no allegation of personal wrongdoing against registered directors, employees, lawyers, corporate-service providers, or named individuals. The issue is structural: whether Cyprus corporate-service infrastructure, Curaçao ownership, nominee-style directorships, and EU payment rails are being combined in a way that enables offshore casino operators to reach restricted EU markets while obscuring beneficial ownership, merchant responsibility, and consumer remedies. Key Data Table: Trueluck / Gadzooks / Larnaca Fiduciary Hub CategoryName / IdentifierJurisdictionRole in the caseEvidence statusCompliance relevanceCasino brandTrueluck / Trueluck CasinoOnline / offshoreCasino brand referenced in whistleblower material and public casino disclosuresCorroborated as a brand; operator attribution appears inconsistent across public sourcesPossible EU-facing offshore gambling exposureCyprus vehicleGadzooks LimitedCyprusCyprus-facing vehicle linked to Luckywayz casino environment and payment-agent disclosuresRegistry-established / strong OSINT corroborationCentral corporate node in Part 3Company numberHE 438503CyprusRegistration number of Gadzooks LimitedRegistry-establishedKYB / registry anchorFormer / majority shareholderLuckywayz Limited B.V.CuraçaoCuraçao casino entity previously holding 100% of Gadzooks; retained majority after share transferRegistry-established in HE57 filing reviewed by FinTelegramOffshore parent / ownership layerShare transfer100 of 900 ordinary shares transferred to Richard John GreenCyprus / Malta / UKMinority shareholding of approx. 11.1% transferred on 31 May 2024Registry-established in HE57 filing reviewed by FinTelegramRequires rationale, consideration, and relationship explanationMinority shareholderRichard John GreenUK national / Malta addressNew minority shareholder of Gadzooks LimitedRegistry-established; commercial role unknownOpen beneficial-interest questionSole directorGeorgia NikolettiCyprusSole director of Gadzooks Limited; also appears in another pillar according to reviewed registry recordsRegistry-established in documents reviewed by FinTelegramRecurring employee-director patternCorporate secretaryP.Z.T. Services LtdCyprusAppointed secretary of Gadzooks on 10 October 2023Registry-establishedRecurring fiduciary-service providerCorrespondence / filing agentPotens Corporate Services LtdCyprusCorrespondence agent for filings at Larnaca addressRegistry-established in documents reviewed by FinTelegramAdministrative hub indicatorPrevious secretaryNexellence Fiduciary Services LtdCyprusRemoved during 10 October 2023 handoverRegistry-establishedShows coordinated fiduciary migrationPrevious directorAfroditi KittouCyprusRemoved during 10 October 2023 handoverRegistry-establishedPart of director replacement eventAlleged principalPanayiotis / Panos ToulourasCyprusWhistleblower alleges link to P.Z.T. / fiduciary hubUnverified whistleblower leadMust remain framed as allegation pending registry/UBO proofOpen-banking providerYapily / Yapily Connect UABUK / Lithuania / EEAAlleged open-banking rails used in payment flowPartially corroborated through correspondence on filePSD2 / PIS / AIS monitoring questionAlleged routing layerPAYTECH LTD / pay.techCyprus or payment-tech environmentAlleged white-label routing/orchestration layerUnverified whistleblower leadRequires contracts, payment logs, KYB filesAlleged EMI endpointISX Financial EU PLCCyprus / EU EMI environmentAlleged banking or EMI endpointUnverified whistleblower leadRequires settlement and merchant-record verification Methodology and Evidence Grading This report draws on: Cyprus registry documents reviewed by FinTelegram concerning Gadzooks Limited, P.Z.T. Services Ltd, Potens Corporate Services Ltd, and related filings; Form HE4 and HE57 filings concerning director/secretary changes and share transfers; Whistleblower submissions concerning Trueluck, payment flows, and customer complaints; Correspondence reviewed by FinTelegram concerning Yapily’s handling of an affected player complaint; Public casino-facing and open-source material concerning Trueluck, Luckywayz, Gadzooks, and related brand disclosures; Prior FinTelegram reporting on the first two pillars of the Cyprus casino payment-tech cluster. FinTelegram distinguishes between: Registry-established facts — based on official corporate filings reviewed by FinTelegram; Casino-facing evidence — based on website disclosures, casino terms, public brand pages, or payment-agent statements; Correspondence on file — based on communications reviewed by FinTelegram; Whistleblower leads — credible but not yet independently verified allegations; Compliance analysis — FinTelegram’s interpretation of the risk implications. No statement in this report should be read as an allegation of proven criminal conduct by any named person or entity. Introduction: The Third Pillar Under Review On 9 May 2026, FinTelegram reported how Dutch forensic action exposed the HolyLuck / InstantCasino cluster — a set of casino brands operating through shared infrastructure and linked to Dutch consumer losses. On 27 May 2026, FinTelegram identified the second pillar: Mega.bet, connected through Belize parent Global Nexus Ltd and Cyprus vehicle IMMIX Solutions Ltd, with a recurring fiduciary-service pattern. This third instalment concerns Trueluck Casino and Gadzooks Limited. Read our HolyLuck reports here. The documented overlaps now make coincidence increasingly difficult to maintain as the sole explanation. The available registry pattern points to a recurring Larnaca fiduciary hub in which Cyprus companies connected to offshore casino ownership structures are administered through overlapping secretarial, correspondence, and employee-director arrangements. The central issue is not merely whether one casino brand is licensed or unlicensed. The issue is whether Cyprus-based corporate-service infrastructure is being used to create EU-facing companies that sit between offshore casino operators, European consumers, and regulated payment rails. Trueluck Casino and Gadzooks Limited Publicly available Trueluck operator attribution is not fully consistent across sources. Some sources and disclosures connect the environment to Luckywayz Limited B.V., while others refer to different operator entities or jurisdictions. This inconsistency is itself a compliance red flag, suggesting possible brand fragmentation, affiliate mirrors, operator rotation, or uneven disclosure standards. FinTelegram therefore treats Gadzooks Limited as a Cyprus-facing vehicle linked to the Luckywayz / Trueluck casino environment, rather than asserting at this stage that Gadzooks is the definitive legal operator of Trueluck Casino in every context. That said, registry and payment-agent disclosures reviewed by FinTelegram establish a significant structural connection: Gadzooks Limited is a Cyprus company registered under HE 438503; The company was previously wholly owned by Luckywayz Limited B.V. of Curaçao; On 31 May 2024, 100 of 900 ordinary shares were transferred to Richard John Green, a UK national registered with an address in Birgu, Malta; After the transfer, Luckywayz retained approximately 88.9% of Gadzooks Limited; Gadzooks appears in public casino-payment contexts as a Cyprus payment agent or payment-processing vehicle in the Luckywayz casino environment. This structure creates an obvious question for banks, PSPs, EMIs, and open-banking providers: when onboarding or processing for Gadzooks Limited, did they treat it as an ordinary Cyprus company, or did they identify the underlying offshore casino exposure, Curaçao ownership, and restricted-market gambling risk? The Share Shuffle: Curaçao Ownership and a Malta-Based UK Minority Shareholder Form HE57, the share-transfer filing dated 31 May 2024 and reviewed by FinTelegram, records that Luckywayz Limited B.V. held all 900 ordinary shares of Gadzooks Limited. The filing documents the transfer of 100 ordinary shares — approximately 11.1% — to Richard John Green, a UK national described as a businessman with an address in Birgu, Malta. The filing establishes a registry-confirmed structural link between a Curaçao casino entity and an EU-facing Cyprus company. What remains open is the commercial rationale for the minority stake: What consideration was paid? Why was the transfer made in May 2024? Was the transfer connected to licensing, banking, payment onboarding, governance, or risk distribution? Does Mr Green exercise any operational, advisory, or beneficial role? Was the transfer disclosed to PSPs, banks, open-banking providers, or casino counterparties? FinTelegram invites Mr Green and Gadzooks Limited to provide clarification. The Officer Structure: Coordinated Fiduciary Handover Form HE4 records that on 10 October 2023, Georgia Nikoletti was appointed sole director of Gadzooks Limited and P.Z.T. Services Ltd was appointed corporate secretary. The same filing records the simultaneous resignation of the previous secretary, Nexellence Fiduciary Services Ltd, and the previous director, Afroditi Kittou. This was not a random administrative update. It was a coordinated fiduciary handover: director and secretary changed on the same day, with the company moving into the P.Z.T. orbit. A secretary’s certificate signed by P.Z.T. Services Ltd on 31 May 2024 confirms that the HE57 share transfer reflected the register maintained at the company’s registered office, placing P.Z.T. Services Ltd at the administrative centre of the ownership change. Correspondence for the relevant filings was handled by Potens Corporate Services Ltd, Leoforos Archiepiskopou Makariou III 84, Shop/Office 1, Larnaca, the address that recurs throughout FinTelegram’s Cyprus casino payment-tech series. The Nominee-Style Director Pattern Across the three pillars investigated by FinTelegram, the registry record shows a recurring personnel and fiduciary-service pattern: Georgia Nikoletti — registry occupation: ΥΠΑΛΛΗΛΟΣ, i.e., employee — appears as sole director of Gadzooks Limited and, according to documents reviewed by FinTelegram, also directs IMMIX Solutions Ltd, the Cyprus vehicle linked to the Mega.bet pillar. Artem Rak appears as director of S.I.L.V.E.R Veil Group Ltd, the processing vehicle connected to the InstantCasino / HolyLuck pillar. Secretarial and correspondence functions repeatedly involve P.Z.T. Services Ltd, Potens Corporate Services Ltd, or related Larnaca corporate-service infrastructure. Ownership sits with offshore Curaçao or Belize structures. To be clear: FinTelegram makes no allegation of personal wrongdoing against Ms Nikoletti, Mr Rak, or any individual employee. The observation is structural. Where a sole director is formally described in registry filings as an employee, this raises the question whether such person can, in practice, exercise the independent oversight, mind-and-management, and fiduciary judgment that directorship under Cyprus company law presupposes. The compliance consequences are serious. Beneficial-ownership registers are only as good as their inputs. When a registered director is an employee, the shareholder is an offshore company, and the actual commercial activity is high-risk gambling, KYB checks that stop at the face of the registry risk recording form rather than substance. Under the EU AML framework, obliged entities must identify the natural persons who ultimately own or control the customer. A structure that results in no operational controller appearing in any EU registry should trigger enhanced due diligence, not routine onboarding. The Larnaca Fiduciary Hub The documented facts are narrower than the broadest whistleblower allegations, but they are significant. P.Z.T. Services Ltd, Potens Corporate Services Ltd, and multiple casino-linked Cyprus vehicles are associated through recurring filings, secretarial roles, correspondence roles, and the address at Leoforos Archiepiskopou Makariou III 84, Larnaca. The coordinated migrations of secretarial control into P.Z.T. Services Ltd — from other fiduciary-service providers in multiple casino-linked vehicles — point to deliberate, centralised restructuring rather than random administrative movement. FinTelegram therefore treats the Larnaca address and P.Z.T./Potens pattern as a fiduciary hub indicator. It is not yet proof of ultimate control, beneficial ownership, or operational command. Those questions require access to UBO filings, client files, banking records, internal service agreements, and regulatory responses. The Toulouras Lead: Person of Interest, Not Established Controller Whistleblower submissions reviewed by FinTelegram identify Panayiotis / Panos Toulouras, a Cyprus attorney, as the alleged principal behind P.Z.T. Services Ltd and the wider Larnaca fiduciary hub. FinTelegram has not independently verified this allegation. FinTelegram does not currently hold a registry document naming Mr Toulouras as owner, director, or controller of P.Z.T. Services Ltd. Nothing in this report should be read as asserting that Mr Toulouras controls P.Z.T. Services Ltd, Gadzooks Limited, or the casino-payment network. What is documented is narrower: entities associated with the Larnaca hub and companies said by whistleblowers to be connected to Toulouras appear in the same geographic and fiduciary-service context. This creates a legitimate verification question that Cyprus authorities, with full registry, UBO, AML-supervision, and professional-conduct access, should be able to resolve. Mr Toulouras is invited to respond. FinTelegram will publish any substantive reply. The Payment Architecture: PAYTECH, Yapily, and ISX Financial Whistleblower material describes a three-layer payment system allegedly moving EU consumer funds into the Trueluck / Gadzooks environment. Each layer carries a different evidentiary weight. Layer A — PAYTECH LTD / pay.tech Status: whistleblower lead — unverified PAYTECH is described by whistleblowers as a white-label routing and smart-orchestration layer capable of connecting high-risk merchants to multiple payment providers, gateways, and settlement endpoints. FinTelegram has not independently verified a contractual relationship between PAYTECH LTD and Gadzooks Limited, Trueluck, Luckywayz, or the wider casino cluster. The key questions are: Did PAYTECH provide checkout, routing, orchestration, cascading, or merchant-technical services to any entity in the Trueluck / Luckywayz / Gadzooks environment? What is PAYTECH’s regulatory status? Which PSPs, EMIs, banks, PISPs, or acquirers did it connect to? Did it process or route transactions for unlicensed-in-market casino operators? PAYTECH is invited to clarify its role. Layer B — Yapily / Yapily Connect UAB Status: partially corroborated — correspondence on file Whistleblower material and correspondence reviewed by FinTelegram indicate that open-banking rails associated with Yapily were involved in an affected player’s payment flow. Yapily’s own position, as reflected in correspondence reviewed by FinTelegram, is that it is an API infrastructure provider facilitating Account Information Services and Payment Initiation Services. Yapily states that it does not open bank accounts, hold funds, control customer funds, intervene in payments, or determine the account information relating to a particular transaction. That may accurately describe the payment-initiation plumbing. But it does not answer the core compliance question: through which merchant, platform, or partner relationship did the alleged Gadzooks / Trueluck payment flows enter Yapily’s rails, and what merchant-use-case monitoring was applied? FinTelegram does not assert at this stage that Yapily directly onboarded Trueluck, Gadzooks, or Luckywayz as a merchant. The relevant question is broader and more precise: How did a gambling-related payment flow connected to an offshore casino environment allegedly pass through regulated open-banking infrastructure, and what controls were applied at onboarding and during monitoring? Layer C — ISX Financial EU PLC Status: whistleblower lead — unverified Whistleblower material alleges that ISX Financial EU PLC, an EU-licensed electronic money institution, may have acted as a banking or EMI endpoint in the payment architecture. FinTelegram has not independently verified this allegation. The open questions are: Did ISX Financial maintain accounts, settlement relationships, merchant relationships, or technical integrations connected to Gadzooks Limited, Luckywayz, Trueluck, PAYTECH, or related casino brands? If so, what KYB was performed? Was Luckywayz Limited B.V. identified as majority shareholder of Gadzooks? What merchant category coding and transaction descriptors were used? Were gambling-risk, Curaçao-ownership, and restricted-market indicators escalated? ISX Financial is invited to respond. Yapily’s Compliance Response: Denial, Closure, Acknowledgement, Silence The sequence described in correspondence reviewed by FinTelegram is concerning. According to the correspondence, when first contacted by an affected player about transactions linked to the Trueluck / Gadzooks environment, Yapily’s compliance function stated that it could not locate the transactions in its system and did not know who the payment operator was. In the same communication, the complaint was treated as closed, while the player was invited to provide further information and informed of escalation rights. When the player later provided bank-certified transaction metadata explicitly identifying Yapily in the data-exchange chain, the company acknowledged activity and said the matter had been escalated for internal review. According to the whistleblower, no substantive follow-up has since been received. If accurately reflected by the correspondence reviewed by FinTelegram, the sequence is consistent with what consumers experience as a systemic compliance failure: initial denial, reversal under documentary pressure, internal escalation, and subsequent silence. The issue is not whether Yapily held the funds. The issue is whether regulated open-banking infrastructure was used in a payment flow connected to an offshore casino environment, and whether Yapily’s onboarding, partner monitoring, transaction visibility, complaint handling, and suspicious-activity procedures were adequate. Dutch Market and CRUKS: The Consumer-Protection Gap Publicly available material and whistleblower submissions suggest that Trueluck appears to reach Dutch-speaking players. FinTelegram has also reviewed material suggesting that affected players in the Netherlands were able to deposit through payment methods presented in the casino environment. The CRUKS point must be framed precisely. CRUKS is the Dutch self-exclusion register within the Dutch licensed gambling perimeter. Offshore operators that do not hold a KSA licence are typically outside that protection architecture. That is precisely the problem. If Trueluck or related domains reached Dutch consumers without a KSA licence and without CRUKS integration, then Dutch self-excluded players may have been exposed to a casino environment outside the very safeguards designed to protect them. This is not merely a technical licensing issue. It is a consumer-protection failure created by cross-border regulatory arbitrage. The relevant question for the Dutch Kansspelautoriteit is therefore not only whether Trueluck has a KSA licence. The question is whether the operator, affiliates, payment providers, and technical intermediaries enabled Dutch player acquisition, deposits, and losses despite the Dutch regulatory perimeter. EU Regulatory Dimension: A Licensing-Circumvention Architecture? The Curaçao → Cyprus → EU structure has the characteristics of a licensing-circumvention architecture. National regimes such as the Dutch KSA / CRUKS framework regulate gambling access and consumer protection. Payment regulation captures the institutions that move money. AML regulation requires identification of ultimate beneficial owners, business purpose, source of funds, and suspicious activity. The cluster’s architecture appears to split these responsibilities: the offshore parent holds gambling rights or claims offshore licensing; the Cyprus vehicle presents an EU-facing corporate layer; the employee-director and fiduciary-service provider create a formal local governance structure; the open-banking provider supplies payment-initiation infrastructure; the gateway or orchestration layer may route transactions; the EMI or banking endpoint may settle funds; each layer can argue that compliance responsibility lies elsewhere. EU law does not permit regulated firms to outsource responsibility into invisibility. Yapily, as a regulated PISP or AIS/PIS provider, ISX Financial, if involved, as an EMI, and any payment-orchestration provider, if regulated or contractually responsible, each face independent obligations around onboarding, KYB, AML monitoring, suspicious-activity escalation, and use-case control. Where the ultimate commercial activity is offshore-licensed casino gambling targeting restricted markets, every regulated institution in the chain faces the same question: What did you know, what should your KYB have revealed, and what did you report? Regulatory Questions Triggered by the Restructurings The 10 October 2023 coordinated handover of Gadzooks Limited into the P.Z.T. orbit, and similar fiduciary migrations identified in other pillars, should have triggered enhanced scrutiny by every regulated institution dealing with these companies. For banks, EMIs, PSPs, PISPs, auditors, and corporate-service providers, such a change is not routine when the customer is connected to offshore gambling activity. Key questions include: Was the director change reviewed as a material change in governance? Was the secretary change reviewed as a change in control environment? Was the offshore owner identified and risk-rated? Were casino activities disclosed to banks and payment providers? Were restricted-market risks identified? Were Dutch, Belgian, Austrian, German, Italian, or other EU consumer flows detected? Were SARs / STRs filed where required? If the answer is “no,” the issue is not only the casino. It is the entire compliance chain. Compliance Risk Assessment Risk categoryRatingIndicatorsOpen questionsAML / beneficial ownershipHighCuraçao ownership, Cyprus vehicle, employee-director, recurring fiduciary hubWho ultimately controls the structure and receives the proceeds?Gambling regulationHighOffshore licence environment, Dutch-facing signals, no apparent KSA licenceWhich EU markets were targeted and by whom?Payment servicesHighAlleged open-banking payment flows, possible gateway/orchestration layer, potential EMI endpointWhich entity was the merchant of record and which regulated firms processed the flows?Consumer protectionHighReported Dutch player exposure, CRUKS perimeter gap, refund/withdrawal complaintsWhat remedies exist for self-excluded or restricted-market players?Corporate governanceHighSole employee-director, offshore shareholder, fiduciary-service handoverWas there real mind and management in Cyprus?Professional-services riskElevatedP.Z.T./Potens recurrence, Larnaca address, alleged attorney involvementWho owns/controls the service providers and what due diligence was performed?Yapily-specific issueElevatedInitial denial, later acknowledgement after bank metadata, alleged silenceWhat did Yapily’s internal review conclude?PAYTECH / ISX leadsUnverified but significantWhistleblower allegationsRequire contracts, payment logs, settlement files, and right of reply Key Questions for Regulators and Financial Institutions Cyprus Registrar of Companies / CySEC / MOKAS Who are the beneficial owners of P.Z.T. Services Ltd and Potens Corporate Services Ltd according to UBO filings? What declared economic activity does Gadzooks Limited report? Is the declared activity consistent with a Cyprus company acting as payment agent or payment vehicle for an offshore casino? Have UBO filings for Gadzooks Limited, IMMIX Solutions Ltd, and S.I.L.V.E.R Veil Group Ltd been verified against economic substance? Were the coordinated director/secretary changes reviewed by any AML supervisor? Dutch Kansspelautoriteit (KSA) What is the enforcement status of Trueluck, Luckywayz, Gadzooks-linked casino brands, and associated domains with respect to the Dutch market? Has the KSA reviewed Dutch-language acquisition funnels, affiliate pages, and payment methods? Have payment-blocking or affiliate-enforcement measures been initiated? Have Dutch self-excluded players reported losses through these brands? Yapily / Yapily Connect UAB Through which merchant, platform, or partner relationship did the alleged Gadzooks / Trueluck payment flows enter Yapily’s rails? What KYB and use-case review was performed? Was the relevant payment flow classified as gambling-related? What merchant category coding, descriptor, or payment-purpose data was available? Why did the initial response reportedly state that no transactions could be found? What was the outcome of the escalated internal investigation? Were suspicious-activity reports filed? ISX Financial EU PLC Did ISX Financial provide accounts, settlement services, EMI services, or payment infrastructure to Gadzooks, Luckywayz, Trueluck, PAYTECH, or related entities? What KYB was performed? Was Luckywayz Limited B.V. identified as the majority shareholder of Gadzooks? What merchant category coding and descriptors were used? Were restricted-market gambling risks identified? PAYTECH LTD Does PAYTECH maintain any contractual or technical relationship with Gadzooks Limited, Trueluck, Luckywayz, or related casino brands? What regulatory status does PAYTECH hold? Did PAYTECH provide smart routing, checkout, cascading, provider-switching, or payment-orchestration services? Which PSPs, EMIs, PISPs, banks, or acquirers were connected? Cyprus Bar Association What professional-conduct rules apply to attorneys who own, control, advise, or operate corporate-service providers administering high-risk offshore gambling vehicles? How are conflicts, nominee-director arrangements, and AML obligations supervised? Is there an obligation to re-evaluate client risk when a company moves into casino/payment activity after incorporation? Call for Whistleblowers FinTelegram seeks information from current and former insiders across all three pillars of this cluster, including: employees, contractors, and former staff of P.Z.T. Services Ltd, Potens Corporate Services Ltd, Nexellence Fiduciary Services Ltd, Maricorp, Gadzooks Limited, IMMIX Solutions Ltd, S.I.L.V.E.R Veil Group Ltd, Luckywayz Limited B.V., or related entities; persons asked to serve as directors, shareholders, secretaries, nominee officers, or signatories of client companies; payment, PSP, EMI, open-banking, or compliance staff at PAYTECH, Yapily, ISX Financial, or any institution that processed flows for Gadzooks, IMMIX, S.I.L.V.E.R Veil, Trueluck, Mega.bet, HolyLuck, InstantCasino, or related brands; affiliates or operators with knowledge of traffic routing, Dutch-language campaigns, mirror domains, withdrawal blocking, or player complaint handling. FinTelegram is especially interested in: internal contracts and service agreements; KYB/KYC files; beneficial-ownership records; payment logs and settlement reports; bank or EMI statements; payment-session metadata; Yapily / PISP transaction identifiers; merchant category coding; internal compliance escalations; withdrawal-handling instructions; affiliate traffic reports; correspondence with regulators or payment providers. Information can be shared securely and anonymously via Whistle42, FinTelegram’s whistleblower platform. FinTelegram protects its sources and treats whistleblowing on cross-border financial-crime and consumer-protection risks as public-interest reporting. Persons and entities named in this report are invited to respond. Substantive replies, corrections, or clarifications will be published. Share Information via Whistle42 Sources: A. Corporate Registry Documents — Primary Sources [01] | A — Corporate Registry | Cyprus Department of Registrar of Companies — company extract for Gadzooks Limited: company profile, status (Active), registered objects, registered office, officer listing as at date of extract | Cyprus Department of Registrar of Companies and Intellectual Property | Date of extract to be confirmed | Accessed via Cyprus Registrar of Companies; [02] | A — Corporate Registry | Estonian e-Business Register entry for Kaspela Labyrinth OÜ (registry code 16837533) — cross-border network indicator | Estonian e-Business Register (RIK) | Date of extract to be confirmed | Accessed via Estonian e-Business Register; | Primary — registry/official document [03] | A — Corporate Registry | Cyprus registry entries for P.Z.T. Services Ltd (HE 388858) and Potens Corporate Services Ltd — referenced as corporate secretary and correspondence agent respectively | Cyprus Department of Registrar of Companies and Intellectual Property B. Statutory Filings and Corporate Documents — Primary Sources [04] | B — Statutory Filing | Form HE57 (Share Transfer, Companies Law Cap. 113, s. 113A) for Gadzooks Limited (HE 438503) — transfer of 100 ordinary shares from Luckywayz Limited B.V. (Abraham de Veerstraat 9, Curaçao; 900/900 shares pre-transfer) to Richard John Green (occupation: επιχειρηματίας/businessman; UK national; address in Birgu, Malta); post-transfer ownership approx. 88.9% Luckywayz / 11.1% Green; correspondence agent Potens Corporate Services Ltd, Leoforos Archiepiskopou Makariou III 84, Shop 1, Larnaca; signed 25 June 2024 | Gadzooks Limited / Cyprus Registrar of Companies | Transfer dated 31 May 2024; filing signed 25 June 2024 [05] | B — Statutory Filing | Form HE4 (Notification of Change of Officers, Companies Law Cap. 113, s. 192) for Gadzooks Limited (HE 438503) — (i) appointment of Georgia Nikoletti (registry occupation: ΥΠΑΛΛΗΛΟΣ/employee) as sole director; (ii) appointment of P.Z.T. Services Ltd (HE 388858) as corporate secretary; (iii) simultaneous resignation of prior secretary Nexellence Fiduciary Services Ltd (HE 390100) and prior director Afroditi Kittou — all effective 10 October 2023; correspondence agent Potens Corporate Services Ltd; signed 19 October 2023 | Gadzooks Limited / Cyprus Registrar of Companies | Changes effective 10 October 2023; filing signed 19 October 2023 | [06] | B — Statutory Filing | Secretary’s Certificate (Βεβαίωση Γραμματέα) for Gadzooks Limited (HE 438503) — confirms the HE57 share transfer of 31 May 2024 is fully reflected in the register maintained at the company’s registered office; signed by P.Z.T. Services Ltd as secretary | P.Z.T. Services Ltd (as secretary of Gadzooks Limited) | 31 May 2024 C. Website and Public-Facing Operator Statements — Secondary Sources [07] | C — Website/Operator | Trueluck Casino website — public-facing casino offering; Dutch-language marketing to EU consumers; absence of KSA licence and CRUKS integration; operator infrastructure connecting to Luckywayz Limited B.V. | Trueluck Casino (trueluck.com) [08] | C — Website/Operator | Luckywayz Limited B.V. — Curaçao-registered offshore entity, Abraham de Veerstraat 9, Curaçao; 100% pre-transfer and approx. 88.9% post-transfer owner of Gadzooks Limited; offshore iGaming licensing wrapper | Luckywayz Limited B.V. | As per Form HE57, 31 May 2024 D. Correspondence — Partially Corroborated [09] | D — Correspondence | Yapily compliance email correspondence with affected player — sequence: (i) initial complaint regarding transactions linked to the Gadzooks/Trueluck structure; (ii) Yapily response denying knowledge of the transactions, stating it could not locate them in its system, declaring the complaint closed, and referencing the Financial Ombudsman Service; (iii) player submission of bank-certified transaction metadata explicitly identifying Yapily in the data-exchange chain; (iv) Yapily acknowledgement and statement of escalation for internal investigation; (v) subsequent non-response to follow-up communications; includes Yapily’s self-description as an API infrastructure platform facilitating AIS and PIS | Yapily / Yapily Connect UAB — compliance function; E. Whistleblower Submissions — Evidentiary Leads [10] | E — Whistleblower | Three-layer payment architecture submission — PAYTECH LTD (pay.tech) as white-label routing/orchestration hub; Yapily / Yapily Connect UAB as open-banking front-end; ISX Financial EU PLC as banking endpoint and fiat-crossing institution; alleged use of non-gambling retail descriptors; alleged targeting of Dutch and EU consumers without mandatory local licences [11] | E — Whistleblower | Identification of Panayiotis (Panos) Toulouras, Cyprus attorney, as alleged principal behind P.Z.T. Services Ltd and the wider fiduciary hub at Leoforos Archiepiskopou Makariou III 84, Larnaca; alleged coordinated restructuring of multiple high-risk casino vehicles into the P.Z.T./Potens corporate-service environment [12] | E — Whistleblower | Maricorp-to-P.Z.T. transfer of secretarial control at S.I.L.V.E.R Veil Group Ltd (Pillar 1 / InstantCasino) — alleged coordinated corporate restructuring mirroring the Nexellence-to-P.Z.T. handover at Gadzooks Limited G. Regulatory and Legal Framework References [13] | G — Regulatory/Legal | Directive (EU) 2015/2366 (PSD2) — framework governing payment initiation service providers (PISPs), including authorisation, merchant/partner onboarding obligations, ongoing monitoring, and suspicious transaction reporting interfaces with AML law | European Parliament and Council | 25 November 2015 | EUR-Lex: https://eur-lex.europa.eu/eli/dir/2015/2366/oj | Background — regulatory/legal framework [14] | G — Regulatory/Legal | EU AML framework — Directive (EU) 2015/849 (AMLD4) as amended by Directive (EU) 2018/843 (AMLD5); Directive (EU) 2018/1673 (criminalisation of money laundering); 2024 AML Package: Regulation (EU) 2024/1624 (AMLR) and Directive (EU) 2024/1640 — obligations of obliged entities, including corporate-service providers, EMIs, and PISPs, to identify ultimate beneficial owners | European Parliament and Council | 2015–2024 | EUR-Lex (consolidated texts) | Background — regulatory/legal framework [15] | G — Regulatory/Legal | Dutch gambling law — Wet op de kansspelen (Wok) as amended by the Wet kansspelen op afstand (remote gambling), in force 1 April 2021; KSA licensing requirements; CRUKS central self-exclusion register | Kingdom of the Netherlands / Kansspelautoriteit | In force 1 April 2021 | wetten.overheid.nl; kansspelautoriteit.nl | Background — regulatory/legal framework [16] | G — Regulatory/Legal | Cyprus Companies Law, Cap. 113 — corporate governance framework; s. 192 (Form HE4 officer changes) and s. 113A (Form HE57 share transfers) as statutory filing requirements; director fiduciary duties | Republic of Cyprus | Cap. 113, as amended | Cyprus Registrar of Companies / CyLaw | Background — regulatory/legal framework

FinTelegram has opened a formal compliance investigation into Softon Ltd (HE 463977), a Cyprus-registered company linked to offshore-licensed online casino brands actively targeting EU consumers. We have received initial whistleblower submissions and documentary evidence. We are now calling on all persons with inside knowledge of this network to come forward. We Are Investigating FinTelegram’s EU iGaming Payments Desk is conducting an active compliance investigation into Softon Ltd, a private Cyprus company incorporated in August 2024, which is publicly identified as the owner and operator of online casino brands operating under an Anjouan/Comoros offshore licence. Our investigation focuses on the role that Cyprus-registered corporate vehicles, legal-service providers, and EU-based payment infrastructure play in enabling offshore-licensed casino operations to reach EU consumers — including consumers in jurisdictions where such operations are prohibited without a local licence. The investigation covers the following areas: The corporate structure and beneficial ownership of Softon Ltd (HE 463977), Nicosia The relationship between Softon Ltd and online casino brands including Betzter.com and KingdomCasino-branded domains The role of EU open-banking infrastructure and intermediary payment gateways in processing deposits from EU consumers into unlicensed offshore casino structures Cross-border network indicators connecting Cyprus and Estonia in the payment architecture The systemic question of whether Cyprus corporate and legal-service ecosystems are functioning as a regulatory arbitrage layer that structurally undermines enforcement by other EU member states, including the Netherlands Thank You to Our Whistleblowers We have already received substantive submissions from multiple whistleblowers, including documentary evidence from official Cyprus and Estonian company registries, website captures, payment-flow material, and first-hand accounts. To those who have already submitted: your contributions are being taken seriously and are actively informing our investigation. We cannot respond individually to anonymous submissions — this is by design, to protect your identity — but every submission is reviewed by our editorial team and treated with full source protection. If you have submitted material and are wondering whether it reached us or whether it was useful: it did, and it was. We Need More Investigations of this kind depend on insider evidence that public registries and website captures alone cannot provide. We are specifically looking for: Internal documents and contracts relating to Softon Ltd, its casino brands, or associated payment entities Payment-flow evidence — settlement reports, account statements, transaction records, or payment-descriptor data linking Softon Ltd or its casino brands to specific banks, gateways, or open-banking providers KYC/KYB files and onboarding correspondence between Softon Ltd or associated casino brands and payment service providers, banks, or open-banking platforms Customer-complaint records and withdrawal-handling procedures — particularly any internal instructions regarding refund denials or jurisdiction-based exclusion clauses Internal legal or compliance memoranda, including any AML red-flag assessments or risk opinions produced in connection with Softon Ltd or its network Licensing representations made to banks, payment providers, or regulators Beneficial ownership information — any documentation identifying the true economic beneficiaries behind Softon Ltd or associated entities Employee or contractor accounts — if you have worked for, with, or alongside any entity in this network in any capacity, your perspective is relevant How to Submit All submissions are handled through Whistle42, FinTelegram’s secure and fully confidential whistleblower channel. Anonymous submissions are accepted and encouraged No identifying metadata is collected or stored Source protection is a non-negotiable editorial principle at FinTelegram Submissions can include documents, screenshots, email correspondence, or written accounts Submit via Whistle42: [whistle42.com] If you have already submitted and wish to add further material, please use the same secure channel. There is no need to identify yourself or reference your earlier submission — our team will connect the information. What Happens Next FinTelegram is preparing a full compliance intelligence report on Softon Ltd and its network. The report will be published following completion of our editorial verification process and the right-of-reply procedure extended to relevant parties. We are committed to accurate, evidence-based reporting. Every factual claim in the final report will be attributed to a verifiable source. Persons and entities named will be given the opportunity to respond before publication, and any substantiated corrections or statements will be published in full. If you have evidence that supports, contradicts, or adds nuance to any aspect of this investigation — we want to hear from you, regardless of which side of the story you are on. Share Information via Whistle42

The UK Financial Conduct Authority (FCA) has placed Hyperliquid on its Warning List. The warning was first published on 21 May 2026 and updated on 7 June 2026. The FCA states that Hyperliquid may be providing or promoting financial services or products without FCA permission, and that the firm is not authorised and may be targeting people in the UK. The warning expressly lists hyperfoundation.org, app.hyperliquid.xyz, and Hyperliquid’s social channels as relevant contact points. This is not merely a consumer warning. From a compliance perspective, it is a regulatory classification signal: the FCA appears to treat Hyperliquid’s activities not as neutral software, but as potentially unauthorised financial services or financial promotions directed at UK users. Executive Summary Hyperliquid has built one of the most successful on-chain perpetual futures venues by positioning itself as a decentralised exchange infrastructure rather than a traditional broker, exchange, or custodian. However, that distinction is becoming less persuasive for regulators. The platform enables leveraged perpetual derivatives, including crypto and real-world-asset-linked markets. These products are economically comparable to regulated derivatives, regardless of whether users maintain self-custody of their wallets. The FCA warning therefore exposes the core regulatory issue: decentralisation does not neutralise financial product regulation. If a platform facilitates leveraged long/short exposure, margining, liquidation, funding payments, order execution, and market access, regulators may look at the economic substance rather than the technological wrapper. The warning is especially sensitive because Hyperliquid has moved beyond crypto-native markets. In March 2026, S&P Dow Jones Indices licensed the S&P 500 to Trade[XYZ] for a perpetual derivative contract on Hyperliquid, described by S&P DJI as the first officially licensed S&P 500 perpetual powered directly by institutional-grade index data. The announcement states that Trade[XYZ] launched the market on Hyperliquid and that eligible non-US investors could gain leveraged exposure to the S&P 500 through the product. That development changes the regulatory optics. Hyperliquid is no longer only a DeFi venue for crypto perps. It is becoming an on-chain infrastructure layer for synthetic exposure to traditional financial benchmarks. Key Compliance Findings IssueFinTelegram AssessmentFCA StatusHyperliquid is now publicly listed by the FCA as an unauthorised firm that may be providing or promoting financial services or products without permission.Product ClassificationHyperliquid perps are economically derivatives: leveraged, cash-settled, no fixed expiry, long/short exposure, margining, liquidation and funding mechanics.Custody ArgumentThe fact that Hyperliquid may be non-custodial does not remove the regulatory character of the traded product or the activity of operating/promoting access to it.UK Retail RiskThe UK has banned the sale of crypto-derivatives and ETNs referencing certain cryptoassets to retail consumers since January 2021. The FCA has stated that firms offering such services to retail consumers are likely to be scams.Financial Promotion RiskUK cryptoasset financial promotion rules apply broadly to firms marketing qualifying cryptoassets to UK consumers, including overseas firms and technology-based delivery models.EU / MiFID RiskIn the EU, crypto-linked derivatives are not simply “MiCA products.” ESMA has clarified that cryptoassets can serve as underlying assets for derivative contracts, and such derivatives may fall under MiFID-style financial instrument analysis.U.S. Regulatory PressureThe CFTC has recently approved regulated perpetual futures paths for U.S. venues such as Kalshi, while CME and ICE have reportedly urged scrutiny of Hyperliquid over market manipulation and sanctions-evasion concerns. Why the FCA Warning Matters The FCA warning is short, but its implications are broad. The regulator states that almost all firms and individuals must be authorised or registered to carry out or promote financial services in the UK, and that Hyperliquid is not authorised. It also warns users that they will not have access to the Financial Ombudsman Service or Financial Services Compensation Scheme if they deal with the firm. For FinTelegram, the important point is not whether Hyperliquid calls itself DeFi. The question is whether the platform enables access to regulated-style financial products for users in regulated jurisdictions. On that test, Hyperliquid’s position is vulnerable. Perpetual futures are not ordinary crypto tokens. They are leveraged derivatives. Their key features include no fixed expiry, synthetic exposure to an underlying asset, margin requirements, funding-rate mechanisms, forced liquidations and long/short trading. S&P DJI’s own announcement describes perpetual derivatives as instruments allowing eligible investors to take leveraged long or short positions without fixed expiry. That is precisely the language of financial derivatives. The DeFi Defence: Weakening Under Regulatory Scrutiny Hyperliquid’s implicit defence has been the familiar DeFi argument: the protocol is decentralised, users connect wallets, and the platform may not take custody of assets in the traditional sense. But this argument is increasingly insufficient. Regulators are likely to focus on the following questions: Who designed and maintains the interface?The FCA warning specifically names the Hyperliquid website, application interface and social channels. Who promotes the product or ecosystem?A DeFi protocol with active marketing, public social channels, branded access points and coordinated ecosystem messaging may be treated differently from passive open-source code. Who controls listing, margin, liquidation and risk architecture?Hyperliquid’s own documentation indicates that builder-deployed perpetual markets involve market definition, oracle definitions, contract specifications, leverage limits and settlement responsibilities. Are users receiving access to a regulated economic exposure?Whether the collateral sits in a non-custodial wallet does not alter the fact that the user is trading a leveraged derivative. In other words: self-custody may reduce custody-regulation exposure, but it does not eliminate derivatives, market infrastructure, financial promotion, AML, sanctions, consumer protection or market abuse issues. The S&P 500 Perpetual: A Strategic Breakthrough — and a Regulatory Trigger The S&P 500 perpetual product is a major credibility signal for Hyperliquid’s ecosystem. But it is also a regulatory trigger. S&P DJI announced that it licensed the S&P 500 to Trade[XYZ], not directly to Hyperliquid, for a perpetual derivative contract on Hyperliquid. The announcement describes Trade[XYZ] as a provider of real-world-asset markets via perpetual derivatives on Hyperliquid and says XYZ markets had exceeded $100 billion in volume since October 2025, with an annualised run rate above $600 billion. This matters because the product links a major traditional finance benchmark to a decentralised derivatives venue. It invites regulators to ask whether global retail or semi-professional users can access leveraged synthetic exposure to major equity indices outside traditional exchange, clearing, conduct and investor-protection frameworks. For FinTelegram, this is the inflection point: Hyperliquid is no longer merely a crypto-native DeFi venue. It is becoming a shadow derivatives infrastructure for traditional market exposure. UK Compliance Situation After the FCA Warning The UK position is now materially adverse for Hyperliquid. First, the FCA warning means that UK consumers, regulated firms, payment partners, service providers, affiliates and media partners are on notice. Any party facilitating access, promotion, payments, referrals or onboarding for Hyperliquid in the UK now faces enhanced compliance risk. Second, the UK already has a restrictive stance on crypto derivatives. The FCA’s ban on the sale of crypto-derivatives and ETNs referencing certain cryptoassets to retail consumers came into effect in January 2021. The FCA stated that any firm offering such services to retail consumers is likely to be a scam. Third, the UK financial promotion regime captures cryptoasset promotions to UK consumers even when the firm is based overseas or uses technology-based delivery. This creates a three-layer UK problem for Hyperliquid: UK Risk LayerCompliance ImpactAuthorisation RiskPossible unauthorised provision or promotion of financial services.Retail Derivatives RiskCrypto-derivative access for UK retail users is especially problematic.Promotion RiskWebsites, apps, social media and referral content may constitute financial promotions. The FCA warning does not itself prove illegality. But it creates a strong regulatory presumption that Hyperliquid is not operating inside the UK perimeter in a way the FCA accepts. Potential Spillover Into Other Regulatory Regimes 1. European Union: MiCA Will Not Save Derivatives Platforms In the EU, many crypto firms try to frame their activities under MiCA. But leveraged perpetual derivatives are unlikely to be neatly contained within MiCA. ESMA has made clear that cryptoassets can serve as underlying assets for derivatives and that authorities must distinguish between cryptoassets under MiCA and financial instruments under MiFID II. This is crucial. If Hyperliquid products are treated as derivatives, the relevant framework may be MiFID II / MiFIR, not merely MiCA. That would raise issues around investment firm authorisation, trading venue operation, appropriateness testing, product governance, leverage limits, transaction reporting, market abuse surveillance and investor categorisation. The likely EU regulatory hypothesis is therefore: Hyperliquid-style perps are not “just cryptoassets”; they are derivative exposures delivered through crypto infrastructure. 2. United States: Offshore DeFi Under Pressure From Regulated Perps The U.S. picture is becoming more complex. The CFTC recently approved KalshiEX, a designated contract market, to list a bitcoin perpetual contract as a futures contract. That is important because it creates a regulated domestic path for perpetual futures. Once regulated U.S. venues can offer approved perpetuals, the tolerance for offshore or decentralised venues serving U.S.-linked users may decline. At the same time, CME and ICE have reportedly urged U.S. regulators to scrutinise Hyperliquid, citing concerns around anonymous round-the-clock perpetual futures trading, manipulation risk and sanctions evasion. The U.S. risk is therefore not only investor protection. It is also market integrity: whether on-chain perpetuals referencing oil, equities, indices or cryptoassets can distort benchmarks or provide a venue for manipulation outside regulated surveillance systems. 3. IOSCO / Global Standards: Cross-Border Coordination Risk The FCA warning may become a reference point for other regulators. Warnings by major regulators often serve as soft signals for national competent authorities, banks, payment processors and compliance teams. Once one Tier-1 regulator publicly identifies a platform as unauthorised, the burden shifts to the platform to demonstrate jurisdictional controls, geo-blocking, user restrictions, legal opinions and regulatory permissions. For Hyperliquid, this could affect: fiat on/off-ramp partners; institutional market makers; index and data partners; wallet and frontend integrations; affiliates and influencers; regulated entities offering copy-trading or structured exposure to Hyperliquid strategies. Regulatory Red Flags for Hyperliquid Red FlagWhy It MattersNo visible UK authorisationFCA says Hyperliquid is not authorised and may be targeting UK users.Leveraged perpetual derivativesThese resemble regulated derivatives, not simple token swaps.No KYC / wallet-based access modelRaises AML, sanctions, investor classification and jurisdictional control concerns.24/7 global accessMakes territorial restrictions harder to enforce.RWA and index-linked productsIncreases traditional finance regulatory exposure.Social media and app promotionMay trigger financial promotion rules.Liquidation and funding mechanicsRaise conduct, fairness, transparency and systemic-risk concerns.Potential UK retail accessHighly sensitive given UK crypto-derivatives restrictions. FinTelegram Compliance Hypothesis The FCA warning marks the beginning of a new regulatory phase for Hyperliquid. The platform’s DeFi architecture may have allowed it to scale rapidly without conventional authorisation, but the product reality is now too visible to ignore. Hyperliquid’s core activity is not simply decentralised token exchange. It is the operation of a high-performance, on-chain derivatives environment offering leveraged perpetual exposure to cryptoassets and increasingly to traditional financial benchmarks. From a compliance standpoint, the decisive question is not: “Is Hyperliquid decentralised?” The decisive question is: “Who is enabling, promoting and monetising access to leveraged financial instruments in regulated jurisdictions?” That question brings Hyperliquid into the perimeter of financial regulation, even if the answer differs across jurisdictions. FinTelegram Conclusion The FCA warning against Hyperliquid should be treated as a serious regulatory escalation. It signals that regulators are increasingly unwilling to accept “DeFi” as a blanket exemption from financial services law. For the UK, Hyperliquid is now an unauthorised-firm risk. For the EU, Hyperliquid-style perpetuals may fall closer to MiFID derivatives regulation than MiCA cryptoasset regulation. For the U.S., the approval of regulated perpetual futures may increase pressure on offshore and decentralised competitors. For global compliance teams, the platform now belongs on enhanced monitoring lists. The broader message is clear: perpetual derivatives do not become unregulated because they are traded through a wallet. A derivative remains a derivative, even when wrapped in DeFi infrastructure. FinTelegram will continue to monitor Hyperliquid, Trade[XYZ], index-linked perpetuals, and the regulatory response from the FCA, ESMA, CFTC and other national authorities. Share Information via Whistle42

FinTelegram’s Rail Atlas maps a remarkable payment and offshore-banking network around The Kingdom Bank, Financial House, La Orange / Jeton, Speedy, Banky and Jeton Bank. The case has become urgent after Financial House, a UK FCA-authorised EMI, was placed under severe FCA supervisory restrictions in April 2026. 2-Minutes Briefing FinTelegram’s Rail Atlas has identified a remarkable cross-border payment and offshore-banking network around The Kingdom Bank, Financial House, La Orange / Jeton, Speedy, Banky, Jeton Bank, and related facilitator layers. The trigger for this review is the severe FCA supervisory restrictions imposed on Financial House Limited, a UK-authorised Electronic Money Institution under Firm Reference Number 902039. The case is important because Financial House is not an isolated UK EMI. Public filings, legal disclosures, financial statements, West Ham sponsorship material, FinTelegram’s own operational review, and open-source records point to a wider payment infrastructure involving: The Kingdom Bank, a Dominica-based offshore / international digital banking platform; Financial House Limited, a UK FCA-authorised EMI currently under supervisory restrictions; Speedy, a Financial House trading name and a Polish payment rail observed in The Kingdom Bank deposit flow; La Orange Limited, trading as Jeton, an e-money services agent and major consumer-facing wallet/payment brand; Jeton Bank Limited, another Dominica offshore bank in the Jeton ecosystem; Banky / JSC CH GmbH, observed as an instant bank-transfer gateway in The Kingdom Bank deposit flow; Plato / GoodFintech / KYXPlatform, observed as the KYC and biometric-verification layer in The Kingdom Bank onboarding process. FinTelegram does not allege that all these entities are part of a single legal group or that all are under common control. However, the evidence supports a strong functional network hypothesis: a multi-jurisdictional payment infrastructure connecting offshore banking, UK EMI services, e-money agency, EU payment rails, white-label IBAN/card ambitions, crypto-friendly deposit flows, and high-risk merchant sectors. The key figure linking parts of this network is Nebil Serkan Zubari, publicly associated with The Kingdom Bank and shown in the 2024 Financial House accounts as a director who signed the report. FinTelegram’s operational review also observed The Kingdom Bank customer deposits being routed via a Speedy AG sp. z o.o. Polish payment rail, with The Kingdom Bank Corporation shown as account owner. This is exactly the type of cross-border rail configuration that FinTelegram’s Rail Atlas was designed to map. 1. The FCA Trigger: Financial House Under Severe Restrictions Financial House Limited is authorised by the UK Financial Conduct Authority (FCA) as an Electronic Money Institution. However, the FCA Register and Financial House’s own public notice show that the firm is currently subject to a First Supervisory Notice issued on 14 April 2026. According to the restriction notice published by Financial House, the firm is temporarily unable to: onboard new customers; accept new funds from existing customers; process payment transactions. The restrictions also concern the handling of safeguarded client funds. In substance, this is not a minor compliance footnote. It is a major operational restriction against a regulated UK EMI that appears to sit at the centre of a wider payment ecosystem. The timing is highly relevant. Financial House’s 2024 financial statements describe the company’s principal activity as enabling digital and mobile payments on behalf of consumers and merchants worldwide. The same report discusses European expansion, white-labelled IBANs, card distribution through Mastercard and Visa, and acquiring services in the UK and Europe. A regulated EMI with this profile being placed under severe FCA restrictions is a material Rail Atlas event. 2. Financial House: The UK EMI Infrastructure Node The 2024 Financial House accounts show that the company was not a dormant or marginal player. It reported turnover of approximately £14.4 million and gross profit of approximately £8.9 million. The business remained sizeable, but profitability deteriorated sharply: operating profit fell from around £1.99 million in 2023 to approximately £60,898 in 2024, resulting in a post-tax loss. Download the Financial House statements here. The accounts are especially important for three reasons. First, the company describes its activity as enabling digital and mobile payments on behalf of consumers and merchants worldwide. This is the language of a payment facilitator / EMI infrastructure provider, not a passive holding entity. Second, the report states that the group planned to expand operations into Europe through subsidiaries in Switzerland and Hungary. It also refers to white-labelled IBANs, card distribution through Mastercard and Visa, and acquiring business services in the UK and Europe. Third, the 2024 accounts were signed by Nebil Serkan Zubari, who was appointed as a Financial House director in October 2024. This is highly relevant because Zubari is also publicly associated with The Kingdom Bank. From a Rail Atlas perspective, Financial House appears to be a central regulated infrastructure node in a broader payment network. 3. The Speedy Signal: Trading Name, Polish Rail, EU Deposit Route Financial House publicly states in its own legal terms that it trades as Speedy and Centrue. The FCA register also shows Speedy as a current trading name of Financial House. Separately, FinTelegram’s operational review of The Kingdom Bank observed ordinary bank-transfer deposit instructions showing Speedy AG sp. z o.o. in Poland as the payment institution / bank rail, with the following details displayed in the The Kingdom Bank portal: FieldObserved DetailBank / Payment InstitutionSpeedy AG sp. z o.o., PolandIBANPL21636000030000000000486992BIC/SWIFTSSOPPLP2XXXAccount OwnerThe Kingdom Bank CorporationReferenceD9187185 This is one of the most important findings in the case. A Dominica offshore banking platform appears to receive customer deposits through a Polish Speedy-branded EU payment rail. The same Speedy name also appears in the UK Financial House context. The question is therefore obvious: how exactly are the Speedy-branded UK and Polish structures connected, and what role do they play in The Kingdom Bank customer-funding flows? This does not prove misconduct. But it creates a direct regulatory question for the FCA, Polish KNF, EU AML authorities and counterparties. 4. The Kingdom Bank: Offshore Bank With EU-Facing Onboarding FinTelegram was able to enter the onboarding funnel of The Kingdom Bank as a resident of Austria and Italy. The onboarding process used an external verification environment under verify.kyxplatform.com, branded as Plato. The deposit portal offered several funding options, including: Binance Pay; Instant Bank Transfer; Bank Transfer; Crypto; Kingdom Cash. For instant bank transfer, the flow redirected to pay.banky.io, a Banky-branded gateway listing numerous UK and fintech banks. In FinTelegram’s review, the instant transfer flow was visible but returned the error message: “Cannot execute payment at this time.” For ordinary bank transfer, the portal generated the Speedy AG Poland deposit instruction described above, with The Kingdom Bank Corporation as account owner. This matters because The Kingdom Bank is not a conventional EU bank. Yet EU residents appeared able to enter the onboarding and funding process, and EU-side payment rails were used in the deposit flow. A consumer may see an EU payment instruction or IBAN and assume EU-style banking protections. The underlying customer relationship, however, appears to remain with a Dominica offshore banking entity. That is a classic regulatory-perimeter issue. 5. The KYC Layer: Plato / GoodFintech / KYXPlatform The KYC process observed by FinTelegram was routed through verify.kyxplatform.com, branded as Plato. The verification screen referred to identity verification and biometric processing. The associated Plato / GoodFintech web presence reviewed by FinTelegram raises a transparency concern: the user-facing legal documents and website presentation did not clearly and prominently identify the legal operator responsible for the KYC platform, the data-controller / processor allocation, or the party responsible for biometric-data processing. This is not a minor point. The platform appears to perform sensitive identity-verification functions in the onboarding flow of an offshore bank accepting EU-facing customers. Users asked to submit identity documents and biometric data should not be forced to conduct external corporate-register research to understand who is processing their data and under what legal responsibility. In the context of The Kingdom Bank, this KYC opacity is a serious compliance and GDPR concern. 6. La Orange / Jeton: The Consumer-Facing Wallet And Agent Layer La Orange Limited, trading as Jeton, is another key node in the network. Public disclosures show that La Orange acts in the e-money / payment-services environment, and Jeton’s own disclosures state that the Jeton Card Account and Card are issued by Financial House Limited. The 2023 La Orange financial statements are also revealing. They describe the company’s principal activity as agents for e-money services. The group reported turnover of approximately £28.6 million in 2023, making it a material payment-services business rather than a small affiliate shell. The accounts also disclose important strategic developments: acquisition of La Orange CY Ltd in January 2024, described as a Cyprus EMI structure; disposal of La Orange GE LLC in December 2024; material working-capital movements typical of payment/e-money activity; a significant but cost-intensive international payment business. This confirms La Orange / Jeton as a substantial consumer-facing and agent/distribution layer in the broader payment ecosystem. The FCA restrictions against Financial House are potentially material for Jeton / La Orange to the extent that Jeton products, card accounts, e-money issuance, safeguarding or payment processing depend on Financial House as the authorised EMI or issuer. 7. Jeton Bank: The Second Dominica Offshore-Banking Node The Jeton ecosystem also includes Jeton Bank Limited, presented publicly as an offshore / international bank in Dominica. This is relevant because The Kingdom Bank is also a Dominica-based offshore / international banking platform. FinTelegram does not currently allege that Jeton Bank and The Kingdom Bank are the same entity or under the same legal control. However, from a network-risk perspective, the overlap is striking: Jeton / La Orange depends on regulated e-money and payment infrastructure; Jeton Bank adds a Dominica offshore-banking layer; The Kingdom Bank is another Dominica offshore-banking platform; Financial House and Speedy appear as payment infrastructure nodes; Zubari links Financial House and The Kingdom Bank; Banky and Speedy appear in The Kingdom Bank’s observed deposit stack. This is not a single linear corporate chart. It is a functional payment ecosystem. 8. The West Ham Trust-Building Signal Both Jeton and The Kingdom Bank appear in West Ham United’s official partner ecosystem. Jeton is presented as a finance app / e-wallet partner, while The Kingdom Bank is presented as a banking partner. This does not prove wrongdoing. Sponsorships are not evidence of payment misconduct. However, in financial intelligence terms, they matter as reputational amplification signals. Payment brands, e-wallets, offshore banks and digital-asset-friendly financial platforms often use sports sponsorships to build consumer trust and global visibility. The overlap is therefore noteworthy: two brands connected to the wider Financial House / Jeton / Dominica offshore-banking / payment-rail environment have used the same Premier League sponsorship platform. 9. Rail Atlas Network Configuration Network NodeJurisdictionRole / FindingEvidence LevelThe Kingdom Bank CorporationDominicaOffshore / international digital banking platform; EU-facing onboarding and deposit flow observedConfirmed / ObservedFinancial House LimitedUnited KingdomFCA-authorised EMI, FRN 902039; currently under FCA supervisory restrictionsConfirmedNebil Serkan ZubariUK / Dominica networkFinancial House director and signer of 2024 accounts; publicly associated with The Kingdom BankConfirmed / CorroboratedSpeedyUK / PolandTrading name of Financial House; Speedy AG Poland observed in The Kingdom Bank deposit flowConfirmed / ObservedSpeedy AG sp. z o.o.PolandPolish payment rail used for The Kingdom Bank bank-transfer depositsObservedLa Orange Limited / JetonUnited KingdomE-money services agent / Jeton trading environment; significant 2023 turnoverConfirmedLa Orange CY LtdCyprusCyprus EMI layer acquired by La Orange group in 2024Confirmed via accountsJeton Bank LimitedDominicaOffshore banking node in Jeton ecosystemCorroboratedBanky / JSC CH GmbHSwitzerland-linkedInstant bank-transfer gateway observed in The Kingdom Bank deposit flowObserved / Under ReviewPlato / GoodFintech / KYXPlatformUK-linked / opaque disclosureKYC and biometric verification layer observed in The Kingdom Bank onboardingObserved / Under ReviewWest Ham United SponsorshipsUnited KingdomBoth Jeton and The Kingdom Bank appear in partner ecosystemConfirmed 10. Confirmed Facts vs Network Hypothesis CategoryFindingConfirmedFinancial House is FCA-authorised and subject to FCA restrictions from April 2026ConfirmedFinancial House publicly trades as Speedy and CentrueConfirmedJeton disclosures identify Financial House as issuer of Jeton Card Account/CardConfirmedLa Orange accounts show substantial turnover and e-money agency activityConfirmedFinancial House accounts show Zubari as director and signerObserved by FinTelegramThe Kingdom Bank onboarding was accessible from Austria and ItalyObserved by FinTelegramThe Kingdom Bank KYC flow used KYXPlatform / PlatoObserved by FinTelegramThe Kingdom Bank instant-transfer flow used BankyObserved by FinTelegramThe Kingdom Bank ordinary bank-transfer route used Speedy AG Poland with The Kingdom Bank as account ownerCorroboratedJeton and The Kingdom Bank both use West Ham sponsorship visibilityUnder ReviewExact legal relationship between Banky and the Financial House / Speedy / Zubari networkUnder ReviewExact legal relationship between Jeton Bank and Financial HouseUnder ReviewWhether the same rails are used for gambling, iGaming, crypto or other high-risk merchantsNot Yet ProvenThat all entities form a single corporate group or are under common ownership 11. Compliance Red Flags Risk AreaObservationWhy It MattersFCA restrictionsFinancial House cannot onboard, accept new funds or process payments without restrictionMajor regulatory triggerSafeguardingRestrictions refer to client safeguarded funds and remediationIndicates serious regulatory concern around client funds / CDD / controlsOffshore-to-EU railThe Kingdom Bank uses EU-facing onboarding and Speedy Poland deposit instructionsPotential regulatory-perimeter arbitrageSpeedy overlapSpeedy is a Financial House trading name and Speedy AG Poland appears in The Kingdom Bank flowRaises network and related-party rail questionsKYC opacityPlato / GoodFintech / KYXPlatform operator disclosure appears insufficient to usersGDPR, biometric data and controller/processor riskCrypto-friendly fundingThe Kingdom Bank deposit menu includes crypto and Binance PayRequires enhanced AML, sanctions and source-of-funds controlsA2A / instant paymentsBanky gateway lists multiple banks for instant transferOpen-banking/A2A rails can bypass card chargeback protectionsE-money agency layerLa Orange / Jeton acts as agent for e-money servicesAgent/principal accountability becomes criticalSponsorship trust signalJeton and The Kingdom Bank both appear as West Ham partnersBrand trust amplification for high-risk payment/offshore actorsMulti-jurisdictional complexityUK, Poland, Cyprus, Switzerland, DominicaDifficult for regulators and consumers to see the full rail 12. Regulatory Questions FinTelegram believes the following questions require urgent clarification: What exactly triggered the FCA restrictions against Financial House? Which Jeton / La Orange products depend on Financial House as issuer, principal, processor or safeguarding institution? Are Jeton customers affected by the Financial House restrictions? What is the exact relationship between Financial House, Speedy, Speedy AG Poland and The Kingdom Bank? Does the Polish KNF know that Speedy AG Poland is used as a deposit rail for The Kingdom Bank Corporation? Are funds received via Speedy AG Poland safeguarded, segregated, pooled or transferred onward? Does The Kingdom Bank onboard EU residents without EU banking authorisation? What regulatory disclosures are provided to Austrian, Italian and other EU customers? Who operates the Plato / KYXPlatform KYC layer and who is the data controller for biometric data? What is the role of Banky / JSC CH GmbH in The Kingdom Bank’s instant-transfer flow? Are gambling, iGaming, crypto or other high-risk merchant funds processed through any of these rails? Are correspondent banks and payment networks fully aware of the underlying offshore and high-risk payment exposure? 13. FinTelegram Assessment The evidence now supports a consolidated Rail Atlas Network Case. The central issue is not whether any single company in the network is automatically unlawful. The central issue is that a restricted UK EMI, a consumer-facing wallet/e-money agent, Speedy-branded payment rails, a Dominica offshore banking platform, an opaque KYC facilitator and an instant-transfer gateway appear in overlapping payment and onboarding structures. The Kingdom Bank is not an isolated offshore bank. Financial House is not an isolated UK EMI. La Orange / Jeton is not merely a consumer wallet brand. Speedy is not merely a name. Together, these nodes point to a multi-jurisdictional payment infrastructure with serious regulatory, AML, safeguarding, consumer-protection and transparency questions. The FCA restrictions against Financial House turn this from a theoretical network map into a live regulatory event. For FinTelegram, the conclusion is clear: this network deserves immediate scrutiny by the FCA, Polish KNF, Dominica FSU, Central Bank of Cyprus, data-protection authorities, correspondent banks, payment schemes and affected customers. Call For Information FinTelegram invites whistleblowers, former employees, customers, compliance officers, PSP insiders, banking partners, payment agents, merchants, regulators and sports-sponsorship insiders to provide information about: Financial House Limited and the FCA restrictions; The Kingdom Bank onboarding and deposit flows; Speedy, Speedy AG Poland and Speedy-branded payment rails; La Orange Limited, Jeton and Jeton Card / Wallet products; Jeton Bank Limited in Dominica; Banky / JSC CH GmbH and instant bank-transfer infrastructure; Plato / GoodFintech / KYXPlatform KYC and biometric verification; merchant onboarding involving gambling, iGaming, crypto or forex; safeguarded funds, frozen balances, blocked withdrawals or unresolved payments; internal AML, CDD, EDD, sanctions or transaction-monitoring concerns; contracts, agent agreements, processor agreements, issuer agreements or referral arrangements. Whistleblowers may contact FinTelegram via Whistle42. FinTelegram protects sources and distinguishes between documented facts, open-source intelligence, source-provided material and editorial assessment. Share Information via Whistle42

2-Minutes Briefing FinTelegram’s Rail Atlas has conducted an extended compliance review of The Kingdom Bank Corporation, a Dominica-based offshore/international banking and fintech institution publicly positioning itself toward global payments, digital assets, Forex, Gambling and iGaming. In an operational review, FinTelegram was able to register with The Kingdom Bank as a resident of Austria and Italy. The onboarding flow used an external KYC verification domain, verify.kyxplatform.com, branded as Plato. The deposit area inside The Kingdom Bank portal offered several funding methods, including Binance Pay, Instant Bank Transfer, Bank Transfer, Crypto and Kingdom Cash. For Instant Bank Transfer, the flow redirected to pay.banky.io, a Banky-branded account-to-account payment gateway listing numerous UK and fintech banks, including Lloyds Bank, Barclays, Santander, RBS, NatWest, Revolut, HSBC, Monzo, Nationwide, Starling Bank, TSB, Wise and others. In FinTelegram’s test, the instant bank transfer could not be executed and returned the error message: “Cannot execute payment at this time.” For ordinary bank transfer, The Kingdom Bank generated Polish account details showing Speedy AG sp. z o.o. as the bank / payment institution and The Kingdom Bank Corporation as account owner. The IBAN shown in the test flow was: PL21636000030000000000486992BIC/SWIFT: SSOPPLP2XXXAccount Owner: The Kingdom Bank CorporationReference: D9187185 This finding is significant. The Kingdom Bank is not an EU-licensed bank. Yet its customer-funding flow appears to rely on an EU-based Polish payment institution account infrastructure through Speedy AG sp. z o.o. Public Polish and business-register data indicate that Speedy is connected to Nebil Serkan Zubari, the founder / key person behind The Kingdom Bank. This creates a relevant intra-network payment-rail question: an offshore Dominica “bank” appears to access EU payment infrastructure through a Polish payment institution linked to the same principal. Rail Atlas Snapshot FieldFindingEntityThe Kingdom Bank CorporationDomainhttps://www.thekingdombank.comJurisdictionDominicaEU Licence StatusNo EU banking licence identifiedEU Access FindingOnboarding possible from Austria and ItalyKYC Layerverify.kyxplatform.com / PlatoDeposit GatewayBanky (pay.banky.io) for instant bank transferEU Payment RailSpeedy AG sp. z o.o., Poland (Speedy.io)Observed IBANPL21636000030000000000486992Observed BICSSOPPLP2XXXAccount OwnerThe Kingdom Bank CorporationRisk VerticalsForex, Gambling, iGaming, cryptoKey RiskOffshore bank using EU payment rails for customer depositsConfidence GradeConfirmed / Corroborated / IndicatedStatusActive Rail Atlas Monitoring Case Why This Case Matters The Kingdom Bank should not be analysed as a conventional EU or UK commercial bank. It presents itself as a licensed international bank in the Commonwealth of Dominica and markets digital banking, global payments, digital assets, crypto-friendly services, FX and payment solutions to international clients. From a Rail Atlas perspective, the case matters because The Kingdom Bank combines several compliance-sensitive layers: offshore/international banking framework; digital-asset-friendly positioning; public service offering to Forex, Gambling and iGaming; customer onboarding from EU residents; outsourced KYC / identity verification; instant account-to-account payment gateway flow; crypto and Binance Pay funding options; bank-transfer funding via an EU payment institution; apparent linkage between the offshore bank principal and the EU payment institution used for deposits. This combination creates a high-risk compliance profile requiring enhanced scrutiny by regulators, correspondent banks, payment networks, AML teams and consumer-protection authorities. Public iGaming And Gambling Positioning The Kingdom Bank publicly markets Global Payment Solutions for sectors including Forex and Gambling and lists iGaming as an industry served. This is not merely third-party speculation. It is The Kingdom Bank’s own public-facing positioning. FinTelegram has not yet identified a confirmed casino merchant list or a public casino-domain disclosure stating that a specific casino brand uses The Kingdom Bank as banking, settlement or payment partner. However, the bank’s own market positioning makes iGaming and gambling a legitimate compliance focus. In high-risk gambling payments, the banking and settlement layer often remains behind the visible cashier, payment gateway, affiliate, crypto or payment-intermediary interface. The absence of public merchant names therefore does not eliminate risk. It only means that transaction-level evidence is required before naming specific operators. FinTelegram Test: Registration From Austria And Italy FinTelegram was able to register with The Kingdom Bank as a resident of Austria, Germany and Italy. This is important because The Kingdom Bank is not an EU-licensed bank in the conventional sense. It appears to operate globally on the basis of its offshore/international banking licence from Dominica while allowing EU residents to enter the onboarding process. The compliance issue is not whether offshore financial institutions may ever serve international clients. The issue is whether EU residents are being onboarded into a banking/payment ecosystem without the customer receiving a clear, prominent explanation of the regulatory perimeter: Dominica supervision, no EU deposit protection, no EU banking licence, and the involvement of EU payment institutions as operational rails. KYC Flow: verify.kyxplatform.com / Plato The KYC process observed by FinTelegram was conducted through verify.kyxplatform.com, branded as Plato. By clicking the verification button, the user consents to Plato, described as a vendor, collecting and using third-party service providers to process biometric information for identity verification, fraud detection and platform improvement. The screen also states that biometric information will be stored for no more than three years. Open-source research indicates that the KYXPlatform domain is connected to Plato-branded KYC verification. Plato / Goodfintech publicly describes its services as KYC, KYB, KYT, ID verification, liveness checks, facial expression analysis, sanctions and AML checks, risk scoring and automated KYC flows. Good Fintech Limited appears in UK Companies House as an active private limited company. A further red flag concerns the user-facing legal disclosure of the KYC provider. The Kingdom Bank onboarding flow redirects users to verify.kyxplatform.com, branded as Plato. Plato is presented under the GoodFintech ecosystem and offers KYC, KYB, KYT, ID verification, liveness checks, facial-expression analysis, sanctions and AML checks. However, FinTelegram’s review of the GoodFintech and Plato web presence found that the reviewed user-facing pages do not clearly and prominently identify the legal entity operating the platform or accepting responsibility for the processing of identity and biometric data. Open-source corporate records indicate the existence of Good Fintech Limited, a UK company incorporated in October 2023, with the Turkish national Nuri Ozlu listed as director and controlling person. In the context of EU residents onboarding with an offshore Dominica banking platform, this lack of prominent legal-entity, controller/processor and data-protection disclosure is a material compliance concern. Users asked to submit identity documents and biometric information should not have to conduct external corporate-register research to determine who operates the verification platform and who is responsible for their sensitive personal data. This raises several compliance questions: Who is the contractual KYC processor for The Kingdom Bank: Plato, Goodfintech or another operator behind KYXPlatform? Where exactly are biometric data and identity documents stored? Which entity is the data controller and which entity is the processor? Are EU residents provided with GDPR-compliant disclosures before biometric data collection? Are customers clearly told that they are onboarding with an offshore Dominica bank rather than an EU bank? How are PEP, sanctions, adverse media and source-of-funds checks calibrated for high-risk sectors such as crypto, Forex and gambling? The use of external KYC vendors is not unusual. However, in this case, the combination of offshore banking, EU customers, biometric processing, crypto funding and high-risk merchant positioning requires a much higher standard of transparency. Deposit Options: Binance Pay, Bank Transfer, Instant Bank Transfer, Crypto And Kingdom Cash Inside the portal, FinTelegram observed the following deposit methods: Binance Pay; Instant Bank Transfer; Bank Transfer; Crypto; Kingdom Cash. This funding menu is revealing. It indicates that The Kingdom Bank is not merely presenting itself as a traditional offshore bank account provider. It operates more like a digital banking/payment platform integrating crypto, account-to-account payments and alternative deposit methods. From an AML perspective, the coexistence of fiat bank transfers, instant payments, crypto and Binance Pay increases the importance of transaction monitoring, source-of-funds review, sanctions screening, wallet risk analytics and real-time fraud controls. Banky Instant Bank Transfer Flow For the Instant Bank Transfer option, The Kingdom Bank redirected to pay.banky.io, a Banky-branded gateway. The Banky screen showed a payment amount of EUR 101.50 and allowed the customer to choose from a list of banks. The list included major UK and fintech banks such as Lloyds Bank, Barclays, Santander, RBS, NatWest, Revolut, HSBC, Monzo, Nationwide, Starling Bank, TSB, Bank of Scotland, Ulster Bank, First Direct, Halifax, Danske Bank, Wise, Allied Irish Banks and Bank of Ireland. In FinTelegram’s review, the instant bank transfer could not be completed and returned the error message: “Cannot execute payment at this time.” The failed transaction does not by itself prove misconduct. However, the flow is relevant because it shows that The Kingdom Bank’s deposit infrastructure appears to connect to open-banking-style account-to-account payment rails. This is the type of infrastructure frequently observed in modern high-risk payment ecosystems because it can bypass card-chargeback rails and move customer funds directly from bank accounts. For Rail Atlas purposes, Banky should be treated as a relevant payment gateway layer in The Kingdom Bank deposit stack. Ordinary Bank Transfer: Polish Speedy AG Rail The most important operational finding is the ordinary bank-transfer deposit instruction. The Kingdom Bank portal instructed the user to make a transfer to bank details showing: Bank Name: Speedy AG spółka z ograniczoną odpowiedzialnościąDomain: Banky.ioIBAN: PL21636000030000000000486992BIC/SWIFT: SSOPPLP2XXXBank Number: 636Account Number: 636000030000000000486992Account Owner: The Kingdom Bank CorporationReference: D9187185 This means that, in the tested deposit flow, the EU-side funding account was not shown as a direct The Kingdom Bank account at a traditional EU bank. Instead, it was a Polish Speedy AG payment-institution rail where the account owner was The Kingdom Bank Corporation. Speedy AG sp. z o.o. is a Polish payment institution. Polish regulator KNF granted Speedy AG a national payment institution licence in August 2024. Public sources identify its BIC/SWIFT as SSOPPLP2XXX. This finding gives The Kingdom Bank an EU payment-rail footprint. It also creates a clear regulatory question: how is a Dominica offshore bank using a Polish payment institution account to receive customer deposits from EU residents? The Speedy / Zubari Connection The Speedy finding is particularly sensitive because public Polish register and business data indicate that Nebil Serkan Zubari (LinkedIn) is connected to Speedy AG sp. z o.o. as a board / representative figure and beneficial owner through Speedy Group Holding Limited. Zubari is also the key person behind The Kingdom Bank. Public sources identify Zubari as the founder and CEO of The Kingdom Bank. The bank’s own blog states that Zubari is the founder and current CEO, while an English court decision in The Kingdom Bank Corporation v Moorwand Ltd identifies Zubari as a director of The Kingdom Bank. West Ham United’s official partnership communication also refers to him as founder of The Kingdom Bank. This creates an important network-level compliance issue. The flow observed by FinTelegram suggests that The Kingdom Bank customer funds may be routed through a Polish payment institution connected to the same principal behind the offshore bank. This does not automatically mean the structure is illegal. It may be presented as an internal group or partner infrastructure. But from a compliance perspective, it requires transparency: Is Speedy acting as payment institution, account provider, correspondent partner or technical payment rail for The Kingdom Bank? Does KNF know that Speedy accounts are used for The Kingdom Bank customer deposits? Are The Kingdom Bank customers informed that their funds are received through a Polish payment institution? Is Speedy conducting independent AML monitoring on the underlying The Kingdom Bank customer and transaction risk? Does Speedy classify The Kingdom Bank as a high-risk offshore banking client? Are gambling, crypto or iGaming-related funds processed through the same infrastructure? Are EU customers protected by any EU safeguards, or are they merely sending money to an offshore bank via an EU payment institution? These are central Rail Atlas questions. The Kingdom Bank is not an isolated Dominica offshore bank. It appears to sit within a broader Zubari-linked financial infrastructure that also includes Speedy-branded EU/UK payment entities. One of these nodes, Financial House Limited, is FCA-authorised but currently subject to FCA supervisory restrictions. That significantly strengthens the Rail Atlas risk profile. Regulatory Perimeter Issue The Kingdom Bank appears to offer onboarding and deposit functionality to EU residents while operating under a Dominica offshore/international banking licence. FinTelegram has not identified evidence that The Kingdom Bank itself holds an EU banking licence. The observed Polish deposit rail through Speedy AG does not transform The Kingdom Bank into an EU bank. It may only show that The Kingdom Bank has access to EU payment infrastructure through a regulated Polish payment institution. This distinction is critical. A consumer in Austria, Italy or another EU country may see an EU IBAN and assume a familiar EU banking environment. However, the account owner remains The Kingdom Bank Corporation, a Dominica offshore entity. The regulatory protection, complaints route and prudential supervision may therefore be very different from those of a conventional EU bank. Pooled Accounts And Merchant Payment Opacity The Kingdom Bank publicly promotes pooled-account functionality. In legitimate financial operations, pooled or omnibus accounts may be used to manage client funds efficiently. In high-risk environments, however, they can create transparency problems. If an offshore bank or payment platform serves gambling, crypto, Forex or high-risk merchant clients through pooled or omnibus-style structures, the visible payee may not clearly reveal the underlying merchant, casino operator, affiliate, crypto broker or beneficiary. This is one of the central Rail Atlas concerns: in modern payment ecosystems, the entity visible to the customer or the sending bank may be a processor, pooled account, payment institution or banking wrapper rather than the true commercial counterparty. Compliance Red Flags Risk AreaFinTelegram FindingCompliance RelevanceOffshore bankingThe Kingdom Bank operates from Dominica under an international/offshore banking profileNo conventional EU banking licence identifiedEU onboardingRegistration possible from Austria and ItalyEU residents appear able to enter the customer funnelKYC / Plato / GoodFintechVerification through verify.kyxplatform.com / Plato. User-facing pages reviewed by FinTelegram do not clearly disclose the legal operator; external records point to Good Fintech Limited in the UKBiometric-data, GDPR and data-controller transparency questions. GDPR, biometric-data, controller/processor and contractual transparency concernCrypto fundingDeposit menu includes Crypto and Binance PayRequires wallet-risk, sanctions, source-of-funds and Travel Rule controlsInstant bank transferDeposit flow redirects to pay.banky.ioOpen-banking/account-to-account rail relevant for card-chargeback bypass riskFailed test paymentInstant transfer returned “Cannot execute payment at this time”Operational reliability and gateway availability questionEU bank-transfer railDeposit instruction uses Speedy AG sp. z o.o. in PolandOffshore bank appears to receive EU deposits through Polish payment institutionAccount ownerAccount owner shown as The Kingdom Bank CorporationEU payment rail used for offshore bank fundingNebil Serkan ZubariActive director of Speedy, Financial House Limited, and The Kingdom BankLinks The Kingdom Bank principal to UK EMI infrastructureSpeedy connectionPublic data links Speedy to Nebil Serkan ZubariNetwork-level conflict / related-party rail questioniGaming positioningThe Kingdom Bank publicly targets Forex, Gambling and iGamingHigh-risk merchant vertical explicitly part of target marketPooled accountsThe Kingdom Bank promotes pooled-account structuresUnderlying merchant / beneficiary transparency riskReferral / merchant acquisitionWhistleblower material indicates external client-introduction structuresIncentives to source higher-risk merchants require enhanced controls Rail Map A simplified Rail Atlas model based on the review findings is: EU Resident / Customer→ The Kingdom Bank Online Portal→ KYC via KYXPlatform / Plato→ Deposit Method Selection→ Banky Instant Bank Transfer / Crypto / Binance Pay / Ordinary Bank Transfer→ Speedy AG Polish Payment Rail→ Account Owner: The Kingdom Bank Corporation→ Offshore Dominica Banking / Payment Platform For merchant flows, the potential model is: High-Risk Merchant / iGaming / Forex / Crypto Client→ External introducer or referral partner→ The Kingdom Bank onboarding and payment stack→ Pooled account / IBAN / SWIFT / Crypto / A2A payment layer→ Customer deposits, merchant settlement or cross-border payouts The second model remains a working Rail Atlas hypothesis requiring transaction-level confirmation for specific merchants. FinTelegram Assessment The extended review significantly strengthens the Rail Atlas case on The Kingdom Bank. The issue is no longer only that The Kingdom Bank publicly positions itself toward Forex, Gambling and iGaming. The operational review shows that EU residents can enter the onboarding funnel, pass into a KYC process handled through an external KYXPlatform / Plato domain, and receive deposit instructions involving a Polish payment institution. The Speedy AG connection is the most important new element. A Dominica offshore bank appears to use an EU payment institution rail in Poland for customer deposits, while public register data indicates that the same key person behind The Kingdom Bank is also connected to Speedy. This does not prove unlawful conduct. But it creates a high-risk related-party payment infrastructure that deserves regulatory and journalistic scrutiny. For consumers, the risk is transparency. The presence of a Polish IBAN or EU payment institution does not mean the customer is banking with an EU bank. The customer relationship remains with The Kingdom Bank Corporation, a Dominica offshore entity. For regulators, the risk is perimeter arbitrage. Offshore banking, EU payment institutions, crypto funding, open-banking gateways, pooled accounts and high-risk merchant sectors may combine into a payment architecture that is technically distributed and difficult to supervise end-to-end. Call For Information FinTelegram invites whistleblowers, former employees, compliance officers, payment agents, PSP insiders, casino operators, affiliates, customers, regulators and banking partners to provide information about The Kingdom Bank, Speedy AG, Banky, KYXPlatform / Plato, and related payment flows. We are particularly interested in: The Kingdom Bank onboarding documents for EU residents; deposit screenshots showing Speedy AG, Banky, Binance Pay, crypto or other payment methods; account statements showing transfers to or from The Kingdom Bank via Speedy AG; contracts or service agreements between The Kingdom Bank and Speedy AG; information about the operator and data-controller structure behind KYXPlatform / Plato; complaints about frozen deposits, failed withdrawals, blocked accounts or unresolved refunds; merchant onboarding files involving gambling, iGaming, Forex or crypto clients; payment screenshots linking casino or betting platforms to The Kingdom Bank, Speedy, Banky or related infrastructure; internal AML, sanctions, KYC, KYB, PEP, adverse-media or transaction-monitoring concerns; evidence concerning pooled accounts or omnibus structures used for high-risk merchants. Whistleblowers may contact FinTelegram via Whistle42. FinTelegram protects sources and distinguishes clearly between documented facts, open-source intelligence, third-party allegations and editorial assessment. Share Information via Whistle42

A June 2026 promotional article on openPR explains how users can transfer USDT into Payeer through BoomChange, even though Payeer has been linked to EU sanctions measures, Lithuanian sanctions and AML enforcement, and persistent customer complaints over blocked withdrawals. Evidence from a detailed Bitcointalk scam thread materially escalates the risk profile of BoomChange, which is presented not merely as an opaque crypto intermediary but as a suspected fake exchange operation tied to static deposit addresses, phishing-style behavior, and wallet flows allegedly ending at Binance. Key Findings The openPR press release explicitly promotes a 2026 workflow for sending USDT into Payeer via BoomChange and presents that path as a normal convenience service for online users and remote workers. Specialist sanctions and compliance sources report that Payeer was targeted under the EU’s 19th sanctions package, with a transaction ban or equivalent transaction prohibition taking effect in November 2025 after a short wind-down period. Lithuanian FCIS/FNTT enforcement reportedly imposed roughly €9.3 million in penalties on Payeer for sanctions breaches and AML failures, including dealings involving sanctioned Russian banks. FinTelegram has documented repeated complaints from Payeer users about frozen balances, blocked accounts, and failed withdrawals during the sanctions-driven shutdown phase. Payeer no longer appears reachable on the legacy domain payeer.com, which now returns an NXDOMAIN error in live retrieval, while the currently active public-facing site is payeer.online. The current payeer.online site presents itself as a global payment gateway based around merchant acquiring, cards, PayPal, crypto, WeChat Pay, and Alipay rather than the older wallet-centered interface historically associated with payeer.com. The Bitcointalk thread on BoomChange alleges that boomchange.com, boomchange.io, and boomchange.net operate as fake exchanges using static deposit addresses that route victim funds into operator-controlled wallets. The same Bitcointalk report links BoomChange to an Armenia footprint, identifies multiple email addresses, phone numbers, IP addresses, social-media accounts, and hosting or registrar changes, but none of this amounts to transparent corporate disclosure or verified beneficial ownership. No verifiable legal operator or beneficial owner for BoomChange was identified on its public website, which remains a severe compliance red flag for a platform routing crypto into payment environments such as Payeer. In risk terms, the BoomChange-Payeer pathway combines sanctions exposure, AML deficiencies, consumer harm, and scam indicators in a single transaction chain. Press Release Analysis The openPR article titled “How to Transfer USDT into Payeer in 2026” is framed as a simple user guide for moving stablecoins into a payment account. It positions BoomChange as the transfer mechanism and Payeer as the destination platform, while naming additional payment brands such as Skrill, Wise, Payoneer, PayPal, and Cash App to normalize the route. The article is problematic because it is not merely descriptive. It is operational marketing that guides users from USDT into Payeer without mentioning the sanctions, enforcement, withdrawal, or consumer-risk issues now associated with the Payeer ecosystem. After incorporating the Bitcointalk material, the omission becomes even more serious. The release does not just promote access to a sanctioned or restricted payment rail; it appears to direct users through a platform that has been publicly accused of functioning as a fake exchange scam using static wallet infrastructure and phishing-style collection mechanisms. Payeer: Sanctions, Enforcement, and Domain Shift EU sanctions and shutdown context Specialist sanctions and crypto-compliance reporting states that Payeer was included in the EU’s 19th sanctions package against Russia, with the measures taking effect in November 2025 after a limited wind-down period. These reports characterize the measure as a ban on transactions involving Payeer and highlight the significance of the case because it directly touches the crypto and payment-services perimeter. That matters for any intermediary touching the flow. If a third-party exchanger, wallet service, PSP, acquirer, or banking partner enables funds to be routed into Payeer after the prohibition became effective, the risk shifts from abstract association to possible direct or indirect facilitation. Lithuanian enforcement and complaint pattern Lithuanian FCIS/FNTT reporting described major sanctions and AML failures at Payeer and imposed penalties totaling approximately EUR 9.3 million. Public reports say the findings included transactions involving sanctioned Russian banks, weaknesses in customer due diligence, and failures connected to suspicious transaction monitoring and reporting. FinTelegram’s reporting adds the practical consumer dimension. It documents complaints from users whose withdrawals were blocked or delayed and whose balances became trapped as the sanctions-driven exit period unfolded. From payeer.com to payeer.online A live retrieval of payeer.com now returns a DNS error, indicating that the legacy domain is no longer reachable at the time of review. In contrast, payeer.online is active and currently markets itself as an all-in-one international payment gateway offering cards, PayPal, crypto, WeChat Pay, Alipay, API integration, and merchant services in more than 180 countries. This domain change is analytically important. It indicates that Payeer’s current web presence has shifted away from the older payeer.com brand entry point and toward a new domain with a different public presentation, one that emphasizes merchant acquiring, global coverage, and broad payment-method support rather than the historic wallet image widely associated with Payeer. That does not reduce the underlying compliance concern. If anything, a post-enforcement rebranding or domain migration can make customer screening, adverse-media detection, and sanctions controls harder unless institutions actively map historical domains, trade names, and legacy references to the currently active infrastructure. BoomChange: Scam Indicators and Ownership Clues Public website and transparency failures BoomChange’s public website presents the service as an instant crypto exchange with fast execution, no-registration usage, and multiple conversion paths involving crypto and payment destinations. It does not clearly identify a legal operator, jurisdiction of incorporation, licensing authority, directors, or beneficial owners in a way expected from a regulated CASP or payment intermediary. That alone already justified a high-risk classification. After reviewing the Bitcointalk evidence, however, the risk assessment must be strengthened from opaque intermediary to suspected fake-exchange scam operation. Bitcointalk scam evidence The Bitcointalk thread titled “SCAM – Boomchange.com / Boomchange.io / Boomchange.net – Fake Crypto Exchanges” contains a detailed allegation set backed by wallet addresses, archived pages, social-media references, and transaction links. The core allegation is that BoomChange uses static order pages and repeatedly shows the same deposit addresses to different visitors, which is inconsistent with how legitimate instant-exchange order management normally works. The thread lists numerous crypto addresses across Bitcoin, Ethereum, Litecoin, Solana, Tron, BNB, Perfect Money, and other networks, and alleges that victim funds were consolidated and then moved onward, in many cited cases to Binance-linked destinations. It also notes that MetaMask’s phishing-warning list and several scam-reporting services had already flagged BoomChange-related domains or addresses. As a matter of editorial caution, the Bitcointalk material is community-sourced and accusatory in tone. Even so, the density of technical indicators, the consistency of the allegations, and the overlap with BoomChange’s missing ownership transparency make the thread highly relevant adverse-media evidence that cannot be ignored in a compliance analysis. Operators and beneficial ownership The Bitcointalk post attributes BoomChange to an operator in Yerevan, Armenia and identifies a cluster of contact points including email addresses such as boomchange222@gmail.com, boomchange6@gmail.com, register2022.2023@gmail.com, edgarhakobyan2012@gmail.com, boomchangeplay@gmail.com, and info@boomchange.com, as well as the phone number +1 850 280 0803 used on social and messaging channels. It also references Armenian IP addresses, Ucom and Telecom AM connectivity, hosting via Koddos/Amarutu Technology, and registrar changes from Namecheap to Nicenic and later Internet Domain Service BS Corp. Those indicators point to an operational footprint, but they do not establish verified beneficial ownership in a corporate-law sense. At present, the evidence supports describing BoomChange as a suspected Armenia-linked scam operation with identified digital traces, not as a transparently owned or lawfully disclosed business. The thread also mentions a possible link to Smartweb.am and to another project, iptvleopard.com, through overlapping promotion patterns and archived content. Those links are investigatively relevant and may justify further OSINT work, but they should be presented as leads rather than settled findings unless confirmed through company records, domain control evidence, payment data, or insider documentation. Compliance Analysis Sanctions risk The sanctions issue is straightforward. Any service route that enables users to move value into Payeer after the EU prohibition took effect creates a direct or indirect sanctions exposure for the user and for any intermediary facilitating the chain. This is precisely why the BoomChange link is so troubling. A suspected scam exchange with weak or absent transparency is being used in promotional content as the bridge into a payment environment already burdened by sanctions and enforcement findings. AML and fraud risk The AML risk profile is compounded rather than additive. Payeer carries a documented history of sanctions and AML enforcement, while BoomChange now shows significant public scam indicators including static deposit addresses, alleged phishing behavior, and address-level abuse reporting. For compliance teams, this combination should trigger enhanced due diligence, counterparty restrictions, wallet screening, transaction monitoring, and partner review at the highest risk level. Institutions that continue to process related flows without tracing destination logic, domain relationships, and adverse-media indicators would be exposed not only to financial crime risk but also to serious supervisory criticism. Consumer protection and market integrity The consumer-harm narrative is no longer limited to frozen Payeer withdrawals. If users are directed first into BoomChange and then onward into Payeer, they face the risk of losing funds at two separate points in the chain: first to a suspected scam exchanger, and second to a sanctioned or shutdown-affected payment platform with documented withdrawal complaints. That makes the openPR article especially problematic from a market-integrity perspective. It presents a high-risk transaction route as a routine financial convenience while suppressing material facts that would likely alter user behavior and partner risk assessments. Key Data Table FieldPayeerBoomChangeCurrent public domainpayeer.online is currently active; payeer.com returned NXDOMAIN in live retrieval boomchange.com remains publicly accessible and is promoted as an instant exchange Public rolePayment gateway and merchant-acquiring style platform on current website Instant crypto exchange / transfer intermediary on public website Sanctions positionIncluded in EU 19th Russia sanctions reporting; transaction prohibition described by compliance sources Not identified as sanctioned in the reviewed source set Enforcement / adverse findingsLithuania reportedly imposed about EUR 9.3 million in sanctions and AML penalties Bitcointalk scam thread alleges fake-exchange conduct, static deposit addresses, phishing behavior, and Binance offloadsConsumer-risk indicatorsFinTelegram reports blocked withdrawals, frozen balances, and trapped funds Community reports describe irreversible loss after sending crypto to operator-controlled addressesOwnership transparencyHistorical structure linked by FinTelegram to Russian control, Lithuania, and offshore entities No verified beneficial owner found; thread points to Armenia-linked digital traces but not formal ownership proof Link between entitiesDestination platform promoted in the openPR guide Transfer route promoted for sending USDT into Payeer Core compliance concernSanctions exposure, AML failings, frozen funds, partner risk Scam risk, lack of ownership disclosure, possible sanctions-evasion facilitation  Whistleblower Call Whistleblowers, former staff, banking and PSP partners, vendors, hosting providers, domain registrars, exchange compliance officers, and affected customers with information on Payeer or BoomChange should submit evidence to Whistle42 and FinTelegram. Especially valuable are internal communications, KYC and sanctions procedures, merchant or affiliate contracts, wallet-cluster data, registrar and hosting records, beneficial ownership documents, and evidence showing how customer or victim funds were routed. Submissions are particularly important where they help identify the real operators behind BoomChange, explain the shift from payeer.com to payeer.online, document any continuing service relationships after sanctions took effect, or prove the use of third-party exchanges and payment rails to keep restricted flows alive. Share Information via Whistle42

FinTelegram has received a copy of what appears to be a Turkish law-enforcement / Interpol-Europol document concerning Ozan Özerk, OpenPayd’s founder and controlling shareholder. The document, provided by a previously reliable source, refers to serious allegations and possible international police-cooperation steps. This lands at a critical moment: OpenPayd is seeking a Nasdaq listing through Titan Acquisition Corp. at a proposed unicorn valuation, while FinTelegram victim files show OpenPayd vIBAN infrastructure in scam payment paths involving Klickl Europe. 2-Minute Briefing OpenPayd wants U.S. public-market investors to buy a unicorn fintech story. FinTelegram is now looking at a much darker disclosure issue: the law-enforcement risk surrounding Ozan Özerk, OpenPayd’s founder, economic owner, and controlling shareholder. FinTelegram has received from a previously reliable source a screenshot of what appears to be a Turkish law-enforcement / Interpol-Europol document concerning Özerk personally. The document identifies Özerk by Turkish ID number, date and place of birth, lists addresses in London and Northern Cyprus, and states that he is actively sought in Turkish UYAP records in relation to serious allegations, including forming an organization to commit crimes, transferring assets derived from money laundering abroad, and fraud through the use of banks, insurance companies, credit institutions or information systems. The document further states that Özerk left Turkey for London on 20 September 2025 and that Turkish authorities had information suggesting that he may still be in the United Kingdom. It also refers to possible Red Notice / Diffusion procedures through the Ministry of Justice and Interpol-Europol channels. FinTelegram has not yet independently authenticated the screenshot through official Turkish court or police records. However, the source has previously provided information that proved reliable. The content is also consistent with OCCRP’s reporting on Turkish money-laundering investigations involving companies owned by Özerk. This matters because OpenPayd is pursuing a public listing through Titan Acquisition Corp. The transaction is designed to bring OpenPayd to Nasdaq under a Cayman PubCo structure, with a proposed pro-forma equity valuation of $1.145 billion. SEC materials identify Özerk as the key company shareholder, directly holding approximately 82.72% of OpenPayd Holdings Limited before the transaction. The risk file does not stop there. FinTelegram has also reported extensively on OpenPayd’s appearance as vIBAN infrastructure provider in alleged investment-scam payment paths involving Klickl Europe Sp. z o.o. Victim files and OpenPayd GDPR/DSAR material indicate that victims paid into OpenPayd named vIBANs / OpenPayd Malta IBANs using CFTEMTM1, with funds swept to Klickl Europe under references such as “Sweep to Primary Account.” That creates a direct Nasdaq disclosure question: how will OpenPayd, Titan, their advisers, auditors, and SEC-facing counsel describe founder-risk, Turkish law-enforcement exposure, vIBAN scam-rail exposure, and the Klickl Europe victim-flow files? Key Findings The copy puts Özerk personally in focus. The apparent Turkish document refers to Ozan Özerk personally, not merely to corporate entities in his network. The allegations described are serious. The document refers to organized-crime, money-laundering-asset transfer, and fraud-related allegations involving banks, credit institutions, insurance companies or information systems. The document refers to international police-cooperation steps. It mentions possible Red Notice / Diffusion procedures through Turkish justice and Interpol-Europol channels. The source is considered credible by FinTelegram. The screenshot was provided by a source previously known to FinTelegram and considered reliable. Formal authentication through Turkish official records remains pending. The content aligns with OCCRP’s reporting. OCCRP reported Turkish money-laundering investigations involving companies owned by Özerk and linked the wider context to its Scam Empire investigation. Özerk is central to the OpenPayd transaction. SEC transaction materials identify him as the key company shareholder and controlling figure behind OpenPayd Holdings. OpenPayd already faces a payment-rail disclosure issue. FinTelegram victim files show OpenPayd infrastructure inside alleged investment-fraud payment paths involving Klickl Europe. Why This Matters For The Nasdaq Transaction The planned OpenPayd–Titan transaction is not a simple growth financing. It is a public-market trust event. OpenPayd wants Nasdaq investors to value the group as a high-growth financial infrastructure platform operating across fiat rails, vIBANs, digital assets, stablecoins and crypto on/off ramps. That story now faces three overlapping disclosure layers: Disclosure LayerCore IssueWhy It MattersFounder / control riskApparent Turkish law-enforcement document concerning Ozan ÖzerkÖzerk is the controlling shareholder and key company shareholderOCCRP / Turkey riskTurkish investigations involving Özerk-owned companiesMatches broader money-laundering and illegal-betting risk contextOpenPayd–Klickl rail riskVictim files show OpenPayd vIBAN infrastructure feeding Klickl EuropeGoes directly to OpenPayd’s core product risk: vIBANs, payment rails, crypto exposure If OpenPayd wants public-market investors to accept a unicorn valuation, these are not footnotes. They belong in the risk-factor discussion. The OpenPayd–Klickl Context FinTelegram has recently documented a pattern involving OpenPayd and Klickl Europe. Victims of multiple fake investment schemes allegedly received OpenPayd-generated named vIBANs. Funds entered OpenPayd infrastructure and were then swept to Klickl Europe Sp. z o.o., a Polish virtual-asset service provider, with references such as “Transfer to Klickl Europe – EUR/Sepa” and “Sweep to Primary Account.” Victim-organized material also points to a broad app-front layer: fake investment apps and scam platforms used to lure victims through WhatsApp, Telegram and social-media grooming before deposits were routed through OpenPayd and Klickl Europe. This is precisely the type of rail exposure that should concern public-market investors. OpenPayd’s business model is built around payment infrastructure, virtual IBANs, regulated accounts, digital-asset rails and cross-border settlement. When that infrastructure appears in victim-fund flows, the issue becomes material. Read our Klickl Europe reports here. Questions For OpenPayd, Titan And Advisers Are OpenPayd and Titan aware of the apparent Turkish law-enforcement / Interpol-Europol document concerning Ozan Özerk? Have Titan, its counsel, auditors and SEC-facing advisers reviewed the underlying Turkish proceedings? Will the Form F-4 / proxy materials disclose the Turkish investigation and founder-risk context? Did OpenPayd disclose the OpenPayd–Klickl Europe victim files to Titan? How many OpenPayd vIBANs were issued in relation to Klickl Europe? How many scam complaints involve OpenPayd Malta / CFTEMTM1? Were SARs or STRs filed in relation to Klickl Europe or the related investment-scam flows? Has OpenPayd terminated or restricted Klickl Europe? Will Nasdaq investors receive the full risk file — or only the unicorn growth narrative? FinTelegram Assessment OpenPayd’s Nasdaq transaction is now a disclosure test. The apparent Turkish law-enforcement document, OCCRP’s reporting, the SEC transaction structure, Özerk’s control position, and the OpenPayd–Klickl victim files all point to the same problem: the public-market story is incomplete without the risk story. FinTelegram does not state that Özerk has been convicted of any offence. The Turkish document reviewed by FinTelegram remains a screenshot and requires formal authentication. But given the credibility of the source, the seriousness of the allegations, and the consistency with the broader OCCRP context, this material is plainly relevant. The question is no longer whether OpenPayd has a growth story. The question is whether OpenPayd and Titan will disclose the full risk story before asking Nasdaq investors to buy it. Read our reports on OpenPayd here. Summary Table — Ozan Özerk / OpenPayd / Titan / Klickl Risk File ElementKey DataFinTelegram RelevanceOzan ÖzerkFounder, economic owner and controlling shareholder behind the OpenPayd group. SEC transaction materials identify him as the key company shareholder with approx. 82.72% direct ownership of OpenPayd Holdings Limited before the Titan transaction.The Nasdaq story is founder-controlled. Any serious law-enforcement, reputational or AML issue around Özerk is directly relevant to the OpenPayd public-market risk profile.Apparent Turkish law-enforcement documentFinTelegram received from a previously reliable source a screenshot of what appears to be a Turkish law-enforcement / Interpol-Europol document concerning Özerk personally. It refers to serious allegations, including organized-crime, money-laundering-asset transfer, and fraud-related allegations involving banks, credit institutions, insurance companies or information systems.If authentic, this materially escalates founder-risk. The document should be reviewed by OpenPayd, Titan, advisers, auditors and SEC-facing counsel.Red Notice / Diffusion referenceThe screenshot refers to possible international Red Notice / Diffusion procedures through Turkish justice and Interpol-Europol channels.This is potentially public-market material. If any international police-cooperation step exists or is being considered, it should be assessed for disclosure.OCCRP contextOCCRP reported Turkish money-laundering investigations involving companies owned by Özerk and linked the wider context to its Scam Empire investigation. OCCRP also noted limits on what was proven regarding knowledge of fraud-derived payments.The screenshot is not isolated. It aligns with a broader investigative and law-enforcement context around Özerk-linked entities.OpenPaydGlobal payments / Banking-as-a-Service group offering vIBANs, pooled accounts, fiat rails, FX, digital-asset infrastructure, stablecoins and crypto on/off ramps.The products are high-risk when abused. OpenPayd’s own infrastructure is central to the FinTelegram scam-rail investigation.Titan Acquisition Corp. transactionProposed SPAC transaction designed to bring OpenPayd to Nasdaq under ticker OP, with a proposed pro-forma equity valuation of $1.145 billion.The transaction creates a disclosure test. Investors should receive the full risk story, not only the unicorn-growth narrative.OpenPayd Global Holdings LimitedCayman Islands PubCo structure planned for the post-transaction listed group.The transaction would place the Özerk-controlled OpenPayd group into a U.S. public-market wrapper.Klickl Europe Sp. z o.o.Polish virtual-asset service provider identified by FinTelegram victim files as recipient of funds swept from OpenPayd vIBAN infrastructure.Klickl is a core node in the OpenPayd scam-rail files. Its role should be disclosed if material to OpenPayd’s risk profile.OpenPayd vIBAN / CFTEMTM1 railVictim files reviewed by FinTelegram show deposits into OpenPayd named vIBANs / OpenPayd Malta IBANs using CFTEMTM1, followed by transfers to Klickl Europe.This is the payment-rail evidence. It goes directly to OpenPayd’s controls around vIBANs, high-risk merchants and crypto/on-ramp customers.“Sweep to Primary Account” referencesOpenPayd payment summaries reviewed by FinTelegram show transfers to Klickl Europe with references such as “Sweep to Primary Account.”This suggests structured routing, not random payment noise. OpenPayd and Klickl should explain the full flow and downstream recipients.Fake investment appsVictim material indicates multiple scam frontends, including KXTRA, fake Peel Hunt / Peelhuntaicore, PHFINCORE, FinTechX, BMEBEX, MirrorTrd, SSGM Pro, YHT and others.The app layer suggests scale. The frontends changed; the payment rail appears to have remained stable.Core disclosure issueFounder-risk, Turkish law-enforcement context, OCCRP reporting, OpenPayd vIBAN exposure, Klickl Europe flows and fake investment-app rails.The Form F-4 / proxy materials should address these risks clearly. Nasdaq investors should not receive a sanitized unicorn brochure while victims hold payment files. Conclusion OpenPayd wants Nasdaq to see a unicorn. FinTelegram sees a control-risk file, a Turkish law-enforcement shadow, OCCRP’s Scam Empire context, and victim evidence showing OpenPayd infrastructure in scam payment paths. If the controlling shareholder of a Nasdaq-bound fintech is referenced in apparent Turkish law-enforcement material involving organized-crime, money-laundering and fraud allegations, investors deserve to know. If OpenPayd’s vIBAN infrastructure appeared in Klickl Europe scam rails, investors deserve to know. This is not a reputational footnote. It is a disclosure issue. Whistleblower Call: Help Us Complete The OpenPayd Risk File FinTelegram calls on victims, insiders, former employees, compliance officers, payment specialists, law-enforcement sources, regulators, Titan advisers, auditors, lawyers, and OpenPayd counterparties to come forward. We are especially looking for information and documents relating to: Ozan Özerk and any Turkish law-enforcement, court, police, Interpol, Red Notice or Diffusion-related proceedings; OpenPayd’s planned Titan / Nasdaq transaction and related due-diligence material; internal OpenPayd risk assessments, board papers, investor presentations, legal memoranda or SEC disclosure drafts; OpenPayd vIBANs, especially OpenPayd Malta / CFTEMTM1; customer, merchant or counterparty files involving Klickl Europe Sp. z o.o.; OpenPayd GDPR / DSAR responses and “Summary of payments” files; transaction references such as “Sweep to Primary Account” or “Transfer to Klickl Europe – EUR/Sepa”; fake investment apps, WhatsApp / Telegram groups, adviser scripts and victim onboarding instructions; SAR / STR filings, internal AML alerts, account freezes, account terminations or remediation measures; communications with Titan Acquisition Corp., advisers, auditors, law firms, regulators, or SEC-facing counsel; information on Ozan Özerk-linked entities, including OpenPayd, Ozan, Ozan Elektronik Para, SuperApp, European Merchant Bank, Akce-related structures, and other connected payment or fintech companies. The questions are simple: What did OpenPayd know?What did Titan review?What will Nasdaq investors be told?Where did the victims’ money go? Victims and insiders can submit documents securely via Whistle42. FinTelegram will protect sources, verify material where possible, and redact personal data before publication. Share Information via Whistle42