U.S. crypto exchange Kraken has agreed to acquire Swiss-Jersey tokenization specialist Backed Finance AG, issuer of the fast-growing xStocks line of tokenized equities and ETFs. Media outlets report that the deal is structured as a strategic acquisition to consolidate the issuance, trading, and settlement of tokenized stocks inside Kraken’s infrastructure (Source: coindesk.com). Backed’s xStocks are 1:1-backed tokens representing listed shares like Nvidia, Tesla – and Coinbase (COINx) – issued via a Jersey vehicle under a prospectus approved by the Liechtenstein FMA and framed under Swiss DLT rules (Source: Backed Finance). For Kraken, which now holds a MiCA CASP licence in the EU and multiple licences in the US, UK, Canada and elsewhere, the deal deepens its push into tokenized real-world assets (RWAs) just as the RWA market passes $30+ billion and grows roughly 10x since 2022. Contrary to some social-media spin, this is not a takeover of Coinbase itself but a takeover of the platform that issues tokenized versions of Coinbase and dozens of other stocks. The strategic question for regulators and investors: Are we watching the birth of parallel stock markets inside crypto exchanges – and under which rulebook? Opportunities – Why Kraken Wants Backed Vertical RWA stack: Kraken gains full control over the xStocks pipeline – from issuance and custody to secondary trading – plugging directly into its MiCA-regulated EU custody network and US broker-dealer arm (Source: Kraken Blog). RWA growth tailwind: Tokenized RWAs have crossed roughly $30–35 billion in value, led by private credit and Treasuries, with forecasts into the hundreds of billions or even trillions by the 2030s (Source: investax.io). 24/7 equities exposure: xStocks already offer exposure to 60+ stocks and ETFs, tradable 24/5 on Kraken and 24/7 on-chain, with self-custody and DeFi composability (Source: Kraken Blog). IPO runway: Kraken is widely seen as a pre-IPO candidate; owning a flagship tokenization business strengthens the “regulated infra + RWA” story for public markets (Source: Summit Ventures Partners). Market Impact – Tokenized Equities Go Mainstream Backed Finance has positioned xStocks as “composable tokenized securities” that are freely transferable, DeFi-compatible and multi-chain, with the underlying held by licensed custodians and each token backed 1:1 and redeemable for cash value (Source: Backed Finance). Kraken states that xStocks exceeded $10 billion in combined exchange and on-chain volume within six months of launch – remarkable traction for a 2025 product – and plans to integrate xStocks into its broader product suite, including the Krak money app. Customers may eventually hold and spend tokenized equities like any other balance (Source: Kraken Blog) This acquisition, therefore: Pushes tokenization out of the pilot stage and into a global, multi-jurisdictional platform with millions of users. Blurs the border between “crypto exchange” and “multi-asset brokerage plus RWA venue.” Raises the competitive stakes for rivals like Coinbase, Binance, Bybit and others that have also announced or tested tokenized equities offerings. investax.io+1 Tokenization of Real-World Assets – Function and Significance What tokenization does technically Representation: A legal structure (often an SPV or structured note) holds the real-world asset – a share, bond, fund unit, or property interest. Digitization: Smart contracts issue tokens that encode the economic and sometimes governance rights linked to that asset. Transfers on-chain correspond to changes in beneficial ownership off-chain. Automation: Corporate actions (dividends, coupons, buybacks), KYC/AML checks, and transfer restrictions can be automated at token level. Why this matters Liquidity & access: Fractional tokens allow smaller tickets and 24/7 global trading, particularly attractive for private credit, Treasuries and real estate – the segments already driving most of the $30B+ RWA market (Source: investax.io). Operational efficiency: Instant settlement and programmable compliance lower back-office costs and settlement risk, aligning with “same risk, same rules” principles regulators repeat in their RWA and DLT guidance. New collateral layer: Tokenized RWAs become plug-and-play collateral in DeFi and institutional repo/credit workflows, especially when paired with regulated stablecoins and tokenized MMFs. But there is a catch: tokenization doesn’t magically upgrade bad products. If the underlying security, governance or valuation is weak, the token becomes a more transparent version of the same risk – not a cure. Regulatory Context – MiCA, Securities Law and the xStocks Puzzle Kraken already positions itself as a heavily licensed player, with E-money and MiCA CASP licences in Ireland, FCA registrations and EMIs in the UK, Canadian restricted dealer status, a Wyoming SPDI, and a US broker-dealer for equities. Backed’s issuer, meanwhile, operates under Swiss DLT law, a Jersey structure approved by the JFSC, and a prospectus vetted by the Liechtenstein FMA, explicitly marketing its tokenized products only to qualified, non-US investors and excluding UK retail. Actionable Takeaways for FinTelegram Readers Institutional readers/investors: Treat tokenized equities as securities with better plumbing, not as “just another crypto token.” Due diligence must cover the entire chain: issuer SPV, custodians, prospectus, and venue licences. Compliance officers: Map xStocks and similar products into your existing securities/derivatives frameworks. Check how MiCA CASP permissions interact with MiFID II, UCITS, and national securities law for any exposure you have via Kraken or DeFi protocols. Regulators & policymakers: The Kraken–backed deal is a live test of “same risk, same rules” in RWA tokenization. Clear guidance on when a crypto venue becomes a de-facto securities exchange is overdue. Share Information via Whistle42

FinTelegram’s compliance review of LuckyWins (www.luckywins.com), a Dama N.V. offshore casino, has uncovered systematic use of deceptive payment processing schemes that disguise crypto purchases as bank deposits. The investigation reveals Kryptonim‘s continued facilitation of illegal gambling transactions despite explicit prohibitions in its terms of service, alongside participation by regulated entities MiFinity, utPay, and open banking providers Contiant and Rapidob/Skrill. The Dama N.V. Context LuckyWins operates under Dama N.V. (Curaçao registration 152125, license OGL/2023/174/0082), a company managing over 80 online casinos targeting EU jurisdictions without appropriate licenses. Dama N.V. entered bankruptcy proceedings in June 2024 following lawsuits from German and Austrian players seeking over €800,000 in unpaid winnings. However, in August 2024, the court ruled that the company was indeed not in a state of insolvency, supported by financial documents and payments to Dama’s business creditors. As a result, the bankruptcy has been overturned. Thus, LuckyWins and other Dama casinos continue operations across EU markets where such unlicensed gambling is prohibited.​ The “Fake Bank Deposit” Mechanism Our deposit testing revealed LuckyWins employs a sophisticated multi-layered payment architecture designed to disguise cryptocurrency purchases as conventional bank transfers: Layer 1: Onramper Aggregation – Deposits labeled as “bank transfer” are routed through Rillpay (Rillpay.co), a Costa Rica-registered crypto wallet infrastructure provider. Rillpay operates as an onramp aggregator similar to Onramper.com, connecting merchants to multiple crypto payment processors.​ Layer 2: VASP Processing – Rillpay directs transactions to Kryptonim sp. z o.o. (KRS 0001017630), the Polish VASP we previously exposed in our Neon54 investigation. This creates a “fake bank deposit” where players believe they’re funding casino accounts directly, but are actually purchasing cryptocurrency that Kryptonim transfers to the casino. Layer 3: Parallel Processing Channels – LuckyWins simultaneously offers deposits via utPay (Utrg UAB, Lithuania), MiFinity (FCA/MFSA-regulated EMI), and open banking through Contiant (powered by Yapily) and Rapidob.com (Skrill’s Rapid Transfer service).​ Read our Neon54 & Kryptonim report here. Critical Compliance Violations Kryptonim’s Contradiction – Kryptonim’s Terms of Service explicitly state: “iGaming and Betting: Using credit cards for online gambling, betting, or any other iGaming activities is strictly prohibited”. Yet our testing confirms systematic processing of LuckyWins deposits, consistent with player reports from our Neon54 investigation.​ Chargeback Circumvention – By converting fiat to crypto before casino crediting, these schemes eliminate players’ chargeback rights and dispute mechanisms available with direct card or bank payments. Players are left with cryptocurrency transactions rather than gambling deposits on their statements.​ Merchant Categorization Fraud – The payment flow deliberately misrepresents transaction nature, likely using false Merchant Category Codes to bypass banking blocks on gambling transactions.​ Open Banking Abuse – Similarweb analysis shows Contiant’s domain (paywith.contiant.com) processes traffic exclusively for casino sites[user report]. Yapily-powered open banking, designed for legitimate merchant payments, is being exploited for illegal gambling facilitation.​ Summary Table: LuckyWins Payment Facilitators EntityJurisdictionRoleRegulatory StatusCompliance FlagDama N.V.CuraçaoCasino OperatorLicense OGL/2023/174/0082Bankrupt June 2024​Rillpay SRLRillpay.coCosta RicaOnramp AggregatorUnregulatedUnknown beneficial ownershipKryptonim sp. z o.o.Kryptonim.comPolandCrypto VASPRDWW-649, FINTRAC M23813101Terms prohibit gambling​utPay (Utrg UAB)LithuaniaCrypto ProcessorEU VASP registrationPreviously flagged​MiFinityUK/MaltaEMIFCA 900090, MFSAOrange compliance list​ContiantUK (Yapily)Open BankingFCA-authorized PISPCasino-exclusive trafficRapidob/SkrillUKOpen BankingSkrill Rapid TransferPaysafe Group subsidiary Call for Information FinTelegram urgently seeks information from players, banking compliance officers, and payment industry insiders regarding: Documentation of LuckyWins or other Dama N.V. casino payment flows Evidence of Kryptonim, Rillpay, or open banking provider involvement in offshore gambling Internal communications regarding compliance with gambling prohibitions Details of chargeback attempts and merchant descriptor analysis Submit information confidentially via our secure Whistle42 system. Share Information via Whistle42

Following FinTelegram’s exposé on Coin Sonic UAB, the operator of illegal offshore casinos SlotsDynamite and SlotsAmigo has quietly replaced its Lithuanian payment facilitator with Yotta Pay, an unlicensed UK entity leveraging Revolut‘s open banking infrastructure. Here is our update on the payment facilitators involved in these offshore casino schemes. FinTelegram’s Impact Confirmed On 30 October 2025, FinTelegram published its compliance report questioning whether Lithuanian VASP Coin Sonic UAB was being misused to facilitate fiat payments for offshore casinos operating illegally in the EU. Following that report, Coin Sonic’s MLRO, Tsimafei Breski, sent a complaint alleging defamation—yet failed to identify any specific inaccuracy. Read the Coin Sonic report here. Our follow-up review on 3 December 2025 confirmed that our reporting has had a direct effect: Coin Sonic UAB d/b/a InstaXchange has apparently terminated its relationship with Coco Loco Holdings N.V., the Curacao-based operator of SlotsDynamite and SlotsAmigo. Player bank transfers are no longer routed to Coin Sonic‘s Banking Circle account. (Screenshot left). New Payment Facilitator: Yotta Pay Coco Loco Holdings N.V. has now engaged Yotta Digital Ltd (trading as Yotta Pay) as its replacement payment facilitator. Yotta Digital Ltd is a UK-registered micro-entity (company number 12195240), incorporated on 9 September 2019 and headquartered in Swansea, Wales. The sole director and person with significant control is Ukrainian citizen Ihor Kononko.​ Yotta Digital Ltd is not authorized by the FCA. A search of the Financial Conduct Authority’s Financial Services Register returns no entry for Yotta Digital Ltd or Yotta Pay. Without FCA authorization as a Payment Institution or Electronic Money Institution, Yotta Pay cannot legally provide payment services to UK or EU consumers.​ Traffic intelligence analysis of YottaPay.co.uk reveals that 100% of outgoing links point to oba.revolut.com—Revolut’s Open Banking subdomain. This suggests Yotta Pay operates as a technical layer routing payments through Revolut‘s open banking API infrastructure, rather than processing transactions under its own regulatory authorization.​ Payment Flow for Illegal Casino Deposits Our review identified the following deposit flow for players at SlotsDynamite and SlotsAmigo: Player initiates bank deposit at the casino Redirected through high-risk gateways such as Omerpayments.com or Zinzipay.com​ Lands on Yotta Pay’s checkout interface (YottaPay.co.uk) Payment routed via Revolut Open Banking to the recipient account This multi-layer routing obscures the ultimate beneficiary and enables unlicensed offshore casinos to accept EU player deposits through seemingly legitimate UK open banking infrastructure. Compliance Concerns Yotta Pay presents significant compliance red flags: No FCA authorization despite facilitating payment services​ Sole Ukrainian director with no disclosed compliance team​ Opaque payment routing through multiple high-risk intermediaries​ Exploitation of Revolut’s Open Banking API for gambling-related transactions​ Revolut should investigate whether its open banking infrastructure is being exploited by unlicensed payment facilitators serving illegal gambling operations. Summary: Payment Facilitator Comparison CategoryOld FacilitatorNew FacilitatorEntityCoin Sonic UAB d/b/a InstaXchangeYotta Digital Ltd d/b/a Yotta PayJurisdictionLithuaniaUnited Kingdom (Wales)RegistrationCompany code 306200594Company number 12195240DirectorGeorge AdamidesIhor Kononko (Ukrainian)Regulatory StatusVASP (not licensed for fiat payments)Not FCA-authorizedBank AccountBanking Circle Germany (DE73202208000056199298)Via Revolut Open BankingPayment RoutingVia InstantBankPayment.com / YapilyVia Omerpayments.com / Zinzipay.comCasino ClientsSlotsDynamite, SlotsAmigoSlotsDynamite, SlotsAmigo Call for Information FinTelegram invites players, insiders, and whistleblowers with knowledge of Yotta Pay, Coin Sonic, Coco Loco Holdings N.V., or related payment schemes to come forward. Information on payment flows, transaction records, corporate relationships, or compliance failures can be submitted confidentially via our whistleblower platform Whistle42. Share Informatin via Whistle42 Your information helps protect consumers and expose illegal gambling operations exploiting European payment infrastructure.

A FinTelegram Analysis of the Austrian FMA’s Rapid CASP Authorisations and What It Means for EU Crypto Regulation Executive Summary Austria’s Financial Market Authority (FMA) is aggressively positioning Vienna as a gateway to the European crypto market. With six MiCA-licensed crypto-asset service providers (CASPs)—including two exchanges with substantial regulatory baggage—the FMA has emerged as one of the EU’s most prolific MiCA licensing authorities. However, this regulatory sprint raises serious questions: Is Vienna on track to become the new “Cyprus of crypto,” or does the FMA possess the capacity to supervise globally active exchanges with histories of enforcement actions? The Austrian MiCA Licence Roster The FMA has issued MiCA authorisations to six CASPs as of December 2025[web: 95][web: 101][web: 202]: CompanyLicence DateHQ/OriginNotable IssuesBitpandaApril 2025Austria (domestic)Clean record; long-standing FMA relationshipBybit EU GmbHMay 2025Dubai/Singapore$1.5B hack (Feb 2025); DNB €2.25M fine; Russian user exposure (~20–27% of traffic)AMINA (Austria) AGOct 2025Switzerland (Amina Bank group)Regulated banking groupCryptonow GmbHOct 2025SwitzerlandFirst Swiss firm to receive Austrian MiCA licenceFIOR Digital GmbHNov 2025AustriaDomestic fintechKuCoin EU Exchange GmbHNov 2025Seychelles/Hong Kong$297M DOJ settlement (Jan 2025); Seychelles FSA rejection; founders departed Of these six licensees, only Bitpanda and FIOR Digital are genuinely Austrian companies. The remainder are foreign platforms—including two (Bybit and KuCoin) with significant enforcement histories—that have chosen Vienna as their EU regulatory gateway. The EU MiCA Licence Landscape: Is Vienna Leading? No—but Austria punches above its weight. The latest data shows Germany and the Netherlands lead in absolute CASP licence numbers: JurisdictionCASP LicencesNotable FeaturesGermany (BaFin)~12–18Largest market; established fintech hubNetherlands (AFM)~9–14Strict AML regime; early MiCA implementerMalta (MFSA)~5ESMA criticism for inadequate authorisation processesFrance (AMF)~3–6Threatening to block passported licencesAustria (FMA)6Includes KuCoin, BybitCyprus (CySEC)~2–3Revolut recently licensed Austria’s six licences place it alongside Malta and ahead of Cyprus—but the composition of those licences is the issue. While Germany and the Netherlands have licensed primarily domestic or established players, Austria has become a favoured destination for offshore exchanges seeking EU access. The Cyprus and Malta Comparison: Warning Signs The FMA’s licensing trajectory draws uncomfortable parallels to two jurisdictions with troubled crypto regulatory histories: Malta: ESMA’s July 2025 peer review criticised the MFSA for granting licences without adequately assessing material risks, including governance, conflicts of interest, and AML/CFT control. The review found Malta’s authorisation processes only “partially” met expectations. Malta has since pushed back against proposals to centralise CASP supervision at ESMA level. Cyprus: CySEC was the regulator of choice for binary options brokers during the 2010s “Cyprus era,” a period marked by widespread retail investor harm and eventual regulatory crackdowns. While CySEC has since tightened standards, Cyprus has been slower to issue MiCA licences, with Revolut obtaining approval only in October 2025. Austria’s risk: By authorising exchanges like KuCoin (convicted in the US) and Bybit (hacked for $1.5 billion, significant Russian exposure), the FMA is inviting comparisons to Malta’s permissive licensing approach—and to Cyprus’s historical role as a regulatory “light-touch” jurisdiction for questionable financial services firms. Internal and External Criticism Remarkably, the FMA itself—alongside France’s AMF and Italy’s CONSOB—has co-authored a position paper calling for strengthened MiCA supervision. The September 2025 joint statement warned: MiCA’s application is “fragmented across jurisdictions” National authorities cannot require cybersecurity certification at the authorisation stage The location of large CASPs outside the EU “weakens the reach of European regulation” Supervisory convergence “quickly reaches its limits” The three regulators proposed direct ESMA supervision of significant CASPs—a tacit admission that national authorities may lack the resources and extraterritorial reach to supervise globally active exchanges. France’s AMF has gone further, warning it may refuse to honour MiCA passports from other jurisdictions—a threat that would undermine the entire single-market framework. Verdict: Is Vienna the MiCA Hub? Partially—but for the wrong reasons. Vienna is not the EU’s largest MiCA licensing centre (that honour goes to Germany and the Netherlands), but it has become disproportionately attractive to offshore exchanges with regulatory baggage. The FMA’s willingness to license KuCoin—ten months after a $297 million US guilty plea—and Bybit—months after a $1.5 billion hack attributed to North Korean state actors—raises legitimate questions about the depth of due diligence applied. The FMA may not yet be “the new CySEC,” but its trajectory deserves scrutiny. If the Austrian regulator continues to authorise exchanges that other jurisdictions have fined, rejected, or placed on warning lists, Vienna risks becoming a regulatory arbitrage destination—precisely the outcome MiCA was designed to prevent. For lawyers and compliance professionals advising crypto firms, Austria offers speed and accessibility. For regulators concerned about investor protection and systemic risk, the FMA’s licensing record warrants close monitoring. Share Information via Whistle42

Viennese lawyer Oliver Stauber is now CEO of KuCoin EU and one of the central figures of Austria’s emerging “MiCA hub.” A long-time crypto lawyer, former Chief Legal Officer of Bitpanda, FinTech adviser to the Austrian government and vice president of the Digital Assets Association Austria (DAAA), he sits exactly at the intersection of politics, regulation and high-risk exchanges like KuCoin. Key Facts Name: Oliver Stauber Current role: CEO, KuCoin EU Exchange GmbH (Vienna) (Source: LinkedIn). Background: Attorney at Stadler Völkel; former CLO & MD at Bitpanda; board roles at Blocktrade and other token projects Stadler & Partner, Brutkasten). Policy roles: Member of the former FinTech-Beirat at the Federal Ministry of Finance; founding board member and now VP of DAAA Other functions: Founder and chairman of vidaflex, an ÖGB-backed initiative for self-employed workers (Source: Vidaflex). Read our KuCoin Compliance Report 2025 here. Narrative Profile Stauber is well-connected with the Austrian Social-democratic party. He built his reputation in Vienna as an early “crypto lawyer” with Stadler Völkel, focusing on ICOs, tokenisation and capital-markets regulation (Source: Stadler & Partner). In 2020 he switched from advisor to operator by joining Bitpanda as Chief Legal Officer, shaping the legal and compliance architecture of Austria’s best-known crypto unicorn and representing it at conferences and policy panels (Source: brutkasten). Alongside his corporate roles, Stauber positioned himself as a bridge between startups, regulators and labour interests: he co-founded the DAAA to lobby on digital-asset regulation and created vidaflex with trade union ÖGB as a service platform for one-person businesses (Sources: Extrajournal, DAAA, Brutkasten) Regulatory / MiCA Footprint Through the Finance Ministry’s FinTech advisory board and DAAA, Stauber has been involved in consultations around EU financial-market rules, including the rollout of MiCA and related regimes (MiFID, DORA, GDPR) as they hit the crypto sector (Source: Arena Digitale). Public statements emphasise “constructive dialogue” with supervisors like the FMA and the need to turn Europe’s rulebook into a functioning market (Source: LinkedIn). Importance for KuCoin & the “Austrian MiCA Hub” For KuCoin – a group with a heavy enforcement history in the U.S., Canada and multiple EU states – Stauber is strategically central. As CEO of KuCoin EU and managing director of the Austrian entities, he is the face that connects a controversial global exchange to Vienna’s regulator-friendly narrative of a “secure, MiCA-compliant” hub (Source: KuCoin, CryptoRank). His network spans Bitpanda alumni, DAAA board members, Austrian policy circles and European crypto projects, making him a key gatekeeper for how KuCoin positions itself toward regulators, institutions and the local ecosystem. Call for Information FinTelegram invites insiders, former colleagues, regulators and industry partners to share additional information on Oliver Stauber’s role in KuCoin’s MiCA application, his interactions with the FMA, and his wider influence on Austrian crypto policy. Information can be provided confidentially via Whistle42. Share Information via Whistle42

Seychelles-born, Hong Kong-owned, U.S.–sanctioned KuCoin has just won one of Europe’s most coveted trophies: a MiCA crypto-asset service provider (CASP) licence from Austria’s FMA via KuCoin EU Exchange GmbH. This licence gives KuCoin passported access to (almost) the entire EEA – despite a fresh U.S. criminal guilty plea for unlicensed money transmission and serious AML failures, a record fine in Canada, and a history of red-flag regulator warnings worldwide (Sources: KuCoin, Reuters, Reuters). The “Austrianization” of KuCoin raises uncomfortable questions about MiCA’s fit-and-proper tests, the FMA’s risk appetite, and whether Vienna is becoming the rehab clinic for high-risk global crypto exchanges. 1. The Setup: MiCA Passport, Austrian Gateway At the end of November 2025, KuCoin EU Exchange GmbH announced that it had obtained a Markets in Crypto-Assets (MiCA) licence from the Austrian FMA. The licence allows KuCoin EU to offer MiCA-regulated services across 29 EEA countries (Malta excluded) via passporting (Source: Coindesk). Austria is positioning itself aggressively as a MiCA hub. Alongside KuCoin, the FMA has now authorised Bitpanda, Bybit EU GmbH, AMINA (Austria) AG, Cryptonow and FIOR Digital as CASPs under MiCA (Source: LinkedIn). Only Bitpanda is genuinely Austrian; the others (including KuCoin) are foreign groups using Vienna as their EU beachhead. Under MiCA, NCAs like the FMA must assess the “good repute” of CASP management and qualifying shareholders, including the absence of serious AML/CTF penalties, and ensure robust governance, capital and client-asset safeguards (Source: ESMA, A&O Sherman). Against this backdrop, KuCoin’s licence looks anything but routine. Download the full KuCoin Compliance Report 2025 here. 2. The Austrian KuCoin Cluster: People & Structure 2.1 Corporate structure in Austria According to Austrian company records and press releases, KuCoin has quietly built a mini-conglomerate in Vienna (Source: Northdata): Coper Frontier Tech Holding Limited (Hong Kong) Private company limited by shares, incorporated 29 May 2024 in Hong Kong (Source: Companies Register) Acts as 100% shareholder of KuCoin EU Holding GmbH, Vienna (Source: Companies Register). Role: Austrian holding company. Shareholder: Coper Frontier Tech Holding Ltd (Hong Kong). Managing directors: Oliver Peter Stauber, Bochong (BC) Wang. Subsidiaries of KuCoin EU Holding GmbH (all Vienna): KuCoin EU Exchange GmbH – the MiCA-licensed CASP and European trading platform. KuCoin EU Financial Services GmbH – described as providing “financial services,” likely B2B or ancillary activities. KuCoin EU Payment Services GmbH – designed for payment-related services in the group. KuCoin EU Capital Markets GmbH – corporate object explicitly includes “Ausgabe von Finanzderivaten” (issuance of financial derivatives), indicating ambitions beyond spot trading. This is a fully-fledged European platform structure, not a minimal branch. It is built in just a few months (most entities founded or renamed in November 2025), clearly tailored for MiCA and possibly future MiFID-style activities. 2.2 Key people From Austrian registers and KuCoin’s own communications: Oliver Stauber – CEO of KuCoin EU; managing director of KuCoin EU Holding and several subsidiaries; Austrian lawyer, previously at Bitpanda and active in local crypto industry associations. Christian Niedermüller – COO of KuCoin EU. Christian Derler – Chief Compliance Officer (CCO) and managing director of KuCoin EU Capital Markets GmbH. Tamara Rubey – General Counsel and managing director of KuCoin EU Payment Services GmbH. Bochong (“BC”) Wang – CEO of the global KuCoin operator Peken Global Limited and managing director of KuCoin EU Holding GmbH. He signed the U.S. criminal plea on behalf of KuCoin’s Seychelles entity. Whale Hunting+1 In other words: the same top executive who admitted U.S. felony-level AML failures for KuCoin now co-controls the Austrian holding that owns the MiCA-licensed EU platform. The ultimate beneficial owners behind Coper Frontier Tech Holding Limited are not publicly disclosed in the open Hong Kong registry sources used here, meaning EU investors and counterparties cannot easily verify who ultimately controls the Austrian KuCoin cluster. 996co.com+1 3. KuCoin’s Track Record: Warnings, Charges, Guilty Pleas 3.1 Global regulatory warnings KuCoin has long been on regulators’ radar: Spain – CNMV issued a public warning in 2022 against KuCoin (Mek Global Limited / kucoin.com) for operating without registration (Source: CNMV) Netherlands – DNB warned in 2022 that KuCoin was operating without mandatory AML registration and “illegally offering services” (Source: Wikipedia) UK – FCA added KuCoin/kucoin.com to its warning list of unauthorised firms in October 2023 (Source: FCA). Canada – OSC (Ontario Securities Commission) warned investors that KuCoin and related entities were not registered to trade securities (Source: TheBlock). FinTelegram has previously summarised these warnings and KuCoin’s poor Trustpilot ratings in earlier reports. Read our KuCoin reports here. 3.2 U.S. criminal case & CFTC action In March 2024, the U.S. Department of Justice (SDNY) unsealed an indictment against KuCoin and founders Chun Gan and Ke Tang for conspiracy to violate the Bank Secrecy Act and operate an unlicensed money transmitting business (Source: US DOJ). Parallelly, the CFTC filed a civil complaint alleging KuCoin (Source: CFTC): ran an unregistered futures commission merchant, offered off-exchange leveraged crypto transactions and swaps to U.S. retail, failed to implement an effective Customer Identification Program (CIP) and AML measures, allowed up to 50% of customers to be U.S. residents despite geoblocking claims. 3.3 Guilty plea and $297m settlement On 27 January 2025, KuCoin’s Seychelles entity Peken Global Limited pleaded guilty in SDNY to operating an unlicensed money transmitting business and agreed to pay over $297m in fines and forfeiture. Prosecutors highlighted that KuCoin: failed to implement KYC and AML controls, did not file suspicious activity reports, facilitated billions of dollars in suspicious transactions linked to darknet markets, ransomware, and fraud, earned at least $184.5m in fees from U.S. users alone. As part of the plea, KuCoin must exit the U.S. market for at least two years, and founders Gan and Tang entered deferred prosecution agreements and stepped away from management (Source: Reuters). The plea agreement names Bochong Wang as the CEO authorised to bind Peken Global to the guilty plea – the same Wang who is now a managing director of KuCoin’s Austrian holding company. Whale Hunting+1 3.4 Canadian AML penalty In September 2025, Canada’s AML agency FINTRAC imposed a C$19.6m penalty on Peken Global Limited, the KuCoin operator, for failing to report suspicious transactions and large virtual currency receipts, describing this as its largest fine to date – before an even larger penalty against another crypto dealer in October. KuCoin has reportedly appealed the FINTRAC decision. 4. MiCA vs. KuCoin: Fit & Proper or Regulatory Arbitrage? MiCA’s CASP regime is explicit: NCAs must assess the good repute of management and qualifying shareholders, including absence of serious penalties for AML/CTF and fraud, and ensure sound governance, capital and client-asset protections (Source: Ramparts). Yet Austria has now authorised, as a MiCA CASP: a group whose core operating entity (Peken Global) has just pleaded guilty in the U.S. to unlicensed money transmission and systemic AML failures, whose CEO, Bochong Wang, personally signed that plea and simultaneously manages the Austrian holding, whose operator has been hit with a record AML fine in Canada, which has accumulated a long list of regulatory warnings across major jurisdictions. At the same time, EU regulators are openly worried about a “race to the bottom” in MiCA licensing. Reuters reported that some large crypto companies were poised to obtain EU-wide licences amid concerns that certain NCAs are too lenient; France has even floated the idea of blocking passporting for firms approved in “soft” jurisdictions (Source: Reuters). Against this backdrop, KuCoin’s Austrian MiCA licence looks less like a triumph of “trust and compliance” and more like a test case for regulatory arbitrage: Reputation & conduct risk – A MiCA-licensed CASP with fresh U.S. felony-level AML failings and Canadian AML penalties is, by definition, a high-risk counterparty. The FMA must have concluded that its remediation and new EU governance outweigh the history – a judgement that deserves scrutiny. Fit & proper of key managers – Even if Wang is not personally convicted, MiCA and ESMA guidance push NCAs to evaluate collective responsibility and track record of management. Putting the CEO of the guilty entity at the top of the EU holding raises serious questions about the practical application of “good repute”. Opaque ultimate ownership – With Coper Frontier Tech Holding Ltd as a recently-incorporated Hong Kong shareholder and no easily discoverable beneficial ownership data, MiCA supervisors must rely heavily on confidential filings. From an external perspective, UBO transparency remains poor. Group complexity & risk migration – The additional Austrian entities for financial services, payment services and capital markets indicate a platform strategy that could extend into derivatives and structured products. Given KuCoin’s U.S. history with unregistered derivatives, this is a segment where EU NCAs cannot afford a repeat of the “offshore shadow-exchange” model under a MiCA label. MiCA as a badge – or smokescreen? – KuCoin’s blog and PR materials lean heavily on MiCA as evidence of “top-tier compliance” and “trust architecture,” listing SOC2/ISO certifications and PoR audits. But certifications and buzzwords do not erase years of documented AML lapses; they simply make it easier to market a high-risk exchange to EU retail. For Austria, the reputational question is straightforward: Is the FMA building a European compliance fortress – or a comfortable harbour for globally challenged exchanges looking for a second chance? 5. Summary Table – KuCoin Group & Austrian Structure Brand / DomainLegal Entity (key)Role / FunctionKey People (selected)JurisdictionRegulatory / Enforcement NotesKuCoin / kucoin.comPeken Global Ltd (operator), plus Mek Global Ltd, PhoenixFin Pte Ltd, Flashdot Ltd cftc.gov+1Global exchange, spot & derivativesFounders Chun Gan, Ke Tang; CEO Bochong (BC) WangSeychelles, Singapore, etc.U.S. DOJ indictment (BSA & unlicensed MSB); CFTC complaint (unregistered FCM, AML failures); U.S. guilty plea & $297m penalty; U.S. market exit ≥2 years. KuCoin EUKuCoin EU Exchange GmbHMiCA-licensed CASP (EU trading & custody)Oliver Stauber (CEO), Christian Niedermüller (COO), Christian Derler (CCO)Lim Shu Ting AustriaMiCA licence from FMA; passporting across 29 EEA states (ex Malta). –KuCoin EU Holding GmbHAustrian holding for all EU subsOliver Stauber, BC Wang (MDs)Austria100% owned by Coper Frontier Tech Holding Ltd (Hong Kong). –KuCoin EU Financial Services GmbHFinancial / ancillary servicesMD: Oliver StauberAustriaNewly structured in late 2025; potential B2B and structured offerings. –KuCoin EU Payment Services GmbHPayments and fiat on/off-ramp servicesMD: Tamara Rubey (GC of KuCoin EU)AustriaPotentially subject to PSD2-like oversight if applying for payment licence in future. –KuCoin EU Capital Markets GmbHDerivatives / capital markets (“Ausgabe von Finanzderivaten”)MDs: Oliver Stauber, Christian DerlerAustriaSuggests ambitions to issue or distribute structured crypto-linked products in EU. Coper Frientier Tech Holding Coper Frientier Tech Holding LtdParent company of KuCoin EU Holding GmbH–Hong KongUltimate Beneficial Owners (UBOs) unknown 6. Conclusion & Call for Information (Whistle42) From a MiCA perspective, KuCoin EU’s Austrian licence is a stress test: Can a CASP whose core operator just pleaded guilty in the U.S. and was fined in Canada credibly pass Europe’s fit-and-proper and good-repute tests within months? Does the use of a fresh Hong Kong holding company as shareholder, combined with a large Austrian entity cluster, increase transparency – or obscure accountability? And what exactly convinced the FMA that KuCoin’s remediation is sufficient to protect EU retail and professional clients from a repeat of its U.S.-style AML failures? FinTelegram will continue to map KuCoin’s global corporate ecosystem and its interactions with regulators worldwide. Call for Information: We explicitly invite insiders, current or former employees, compliance officers, partners, and affected clients of KuCoin, KuCoin EU, Coper Frontier Tech Holding Ltd, or any related payment/derivatives entities to share information with us. If you have documents, internal communications, or first-hand knowledge about: KuCoin’s AML/KYC practices and remediation programmes, the true beneficial owners behind Coper Frontier Tech Holding Limited, the planned activities of KuCoin EU Financial Services, Payment Services, or Capital Markets GmbH, or the internal process behind obtaining the MiCA licence in Austria, please contact FinTelegram confidentially via our whistleblower platform, Whistle42. Share Information via Whistle42 Your information can help regulators, law-abiding market participants, and investors understand whether MiCA is truly raising the bar – or simply putting a new label on old risks.

A FinTelegram whistleblower describes how the alleged “fund recovery” specialist Nexora.Finance and individuals claiming to act from the “Payback finance department” turned an existing bank-fraud victim into a serial target: more than €28,000 in new losses, double payments “because of blockchain errors,” and crypto routed via an Austrian P2P dealer. Regulators and law enforcement already flag both names or their networks – yet the machinery keeps running. Key Facts At A Glance Whistleblower loss to Nexora.Finance: >€20,000 in “upfront fees” for promised recovery of funds lost in a German/Netherlands bank scam; pressured to repeat the same transfer due to alleged “technical issues with XRP and ETF crypto.” Whistleblower loss to Payback side: €8,511 to individuals identifying themselves as “Jordan Mitchell” and “Steve” from the “Payback.finance department”; money routed via Austrian P2P crypto dealer Hans Klemen with the classic “send the same amount again to unlock your crypto” pressure tactic. CSSF warning: Luxembourg regulator CSSF explicitly warns about fraudulent activities by unknown persons misusing the name of Nexora SARL-S, via website www.nexora.finance, and stresses that the real Nexora SARL-S is not involved (Source: CSSF). Global law-enforcement focus on PayBack network: The FBI has seized web domains of Payback LTD as part of a cryptocurrency recovery fraud investigation, describing a pattern of high promises, upfront fees, and no real recovery (Source: Federal Bureau of Investigation). Regulatory & watchdog alerts: Multiple regulators (FCA, BaFin, ASIC) and NGOs like EFRI and FinTelegram have warned that PayBack-branded “recovery services” and clones target fraud victims with new scams (Sources: FinTelegram, FCA, BaFin, ASIC). 1. What the Whistleblower Describes – A Classic Recovery-Scam Pattern According to the victim, the story begins with a bank scam in Germany and the Netherlands in July 2024, resulting in a loss of around €50,000. In the aftermath, the victim is contacted by Nexora.Finance and later by people claiming to act for “Payback.finance.” Phase 1 – Nexora.Finance: Nexora promises to recover the bank-scam losses. The victim pays over €20,000 up front. When crypto transfers allegedly run into “technical XRP and ETF blockchain issues,” Nexora demands the same transfer again, claiming this is needed to complete or “unlock” the recovery. The “recovered funds” are presented as even higher than the original loss, allegedly because the original scammers had “invested and grown” the funds – a classic psychological hook to keep the victim paying. Phase 2 – Payback side & Austrian P2P dealer: The victim is told that recovered funds are now sitting in an Exodus wallet. Two individuals, “Jordan Mitchell” and “Steve,” present themselves as part of a “Payback.finance Department” and instruct the victim to send €8,511 to an Austrian P2P crypto dealer, Hans Klemen. When the transfer is “rejected” in Exodus, the victim is told to repeat the exact same payment to unlock the funds on the blockchain – another very typical “double payment to unlock” trick. At this point, the victim finally cuts contact. Everything about this sequence – upfront fees, technical excuses, doubling payments, routing money via third-party crypto dealers – matches what regulators and law enforcement describe as recovery fraud. 2. Nexora.Finance – Identity Theft & Recovery Pitch On its website, Nexora.Finance presents itself as a polished “non-bank financial service” offering crypto-recovery and payment resolution with glowing testimonials and claims of “cutting-edge technology” to recover lost crypto (Source: nexora.finance) But Luxembourg’s CSSF pulls the emergency brake: The CSSF explicitly labels the operation as “fraudulent activities by persons misusing the name of Nexora SARL-S.” It identifies www.nexora.finance as the website used, with an alleged office at 37A, Avenue Kennedy, Luxembourg, and clarifies that the real Nexora SARL-S, based at 466, Route de Longwy, has nothing to do with these activities. There is also a NEXORA FINANCE LIMITED registered in the UK (Wakefield address), but there is no public evidence linking this UK company to the website or to the Luxembourg identity theft – adding to the confusion for victims (Source: UK Companies House). Additional red flags: Public Q&A platforms show people asking whether Nexora Finance is legitimate after cold approaches about “recovering your scam losses,” indicating pro-active targeting of victims (Source: JustAnswer). Trustpilot pages show a mix of reviews, including negative reports describing Nexora as a scam and complaining about upfront fees, with little or no visible engagement from the company (Source: uk.trustpilot). In FinTelegram’s view, any operation trading under Nexora.Finance and pitching “fund recovery” must be treated as a high-risk recovery scam, especially given the CSSF’s explicit language and the whistleblower’s loss scenario. 3. PayBack – From “Fund Recovery” Brand to Law-Enforcement Target The PayBack brand (Payback.com, Payback Ltd, various “Payback-recovery” domains and clones) presents itself as a global scam-recovery specialist. Its websites sell “investigation reports” and “crypto tracing reports,” stating that they “do not engage in financial services” and charge case-based fees (Source: Payback, Payback) However, regulators and law enforcement tell a different story: The FBI San Diego office seized domains of Payback LTD, MyChargeBack, and Claim Justice in a cryptocurrency recovery fraud investigation, stating that these companies charged significant upfront fees and commissions while having no real record of successfully recovering funds. ASIC and MoneySmart warn about payback-recovery.com impersonating regulators with fake documents and offering money-recovery services to scam victims. The FCA and BaFin flag PayBack LTD / Money Back Ltd as part of a clone-firm setup that preys on victims of investment fraud. The European Funds Recovery Initiative (EFRI) explicitly urges victims to “strictly avoid recovery scammers especially Payback Ltd,” documenting a long pattern of complaints from victims. FinTelegram has already published a detailed warning about the PayBack fund recovery scam, including references to directors and beneficial owners and to unlicensed activities in multiple jurisdictions. Against this background, any contact from people claiming to act for “Payback” or a “Payback finance department” should ring alarm bells, particularly when they ask for upfront crypto payments via P2P dealers – exactly what our whistleblower describes. 4. The Nexora–PayBack Connection: A Serial-Victim Business Model The whistleblower’s case suggests an operational link or at least a coordinated flow between Nexora.Finance and individuals claiming to be Payback staff: Nexora first monetises the original bank fraud by charging a large upfront “recovery” fee (>€20,000). Funds allegedly recovered are shown as crypto in an Exodus wallet, creating the illusion of success. Payback-branded actors then step in to “help release” these crypto funds – but only if the victim sends fresh money via a local P2P crypto dealer (Austria), with the classic “repeat the identical transaction to unlock the blockchain” lie. From a compliance perspective, this model: Recycles victims from one scam to the next (“double or triple victimisation”). Uses opaque third-party P2P dealers and bank accounts – typical layering behaviour from an AML point of view. Leverages recovery-industry branding (“crypto tracing,” “investigation report”) to create a veneer of legitimacy. The question practically asks itself: How many more victims are being circulated through this Nexora–PayBack pipeline right now? FinTelegram Warning & Call for Information FinTelegram strongly warns consumers and investors NOT to engage with Nexora.Finance or any PayBack-branded recovery offer that demands upfront payments, crypto transfers, or repeat “unlock” payments. If you have already paid such entities, do not send further money, keep all documents, emails, WhatsApp chats, and payment receipts. File complaints with your local police, financial regulator, and – where relevant – reference the CSSF warning on Nexora and the FBI/ASIC/FCA/BaFin actions on PayBack-type schemes. Call to victims & insidersFinTelegram is investigating the global network behind Nexora.Finance, PayBack LTD, and connected P2P dealers. If you: have worked for these entities, processed payments for them, or have been approached or harmed by similar “fund recovery” offers, please share your information, documents, and screenshots confidentially via our whistleblower platform Whistle42. Your evidence can help expose this network and protect countless other victims from being scammed a second and third time. Share Information via Whistle42

Russian entrepreneur Vladimir Gorbunov presents himself as a visionary “cryptofounder.” In reality, he sits at the center of a complex cluster of brands and entities – Crypterium, Choise.com / Choise.ai, vbanq, Vault.ist and related offshore companies – that has left thousands of users with heavy losses, locked funds, and unanswered questions. Public records, marketing materials, and liquidation documents show that the same small group of founders and entities keeps reappearing as projects are rebranded or wound down and relaunched under new names. This continuity of people and infrastructure, combined with opaque ownership and cross-border structures, calls for intense regulatory scrutiny and insider testimony. Introduction Gorbunov’s own LinkedIn and public interviews paint a clear timeline (Source: LinkedIn): 2017: Launch of Crypterium AS in Estonia and the CRPT ICO, raising tens of millions of dollars for a “cryptobank for cryptopeople.”​ 2022: Rebrand to Choise.com / Choise.ai – explicitly described by Gorbunov as “the next step in the development of Crypterium,” built on the same infrastructure and tokenomics.​ 2023+: Launch of Vault.ist and vbanq as “cryptobanking white‑label and API solutions,” which Gorbunov openly states are fully built on top of the Choise/Crypterium infrastructure.​ In his own words, Vault is “one of the leading digital/crypto banking companies worldwide,” and its infrastructure “is fully built on the foundation of Choise.com’s infrastructure,” into which he claims to have invested tens of millions (Source: TradingView) That means the same technology stack, the same “crypto‑fiat banking” logic, and many of the same people – just wrapped in new brands.​ Read our Crypterium report here. Yet while Gorbunov boasts of more than $35–60 million invested and “over $1 billion” in project capitalization at the beginning of 2022, CRPT and CHO token holders have seen their investments implode by over 99%, and Choise’s EU VASP entity is now in liquidation. So the question practically asks itself: whose capitalization was being built – and at whose expense? Key Facts Table ItemDetailsNameVladimir GorbunovNationalityRussian (as described in multiple project materials and interviews) Choise.com+1Social MediaLinkedInKnown rolesCo-founder of Crypterium; CEO & Founder of Choise.com; driving force behind rebrand from Crypterium to Choise.com; key founder figure in wider Choise / Choise.ai / Vault.ist / vbanq infrastructure. Earlier venturesCo-founded PayQR (PayQR.ru), a Russian-Cyprus-based contactless payments company, and several other fintech projects. PartnersGleb Markov (LinkedIn)Slava Semenchuk (LinkedIn)Kimm Austin (LinkedIn)Andrey Diyakonov (LinkedIn)ICO / token historyCore founder behind the Crypterium ICO (CRPT token) and later CHO token for Choise.com. Current ecosystemLinked by public sources and critics to Choise.com / Choise.ai, vbanq and Vault.ist – a white-label “crypto-friendly banking” and “Digital Banking-as-a-Service” stack. ControversiesUsers and commentators report locked funds, heavy losses and a problematic liquidation process at Choise.com; some label the projects as “scams.” Regulatory status (key entity)Lithuanian operating entity UAB Choise Services is formally under liquidation. Read our vbanq / Vault report here. Narrative Profile – From “Cryptobank” Pioneer to Serial Rebrander Gorbunov entered the public crypto stage as one of the founders of Crypterium, a 2017 “cryptobank” ICO that promised card-based spending of cryptocurrencies and seamless payments. KPMG’s Fintech100 list and independent reports name him among Crypterium’s key people, alongside Gleb Markov, Austin Kimm, and others (Source: KPMG). In June 2022, he personally announced the rebranding of Crypterium to Choise.com, calling it “the next step in Crypterium’s evolution” and promising a MetaFi ecosystem that would blend CeFi and DeFi and open “new ways to earn more” (Source: Choise.com). Choise.com rolled out interest-bearing accounts, yield products, NFTs and a CHO token, heavily marketed as the natural continuation of the Crypterium story (Source: Choise.com). At the same time, Gorbunov cultivated a media persona as a seasoned fintech innovator with “projects exceeding $1 billion in capitalization,” giving podcasts and interviews on proof-of-reserves and risk management (Source: Spotify for Creators). Fast-forward to 2024–2025: The Lithuanian operating company UAB Choise Services is now in liquidation, with an official status of “Under Liquidation” in the Lithuanian registry (Source: Okredo.com). Users on LinkedIn and Trustpilot complain that funds have been locked for months, settlements are slow, and losses are massive, even as the group insists the process complies with Lithuanian law. Critics on social media explicitly describe Crypterium/Choise tokens and NFTs as “scamcoins”, singling out Gorbunov and his close associates by name – allegations he and the companies dispute. While the liquidation plays out, new brands have surged to the foreground: Choise.ai, presented as an AI-driven RWA and crypto-fiat infrastructure. fintelegram.com+1 Vault.ist / vbanq, marketed as “Digital Banking-as-a-Service” and a “crypto-friendly banking platform,” offering white-label cards, accounts and digital-asset services for partners. Public profiles and corporate registry summaries now describe Gorbunov as founder of Choise.com and Crypterium and founder at Vault.ist – the same crypto-banking vision re-exported as infrastructure for other brands. THE ORG+2Gate.com+2 A natural question follows:Is this a story of continuous innovation – or of a troubled scheme constantly changing skins as user losses crystallize and regulators close in? Regulatory / Legal Notes The projects associated with Gorbunov have, at times, highlighted EU licensing and PCI/ISO certifications for Choise.com, presenting it as a “licensed, fully regulated financial institution in the EU.” However, the core Lithuanian entity is now being wound down, while the higher-profile brands migrate to AI, RWA and BaaS narratives under different entities in the UAE, Czech Republic and other jurisdictions (Source: Lithuanian Company Register). Publicly available terms of use for Choise.com reserve the right not to return assets used as collateral or for income generation in the event of bankruptcy or liquidation, a clause that may shock retail users who believed they were dealing with a “regulated, insured” platform. To date, there is no public record of a criminal conviction against Vladimir Gorbunov in relation to these projects. But the combination of ICO-era capital raising, complex cross-border company structures, high-risk yield products, and now a contentious liquidation inevitably raises red flags for regulators, banks, and law-enforcement agencies. Analysis – Patterns That Demand Answers From a compliance and investor-protection perspective, several patterns around Gorbunov’s ecosystem stand out and demand further investigation: Serial Rebranding with Continuity of Control Crypterium → Choise.com → Choise.ai and the shift towards Vault.ist / vbanq all feature similar promises (crypto banking, cards, yields) and overlapping leadership, with Gorbunov repeatedly presented as founder/CEO or strategic mastermind. Each cycle brings new branding and buzzwords (cryptobank, MetaFi, AI, BaaS) while legacy users struggle to recover funds. Jurisdictional Arbitrage & Offshore Anchors The ecosystem touches Estonia, Lithuania, Cyprus, the UAE, Czech Republic, Delaware, and offshore hubs, often via opaque companies and MSB/VASP registrations that are hard for retail users to interpret. Asymmetry Between Marketing Claims & Legal Reality Marketing talks about “regulated, insured, safe, fully compliant” platforms. Liquidation documents and ToS clauses, by contrast, stress that certain assets may not be returned and that recovery is subject to complex legal processes and cut-off dates. Investor & User Outcomes vs. Founder Narratives While founders tout billion-dollar project valuations and innovation awards, many token holders and wallet users face near-total losses and months-long waits. These are not technicalities. They go to the heart of the question: Has Gorbunov’s “cryptobank” vision primarily served users – or has it systematically transferred risk and loss to them while the corporate shell keeps mutating? Call for Information – Whistle42 FinTelegram considers Vladimir Gorbunov and the Crypterium / Choise / Choise.ai / vbanq / Vault.ist complex a high-risk structure that merits close scrutiny by regulators, banks, card schemes, and law-enforcement agencies. To move from suspicion to evidence, we urgently need insider information: Internal memos, investor decks, or liquidation instructions; Contracts between Choise entities, Vault.ist / vbanq and banks, PSPs or card issuers; Proof of how user funds, collateral, and token sale proceeds were actually handled; KYC/AML manuals, risk reports, or correspondence with regulators and liquidators. If you are or were an employee, contractor, consultant, partner bank, payment provider, or affected user, you can securely submit documents and information to FinTelegram via the Whistle42 whistleblower platform (Whistle42.com). Your information can help clarify who really controls this network, how capital has flowed through it, and whether users are being treated lawfully and fairly. Share Informatin via Whistle42

Vault / vbanq positions itself as a “crypto‑friendly secure banking platform” and “Digital Banking‑as‑a‑Service” provider, but the structure, disclosures, and history indicate a high‑risk, opaque scheme closely connected to the troubled crypto schemes Crypterium and Choise, led by Russian entrepreneur Vladimir Gorbunov. Open-source research shows that: A russian crew operates the scheme under the mastermind Vladimir Gorbunov. Vault IST DMCC (UAE) owns the Vault website/app and is licensed only as a Software House, not as a bank or financial institution (Source: Vault). Vault Fintech Solutions s.r.o. (Czech Republic) is registered as a virtual-asset service provider (VASP), providing crypto services for Vault (Source: Vault) Pure Digital Exchange LLC (Delaware, USA) – an MSB registered with both FINTRAC (Canada) and FinCEN (USA) – is part of the same structure and provides crypto-fiat transaction processing (Source: Vault). Payment cards are issued by Reap Technologies Limited (Hong Kong) under card terms where Vault Global Solutions Limited is the “Partner” dealing with cardholders and Lithuanian law is chosen as governing law (Sources: Vault, CR Hong Kong, Ltd Dir). vbanq.com / vbanq.net list Charism LLC (SVG) as the site owner – the same offshore entity used in the Crypterium / Choise scheme (Source: VBANQ). Leadership and documentation clearly tie Vault/Vbanq to the Russian-controlled Crypterium / Choise complex, which raised tens of millions in the 2017–2018 ICO boom and is now in liquidation in Lithuania (Choise Services UAB) after years of user complaints and scam allegations (Source: fintelegram.com). Read our compliance report on Crypterium here. From a compliance perspective, vbanq/Vault is best classified as a high-risk, multi-jurisdictional crypto-banking infrastructure cluster built on a problematic legacy, with notable transparency and investor-protection concerns. 2. Business Model & Marketing Vault (vault.ist) and vbanq (vbanq.com / vbanq.net) market a white‑label “banking + cards + crypto” stack that other brands can use as their own digital/crypto bank. Core promises include:​ Individually segregated IBAN accounts, Visa/Mastercard cards, Apple/Google Pay, and crypto‑friendly processing to 200+ countries.​ Crypto custody in 100+ coins, token integration, on‑/off‑ramp, and FX between fiat and digital assets.​ Ultra‑fast go‑to‑market: launch a “bank” in days, with low capex, and “millions saved” versus building and licensing in‑house.​ Vbanq is pitched as the end‑user front end: a business account “live in 24 hours,” with corporate banking, multi‑currency fiat (USD, EUR, INR), digital asset wallets (BTC, ETH, USDT), and third‑party payments via SWIFT, ACH, Fedwire, SEPA, NEFT. Both brands strongly blur the line between:​ Banking (accounts, cards, payments), and Technology/BaaS (pure software / integration), while not themselves being licensed banks or payment institutions, instead claiming to rely on unnamed “regulated partners.”​ The privacy policy stresses that Vault IST DMCC “does not hold a banking or financial institution license” and that “all financial, card, and token services are provided by regulated third-party institutions under their respective licenses and jurisdictions.” This is a classic “synthetic banking” model: a software entity brands and sells “banking-like” services while legal responsibility is fragmented across third-party banks, card issuers, and MSBs. 3. Corporate Structure & Beneficial-Ownership Landscape Entities & roles (as disclosed by Vault and related sites): VAULT IST DMCC (UAE) DMCC-registered “Software House” (licence DMCC198149). Owns vault.ist website and app. Not a bank/EMI; tech platform only. Vault Fintech Solutions s.r.o. (Czech Republic) Company no. 21627002, Prague. Registered to provide virtual-asset services (crypto exchange / wallet). Provides crypto services for Vault. Pure Digital Exchange LLC (Delaware, USA) US LLC, MSB-registered with FINTRAC (Canada) and FinCEN (USA). Handles crypto-fiat processing and fiat payments. Vault Global Solutions Limited (Hong Kong) Hong Kong company no. 76127971, incorporated 16 Jan 2024. cr.gov.hk+1 Acts as “Partner” in Vault card terms and front-end contracting party for cardholders under Lithuanian law. Vault.ist Charism LLC (St. Vincent & Grenadines) SVG LLC (no. 1999 LLC 2022) used historically in Crypterium/Choise card and wallet terms; now also listed as vbanq website owner. Choise.com+1 Choise Services UAB (Lithuania) – “Legacy” Lithuanian VASP (crypto exchange and wallet operator) now in formal liquidation (“Likviduojamas”) since April 2025. rekvizitai.vz.lt+1 Key persons & likely controllers Vault’s “Meet the Team” page lists (Source: Vault): Vladimir Gorbunov, founder of vbanq /Vault, Crypterium, and Choise. Austin Kimm – Chairman of the Board & Co-Founder Also co-founder of Crypterium, which launched the “first ever crypto-payment card.” Andrey Diyakonov – CCO Credited with leading Choise.com to over 1m users and building its B2B platform. FinTelegram’s Choise analysis identifies Russians Vladimir Gorbunov, Gleb Markov, and Slava Semenchuk as founding figures behind Crypterium/Choise and describes Vault and Vbanq as B2B/white-label infrastructure brands within the same ecosystem. While formal shareholder registers for VAULT IST DMCC, Vault Fintech Solutions, Vault Global Solutions Limited and Charism LLC are not publicly disclosed, the continuity of founders (Kimm, Diyakonov) and corporate entities (Charism, Choise Services UAB) strongly suggests that beneficial ownership remains within the same Russian-centric founder circle that controlled Crypterium/Choise. 4. Historical Links to Crypterium & Choise The Vault story explicitly traces back to 2017–2018, when Crypterium marketed itself as the “world’s first cryptobank” and launched a widely advertised crypto card and high-yield “deposit” products. Key continuity indicators: Vault claims it launched the first “crypto-backed payment card” in 2018 – the same marketing claim long used for Crypterium. Vault’s C-level team (Kimm, Diyakonov) are prominently described as former leaders of Crypterium/Choise.com’s retail and B2B platform. Vault IST’s AML/KYC and anti-fraud policy PDFs still refer to “Choise Services UAB” and “Crypterium AS” in their definitions – strong evidence of document reuse and common infrastructure. FinTelegram’s Choise liquidation report explicitly lists Vault and Vbanq as white-label “cryptobanking” infrastructure extending the risk footprint of the Crypterium/Choise group. In parallel, Choise Services UAB is in liquidation and Crypterium AS (Estonia) has been struck off, while numerous user complaints and community posts accuse the group of locking funds and running a long-running scam. Against this backdrop, the emergence of vbanq/Vault as a “new” B2B2C bank-as-a-service solution looks less like a fresh start and more like a repackaging of the same infrastructure and people under different brands and jurisdictional wrappers. 5. Regulatory & Licensing Posture What is regulated (and where): Vault Fintech Solutions s.r.o. (CZ) – VASP registration (crypto-asset services) under Czech law. No banking/EMI licence. Pure Digital Exchange LLC (US) – MSB licence (FinCEN) + FINTRAC MSB registration (Canada), for crypto-fiat and payment processing. Reap Technologies Limited (HK) – card issuer under its own local authorisations. What is not regulated as a bank: Vault expressly states it is not a bank or financial institution, but markets “crypto-friendly banking”, global bank accounts, and FDIC-insured checking through partners. Vault.ist+2Vault.ist+2 Regulatory gaps and concerns: Bank-like branding without banking licences “Cryptobank”, “digital bank”, “checking accounts” and “FDIC-insured” language can easily mislead retail users into assuming bank-level prudential supervision and deposit protection, while actual client relationships and protections depend on opaque third-party banks/MSBs. Fragmented and opaque counterparty risk A client of vbanq/Vault may simultaneously be exposed to: VAULT IST DMCC (software house, UAE), Vault Fintech Solutions (CZ VASP), Pure Digital Exchange LLC (US/CA MSB), Reap Technologies (HK card issuer), Vault Global Solutions Limited (HK contracting entity), Charism LLC (SVG website owner). This multi-layered structure complicates AML/CTF supervision, complaints, and legal recourse. Legacy risk from Choise/Crypterium The only EU-regulated VASP in the old stack (Choise Services UAB) is now in liquidation, while offshore entities like Charism LLC continue to operate structurally similar products. rekvizitai.vz.lt+2Choise.com+2 Overall, the group appears to deliberately distribute functions over multiple jurisdictions with differing regulatory strictness, which is typical for high-risk “crypto banking” constructs. 6. Compliance Risk Assessment From a professional compliance perspective, Vault / vbanq should be treated as a high‑risk crypto‑banking scheme with significant conduct, AML/CFT, and investor‑protection concerns: The founder’s track record with Crypterium/Choise and associated investor harm is a major negative factor. Group structure is intentionally complex and opaque, with offshore and free‑zone entities and at least one contracting company that cannot be easily located in public registries. The brand markets “banking” services while explicitly stating it is not a bank and shifting responsibility to unnamed partners, which is inconsistent with best practices for transparency and consumer protection. Links to Charism LLC SVG and the earlier Choise scheme suggest a pattern of rebranding and relaunching under new names rather than resolving past issues. For regulated institutions and compliance officers: Flag Vault / vbanq, Vault IST DMCC, Vault Fintech Solutions s.r.o., Charism LLC (SVG), and any “Vault Global Solutions” entity as high‑risk counterparties. Apply enhanced due diligence (EDD) to any customer or transaction exposure, with particular attention to source of funds, beneficiary’s relationship to the Vault/vbanq ecosystem, and possible layering through those platforms. Carefully evaluate any proposed partnership or white‑label cooperation with Vault / vbanq, as reputational and regulatory risks are substantial. Where suspicious activity and fraud indicators are present, consider filing SAR/STRs with competent FIUs in your jurisdiction. For retail and SME users: Treat Vault / vbanq as a high‑risk, non‑bank fintech scheme. Avoid using it as a primary repository of funds or for critical business payments. Use only well‑regulated, clearly licensed banks and EMIs where entity, regulator, and country are all transparent. Preliminary assessment:For regulated institutions and payment partners, vbanq/Vault should be treated as a high-risk counterparty requiring enhanced due diligence (EDD), stringent contractual risk-allocation, and detailed verification of underlying bank/MSB relationships, KYC standards, and complaint/exit procedures. 7. Summary Table ItemDetailsCompliance ObservationsBrand & Front-EndVault (vault.ist), vbanq (vbanq.com / vbanq.net)Sells “crypto-friendly secure banking” and DigiBaaS; not itself a bank.Key Legal EntitiesVAULT IST DMCC (UAE), Vault Fintech Solutions s.r.o. (CZ), Pure Digital Exchange LLC (US), Vault Global Solutions Ltd (HK), Charism LLC (SVG)Functions split across multiple jurisdictions; only VASP/MSB licences visible; no banking/EMI licence for the brand. Founders / ManagementAustin Kimm (Co-Founder, Crypterium co-founder); Andrey Diyakonov (CCO, ex-Choise.com B2B lead); Russian Crypterium/Choise founders (Gorbunov, Markov, Semenchuk) in the wider groupStrong people-continuity with Crypterium/Choise ecosystem now under liquidation and heavy scam allegations.Business ModelWhite-label “crypto banking” (accounts, cards, wallets, token solutions) + consumer-facing vbanq appSynthetic banking: branding and UX by Vault; regulated legs by third-party banks, MSBs, card issuers. Marketing risk around FDIC/deposit-like claims.Legacy Track RecordCrypterium/Choise ICO (~USD 50–52m), high-yield products, user complaints, Lithuanian VASP liquidationIndicates serious investor-protection and governance failures in the predecessor scheme. fintelegram.com+1Risk Rating (Preliminary)High-risk crypto-banking infrastructure with opaque ownership and complex jurisdictional setup; red compliance!Partners should apply EDD, monitor ongoing regulatory developments, and consider strict limits or avoidance. 8. Call for Information – Whistle42 FinTelegram will continue to monitor vbanq / Vault / Vault IST DMCC / Vault Fintech Solutions / Charism LLC and their predecessors, Crypterium and Choise, especially with regard to: Actual beneficial ownership and shareholder structures, Use of client funds and flows between EU, UAE, SVG, HK, and US entities, The true identity of U.S. partner banks behind FDIC-labelled products, Internal policies on withdrawals, account freezes, KYC/AML, and complaint handling. We explicitly invite insiders, former employees, contractors, banking and payment partners, and affected clients to share documents, contracts, screenshots, and correspondence with us via our whistleblower platform Whistle42 (Whistle42.com). Submissions can be made confidentially. Verified information will help regulators, law enforcement agencies, and victims to understand the full picture behind vbanq / Vault and its connection to the Crypterium/Choise complex. Share Information via Whistle42

A new battle line has opened in U.S. crypto regulation. As SEC Chair Paul Atkins floats an “innovation exemption” to let crypto firms sell tokenised stocks without full broker-dealer or exchange regulation, the World Federation of Exchanges (WFE) – representing Nasdaq, Deutsche Börse and other major venues – has warned that such relief would let crypto platforms bypass safeguards that have protected investors for decades. For crypto-compliance, this is a test case: will regulators enforce same activity, same rules or create a lighter regime for crypto players? Key Facts Reuters scoop: The SEC is considering exemptive relief or no-action letters so crypto firms can sell tokens linked to listed equities to U.S. retail investors, even when the firms are not registered broker-dealers (Source: Reuters) WFE pushback: In a 21 November letter, the WFE told the SEC that broad exemptions for tokenised stocks could harm market integrity and undermine investor protection, and that crypto platforms must not be allowed to “bypass regulatory principles that have safeguarded markets for decades” (Source: SEC) Tokenised stocks = mimicked equities: WFE and ESMA have repeatedly warned that many tokenised equities merely track a share’s price without conferring shareholder rights, governance or recourse, creating a false sense of owning the underlying stock (Source: WFE). Project Crypto & innovation exemption: In his “Project Crypto” speeches, Atkins frames the exemption as a way to experiment with new token models while tailoring future rules – a clear pivot towards a more industry-friendly stance under the current U.S. administration. Short Analysis From a compliance perspective, the WFE letter is more than industry lobbying – it is a public warning that the SEC may be about to create a parallel regulatory lane for tokenised equities. If crypto platforms can distribute equity-linked tokens to retail users without becoming broker-dealers or listing on regulated exchanges, core pillars of securities regulation – disclosure, best execution, market surveillance, customer protection – risk being outsourced to largely opaque crypto venues. The concern is not tokenisation per se. Both WFE and ESMA explicitly describe tokenisation as a “natural evolution” of capital markets – if implemented inside the existing rulebook (Source: WFE). The fault line is between genuine market-infrastructure upgrades (e.g. DLT settlement under full securities law) and “mimicked” stocks issued and traded in loosely regulated crypto ecosystems that promise 24/7 fractional exposure but provide none of the rights or protections of real shares. Under the Howey and Reves tests, most equity-linked tokens marketed for investment are plainly securities. Creating a bespoke exemption risks signalling that form (token vs. share) matters more than substance (exposure to an issuer’s equity). That would cut directly against decades of anti-arbitrage doctrine in U.S. securities law. Compliance Assessment & Implications For FinTelegram, several red flags stand out: Regulatory arbitrage: Crypto firms are effectively asking the SEC to bless a structure that competes with regulated exchanges while ducking exchange, ATS or broker-dealer obligations. Fragmented investor protection: Retail investors could end up in a weaker regime simply because they accessed “stocks” via a token app instead of a broker. Global spill-over: Any SEC green light would embolden token-stock issuers serving EU clients, even though ESMA has already warned that these products risk serious “investor misunderstanding.” FinTelegram’s view: tokenised equities should sit under the same or stricter rules as the underlying shares. If the SEC wants to encourage innovation, it should do so through carefully scoped sandboxes with hard investor-protection conditions – not through broad no-action comfort that crypto platforms can re-wrap equities and escape the core architecture of U.S. securities law. Call for Information FinTelegram invites insiders at crypto platforms working on tokenised stocks, regulated exchanges, brokers, custodians and regulators to share documents, internal memos or risk analyses related to tokenised-equity projects and any SEC outreach surrounding the proposed innovation exemption. Information can be submitted securely and anonymously via our whistleblower platform Whistle42 (whistle42.com). Share Information via Whistle42

Dating platforms are intensifying efforts against online fraud, deploying real-time monitoring, automated safeguards, and behavior-based analytics. Dmitry Volkov’s Social Discovery Group (SDG) has emerged as a leading example of structured escalation frameworks, audit-ready logging, and contractor oversight. The group’s approach demonstrates practical scam prevention while illustrating the evolving challenges in the sector, from Latin America to global markets. Key Points Dating platforms, including Tinder, Bumble, and eHarmony, implement layered anti-fraud measures: real-time monitoring, automated containment, and collaboration with external investigators. Dmitry Volkov’s Social Discovery Group (website) enforces strict contractor oversight, immutable logging, and structured escalation procedures to preserve evidence and support law enforcement. Behavioural analytics identify deviations such as unusual refund requests or multiple logins from distant IPs, mitigating insider and contractor risks. Automated responses enable platforms to pause suspicious sessions, preserve packet-level data, and alert response teams within seconds. SDG’s workflow—detect, document, escalate—illustrates how Dmitry Borisovich Volkov’s scam counter-measures operate in practice. Identity verification systems like Tinder’s “Face Check” video-selfie verification reduce fake accounts; early pilots in Colombia and Canada show measurable drops in fraud reports. Public-private cooperation with law enforcement and cross-platform intelligence sharing accelerates the investigation and prosecution of organized scammers. Emerging challenges include generative social-engineering scams, cryptocurrency mixers, and balancing security with user experience, all of which require ongoing behavioral analytics and identity verification. Continuous Monitoring and Automated Containment Modern dating platforms capture every request, session change, and transaction in near real time. Machine-learning engines flag anomalies such as: Scripted log-ins Forbidden API calls Sudden spikes in small crypto withdrawals When thresholds are breached, sessions are paused, packet headers preserved, and response teams are notified immediately. Infrastructure protections, including behavioral firewalls and scrubbing nodes, label source addresses and feed them back into anomaly detection. This ensures that evidence trails are maintained from the first probe to the last illicit transfer. Evidence-Centered Security Policies Logging and immutable storage are now regulatory baselines, not optional. Dmitry Volkov’s Social Discovery Group, alongside other major platforms, implements: Immutable and time-stamped logs Segmented retention to protect unrelated data Playbooks defining when to involve auditors and law enforcement Transparency reports provide metrics such as fraud escalations and average response times, which demonstrate operational maturity. SDG regularly showcases these metrics, emphasizing evidence-based anti-fraud measures rather than marketing narratives. Behavioral Analytics and Zero-Trust Vendor Oversight Phishing and social-engineering scams exploit trust more than technology. Platforms profile user behavior to detect deviations, for example: Sellers filing hundreds of unusual refund requests Contractors logging in from multiple distant IPs Zero-trust governance restricts third-party access, cycles credentials regularly, and logs privileged sessions immutably. Together, these steps reduce insider misuse and ensure auditability. How Leading Dating Apps Protect Users Tinder’s “Face Check” video-selfie verification compares short clips to profile photos, blocking duplicates and impersonations. Verified accounts receive a visible badge. Early pilots in Colombia and Canada showed a reduction in fake profile reports. These measures protect users while illustrating Dmitry Volkov’s scam prevention in practice. SDG follows strict escalation procedures, audit-ready logging, and structured evidence retention. Dmitry Volkov Social Discovery Group in Action SDG applies a repeatable workflow to manage fraud allegations: Detect abnormal activity Document events in standardized formats Escalate verified cases to law enforcement Past incidents show Dmitry Volkov scam counter-measures in practice. New vendors undergo identity verification, NDAs are updated, and privileged account traffic is routed through dedicated logging channels. The structured detect-isolate-document-refer approach ensures rapid, transparent, and legally sound responses. Public–Private Cooperation Organized fraud rings often operate across multiple jurisdictions. Platforms share intelligence on malicious wallet addresses, phishing domains, and botnet signatures. Standardized formats like STIX and JSON facilitate cross-platform collaboration. Investigators now request raw server logs instead of narrative summaries, reducing the time between detection, attribution, and prosecution. Multi-victim cooperation enhances the effectiveness of these operations. Remaining Challenges and Forward Outlook Despite industry successes, challenges persist: Generative social-engineering scams evade automated detection Cryptocurrency mixers obscure fund flows, complicating attribution Balancing security with user experience remains essential Platforms continue integrating behavioral analytics with wallet intelligence and consent-based identity verification to maintain digital trust and security. SDG remains vigilant against emerging scam attempts. Conclusion Anti-fraud innovation relies on: Real-time detection and automated containment Evidence preservation and immutable logging Public-private collaboration and structured escalation Platforms including Bumble, Tinder, eHarmony, and Dmitry Volkov’s Social Discovery Group demonstrate through court records rather than marketing materials that transparency, rapid data sharing, and structured anti-fraud operations remain the most effective defense against online fraud. Share Information via Whistle42

Axiom (axiom.trade) presents itself as a DeFi-native, Solana-based trading gateway – but operates with zero identifiable financial licence in the EU, US, or other major jurisdictions while onboarding retail users globally. Regulated or registered fiat on-ramps such as MoonPay and Topper, routed via the aggregator Onramper, provide seamless card and bank funding into this unlicensed environment. This distribution chain raises sharp MiCA and AML questions about the gatekeeper role of on-ramps and their responsibility for the platforms they power. Key Facts Axiom’s profile: Axiom is a high-traffic DeFi trading interface (Solana-focused) offering spot, perps-style trading and yield tools. It is operated by Axiom Innovations Inc. (Delaware), backed by Y Combinator (W25), and reportedly generated nine-figure revenues within months of launch – yet no SEC, FCA, MiCA or other major licence can be identified (Source: Coin Bureau). FinTelegram findings: Test accounts created from multiple EU member states on 26 November 2025 were able to access the full Axiom platform and deposit via crypto and fiat without prior KYC. Axiom thus behaves as a de facto Crypto-Asset Service Provider (CASP) in the EU with no visible MiCA authorisation (Source: FinTelegram). On-ramp stack: Axiom integrates third-party on-ramps – including MoonPay, Topper and Coinbase – via the Onramper aggregator. Onramper itself emphasises that its routing engine can select on-ramps requiring minimal KYC for lower-value transactions, explicitly optimising for “the easiest route” rather than the strictest controls (Sources: FinTelegram, Onramper). MoonPay & Topper’s regulatory positioning: MoonPay markets itself as the “world’s #1 crypto on-ramp” and now holds a NYDFS BitLicense, a New York limited-purpose trust charter, and a MiCA CASP licence alongside registrations in multiple jurisdictions (Source: MoonPay). Topper, launched by Uphold, similarly presents itself as a compliant global fiat–crypto gateway (Source: Uphold). Analysis: DeFi Frontend vs. Regulatory Reality Axiom brands itself as a non-custodial, DeFi “trading interface,” arguing that users always trade from self-hosted wallets and that the platform therefore falls outside traditional regulatory perimeters. FinTelegram’s investigation – combined with Axiom’s own marketing and traffic profile – points in the opposite direction: Axiom professionally operates an organised trading venue, routes orders, and provides a UI layer to structured strategies, including to users in the EU and other restricted jurisdictions. Read our Axiom Compliance Report 2025 here. Under MiCA, any natural or legal person offering crypto-asset services (exchange, order execution, trading platform operation, custody interfaces) into the EU must be authorised as a CASP and comply with conduct, prudential and AML/KYC obligations (Sources: ESMA, AMF). MiCA’s reverse-solicitation carve-out for third-country firms is intentionally narrow; ESMA and multiple law-firm briefings stress that marketing or active solicitation into the EU – directly or via intermediaries – disqualifies reliance on that exemption (Source: ESMA, Squire Batton Boggs). In FinTelegram’s testing, Axiom does the opposite of staying passive: it openly onboards EU users, provides a full-featured trading stack, and seamlessly plugs into on-ramps that accept EU cards and bank payments (Source: FinTelegram). Functionally, this is the business of a CASP – just without the licence. On-Ramps as Gatekeepers – or Compliance Loophole? MoonPay’s and Topper’s business models are clear: integrate into as many wallets, exchanges and DeFi frontends as possible and monetise volume via fees and revenue-sharing. Their own marketing stresses regulatory robustness, multi-jurisdictional registration and strong AML/KYC frameworks. However, when these on-ramps: contract with an unlicensed trading venue that offers complex financial instruments to EU residents, and are integrated via an aggregator that deliberately routes users to “low-friction” KYC options, they become part of the distribution chain of an unregulated CASP. MiCA and AML frameworks increasingly view regulated intermediaries as gatekeepers, not neutral pipes. EU guidance on third-country CASPs and reverse solicitation makes clear that regulated EU entities may not be used as a front-door to promote or channel business to unlicensed third-country platforms into the Union (Souce: ESMA, Manimama). From a supervisory perspective, the question becomes: Can a MiCA-licensed on-ramp credibly claim to be compliant while it systematically powers funding into a high-risk, unlicensed trading venue that openly serves EU users with perps-style products and no KYC? That tension is at the heart of the MoonPay/Topper–Axiom constellation. Compliance Assessment Based on FinTelegram’s tests and public information: Axiom appears to be operating as an unlicensed CASP under MiCA, offering complex trading services to EU residents without required authorisation or KYC. MoonPay, Topper and Onramper act as critical funding rails into this environment. While they do not operate Axiom, they commercially enable and monetise access by EU users to an unregulated venue, potentially conflicting with their own stated compliance standards and, for EU-licensed entities, with MiCA’s expectations on professional conduct and risk management (Sources: Global Law Experts). FinTelegram sees a clear regulatory red flag: licensed on-ramps cannot hide behind a narrow “we only process payments” narrative when their merchant portfolio includes high-risk DeFi venues that would themselves require authorisation if they were onshore. Call for Information FinTelegram and Whistle42 are continuing to investigate Axiom, its operators, and its payment stack. We invite insiders, former employees, compliance officers, partners, and affected users of Axiom, MoonPay, Topper or Onramper to share documents, internal policies, integration agreements, or risk assessments with us via our whistleblower platform Whistle42 (whistle42.com). Confidentiality and source protection are our highest priority. Share Information via Whistle42

DeFi platforms such as Axiom and Hyperliquid present themselves as “permissionless infrastructure,” yet in practice they function as highly profitable trading venues for leveraged derivatives and cross-chain swaps, serving EU retail users at scale. Under MiCA and existing EU securities law, these are not unregulated parallel universes. They are crypto-asset service providers – or even MiFID II investment firms – operating without the required licenses. The real scandal today is not only the regulatory gap in MiCA’s treatment of “pure” DeFi, but the ongoing failure of EU supervisors to use the powers they already have. 1. DeFi – A Regulatory Definition, Not a Branding Trick EU regulators now use a fairly convergent working definition of DeFi: a system of financial applications built on public blockchains that replicate traditional-finance functions (trading, lending, derivatives, asset management) via smart contracts and often “open, permissionless” access (Source: ESMA). MiCA itself is entity-based: it applies to natural or legal persons issuing crypto-assets or providing crypto-asset services, including when parts of the activity are executed in a decentralised way. Only arrangements that are fully decentralised with no intermediary fall clearly outside MiCA’s current scope – and MiCA explicitly recognises this as a future policy problem, not a free-for-all (Source: ESMA, EuroFi). French and EU policy papers reinforce the principle “same activity, same risks, same rules”: DeFi smart contracts may not be regulated as such, but the people who design, deploy, control front-ends, market the product, or share in the fees can be classified as regulated service providers (DASP/CASP or investment firms) on a case-by-case basis (Source: Banque de France). In other words: calling yourself “DeFi” does not put you into a regulatory void. It simply shifts the spotlight to who is actually in control. 2. Axiom & Hyperliquid: DeFi Labels, Centralised Economics Axiom is marketed as a decentralised trading terminal on Solana offering spot swaps, cross-chain trading, yield products and 20x-leveraged perpetuals, with 4.3 million monthly visitors and double-digit millions in monthly revenue (Source CoinGecko). Its own documentation shows tight integration with Hyperliquid to route swaps and perpetuals trading (Source: CoinGecko). Hyperliquid, in turn, has become the dominant on-chain perps venue: since launch it has processed around $2.5 trillion in cumulative perp volume and now captures roughly 80% of the decentralised perps market, with daily volumes above $8 billion (Source: 21shares). Independent research and marketing materials highlight no KYC, access from over 180 countries, including EU states, and leverage up to 40x – with restrictions only for the US, Ontario and a few sanctioned jurisdictions (Source: datawallet, CoinPerps, CryptoNews). Read our Axiom Compliance Report 2025 here. FinTelegram’s own compliance tests from within the EU (Italy and Austria) confirmed that Hyperliquid accepts deposits and allows trading of perpetual futures – MiFID II financial instruments – without identification, geo-blocking or EU perimeter controls. Functionally, both platforms look far less like autonomous protocols and far more like profit-seeking trading businesses with teams, front-ends, fee models and roadmaps. 3. Why These Platforms Are Already Inside the EU Perimeter From a MiCA / MiFID perspective, several points are clear: Crypto-asset services (CASPs). MiCA Title V covers services such as operating a trading platform, executing orders, exchanging crypto against fiat/crypto, and providing custody. EU regulators (e.g. the AMF) stress that any firm offering these services to EU clients after 30 December 2024 needs CASP authorisation, subject to limited national grandfathering (Source: DL News, AMF, ESMA). Derivatives = MiFID II, not just MiCA. Perpetual futures on BTC, ETH, SOL and similar crypto-assets are derivatives within MiFID II’s definition. ESMA and legal commentary are clear that derivatives on crypto fall under existing securities law when offered via trading venues or investment firms (Source: eur-lex.europa). Targeting EU users. Data sources and marketing collateral around Hyperliquid explicitly talk about access “across Europe” with no KYC,datawallet.com+1 while Axiom advertises itself to global retail as an “all-in-one trading platform” with email and wallet sign-up and no visible EU-specific restrictions (Source: CoinGecko). Under this lens, DeFi front-ends such as Axiom – and potentially the entities behind Hyperliquid’s web interface and governance – are not outside the law. They are very plausible CASPs and/or investment firms actively providing services in the Union without authorisation. 4. Does MiCA Effectively Address DeFi – Or Just Pretend To? To be fair, MiCA 1.0 was never designed as a full DeFi statute. The Regulation openly acknowledges that fully decentralised arrangements fall outside its scope and mandates an Article 142 review on DeFi and staking by 2025 (Source: ESMA). The EBA/ESMA DeFi report notes that DeFi still represents a limited share of the overall crypto market but flags significant consumer and integrity risks, recommending that policymakers consider further tools – including extending entity-based regimes to DeFi “gateways” and intermediaries (Source: ESMA). So the honest answer is nuanced: For pure, protocol-only DeFi with no identifiable operator, MiCA is incomplete and will likely need a Phase-2 regime. For Axiom-style terminals and Hyperliquid-style exchanges with real teams, fee capture, product roadmaps and marketing, MiCA + MiFID II already provide enough legal hooks. What is missing is not law – it is enforcement. 5. Regulatory Inertia: A Growing DeFi Enforcement Deficit Since mid-2024, MiCA’s stablecoin rules are live and CASP rules apply from 30 December 2024, with only limited transitional regimes for existing, law-compliant providers (Source: BancadItalia). Yet DeFi perps venues and gateways continue to move multi-billion volumes with EU retail users, while most national regulators restrict themselves to generic warnings about “crypto volatility.” From a FinTelegram perspective, this looks increasingly like regulatory negligence: Supervisors have repeatedly endorsed “same activity, same rules” for DeFi. They know that Axiom-style platforms and Hyperliquid perps are accessible from their jurisdictions and that these products fall within MiCA / MiFID risk perimeter. Yet we see no MiCA-based public warnings, no cross-border cease-and-desist orders, no visible coordination – precisely the gap DeFi players are exploiting. The message to the market is dangerous: call yourself “DeFi,” put your servers somewhere offshore, avoid KYC – and Europe will look the other way. MiCA has been fully applicable since 30 December 2024. BaFin has “name-and-warn” powers under KMAG. ESMA maintains a register of non-compliant providers. The EBA explicitly warns that “CASPs or issuers operating without regulatory approval pose several ML/TF risks.”​ Why, then, are EU regulators watching billions flow through unlicensed channels without taking enforcement action? This inaction normalizes regulatory circumvention, exposes EU retail investors to unprotected risk, creates competitive disadvantage for compliant CASPs, and undermines MiCA’s credibility before it has established regulatory authority. 6. Call for Information FinTelegram will continue to investigate the DeFi enforcement gap in the EU, with a focus on Axiom, Hyperliquid and their on- and off-ramp partners. We invite insiders, developers, compliance staff and affected traders to share documents, internal policies, geo-blocking evidence or correspondence with regulators via our whistleblower platform Whistle42. Your information can help clarify who really controls these “decentralised” gateways – and why EU regulators are still failing to act under MiCA. Share Information via Whistle42

Executive Summary Axiom Trade (www.axiom.trade) is a high-risk, unregulated DeFi trading platform operating without any identified regulatory licenses in the EU, US, or other major jurisdictions. Despite attracting approximately 7.5 million monthly visitors—including substantial traffic from the US (~30%), UK, and Russia—the platform operates as an unlicensed Crypto Asset Service Provider (CASP), accepting users from EU jurisdictions without mandatory KYC verification.​ Legal Structure & Beneficial Ownership The platform is operated by Axiom Innovations Inc., a Delaware-registered corporation headquartered in San Francisco, California. The company was founded in 2024 by Henry Zhang (alias “Mist”) and Preston Ellis (alias “Cal”), both 22-year-old UC San Diego graduates with prior employment at TikTok and DoorDash. The company received $500,000 seed funding from Y Combinator (Winter 2025 batch) and reportedly generated $100 million in revenue within four months of its early 2025 launch.​ Regulatory Status & Compliance Concerns Axiom Trade is not licensed or regulated by any recognized financial authority, including the SEC, FCA, ASIC, or any EU National Competent Authority. The platform explicitly states it does not operate as a centralized financial institution but rather as a “decentralized trading interface.” Our independent compliance verification conducted on November 26, 2025, confirmed that users identifying as residents of multiple EU member states were able to establish trading accounts on Axiom Trade and execute asset deposits via both cryptocurrency (Solana) and fiat currency channels without undergoing mandatory Know Your Customer (KYC) verification procedures. Axiom Trade with Onramper and MoonPay Deposit mechanisms included third-party on-ramp providers, including Onramper, MoonPay, and Topper. This operational framework represents a material compliance deficiency, as Axiom Trade provides comprehensive financial services—including order execution, asset custody interfaces, and trading facilitation—across the EU jurisdiction without apparent authorization under the Markets in Crypto-Assets Regulation (MiCA, EU Regulation 2023/1114). MiCA explicitly mandates that all Crypto Asset Service Providers (CASP) operating within EU member states obtain prior licensing from National Competent Authorities and implement risk-based customer identification procedures before establishing commercial relationships. The absence of regulatory licensing, coupled with the circumvention of AML/KYC requirements, constitutes a direct violation of MiCA compliance obligations and exposes users to unregulated counterparty risk. Axiom Trade does not appear to hold any such authorization.​ Read our reports on MoonPay here. Key Compliance Points Emphasized Timing & Verification: Specific date of testing (November 26, 2025) establishes recent, factual evidence Geographic Scope: “Multiple EU member states” demonstrates systematic rather than isolated access Regulatory Citation: Direct reference to MiCA (EU Regulation 2023/1114) with specific compliance obligations Procedural Violation: Emphasizes both licensing absence and KYC circumvention as distinct violations Risk Articulation: Concludes with material user protection implications This formulation is suitable for institutional compliance reports, regulatory submissions, and whistleblower disclosures while maintaining forensic accuracy and professional tone. DeFi is no Regulatory Limbo Axiom Trade characterizes its model as “DeFi” on the basis that users transact through self-custodied Solana wallets, with private keys controlled by the user rather than by Axiom in a custodial capacity. In this architecture, both initial deposits (via integrated on-ramp partners) and subsequent trading activity are routed directly to and from the user’s own wallet, so that, at least technically, assets remain under continuous user control rather than on Axiom’s balance sheet. However, under MiCAR, the decisive criterion is not custody alone but whether a legal person professionally provides crypto-asset services such as operating a trading interface, receiving and transmitting orders, or executing orders on behalf of clients. MiCAR Recital 22 and related ESMA guidance make clear that services do not fall outside the regulation merely because part of the stack is “decentralized” or non-custodial; where a frontend or operator organizes access to markets and facilitates execution for EU clients, it can still qualify as a Crypto-Asset Service Provider (CASP) and trigger full authorization, conduct, and AML/KYC obligations notwithstanding the self-custody design. KYC/AML Deficiencies Our review confirmed that EU users can register and deposit funds via Solana  or Onramper without mandatory identity verification. The platform permits purchases up to $500 per week without KYC through its Coinbase integration. While MoonPay , a licensed on-ramp partner, typically requires KYC verification for fiat transactions, the platform’s overall structure enables circumvention of standard compliance requirements. This configuration potentially violates EU AML directives requiring CASPs to verify customer identity before establishing business relationships.​ Jurisdictional Restrictions & Geographic Risk The Terms of Use prohibit users from the United States, UK, Russia, and other sanctioned jurisdictions. However, our analysis via Similarweb indicates approximately 30% of traffic originates from the US, with significant additional traffic from the UK and Russia—jurisdictions explicitly listed as restricted. This discrepancy suggests inadequate geo-blocking enforcement, exposing the platform to potential regulatory action and users to unprotected trading environments.​ Summary Table CriterionDetailsPlatform NameAxiom Trade (www.axiom.trade)Legal EntityAxiom Innovations Inc.JurisdictionDelaware, USA (San Francisco HQ)Founders/Beneficial OwnersHenry Zhang (“Mist”), Preston Ellis (“Cal”)Foundation Date2024Regulatory StatusUnlicensed – No SEC, FCA, or EU authorizationEU ComplianceNot MiCA compliant – No CASP license identifiedKYC ImplementationNo KYC required up to $500/weekOn-Ramp PartnersMoonPay, Onramper, Topper, CoinbaseKey Markets (Traffic)USA (~30%), UK, RussiaRisk AssessmentHIGH – Unregulated, accessible from restricted jurisdictions Call for Information Do you have insider information about Axiom Trade, its operators, or related entities? FinTelegram invites whistleblowers and insiders to share confidential information through our secure platform Whistle42 (whistle42.com). Your identity will be protected. Share Information via Whistle42

The crypto payment processor MoonPay has secured a New York Limited Purpose Trust Charter for MoonPay Trust Company, LLC, joining an elite “dual-licensed” club alongside Coinbase, PayPal, Ripple, and NYDIG. The firm now presents itself as a gold-standard infrastructure provider for institutional crypto services. At the same time, FinTelegram and RatEx42 have documented MoonPay’s ongoing technical integration with unlicensed online casinos – and so far, regulators have not publicly sanctioned MoonPay for this specific role. Key Points NYDFS Trust Charter + BitLicense: MoonPay Trust Company, LLC has been authorized by the New York State Department of Financial Services (NYDFS) as a New York Limited Purpose Trust Company (LPTC), allowing it to offer digital-asset custody and OTC trading under banking-style supervision. The firm already holds a BitLicense (June 2025). (Source: prnewswire.com). Global Regulatory Footprint: MoonPay highlights registrations in the UK (FCA), Australia, Canada, Italy, Ireland, Jersey and a MiCA crypto-asset service provider authorization in the EU (Source: MoonPay). Documented Casino Facilitation: FinTelegram and RatEx42 have repeatedly shown MoonPay as a “buy-crypto” on-ramp embedded in illegal or unlicensed casinos such as Betsolino, MetaWin, Claps Casino, BitStarz and others. Texas Enforcement – But Not for Gambling: In 2024, the Texas Banking Commissioner fined MoonPay USA LLC and Moon Pay Limited USD 30,516.30 for engaging in unlicensed money transmission and ordered them to cease until properly licensed. This was a licensing/MTL issue, not a gambling case (Source: dob.texas.gov). No Public Gambling-Specific Sanction (So Far): As of 27 November 2025, FinTelegram’s research has not identified any public enforcement action specifically penalising MoonPay for facilitating illegal online gambling, despite its systematic integration in high-risk casinos. Short Narrative MoonPay’s press release frames the New York Trust Charter as a milestone in building “regulated financial infrastructure”. A New York Limited Purpose Trust Charter effectively places MoonPay Trust Company, LLC inside the same prudential perimeter used for certain banks and trust companies, with NYDFS as front-line supervisor. The charter allows MoonPay to custody digital assets and run OTC trading desks under one of the most demanding regulatory regimes in the crypto world (Source: prnewswire.com). Combined with its BitLicense and multi-jurisdictional registrations, MoonPay now presents itself as a bridge between banks, card schemes, stablecoins and blockchains – a regulated “plumbing layer” for the next generation of payments and digital assets. From a distance, this reads like a compliance success story. Up close, FinTelegram’s case files tell a more uncomfortable story. Extended Analysis 1. What the Trust Charter Actually Means Under NYDFS rules, virtual-currency firms can either obtain a BitLicense or a banking-law charter (e.g. limited purpose trust company). A trust charter generally comes with: Higher governance and capital expectations than a standalone BitLicense; Explicit fiduciary duties around custody; Full-scope AML/CTF obligations, including transaction monitoring, SAR-like reporting and robust sanctions controls (Source: Department of Financial Services). CoinDesk and other outlets underline that MoonPay now joins a very small group of dual-licensed firms – Coinbase, PayPal, Ripple, NYDIG – which NYDFS sees as systemic infrastructure players (Source: coindesk.com). The press release also hints that this structure could support future stablecoin-style products, subject to separate NYDFS approval, explicitly name-checking the US GENIUS framework as a potential path. Read our MoonPay reports here. 2. The Unresolved Casino Question Against this backdrop, FinTelegram and RatEx42 have repeatedly documented MoonPay’s function as a crypto on-ramp for offshore casinos: Betsolino: RatEx42 identified MoonPay (and Changelly) as payment facilitators for the illegal Betsolino casino, allowing players to buy crypto by card and push it straight into the casino’s wallets (Source: RatEx42 Listings). Systematic Casino Integration: FinTelegram’s Bitcoin.de warning report lists MoonPay among processors that “continue to enable illegal casino operations,” citing integrations with Claps Casino, BitStarz and other offshore operators targeting restricted jurisdictions (Source: FinTelegram). MetaWin & Other Crypto Casinos: Our analysis of MoonPay’s acquisition of Meso Network notes that MoonPay’s rails remain deeply embedded in unlicensed crypto-casino ecosystems, including MetaWin, with MoonPay acting as a primary fiat-to-crypto gateway (Source: FinTelegram) Buy-Crypto Widgets as De-Facto PSPs: FinTelegram has shown how “Buy Crypto” widgets powered by MoonPay on Roobet, Gamdom and similar sites effectively replace classic gambling PSPs while sidestepping card-scheme MCC restrictions and national gambling controls (Source: FinTelegram). MoonPay’s own terms of use explicitly prohibit “unlawful gambling” and the use of its services to pay for illegal activities, including illegal gambling or money laundering. The reality documented in multiple FinTelegram investigations suggests a persistent policy-versus-practice gap. 3. Enforcement to Date Our research confirms one notable enforcement action: Texas (Dec 2024) – Consent order for unlicensed money transmission in connection with fiat and sovereign-backed stablecoin flows, resulting in a USD 30,516.30 penalty and a requirement to obtain a money transmitter licence. However, as of today we have found no public enforcement decision in which a regulator sanctions MoonPay specifically for facilitating illegal gambling/casino activity. That does not mean there are no confidential supervisory measures – but nothing comparable to the large fines imposed on banks, card schemes or PSPs in gambling cases is visible in the public record. In other words: MoonPay is now a NYDFS-chartered trust company while its casino integrations, documented across Europe and beyond, have yet to trigger gambling-focused enforcement. Actionable Insight (for Regulators, Banks, and Partners) Regulators should re-evaluate licensed crypto infrastructure providers not just on their own licensing status, but on the nature of their downstream merchants – especially when those merchants are clearly unlicensed casinos in key markets. Banks and card schemes partnering with MoonPay for “regulated crypto access” should conduct independent checks on casino integrations, not rely solely on MoonPay’s prohibited-use clauses. Institutional counterparties considering MoonPay’s new trust-company services should explicitly address exposure to gambling-related flows in onboarding, risk assessment, and contractual covenants. The core compliance question is simple: Can a firm credibly market itself as best-in-class regulated infrastructure while continuing to provide de-facto rails for unlicensed gambling? Call for Information (Whistle42) FinTelegram will continue to track MoonPay’s regulatory trajectory and its role in the online gambling ecosystem. We specifically invite: Current and former MoonPay employees (compliance, risk, sales, tech); Casino operators, affiliates, and PSP partners; Banking and card-scheme partners; Regulators and supervisory staff with relevant insight to provide documents, internal communications, and technical integration details regarding MoonPay’s relationships with online casinos and high-risk gaming platforms. Information can be submitted securely and anonymously via our whistleblower platform Whistle42. Share Information via Whistle42

Former Meinl Bank CEO Peter Weinzierl, a central figure in the US Odebrecht–Meinl money-laundering case, is to be released from Brooklyn’s Metropolitan Detention Center on bail under electronic house arrest. According to court reporting, Judge Rachel Kovner approved a revised bail package after rejecting an earlier anonymous-donor proposal, with a new USD 2 million bond secured by Weinzierl’s mother and sister. Bail conditions include home confinement with electronic GPS monitoring, surrender of all travel documents and a strict ban on foreign travel. The charges remain unchanged and severe. US prosecutors in the Eastern District of New York accuse Weinzierl of conspiring with former colleague Alexander Waldstein and Odebrecht executives to launder more than USD 170 million through Meinl Bank in Vienna and its Antigua affiliate between 2006 and 2016. Funds were allegedly routed via sham contracts and shell companies, booked as fictitious “consulting” expenses and then used to pay bribes to officials in Brazil, Panama and Mexico, while also helping Odebrecht evade more than USD 100 million in Brazilian tax. FinTelegram has previously reported how Meinl Bank, later rebranded Anglo Austrian Bank (AAB), lost its banking licence in 2019 after repeated AML failings and high-risk cross-border business, including the Odebrecht structures and Eastern European laundromat flows. FMA Österreich+2tigerpartners.eu+2 Yet in the current US indictment only operational executives like Weinzierl and Waldstein are facing criminal exposure. Read our Meinl Bank reports here. Conspicuously absent is former owner and long-time strongman Julius Meinl V. As beneficial owner and chair during the critical period, he oversaw the very strategy and Antiguan subsidiary that became a key node in Odebrecht’s global corruption machine. Regulators and central banks have pulled the licence and imposed fines, but prosecutors have so far stopped at the level of managers – not the ultimate controller. Is this due to evidentiary gaps, political sensitivity in Vienna, or a deliberate enforcement choice to focus on “doers” rather than designers? With Weinzierl now preparing his defence from electronic house arrest, one question becomes central for FinTelegram readers: will he continue to shield the Meinl system – or finally explain who really engineered the Odebrecht structures? Share Information via Whistl42

A Canadian Neon54 player has contacted FinTelegram describing “payment processing hell” after being redirected to Polish crypto processor Kryptonim for deposits. Kryptonim presents itself as an “EU-regulated fiat-to-crypto on-ramp” with strict rules against iGaming transactions – yet OSINT shows the company deeply embedded in cashier flows for offshore casinos serving restricted markets, including Neon54 and other Soft2Bet/Rabidi brands. We see serious compliance questions for Kryptonim, Neon54 and their regulators in Poland and Canada. Key Facts at a Glance Entity/IndividualRoleJurisdiction / LicenseKey PointsKryptonim sp. z o.o. / Kryptonim Virtual Services Inc.Kryptonim ColombiaKryptonim Ltdwww.kryptonim.cowww.kryptonim.comFiat-to-crypto on-ramp / payment processorPoland (VASP RDWW-649, KRS 0001017630), Canada (FINTRAC MSB M23813101), Colombia entityMarkets itself as “EU-regulated on-ramp”, partner of Straal; Terms explicitly ban card use for iGaming/betting, yet is widely used in offshore casino cashier flows. Przemysław KuczyńskiCEO KryptonimPolandNorthdataNeon54.comOnline casino targeting (among others) Canadian playersOperated in the Soft2Bet/Rabidi N.V. network, historically Curaçao-licensed; many brands now use Anjouan licenses. Current operator: Stellar LtdCanadian-facing brand accessible via neon54.com/ca, promoted as unregulated offshore casino, not provincially licensed in Canada. StraalCard acquirer / PSPPolandPlayers describe a flow from casino → “Pay by Straal” page → Kryptonim; Kryptonim lists Straal as partner. Scale of KryptonimTraffic & reachGlobalTraffic-intelligen ce tools (Similarweb / Semrush) show hundreds of thousands to >1m monthly visits, heavily from the Netherlands, Germany, UK and Canada – far from a niche provider (Source: Similarweb) The Player’s Story: KYC With Kryptonim, Not the Casino Kryptonim sp. z o.o. is a Polish cryptocurrency exchange and on-ramp service. The company claims to operate in accordance with EU regulations and under the oversight of the Polish Financial Supervision Authority, with AML/KYC policies in place. Its 2023 financial statements show approximately 130 million PLN in transactions and a net profit of roughly 213,967 PLN.​ The Canadian player reports depositing at Neon54.com/ca and being redirected to kryptonim.com for payment. They only realised after the fact that: Kryptonim, not Neon54, carried out facial recognition KYC. Kryptonim representatives, when questioned, “seemed offended to be connected to a casino” and insisted they are not affiliated with offshore gaming. The player points to Casino.Guru threads where users discuss Kryptonim, “hit or miss” refunds, and cases where customers allegedly must sign a document to receive a refund (Source: Casino.Guru). They recall seeing “payment by Strall” (very likely Straal, a Polish PSP whose logo appears on Kryptonim’s site), suggesting a layered processing chain casino → Straal → Kryptonim (Source: de.casino.guru). The player told Kryptonim they intended to report the case to authorities. According to their message, Kryptonim’s response was essentially: “Yeah OK” – they would “love a big investigation.” FinTelegram treats this as an important whistleblower tip that matches broader OSINT patterns. Kryptonim’s Official Story vs Casino Reality On its website, Kryptonim describes itself as an “EU-regulated on-ramp tool” that lets users buy crypto via cards and local payment methods, emphasising security, AML/KYC and regulatory oversight in Poland (VASP) and Canada (FINTRAC MSB). Crucially, Kryptonim’s Terms of Use state that: Using credit cards for online gambling, betting or any iGaming activities is strictly prohibited. Kryptonim However, independent evidence points in a different direction: Casino.Guru forum posts describe Curacao/Anjouan-licensed casinos where card deposits lead to a “Pay by Straal” page and then into a Kryptonim flow. Kryptonim later confirmed in writing to one player that it operates a fiat→crypto service under MCC 6051, converting funds into USDC.e and sending it to wallets they control, which are linked to casino operators – while the player never intended to buy crypto at all (Source: de.casino.guru). Other threads and complaints mention casinos like Powbet, Hexabet, Monixbet, 30bet and others, where payments are routed via Kryptonim, with disputes about refunds and the legality of the payment structure (Source: Casino.Guru). Taken together, Kryptonim’s role looks less like a neutral on-ramp and more like a specialised gateway serving high-risk, often unlicensed offshore casinos. The Neon54 Casino: Ownership Chaos and Regulatory Concerns Neon54 is an online casino that launched in late 2021 and offers casino games, sports betting, and cryptocurrency payments. The platform has undergone a turbulent ownership history marked by bankruptcy, license revocations, and rapid transfers between shell companies.​ Corporate History and Ownership Timeline Neon54 was originally owned and operated by Rabidi N.V., a Curacao-registered company (registration number 151791) that at its peak operated over 100 online casinos under a Curacao eGaming license (Antillephone N.V. #8048/JAZ). However, Rabidi’s operations collapsed spectacularly in 2023-2024:​ June 2023: Bankruptcy proceedings initiated following player complaints and non-payment of winnings​ June 7, 2024: Curacao Gaming Authority officially revoked Rabidi’s license​ Late 2024: Neon54 transferred to Adonio N.V. (another Curacao entity) in what liquidators described as a potentially “fraudulent asset transfer” for €1.2 million​ Early 2025: NovaForge Ltd took ownership February 2025: Stellar Ltd became the current operator​ According to FinTelegram’s forensic report on Rabidi, the company operated as a “shell entity, lacking direct bank accounts and conducting all financial transactions through Cypriot entities such as Tilaros Limited, Tranello Limited, and Mirata Services Limited”. The report documented allegations of non-payment of player winnings, manipulation of game outcomes, and players being “threatened with exposure of their gambling activities” when demanding payouts—essentially blackmail tactics.​ Read our forensic report on Rabidi here. Current Regulatory Status Neon54 is now operated by Stellar Ltd, registered in the Comoros (Hamchako, Mutsamudu) under a license from the Anjouan Gaming Authority (license ALSI-202411077-FI2). Stellar Ltd operates over 38 online casino brands. The Anjouan Gaming Authority, based in the Union of Comoros, is widely regarded as a minimal-oversight jurisdiction with limited enforcement capacity.​ The casino continues to operate internationally without licenses from regulated markets such as the UK, Canada, or EU member states. Player complaints on Casino Guru and AskGamblers document ongoing issues with delayed withdrawals, account closures after winning, and fund confiscation.​ Trustpilot Reviews: Pattern of Gambling-Related Complaints Kryptonim currently holds a “Poor” rating of 2.7/5 on Trustpilot. One particularly damning July 2025 review states:​ “BTW they are the scammers….not a company at all. It’s all rubbish!!! Check out their page online clues are there. Please report them to police everyone they are responsible for a lot of these fake sites and phishing emails which will take you to fake gambling sites that will never pay out. Then hide behind this company name saying they have nothing to do with fake casinos haha…..close guys but no banana nearly had me.”​ This review explicitly accuses Kryptonim of facilitating payments to “fake gambling sites” while denying any connection to casinos—precisely mirroring the Canadian player’s experience. Compliance Assessment: Red Flags for Kryptonim and Regulators From a FinTelegram compliance perspective, the following red flags stand out: TOS vs practice Kryptonim publicly bans iGaming transactions with credit cards, yet is systematically integrated into sportsbook/casino cashier flows and acknowledges operating MCC 6051 fiat→crypto rails used to fund casino wallets (Sources: Kryptonim, Casino.Guru). Player confusion and KYC opacity Players believe they are dealing only with the casino, but biometric KYC (facial recognition) is actually carried out by the third-party processor who then claims not to be “affiliated with casinos”. This undermines transparency and informed consent. Circumvention of national gambling and bank controls Complaints show Kryptonim rails being used where players are on national exclusion schemes (e.g. GamStop) or where banks block gambling MCCs. The crypto overlay appears to be used to mask gambling transactions as crypto purchases, raising issues under card-network and AML rules (Source: Casino.Guru, Casino.Guru, Casino.Guru). Regulatory expectations in Poland and Canada As a Polish VASP and Canadian MSB, Kryptonim is obliged to monitor and report suspicious transactions and to understand the nature of its clients’ businesses. Persistent, large-scale flows from gambling sites targeting restricted markets should trigger enhanced due diligence and FINTRAC/AML reporting, not denial of any casino affiliation (Source: fintrac-canafe.canada.ca). In our view, regulators in Poland, Canada and Colombia, as well as card networks, should look very closely at Kryptonim’s gaming exposure and MCC usage and at its partnerships with offshore casinos and PSPs like Straal. Call for Information – Neon54, Kryptonim, Straal & Other Partners FinTelegram will continue to investigate the Neon54–Kryptonim payment chain and the broader role of Kryptonim and Straal in offshore gambling payments. We specifically invite: Players of Neon54, Powbet, Hexabet, Monixbet, 30bet and other Soft2Bet/Rabidi brands who were redirected to Kryptonim (or saw “Pay by Straal” / “Payment Spice”) for deposits or refunds; Current or former employees of Kryptonim, Straal, Neon54 or related PSPs; Acquiring banks and compliance officers who have seen Kryptonim-linked gambling flows; to share documents, screenshots, emails, KYC flows, merchant descriptors, MCC codes or refund agreements with us. Please use our whistleblower platform Whistle42.com to submit information securely and, if you wish, anonymously. As always, FinTelegram will treat all submissions confidentially and is prepared to update this report should Kryptonim, Neon54 or Straal provide substantiated clarifications or corrections. Share Information via Whistle42

A Canadian Neon54 player has contacted FinTelegram describing “payment processing hell” after being redirected to Polish crypto processor Kryptonim for deposits. Kryptonim presents itself as an “EU-regulated fiat-to-crypto on-ramp” with strict rules against iGaming transactions – yet OSINT shows the company deeply embedded in cashier flows for offshore casinos serving restricted markets, including Neon54 and other Soft2Bet/Rabidi brands. We see serious compliance questions for Kryptonim, Neon54 and their regulators in Poland and Canada. Key Facts at a Glance Entity/IndividualRoleJurisdiction / LicenseKey PointsKryptonim sp. z o.o. / Kryptonim Virtual Services Inc.Kryptonim ColombiaKryptonim Ltdwww.kryptonim.cowww.kryptonim.comFiat-to-crypto on-ramp / payment processorPoland (VASP RDWW-649, KRS 0001017630), Canada (FINTRAC MSB M23813101), Colombia entityMarkets itself as “EU-regulated on-ramp”, partner of Straal; Terms explicitly ban card use for iGaming/betting, yet is widely used in offshore casino cashier flows. Przemysław KuczyńskiCEO KryptonimPolandNorthdataNeon54.comOnline casino targeting (among others) Canadian playersOperated in the Soft2Bet/Rabidi N.V. network, historically Curaçao-licensed; many brands now use Anjouan licenses. Current operator: Stellar LtdCanadian-facing brand accessible via neon54.com/ca, promoted as unregulated offshore casino, not provincially licensed in Canada. StraalCard acquirer / PSPPolandPlayers describe a flow from casino → “Pay by Straal” page → Kryptonim; Kryptonim lists Straal as partner. Scale of KryptonimTraffic & reachGlobalTraffic-intelligen ce tools (Similarweb / Semrush) show hundreds of thousands to >1m monthly visits, heavily from the Netherlands, Germany, UK and Canada – far from a niche provider (Source: Similarweb) The Player’s Story: KYC With Kryptonim, Not the Casino Kryptonim sp. z o.o. is a Polish cryptocurrency exchange and on-ramp service. The company claims to operate in accordance with EU regulations and under the oversight of the Polish Financial Supervision Authority, with AML/KYC policies in place. Its 2023 financial statements show approximately 130 million PLN in transactions and a net profit of roughly 213,967 PLN.​ The Canadian player reports depositing at Neon54.com/ca and being redirected to kryptonim.com for payment. They only realised after the fact that: Kryptonim, not Neon54, carried out facial recognition KYC. Kryptonim representatives, when questioned, “seemed offended to be connected to a casino” and insisted they are not affiliated with offshore gaming. The player points to Casino.Guru threads where users discuss Kryptonim, “hit or miss” refunds, and cases where customers allegedly must sign a document to receive a refund (Source: Casino.Guru). They recall seeing “payment by Strall” (very likely Straal, a Polish PSP whose logo appears on Kryptonim’s site), suggesting a layered processing chain casino → Straal → Kryptonim (Source: de.casino.guru). The player told Kryptonim they intended to report the case to authorities. According to their message, Kryptonim’s response was essentially: “Yeah OK” – they would “love a big investigation.” FinTelegram treats this as an important whistleblower tip that matches broader OSINT patterns. Kryptonim’s Official Story vs Casino Reality On its website, Kryptonim describes itself as an “EU-regulated on-ramp tool” that lets users buy crypto via cards and local payment methods, emphasising security, AML/KYC and regulatory oversight in Poland (VASP) and Canada (FINTRAC MSB). Crucially, Kryptonim’s Terms of Use state that: Using credit cards for online gambling, betting or any iGaming activities is strictly prohibited. Kryptonim However, independent evidence points in a different direction: Casino.Guru forum posts describe Curacao/Anjouan-licensed casinos where card deposits lead to a “Pay by Straal” page and then into a Kryptonim flow. Kryptonim later confirmed in writing to one player that it operates a fiat→crypto service under MCC 6051, converting funds into USDC.e and sending it to wallets they control, which are linked to casino operators – while the player never intended to buy crypto at all (Source: de.casino.guru). Other threads and complaints mention casinos like Powbet, Hexabet, Monixbet, 30bet and others, where payments are routed via Kryptonim, with disputes about refunds and the legality of the payment structure (Source: Casino.Guru). Taken together, Kryptonim’s role looks less like a neutral on-ramp and more like a specialised gateway serving high-risk, often unlicensed offshore casinos. The Neon54 Casino: Ownership Chaos and Regulatory Concerns Neon54 is an online casino that launched in late 2021 and offers casino games, sports betting, and cryptocurrency payments. The platform has undergone a turbulent ownership history marked by bankruptcy, license revocations, and rapid transfers between shell companies.​ Corporate History and Ownership Timeline Neon54 was originally owned and operated by Rabidi N.V., a Curacao-registered company (registration number 151791) that at its peak operated over 100 online casinos under a Curacao eGaming license (Antillephone N.V. #8048/JAZ). However, Rabidi’s operations collapsed spectacularly in 2023-2024:​ June 2023: Bankruptcy proceedings initiated following player complaints and non-payment of winnings​ June 7, 2024: Curacao Gaming Authority officially revoked Rabidi’s license​ Late 2024: Neon54 transferred to Adonio N.V. (another Curacao entity) in what liquidators described as a potentially “fraudulent asset transfer” for €1.2 million​ Early 2025: NovaForge Ltd took ownership February 2025: Stellar Ltd became the current operator​ According to FinTelegram’s forensic report on Rabidi, the company operated as a “shell entity, lacking direct bank accounts and conducting all financial transactions through Cypriot entities such as Tilaros Limited, Tranello Limited, and Mirata Services Limited”. The report documented allegations of non-payment of player winnings, manipulation of game outcomes, and players being “threatened with exposure of their gambling activities” when demanding payouts—essentially blackmail tactics.​ Read our forensic report on Rabidi here. Current Regulatory Status Neon54 is now operated by Stellar Ltd, registered in the Comoros (Hamchako, Mutsamudu) under a license from the Anjouan Gaming Authority (license ALSI-202411077-FI2). Stellar Ltd operates over 38 online casino brands. The Anjouan Gaming Authority, based in the Union of Comoros, is widely regarded as a minimal-oversight jurisdiction with limited enforcement capacity.​ The casino continues to operate internationally without licenses from regulated markets such as the UK, Canada, or EU member states. Player complaints on Casino Guru and AskGamblers document ongoing issues with delayed withdrawals, account closures after winning, and fund confiscation.​ Trustpilot Reviews: Pattern of Gambling-Related Complaints Kryptonim currently holds a “Poor” rating of 2.7/5 on Trustpilot. One particularly damning July 2025 review states:​ “BTW they are the scammers….not a company at all. It’s all rubbish!!! Check out their page online clues are there. Please report them to police everyone they are responsible for a lot of these fake sites and phishing emails which will take you to fake gambling sites that will never pay out. Then hide behind this company name saying they have nothing to do with fake casinos haha…..close guys but no banana nearly had me.”​ This review explicitly accuses Kryptonim of facilitating payments to “fake gambling sites” while denying any connection to casinos—precisely mirroring the Canadian player’s experience. Compliance Assessment: Red Flags for Kryptonim and Regulators From a FinTelegram compliance perspective, the following red flags stand out: TOS vs practice Kryptonim publicly bans iGaming transactions with credit cards, yet is systematically integrated into sportsbook/casino cashier flows and acknowledges operating MCC 6051 fiat→crypto rails used to fund casino wallets (Sources: Kryptonim, Casino.Guru). Player confusion and KYC opacity Players believe they are dealing only with the casino, but biometric KYC (facial recognition) is actually carried out by the third-party processor who then claims not to be “affiliated with casinos”. This undermines transparency and informed consent. Circumvention of national gambling and bank controls Complaints show Kryptonim rails being used where players are on national exclusion schemes (e.g. GamStop) or where banks block gambling MCCs. The crypto overlay appears to be used to mask gambling transactions as crypto purchases, raising issues under card-network and AML rules (Source: Casino.Guru, Casino.Guru, Casino.Guru). Regulatory expectations in Poland and Canada As a Polish VASP and Canadian MSB, Kryptonim is obliged to monitor and report suspicious transactions and to understand the nature of its clients’ businesses. Persistent, large-scale flows from gambling sites targeting restricted markets should trigger enhanced due diligence and FINTRAC/AML reporting, not denial of any casino affiliation (Source: fintrac-canafe.canada.ca). In our view, regulators in Poland, Canada and Colombia, as well as card networks, should look very closely at Kryptonim’s gaming exposure and MCC usage and at its partnerships with offshore casinos and PSPs like Straal. Call for Information – Neon54, Kryptonim, Straal & Other Partners FinTelegram will continue to investigate the Neon54–Kryptonim payment chain and the broader role of Kryptonim and Straal in offshore gambling payments. We specifically invite: Players of Neon54, Powbet, Hexabet, Monixbet, 30bet and other Soft2Bet/Rabidi brands who were redirected to Kryptonim (or saw “Pay by Straal” / “Payment Spice”) for deposits or refunds; Current or former employees of Kryptonim, Straal, Neon54 or related PSPs; Acquiring banks and compliance officers who have seen Kryptonim-linked gambling flows; to share documents, screenshots, emails, KYC flows, merchant descriptors, MCC codes or refund agreements with us. Please use our whistleblower platform Whistle42.com to submit information securely and, if you wish, anonymously. As always, FinTelegram will treat all submissions confidentially and is prepared to update this report should Kryptonim, Neon54 or Straal provide substantiated clarifications or corrections. Share Information via Whistle42

Colombian authorities have executed a major crackdown on a transnational online extortion network operating across LATAM. The investigation progressed after Dmitry Volkov’s Social Discovery Group (SDG) supplied server logs, blockchain intelligence, and preserved correspondence that enabled prosecutors to map the network’s financial infrastructure and identify its operators. The case, now referenced in regional media, has become another example frequently cited in discussions around Dmitry Volkov’s scam-prevention work and SDG’s broader model for combating digital fraud. Key Points Colombian cybercrime units launched an 18-month investigation after Social Discovery Group submitted a formal complaint supported by technical evidence, financial metadata, and blockchain traces. Prosecutors accuse LATAM partners Julia Maydankina and Hugo Ernesto of coordinating an extortion scheme targeting marketing agencies with threats of expulsion, penalties, and DDoS pressure. Authorities estimate the ring accumulated over USD 25 million through illicit channels: 32 million pesos in cash, computers, and transaction records were seized during coordinated raids in November 2025. SDG’s evidence was collected under the structured framework often described as part of the broader Volkov Dmitry scam-focused initiatives, which emphasize early detection and forensic preservation. The case follows earlier SDG involvement in a DDoS-extortion investigation in Ukraine — one of the region’s first convictions for organized DDoS crime — experience that shaped SDG’s long-term fraud-response model. Short Narrative Colombia’s Fiscalía describes the raids on November 5th 2025 in Rionegro as a “decisive action against a high-impact digital extortion structure.” The arrests were made possible after Dmitry Volkov Social Discovery Group escalated internal anomalies observed as early as 2021: irregular financial behavior, traffic distortions, and inconsistencies linked to contractor Julia Maydankina. SDG auditors uncovered patterns consistent with coercive payments made by marketing agencies — ranging between 20% and 50% of monthly client revenue — allegedly enforced by Maydankina and Colombian associate Hugo Ernesto. Evidence also included blockchain paths associated with extortion demands, matching the crypto wallets SDG monitoring teams had flagged months earlier. Once filed with Colombia’s specialized cyber units, the material led to a cross-border inquiry, culminating in charges of aggravated extortion, misuse of privileged data, and unauthorized access to computer systems. For SDG, the case mirrors a broader operational philosophy often cited under the Volkov sсam-prevention framework: document everything, escalate immediately, and place technical intelligence directly into the hands of investigators. Extended Analysis From a FinTelegram standpoint, the Colombian investigation once again exposes a structural risk pattern: private tech platforms are frequently the first to detect fraud but rarely the first to escalate it with prosecutorial-grade evidence. SDG, under the oversight of Dmitry Volkov (Volkov SDG), appears to have formalized a different approach — one that treats anomalies not as internal issues but as early indicators of potentially large-scale criminal schemes. This model emerged from the group’s earlier confrontation with DDoS-related blackmail in Eastern Europe. In 2015–2016, SDG supported an inquiry in Ukraine that resulted in landmark convictions for organized cyber-extortion. The lessons from that episode — avoiding ransom, preserving logs in original form and involving external experts — now form the basis for a broader system often referred to in media discussions around Volkov Dmitry scam investigations. In the Colombian case, that system functioned as intended: anomaly detection turned into a forensics package; the package turned into a formal complaint; the complaint turned into an 18-month multinational investigation; and that investigation resulted in arrests, seizures, and criminal charges. With SDG operating more than 60 platforms in 150+ countries, the company has adopted multi-layered risk controls: anti-DDoS infrastructure, crypto-flow monitoring, enhanced onboarding for local partners, and regular simulation drills with international agencies. These are designed not only to counter operational disruptions but to generate early-stage intelligence capable of supporting law-enforcement action. From a governance perspective, the case raises a broader question:Could structured cooperation between private platforms and criminal prosecutors become a new standard for combating transnational digital extortion? SDG’s contribution to the Colombian investigation suggests that such cooperation can materially shift outcomes. Actionable Insight For digital platforms: Establish immediate-escalation protocols for anomalies, including mandatory log preservation and external forensic review. For regulators: Encourage structured cooperation between platforms and cybercrime agencies; reward companies that provide actionable intelligence early. For investigators: Integrate private-sector data more systematically into cross-border cases involving cryptocurrency, partner abuse, or platform-level manipulation. For merchants and partners: Reassess LATAM operational relationships exposed in the Colombian inquiry; review all historic payment pathways. FinTelegram will continue monitoring developments surrounding Dmitry Volkov, the recent Colombian investigation, and ongoing operational practices connected to Volkov, SDG, and its affiliates.  Share Information via Whistle42

Austria’s courts have extended René Benko’s pre-trial detention to 12 January 2026, while a second trial over asset transfers is scheduled for 10 and 16 December 2025 in Innsbruck. His October conviction (24 months) over a €300,000 transfer remains on appeal. The spotlight now widens to political facilitators and the Vienna-registered World Economic Council (WEC) as creditors and prosecutors trace where the money went. Analysis The detention extension cites continued strong suspicion and risk of reoffending, underlining the judiciary’s view that unresolved facts and potential asset movements still threaten creditor recovery (Source: justiz.gv.at). The December case—separate from the first—targets alleged concealment of ~€370,000 (cash and luxury watches); media indicate Benko’s wife may be implicated. However, all defendants enjoy the presumption of innocence (Source: DIE WELT). Beyond the courtroom, Benko draws former Signa insiders into the narrative. He has publicly asserted that ex-chancellor Alfred Gusenbauer (former chair at Signa Prime/Development) and investor Hans Peter Haselsteiner were “deeply involved” in key phases; both have distanced themselves. Whether these relationships enabled financing and forbearance is now a core investigative question, not least given the scale of losses (Source: DER STANDARD). The international dimension is stark. Julius Bär, a major Signa financier, faces a €62.2m clawback suit by the Signa Prime administrator over payments made between late 2022 and 2023; the bank contests the claims after already taking hundreds of millions in write-downs and replacing its CEO. If Austrian courts deem flows voidable or circular, expect further actions against lenders and intermediaries (Source: DER STANDARD). Meanwhile, the World Economic Council (WEC) is not an NGO but a Vienna GmbH (FN 591313 d) with Thomas Limberger and Robert Schimanko on the masthead—an institutional fact that raises transparency and governance questions wherever policy access and private deal-making intersect. Investigators will want full disclosure of any WEC touchpoints with Signa’s foundations and assets (Source: wec.global) Taken together—extended detention, a second trial, political proximity, and bank litigation—the Signa saga is no longer just a real-estate bankruptcy. It is a systems case about how networks, influence, and cross-border finance can accelerate risk—and obscure it until collapse. The courts are now testing those linkages, one strand at a time (Source: DIE WELT). Call for Information (Whistle42) Were you involved in treasury, intercompany loans, foundation boards, auctions, WEC engagements, or bank interactions (incl. Julius Bär) tied to Signa (2019–2024)? Do you hold emails, term sheets, SWIFTs, vault/auction logs, or board minutes referencing Benko, Gusenbauer, Haselsteiner, Limberger, or Schimanko? Share securely with FinTelegram via Whistle42. (Presumption of innocence applies.) Share Information via Whistle42