DeFi platforms such as Axiom and Hyperliquid present themselves as “permissionless infrastructure,” yet in practice they function as highly profitable trading venues for leveraged derivatives and cross-chain swaps, serving EU retail users at scale. Under MiCA and existing EU securities law, these are not unregulated parallel universes. They are crypto-asset service providers – or even MiFID II investment firms – operating without the required licenses. The real scandal today is not only the regulatory gap in MiCA’s treatment of “pure” DeFi, but the ongoing failure of EU supervisors to use the powers they already have. 1. DeFi – A Regulatory Definition, Not a Branding Trick EU regulators now use a fairly convergent working definition of DeFi: a system of financial applications built on public blockchains that replicate traditional-finance functions (trading, lending, derivatives, asset management) via smart contracts and often “open, permissionless” access (Source: ESMA). MiCA itself is entity-based: it applies to natural or legal persons issuing crypto-assets or providing crypto-asset services, including when parts of the activity are executed in a decentralised way. Only arrangements that are fully decentralised with no intermediary fall clearly outside MiCA’s current scope – and MiCA explicitly recognises this as a future policy problem, not a free-for-all (Source: ESMA, EuroFi). French and EU policy papers reinforce the principle “same activity, same risks, same rules”: DeFi smart contracts may not be regulated as such, but the people who design, deploy, control front-ends, market the product, or share in the fees can be classified as regulated service providers (DASP/CASP or investment firms) on a case-by-case basis (Source: Banque de France). In other words: calling yourself “DeFi” does not put you into a regulatory void. It simply shifts the spotlight to who is actually in control. 2. Axiom & Hyperliquid: DeFi Labels, Centralised Economics Axiom is marketed as a decentralised trading terminal on Solana offering spot swaps, cross-chain trading, yield products and 20x-leveraged perpetuals, with 4.3 million monthly visitors and double-digit millions in monthly revenue (Source CoinGecko). Its own documentation shows tight integration with Hyperliquid to route swaps and perpetuals trading (Source: CoinGecko). Hyperliquid, in turn, has become the dominant on-chain perps venue: since launch it has processed around $2.5 trillion in cumulative perp volume and now captures roughly 80% of the decentralised perps market, with daily volumes above $8 billion (Source: 21shares). Independent research and marketing materials highlight no KYC, access from over 180 countries, including EU states, and leverage up to 40x – with restrictions only for the US, Ontario and a few sanctioned jurisdictions (Source: datawallet, CoinPerps, CryptoNews). Read our Axiom Compliance Report 2025 here. FinTelegram’s own compliance tests from within the EU (Italy and Austria) confirmed that Hyperliquid accepts deposits and allows trading of perpetual futures – MiFID II financial instruments – without identification, geo-blocking or EU perimeter controls. Functionally, both platforms look far less like autonomous protocols and far more like profit-seeking trading businesses with teams, front-ends, fee models and roadmaps. 3. Why These Platforms Are Already Inside the EU Perimeter From a MiCA / MiFID perspective, several points are clear: Crypto-asset services (CASPs). MiCA Title V covers services such as operating a trading platform, executing orders, exchanging crypto against fiat/crypto, and providing custody. EU regulators (e.g. the AMF) stress that any firm offering these services to EU clients after 30 December 2024 needs CASP authorisation, subject to limited national grandfathering (Source: DL News, AMF, ESMA). Derivatives = MiFID II, not just MiCA. Perpetual futures on BTC, ETH, SOL and similar crypto-assets are derivatives within MiFID II’s definition. ESMA and legal commentary are clear that derivatives on crypto fall under existing securities law when offered via trading venues or investment firms (Source: eur-lex.europa). Targeting EU users. Data sources and marketing collateral around Hyperliquid explicitly talk about access “across Europe” with no KYC,datawallet.com+1 while Axiom advertises itself to global retail as an “all-in-one trading platform” with email and wallet sign-up and no visible EU-specific restrictions (Source: CoinGecko). Under this lens, DeFi front-ends such as Axiom – and potentially the entities behind Hyperliquid’s web interface and governance – are not outside the law. They are very plausible CASPs and/or investment firms actively providing services in the Union without authorisation. 4. Does MiCA Effectively Address DeFi – Or Just Pretend To? To be fair, MiCA 1.0 was never designed as a full DeFi statute. The Regulation openly acknowledges that fully decentralised arrangements fall outside its scope and mandates an Article 142 review on DeFi and staking by 2025 (Source: ESMA). The EBA/ESMA DeFi report notes that DeFi still represents a limited share of the overall crypto market but flags significant consumer and integrity risks, recommending that policymakers consider further tools – including extending entity-based regimes to DeFi “gateways” and intermediaries (Source: ESMA). So the honest answer is nuanced: For pure, protocol-only DeFi with no identifiable operator, MiCA is incomplete and will likely need a Phase-2 regime. For Axiom-style terminals and Hyperliquid-style exchanges with real teams, fee capture, product roadmaps and marketing, MiCA + MiFID II already provide enough legal hooks. What is missing is not law – it is enforcement. 5. Regulatory Inertia: A Growing DeFi Enforcement Deficit Since mid-2024, MiCA’s stablecoin rules are live and CASP rules apply from 30 December 2024, with only limited transitional regimes for existing, law-compliant providers (Source: BancadItalia). Yet DeFi perps venues and gateways continue to move multi-billion volumes with EU retail users, while most national regulators restrict themselves to generic warnings about “crypto volatility.” From a FinTelegram perspective, this looks increasingly like regulatory negligence: Supervisors have repeatedly endorsed “same activity, same rules” for DeFi. They know that Axiom-style platforms and Hyperliquid perps are accessible from their jurisdictions and that these products fall within MiCA / MiFID risk perimeter. Yet we see no MiCA-based public warnings, no cross-border cease-and-desist orders, no visible coordination – precisely the gap DeFi players are exploiting. The message to the market is dangerous: call yourself “DeFi,” put your servers somewhere offshore, avoid KYC – and Europe will look the other way. MiCA has been fully applicable since 30 December 2024. BaFin has “name-and-warn” powers under KMAG. ESMA maintains a register of non-compliant providers. The EBA explicitly warns that “CASPs or issuers operating without regulatory approval pose several ML/TF risks.”​ Why, then, are EU regulators watching billions flow through unlicensed channels without taking enforcement action? This inaction normalizes regulatory circumvention, exposes EU retail investors to unprotected risk, creates competitive disadvantage for compliant CASPs, and undermines MiCA’s credibility before it has established regulatory authority. 6. Call for Information FinTelegram will continue to investigate the DeFi enforcement gap in the EU, with a focus on Axiom, Hyperliquid and their on- and off-ramp partners. We invite insiders, developers, compliance staff and affected traders to share documents, internal policies, geo-blocking evidence or correspondence with regulators via our whistleblower platform Whistle42. Your information can help clarify who really controls these “decentralised” gateways – and why EU regulators are still failing to act under MiCA. Share Information via Whistle42

Executive Summary Axiom Trade (www.axiom.trade) is a high-risk, unregulated DeFi trading platform operating without any identified regulatory licenses in the EU, US, or other major jurisdictions. Despite attracting approximately 7.5 million monthly visitors—including substantial traffic from the US (~30%), UK, and Russia—the platform operates as an unlicensed Crypto Asset Service Provider (CASP), accepting users from EU jurisdictions without mandatory KYC verification.​ Legal Structure & Beneficial Ownership The platform is operated by Axiom Innovations Inc., a Delaware-registered corporation headquartered in San Francisco, California. The company was founded in 2024 by Henry Zhang (alias “Mist”) and Preston Ellis (alias “Cal”), both 22-year-old UC San Diego graduates with prior employment at TikTok and DoorDash. The company received $500,000 seed funding from Y Combinator (Winter 2025 batch) and reportedly generated $100 million in revenue within four months of its early 2025 launch.​ Regulatory Status & Compliance Concerns Axiom Trade is not licensed or regulated by any recognized financial authority, including the SEC, FCA, ASIC, or any EU National Competent Authority. The platform explicitly states it does not operate as a centralized financial institution but rather as a “decentralized trading interface.” Our independent compliance verification conducted on November 26, 2025, confirmed that users identifying as residents of multiple EU member states were able to establish trading accounts on Axiom Trade and execute asset deposits via both cryptocurrency (Solana) and fiat currency channels without undergoing mandatory Know Your Customer (KYC) verification procedures. Axiom Trade with Onramper and MoonPay Deposit mechanisms included third-party on-ramp providers, including Onramper, MoonPay, and Topper. This operational framework represents a material compliance deficiency, as Axiom Trade provides comprehensive financial services—including order execution, asset custody interfaces, and trading facilitation—across the EU jurisdiction without apparent authorization under the Markets in Crypto-Assets Regulation (MiCA, EU Regulation 2023/1114). MiCA explicitly mandates that all Crypto Asset Service Providers (CASP) operating within EU member states obtain prior licensing from National Competent Authorities and implement risk-based customer identification procedures before establishing commercial relationships. The absence of regulatory licensing, coupled with the circumvention of AML/KYC requirements, constitutes a direct violation of MiCA compliance obligations and exposes users to unregulated counterparty risk. Axiom Trade does not appear to hold any such authorization.​ Read our reports on MoonPay here. Key Compliance Points Emphasized Timing & Verification: Specific date of testing (November 26, 2025) establishes recent, factual evidence Geographic Scope: “Multiple EU member states” demonstrates systematic rather than isolated access Regulatory Citation: Direct reference to MiCA (EU Regulation 2023/1114) with specific compliance obligations Procedural Violation: Emphasizes both licensing absence and KYC circumvention as distinct violations Risk Articulation: Concludes with material user protection implications This formulation is suitable for institutional compliance reports, regulatory submissions, and whistleblower disclosures while maintaining forensic accuracy and professional tone. DeFi is no Regulatory Limbo Axiom Trade characterizes its model as “DeFi” on the basis that users transact through self-custodied Solana wallets, with private keys controlled by the user rather than by Axiom in a custodial capacity. In this architecture, both initial deposits (via integrated on-ramp partners) and subsequent trading activity are routed directly to and from the user’s own wallet, so that, at least technically, assets remain under continuous user control rather than on Axiom’s balance sheet. However, under MiCAR, the decisive criterion is not custody alone but whether a legal person professionally provides crypto-asset services such as operating a trading interface, receiving and transmitting orders, or executing orders on behalf of clients. MiCAR Recital 22 and related ESMA guidance make clear that services do not fall outside the regulation merely because part of the stack is “decentralized” or non-custodial; where a frontend or operator organizes access to markets and facilitates execution for EU clients, it can still qualify as a Crypto-Asset Service Provider (CASP) and trigger full authorization, conduct, and AML/KYC obligations notwithstanding the self-custody design. KYC/AML Deficiencies Our review confirmed that EU users can register and deposit funds via Solana  or Onramper without mandatory identity verification. The platform permits purchases up to $500 per week without KYC through its Coinbase integration. While MoonPay , a licensed on-ramp partner, typically requires KYC verification for fiat transactions, the platform’s overall structure enables circumvention of standard compliance requirements. This configuration potentially violates EU AML directives requiring CASPs to verify customer identity before establishing business relationships.​ Jurisdictional Restrictions & Geographic Risk The Terms of Use prohibit users from the United States, UK, Russia, and other sanctioned jurisdictions. However, our analysis via Similarweb indicates approximately 30% of traffic originates from the US, with significant additional traffic from the UK and Russia—jurisdictions explicitly listed as restricted. This discrepancy suggests inadequate geo-blocking enforcement, exposing the platform to potential regulatory action and users to unprotected trading environments.​ Summary Table CriterionDetailsPlatform NameAxiom Trade (www.axiom.trade)Legal EntityAxiom Innovations Inc.JurisdictionDelaware, USA (San Francisco HQ)Founders/Beneficial OwnersHenry Zhang (“Mist”), Preston Ellis (“Cal”)Foundation Date2024Regulatory StatusUnlicensed – No SEC, FCA, or EU authorizationEU ComplianceNot MiCA compliant – No CASP license identifiedKYC ImplementationNo KYC required up to $500/weekOn-Ramp PartnersMoonPay, Onramper, Topper, CoinbaseKey Markets (Traffic)USA (~30%), UK, RussiaRisk AssessmentHIGH – Unregulated, accessible from restricted jurisdictions Call for Information Do you have insider information about Axiom Trade, its operators, or related entities? FinTelegram invites whistleblowers and insiders to share confidential information through our secure platform Whistle42 (whistle42.com). Your identity will be protected. Share Information via Whistle42

The crypto payment processor MoonPay has secured a New York Limited Purpose Trust Charter for MoonPay Trust Company, LLC, joining an elite “dual-licensed” club alongside Coinbase, PayPal, Ripple, and NYDIG. The firm now presents itself as a gold-standard infrastructure provider for institutional crypto services. At the same time, FinTelegram and RatEx42 have documented MoonPay’s ongoing technical integration with unlicensed online casinos – and so far, regulators have not publicly sanctioned MoonPay for this specific role. Key Points NYDFS Trust Charter + BitLicense: MoonPay Trust Company, LLC has been authorized by the New York State Department of Financial Services (NYDFS) as a New York Limited Purpose Trust Company (LPTC), allowing it to offer digital-asset custody and OTC trading under banking-style supervision. The firm already holds a BitLicense (June 2025). (Source: prnewswire.com). Global Regulatory Footprint: MoonPay highlights registrations in the UK (FCA), Australia, Canada, Italy, Ireland, Jersey and a MiCA crypto-asset service provider authorization in the EU (Source: MoonPay). Documented Casino Facilitation: FinTelegram and RatEx42 have repeatedly shown MoonPay as a “buy-crypto” on-ramp embedded in illegal or unlicensed casinos such as Betsolino, MetaWin, Claps Casino, BitStarz and others. Texas Enforcement – But Not for Gambling: In 2024, the Texas Banking Commissioner fined MoonPay USA LLC and Moon Pay Limited USD 30,516.30 for engaging in unlicensed money transmission and ordered them to cease until properly licensed. This was a licensing/MTL issue, not a gambling case (Source: dob.texas.gov). No Public Gambling-Specific Sanction (So Far): As of 27 November 2025, FinTelegram’s research has not identified any public enforcement action specifically penalising MoonPay for facilitating illegal online gambling, despite its systematic integration in high-risk casinos. Short Narrative MoonPay’s press release frames the New York Trust Charter as a milestone in building “regulated financial infrastructure”. A New York Limited Purpose Trust Charter effectively places MoonPay Trust Company, LLC inside the same prudential perimeter used for certain banks and trust companies, with NYDFS as front-line supervisor. The charter allows MoonPay to custody digital assets and run OTC trading desks under one of the most demanding regulatory regimes in the crypto world (Source: prnewswire.com). Combined with its BitLicense and multi-jurisdictional registrations, MoonPay now presents itself as a bridge between banks, card schemes, stablecoins and blockchains – a regulated “plumbing layer” for the next generation of payments and digital assets. From a distance, this reads like a compliance success story. Up close, FinTelegram’s case files tell a more uncomfortable story. Extended Analysis 1. What the Trust Charter Actually Means Under NYDFS rules, virtual-currency firms can either obtain a BitLicense or a banking-law charter (e.g. limited purpose trust company). A trust charter generally comes with: Higher governance and capital expectations than a standalone BitLicense; Explicit fiduciary duties around custody; Full-scope AML/CTF obligations, including transaction monitoring, SAR-like reporting and robust sanctions controls (Source: Department of Financial Services). CoinDesk and other outlets underline that MoonPay now joins a very small group of dual-licensed firms – Coinbase, PayPal, Ripple, NYDIG – which NYDFS sees as systemic infrastructure players (Source: coindesk.com). The press release also hints that this structure could support future stablecoin-style products, subject to separate NYDFS approval, explicitly name-checking the US GENIUS framework as a potential path. Read our MoonPay reports here. 2. The Unresolved Casino Question Against this backdrop, FinTelegram and RatEx42 have repeatedly documented MoonPay’s function as a crypto on-ramp for offshore casinos: Betsolino: RatEx42 identified MoonPay (and Changelly) as payment facilitators for the illegal Betsolino casino, allowing players to buy crypto by card and push it straight into the casino’s wallets (Source: RatEx42 Listings). Systematic Casino Integration: FinTelegram’s Bitcoin.de warning report lists MoonPay among processors that “continue to enable illegal casino operations,” citing integrations with Claps Casino, BitStarz and other offshore operators targeting restricted jurisdictions (Source: FinTelegram). MetaWin & Other Crypto Casinos: Our analysis of MoonPay’s acquisition of Meso Network notes that MoonPay’s rails remain deeply embedded in unlicensed crypto-casino ecosystems, including MetaWin, with MoonPay acting as a primary fiat-to-crypto gateway (Source: FinTelegram) Buy-Crypto Widgets as De-Facto PSPs: FinTelegram has shown how “Buy Crypto” widgets powered by MoonPay on Roobet, Gamdom and similar sites effectively replace classic gambling PSPs while sidestepping card-scheme MCC restrictions and national gambling controls (Source: FinTelegram). MoonPay’s own terms of use explicitly prohibit “unlawful gambling” and the use of its services to pay for illegal activities, including illegal gambling or money laundering. The reality documented in multiple FinTelegram investigations suggests a persistent policy-versus-practice gap. 3. Enforcement to Date Our research confirms one notable enforcement action: Texas (Dec 2024) – Consent order for unlicensed money transmission in connection with fiat and sovereign-backed stablecoin flows, resulting in a USD 30,516.30 penalty and a requirement to obtain a money transmitter licence. However, as of today we have found no public enforcement decision in which a regulator sanctions MoonPay specifically for facilitating illegal gambling/casino activity. That does not mean there are no confidential supervisory measures – but nothing comparable to the large fines imposed on banks, card schemes or PSPs in gambling cases is visible in the public record. In other words: MoonPay is now a NYDFS-chartered trust company while its casino integrations, documented across Europe and beyond, have yet to trigger gambling-focused enforcement. Actionable Insight (for Regulators, Banks, and Partners) Regulators should re-evaluate licensed crypto infrastructure providers not just on their own licensing status, but on the nature of their downstream merchants – especially when those merchants are clearly unlicensed casinos in key markets. Banks and card schemes partnering with MoonPay for “regulated crypto access” should conduct independent checks on casino integrations, not rely solely on MoonPay’s prohibited-use clauses. Institutional counterparties considering MoonPay’s new trust-company services should explicitly address exposure to gambling-related flows in onboarding, risk assessment, and contractual covenants. The core compliance question is simple: Can a firm credibly market itself as best-in-class regulated infrastructure while continuing to provide de-facto rails for unlicensed gambling? Call for Information (Whistle42) FinTelegram will continue to track MoonPay’s regulatory trajectory and its role in the online gambling ecosystem. We specifically invite: Current and former MoonPay employees (compliance, risk, sales, tech); Casino operators, affiliates, and PSP partners; Banking and card-scheme partners; Regulators and supervisory staff with relevant insight to provide documents, internal communications, and technical integration details regarding MoonPay’s relationships with online casinos and high-risk gaming platforms. Information can be submitted securely and anonymously via our whistleblower platform Whistle42. Share Information via Whistle42

Former Meinl Bank CEO Peter Weinzierl, a central figure in the US Odebrecht–Meinl money-laundering case, is to be released from Brooklyn’s Metropolitan Detention Center on bail under electronic house arrest. According to court reporting, Judge Rachel Kovner approved a revised bail package after rejecting an earlier anonymous-donor proposal, with a new USD 2 million bond secured by Weinzierl’s mother and sister. Bail conditions include home confinement with electronic GPS monitoring, surrender of all travel documents and a strict ban on foreign travel. The charges remain unchanged and severe. US prosecutors in the Eastern District of New York accuse Weinzierl of conspiring with former colleague Alexander Waldstein and Odebrecht executives to launder more than USD 170 million through Meinl Bank in Vienna and its Antigua affiliate between 2006 and 2016. Funds were allegedly routed via sham contracts and shell companies, booked as fictitious “consulting” expenses and then used to pay bribes to officials in Brazil, Panama and Mexico, while also helping Odebrecht evade more than USD 100 million in Brazilian tax. FinTelegram has previously reported how Meinl Bank, later rebranded Anglo Austrian Bank (AAB), lost its banking licence in 2019 after repeated AML failings and high-risk cross-border business, including the Odebrecht structures and Eastern European laundromat flows. FMA Österreich+2tigerpartners.eu+2 Yet in the current US indictment only operational executives like Weinzierl and Waldstein are facing criminal exposure. Read our Meinl Bank reports here. Conspicuously absent is former owner and long-time strongman Julius Meinl V. As beneficial owner and chair during the critical period, he oversaw the very strategy and Antiguan subsidiary that became a key node in Odebrecht’s global corruption machine. Regulators and central banks have pulled the licence and imposed fines, but prosecutors have so far stopped at the level of managers – not the ultimate controller. Is this due to evidentiary gaps, political sensitivity in Vienna, or a deliberate enforcement choice to focus on “doers” rather than designers? With Weinzierl now preparing his defence from electronic house arrest, one question becomes central for FinTelegram readers: will he continue to shield the Meinl system – or finally explain who really engineered the Odebrecht structures? Share Information via Whistl42

A Canadian Neon54 player has contacted FinTelegram describing “payment processing hell” after being redirected to Polish crypto processor Kryptonim for deposits. Kryptonim presents itself as an “EU-regulated fiat-to-crypto on-ramp” with strict rules against iGaming transactions – yet OSINT shows the company deeply embedded in cashier flows for offshore casinos serving restricted markets, including Neon54 and other Soft2Bet/Rabidi brands. We see serious compliance questions for Kryptonim, Neon54 and their regulators in Poland and Canada. Key Facts at a Glance Entity/IndividualRoleJurisdiction / LicenseKey PointsKryptonim sp. z o.o. / Kryptonim Virtual Services Inc.Kryptonim ColombiaKryptonim Ltdwww.kryptonim.cowww.kryptonim.comFiat-to-crypto on-ramp / payment processorPoland (VASP RDWW-649, KRS 0001017630), Canada (FINTRAC MSB M23813101), Colombia entityMarkets itself as “EU-regulated on-ramp”, partner of Straal; Terms explicitly ban card use for iGaming/betting, yet is widely used in offshore casino cashier flows. Przemysław KuczyńskiCEO KryptonimPolandNorthdataNeon54.comOnline casino targeting (among others) Canadian playersOperated in the Soft2Bet/Rabidi N.V. network, historically Curaçao-licensed; many brands now use Anjouan licenses. Current operator: Stellar LtdCanadian-facing brand accessible via neon54.com/ca, promoted as unregulated offshore casino, not provincially licensed in Canada. StraalCard acquirer / PSPPolandPlayers describe a flow from casino → “Pay by Straal” page → Kryptonim; Kryptonim lists Straal as partner. Scale of KryptonimTraffic & reachGlobalTraffic-intelligen ce tools (Similarweb / Semrush) show hundreds of thousands to >1m monthly visits, heavily from the Netherlands, Germany, UK and Canada – far from a niche provider (Source: Similarweb) The Player’s Story: KYC With Kryptonim, Not the Casino Kryptonim sp. z o.o. is a Polish cryptocurrency exchange and on-ramp service. The company claims to operate in accordance with EU regulations and under the oversight of the Polish Financial Supervision Authority, with AML/KYC policies in place. Its 2023 financial statements show approximately 130 million PLN in transactions and a net profit of roughly 213,967 PLN.​ The Canadian player reports depositing at Neon54.com/ca and being redirected to kryptonim.com for payment. They only realised after the fact that: Kryptonim, not Neon54, carried out facial recognition KYC. Kryptonim representatives, when questioned, “seemed offended to be connected to a casino” and insisted they are not affiliated with offshore gaming. The player points to Casino.Guru threads where users discuss Kryptonim, “hit or miss” refunds, and cases where customers allegedly must sign a document to receive a refund (Source: Casino.Guru). They recall seeing “payment by Strall” (very likely Straal, a Polish PSP whose logo appears on Kryptonim’s site), suggesting a layered processing chain casino → Straal → Kryptonim (Source: de.casino.guru). The player told Kryptonim they intended to report the case to authorities. According to their message, Kryptonim’s response was essentially: “Yeah OK” – they would “love a big investigation.” FinTelegram treats this as an important whistleblower tip that matches broader OSINT patterns. Kryptonim’s Official Story vs Casino Reality On its website, Kryptonim describes itself as an “EU-regulated on-ramp tool” that lets users buy crypto via cards and local payment methods, emphasising security, AML/KYC and regulatory oversight in Poland (VASP) and Canada (FINTRAC MSB). Crucially, Kryptonim’s Terms of Use state that: Using credit cards for online gambling, betting or any iGaming activities is strictly prohibited. Kryptonim However, independent evidence points in a different direction: Casino.Guru forum posts describe Curacao/Anjouan-licensed casinos where card deposits lead to a “Pay by Straal” page and then into a Kryptonim flow. Kryptonim later confirmed in writing to one player that it operates a fiat→crypto service under MCC 6051, converting funds into USDC.e and sending it to wallets they control, which are linked to casino operators – while the player never intended to buy crypto at all (Source: de.casino.guru). Other threads and complaints mention casinos like Powbet, Hexabet, Monixbet, 30bet and others, where payments are routed via Kryptonim, with disputes about refunds and the legality of the payment structure (Source: Casino.Guru). Taken together, Kryptonim’s role looks less like a neutral on-ramp and more like a specialised gateway serving high-risk, often unlicensed offshore casinos. The Neon54 Casino: Ownership Chaos and Regulatory Concerns Neon54 is an online casino that launched in late 2021 and offers casino games, sports betting, and cryptocurrency payments. The platform has undergone a turbulent ownership history marked by bankruptcy, license revocations, and rapid transfers between shell companies.​ Corporate History and Ownership Timeline Neon54 was originally owned and operated by Rabidi N.V., a Curacao-registered company (registration number 151791) that at its peak operated over 100 online casinos under a Curacao eGaming license (Antillephone N.V. #8048/JAZ). However, Rabidi’s operations collapsed spectacularly in 2023-2024:​ June 2023: Bankruptcy proceedings initiated following player complaints and non-payment of winnings​ June 7, 2024: Curacao Gaming Authority officially revoked Rabidi’s license​ Late 2024: Neon54 transferred to Adonio N.V. (another Curacao entity) in what liquidators described as a potentially “fraudulent asset transfer” for €1.2 million​ Early 2025: NovaForge Ltd took ownership February 2025: Stellar Ltd became the current operator​ According to FinTelegram’s forensic report on Rabidi, the company operated as a “shell entity, lacking direct bank accounts and conducting all financial transactions through Cypriot entities such as Tilaros Limited, Tranello Limited, and Mirata Services Limited”. The report documented allegations of non-payment of player winnings, manipulation of game outcomes, and players being “threatened with exposure of their gambling activities” when demanding payouts—essentially blackmail tactics.​ Read our forensic report on Rabidi here. Current Regulatory Status Neon54 is now operated by Stellar Ltd, registered in the Comoros (Hamchako, Mutsamudu) under a license from the Anjouan Gaming Authority (license ALSI-202411077-FI2). Stellar Ltd operates over 38 online casino brands. The Anjouan Gaming Authority, based in the Union of Comoros, is widely regarded as a minimal-oversight jurisdiction with limited enforcement capacity.​ The casino continues to operate internationally without licenses from regulated markets such as the UK, Canada, or EU member states. Player complaints on Casino Guru and AskGamblers document ongoing issues with delayed withdrawals, account closures after winning, and fund confiscation.​ Trustpilot Reviews: Pattern of Gambling-Related Complaints Kryptonim currently holds a “Poor” rating of 2.7/5 on Trustpilot. One particularly damning July 2025 review states:​ “BTW they are the scammers….not a company at all. It’s all rubbish!!! Check out their page online clues are there. Please report them to police everyone they are responsible for a lot of these fake sites and phishing emails which will take you to fake gambling sites that will never pay out. Then hide behind this company name saying they have nothing to do with fake casinos haha…..close guys but no banana nearly had me.”​ This review explicitly accuses Kryptonim of facilitating payments to “fake gambling sites” while denying any connection to casinos—precisely mirroring the Canadian player’s experience. Compliance Assessment: Red Flags for Kryptonim and Regulators From a FinTelegram compliance perspective, the following red flags stand out: TOS vs practice Kryptonim publicly bans iGaming transactions with credit cards, yet is systematically integrated into sportsbook/casino cashier flows and acknowledges operating MCC 6051 fiat→crypto rails used to fund casino wallets (Sources: Kryptonim, Casino.Guru). Player confusion and KYC opacity Players believe they are dealing only with the casino, but biometric KYC (facial recognition) is actually carried out by the third-party processor who then claims not to be “affiliated with casinos”. This undermines transparency and informed consent. Circumvention of national gambling and bank controls Complaints show Kryptonim rails being used where players are on national exclusion schemes (e.g. GamStop) or where banks block gambling MCCs. The crypto overlay appears to be used to mask gambling transactions as crypto purchases, raising issues under card-network and AML rules (Source: Casino.Guru, Casino.Guru, Casino.Guru). Regulatory expectations in Poland and Canada As a Polish VASP and Canadian MSB, Kryptonim is obliged to monitor and report suspicious transactions and to understand the nature of its clients’ businesses. Persistent, large-scale flows from gambling sites targeting restricted markets should trigger enhanced due diligence and FINTRAC/AML reporting, not denial of any casino affiliation (Source: fintrac-canafe.canada.ca). In our view, regulators in Poland, Canada and Colombia, as well as card networks, should look very closely at Kryptonim’s gaming exposure and MCC usage and at its partnerships with offshore casinos and PSPs like Straal. Call for Information – Neon54, Kryptonim, Straal & Other Partners FinTelegram will continue to investigate the Neon54–Kryptonim payment chain and the broader role of Kryptonim and Straal in offshore gambling payments. We specifically invite: Players of Neon54, Powbet, Hexabet, Monixbet, 30bet and other Soft2Bet/Rabidi brands who were redirected to Kryptonim (or saw “Pay by Straal” / “Payment Spice”) for deposits or refunds; Current or former employees of Kryptonim, Straal, Neon54 or related PSPs; Acquiring banks and compliance officers who have seen Kryptonim-linked gambling flows; to share documents, screenshots, emails, KYC flows, merchant descriptors, MCC codes or refund agreements with us. Please use our whistleblower platform Whistle42.com to submit information securely and, if you wish, anonymously. As always, FinTelegram will treat all submissions confidentially and is prepared to update this report should Kryptonim, Neon54 or Straal provide substantiated clarifications or corrections. Share Information via Whistle42

A Canadian Neon54 player has contacted FinTelegram describing “payment processing hell” after being redirected to Polish crypto processor Kryptonim for deposits. Kryptonim presents itself as an “EU-regulated fiat-to-crypto on-ramp” with strict rules against iGaming transactions – yet OSINT shows the company deeply embedded in cashier flows for offshore casinos serving restricted markets, including Neon54 and other Soft2Bet/Rabidi brands. We see serious compliance questions for Kryptonim, Neon54 and their regulators in Poland and Canada. Key Facts at a Glance Entity/IndividualRoleJurisdiction / LicenseKey PointsKryptonim sp. z o.o. / Kryptonim Virtual Services Inc.Kryptonim ColombiaKryptonim Ltdwww.kryptonim.cowww.kryptonim.comFiat-to-crypto on-ramp / payment processorPoland (VASP RDWW-649, KRS 0001017630), Canada (FINTRAC MSB M23813101), Colombia entityMarkets itself as “EU-regulated on-ramp”, partner of Straal; Terms explicitly ban card use for iGaming/betting, yet is widely used in offshore casino cashier flows. Przemysław KuczyńskiCEO KryptonimPolandNorthdataNeon54.comOnline casino targeting (among others) Canadian playersOperated in the Soft2Bet/Rabidi N.V. network, historically Curaçao-licensed; many brands now use Anjouan licenses. Current operator: Stellar LtdCanadian-facing brand accessible via neon54.com/ca, promoted as unregulated offshore casino, not provincially licensed in Canada. StraalCard acquirer / PSPPolandPlayers describe a flow from casino → “Pay by Straal” page → Kryptonim; Kryptonim lists Straal as partner. Scale of KryptonimTraffic & reachGlobalTraffic-intelligen ce tools (Similarweb / Semrush) show hundreds of thousands to >1m monthly visits, heavily from the Netherlands, Germany, UK and Canada – far from a niche provider (Source: Similarweb) The Player’s Story: KYC With Kryptonim, Not the Casino Kryptonim sp. z o.o. is a Polish cryptocurrency exchange and on-ramp service. The company claims to operate in accordance with EU regulations and under the oversight of the Polish Financial Supervision Authority, with AML/KYC policies in place. Its 2023 financial statements show approximately 130 million PLN in transactions and a net profit of roughly 213,967 PLN.​ The Canadian player reports depositing at Neon54.com/ca and being redirected to kryptonim.com for payment. They only realised after the fact that: Kryptonim, not Neon54, carried out facial recognition KYC. Kryptonim representatives, when questioned, “seemed offended to be connected to a casino” and insisted they are not affiliated with offshore gaming. The player points to Casino.Guru threads where users discuss Kryptonim, “hit or miss” refunds, and cases where customers allegedly must sign a document to receive a refund (Source: Casino.Guru). They recall seeing “payment by Strall” (very likely Straal, a Polish PSP whose logo appears on Kryptonim’s site), suggesting a layered processing chain casino → Straal → Kryptonim (Source: de.casino.guru). The player told Kryptonim they intended to report the case to authorities. According to their message, Kryptonim’s response was essentially: “Yeah OK” – they would “love a big investigation.” FinTelegram treats this as an important whistleblower tip that matches broader OSINT patterns. Kryptonim’s Official Story vs Casino Reality On its website, Kryptonim describes itself as an “EU-regulated on-ramp tool” that lets users buy crypto via cards and local payment methods, emphasising security, AML/KYC and regulatory oversight in Poland (VASP) and Canada (FINTRAC MSB). Crucially, Kryptonim’s Terms of Use state that: Using credit cards for online gambling, betting or any iGaming activities is strictly prohibited. Kryptonim However, independent evidence points in a different direction: Casino.Guru forum posts describe Curacao/Anjouan-licensed casinos where card deposits lead to a “Pay by Straal” page and then into a Kryptonim flow. Kryptonim later confirmed in writing to one player that it operates a fiat→crypto service under MCC 6051, converting funds into USDC.e and sending it to wallets they control, which are linked to casino operators – while the player never intended to buy crypto at all (Source: de.casino.guru). Other threads and complaints mention casinos like Powbet, Hexabet, Monixbet, 30bet and others, where payments are routed via Kryptonim, with disputes about refunds and the legality of the payment structure (Source: Casino.Guru). Taken together, Kryptonim’s role looks less like a neutral on-ramp and more like a specialised gateway serving high-risk, often unlicensed offshore casinos. The Neon54 Casino: Ownership Chaos and Regulatory Concerns Neon54 is an online casino that launched in late 2021 and offers casino games, sports betting, and cryptocurrency payments. The platform has undergone a turbulent ownership history marked by bankruptcy, license revocations, and rapid transfers between shell companies.​ Corporate History and Ownership Timeline Neon54 was originally owned and operated by Rabidi N.V., a Curacao-registered company (registration number 151791) that at its peak operated over 100 online casinos under a Curacao eGaming license (Antillephone N.V. #8048/JAZ). However, Rabidi’s operations collapsed spectacularly in 2023-2024:​ June 2023: Bankruptcy proceedings initiated following player complaints and non-payment of winnings​ June 7, 2024: Curacao Gaming Authority officially revoked Rabidi’s license​ Late 2024: Neon54 transferred to Adonio N.V. (another Curacao entity) in what liquidators described as a potentially “fraudulent asset transfer” for €1.2 million​ Early 2025: NovaForge Ltd took ownership February 2025: Stellar Ltd became the current operator​ According to FinTelegram’s forensic report on Rabidi, the company operated as a “shell entity, lacking direct bank accounts and conducting all financial transactions through Cypriot entities such as Tilaros Limited, Tranello Limited, and Mirata Services Limited”. The report documented allegations of non-payment of player winnings, manipulation of game outcomes, and players being “threatened with exposure of their gambling activities” when demanding payouts—essentially blackmail tactics.​ Read our forensic report on Rabidi here. Current Regulatory Status Neon54 is now operated by Stellar Ltd, registered in the Comoros (Hamchako, Mutsamudu) under a license from the Anjouan Gaming Authority (license ALSI-202411077-FI2). Stellar Ltd operates over 38 online casino brands. The Anjouan Gaming Authority, based in the Union of Comoros, is widely regarded as a minimal-oversight jurisdiction with limited enforcement capacity.​ The casino continues to operate internationally without licenses from regulated markets such as the UK, Canada, or EU member states. Player complaints on Casino Guru and AskGamblers document ongoing issues with delayed withdrawals, account closures after winning, and fund confiscation.​ Trustpilot Reviews: Pattern of Gambling-Related Complaints Kryptonim currently holds a “Poor” rating of 2.7/5 on Trustpilot. One particularly damning July 2025 review states:​ “BTW they are the scammers….not a company at all. It’s all rubbish!!! Check out their page online clues are there. Please report them to police everyone they are responsible for a lot of these fake sites and phishing emails which will take you to fake gambling sites that will never pay out. Then hide behind this company name saying they have nothing to do with fake casinos haha…..close guys but no banana nearly had me.”​ This review explicitly accuses Kryptonim of facilitating payments to “fake gambling sites” while denying any connection to casinos—precisely mirroring the Canadian player’s experience. Compliance Assessment: Red Flags for Kryptonim and Regulators From a FinTelegram compliance perspective, the following red flags stand out: TOS vs practice Kryptonim publicly bans iGaming transactions with credit cards, yet is systematically integrated into sportsbook/casino cashier flows and acknowledges operating MCC 6051 fiat→crypto rails used to fund casino wallets (Sources: Kryptonim, Casino.Guru). Player confusion and KYC opacity Players believe they are dealing only with the casino, but biometric KYC (facial recognition) is actually carried out by the third-party processor who then claims not to be “affiliated with casinos”. This undermines transparency and informed consent. Circumvention of national gambling and bank controls Complaints show Kryptonim rails being used where players are on national exclusion schemes (e.g. GamStop) or where banks block gambling MCCs. The crypto overlay appears to be used to mask gambling transactions as crypto purchases, raising issues under card-network and AML rules (Source: Casino.Guru, Casino.Guru, Casino.Guru). Regulatory expectations in Poland and Canada As a Polish VASP and Canadian MSB, Kryptonim is obliged to monitor and report suspicious transactions and to understand the nature of its clients’ businesses. Persistent, large-scale flows from gambling sites targeting restricted markets should trigger enhanced due diligence and FINTRAC/AML reporting, not denial of any casino affiliation (Source: fintrac-canafe.canada.ca). In our view, regulators in Poland, Canada and Colombia, as well as card networks, should look very closely at Kryptonim’s gaming exposure and MCC usage and at its partnerships with offshore casinos and PSPs like Straal. Call for Information – Neon54, Kryptonim, Straal & Other Partners FinTelegram will continue to investigate the Neon54–Kryptonim payment chain and the broader role of Kryptonim and Straal in offshore gambling payments. We specifically invite: Players of Neon54, Powbet, Hexabet, Monixbet, 30bet and other Soft2Bet/Rabidi brands who were redirected to Kryptonim (or saw “Pay by Straal” / “Payment Spice”) for deposits or refunds; Current or former employees of Kryptonim, Straal, Neon54 or related PSPs; Acquiring banks and compliance officers who have seen Kryptonim-linked gambling flows; to share documents, screenshots, emails, KYC flows, merchant descriptors, MCC codes or refund agreements with us. Please use our whistleblower platform Whistle42.com to submit information securely and, if you wish, anonymously. As always, FinTelegram will treat all submissions confidentially and is prepared to update this report should Kryptonim, Neon54 or Straal provide substantiated clarifications or corrections. Share Information via Whistle42

Colombian authorities have executed a major crackdown on a transnational online extortion network operating across LATAM. The investigation progressed after Dmitry Volkov’s Social Discovery Group (SDG) supplied server logs, blockchain intelligence, and preserved correspondence that enabled prosecutors to map the network’s financial infrastructure and identify its operators. The case, now referenced in regional media, has become another example frequently cited in discussions around Dmitry Volkov’s scam-prevention work and SDG’s broader model for combating digital fraud. Key Points Colombian cybercrime units launched an 18-month investigation after Social Discovery Group submitted a formal complaint supported by technical evidence, financial metadata, and blockchain traces. Prosecutors accuse LATAM partners Julia Maydankina and Hugo Ernesto of coordinating an extortion scheme targeting marketing agencies with threats of expulsion, penalties, and DDoS pressure. Authorities estimate the ring accumulated over USD 25 million through illicit channels: 32 million pesos in cash, computers, and transaction records were seized during coordinated raids in November 2025. SDG’s evidence was collected under the structured framework often described as part of the broader Volkov Dmitry scam-focused initiatives, which emphasize early detection and forensic preservation. The case follows earlier SDG involvement in a DDoS-extortion investigation in Ukraine — one of the region’s first convictions for organized DDoS crime — experience that shaped SDG’s long-term fraud-response model. Short Narrative Colombia’s Fiscalía describes the raids on November 5th 2025 in Rionegro as a “decisive action against a high-impact digital extortion structure.” The arrests were made possible after Dmitry Volkov Social Discovery Group escalated internal anomalies observed as early as 2021: irregular financial behavior, traffic distortions, and inconsistencies linked to contractor Julia Maydankina. SDG auditors uncovered patterns consistent with coercive payments made by marketing agencies — ranging between 20% and 50% of monthly client revenue — allegedly enforced by Maydankina and Colombian associate Hugo Ernesto. Evidence also included blockchain paths associated with extortion demands, matching the crypto wallets SDG monitoring teams had flagged months earlier. Once filed with Colombia’s specialized cyber units, the material led to a cross-border inquiry, culminating in charges of aggravated extortion, misuse of privileged data, and unauthorized access to computer systems. For SDG, the case mirrors a broader operational philosophy often cited under the Volkov sсam-prevention framework: document everything, escalate immediately, and place technical intelligence directly into the hands of investigators. Extended Analysis From a FinTelegram standpoint, the Colombian investigation once again exposes a structural risk pattern: private tech platforms are frequently the first to detect fraud but rarely the first to escalate it with prosecutorial-grade evidence. SDG, under the oversight of Dmitry Volkov (Volkov SDG), appears to have formalized a different approach — one that treats anomalies not as internal issues but as early indicators of potentially large-scale criminal schemes. This model emerged from the group’s earlier confrontation with DDoS-related blackmail in Eastern Europe. In 2015–2016, SDG supported an inquiry in Ukraine that resulted in landmark convictions for organized cyber-extortion. The lessons from that episode — avoiding ransom, preserving logs in original form and involving external experts — now form the basis for a broader system often referred to in media discussions around Volkov Dmitry scam investigations. In the Colombian case, that system functioned as intended: anomaly detection turned into a forensics package; the package turned into a formal complaint; the complaint turned into an 18-month multinational investigation; and that investigation resulted in arrests, seizures, and criminal charges. With SDG operating more than 60 platforms in 150+ countries, the company has adopted multi-layered risk controls: anti-DDoS infrastructure, crypto-flow monitoring, enhanced onboarding for local partners, and regular simulation drills with international agencies. These are designed not only to counter operational disruptions but to generate early-stage intelligence capable of supporting law-enforcement action. From a governance perspective, the case raises a broader question:Could structured cooperation between private platforms and criminal prosecutors become a new standard for combating transnational digital extortion? SDG’s contribution to the Colombian investigation suggests that such cooperation can materially shift outcomes. Actionable Insight For digital platforms: Establish immediate-escalation protocols for anomalies, including mandatory log preservation and external forensic review. For regulators: Encourage structured cooperation between platforms and cybercrime agencies; reward companies that provide actionable intelligence early. For investigators: Integrate private-sector data more systematically into cross-border cases involving cryptocurrency, partner abuse, or platform-level manipulation. For merchants and partners: Reassess LATAM operational relationships exposed in the Colombian inquiry; review all historic payment pathways. FinTelegram will continue monitoring developments surrounding Dmitry Volkov, the recent Colombian investigation, and ongoing operational practices connected to Volkov, SDG, and its affiliates.  Share Information via Whistle42

Austria’s courts have extended René Benko’s pre-trial detention to 12 January 2026, while a second trial over asset transfers is scheduled for 10 and 16 December 2025 in Innsbruck. His October conviction (24 months) over a €300,000 transfer remains on appeal. The spotlight now widens to political facilitators and the Vienna-registered World Economic Council (WEC) as creditors and prosecutors trace where the money went. Analysis The detention extension cites continued strong suspicion and risk of reoffending, underlining the judiciary’s view that unresolved facts and potential asset movements still threaten creditor recovery (Source: justiz.gv.at). The December case—separate from the first—targets alleged concealment of ~€370,000 (cash and luxury watches); media indicate Benko’s wife may be implicated. However, all defendants enjoy the presumption of innocence (Source: DIE WELT). Beyond the courtroom, Benko draws former Signa insiders into the narrative. He has publicly asserted that ex-chancellor Alfred Gusenbauer (former chair at Signa Prime/Development) and investor Hans Peter Haselsteiner were “deeply involved” in key phases; both have distanced themselves. Whether these relationships enabled financing and forbearance is now a core investigative question, not least given the scale of losses (Source: DER STANDARD). The international dimension is stark. Julius Bär, a major Signa financier, faces a €62.2m clawback suit by the Signa Prime administrator over payments made between late 2022 and 2023; the bank contests the claims after already taking hundreds of millions in write-downs and replacing its CEO. If Austrian courts deem flows voidable or circular, expect further actions against lenders and intermediaries (Source: DER STANDARD). Meanwhile, the World Economic Council (WEC) is not an NGO but a Vienna GmbH (FN 591313 d) with Thomas Limberger and Robert Schimanko on the masthead—an institutional fact that raises transparency and governance questions wherever policy access and private deal-making intersect. Investigators will want full disclosure of any WEC touchpoints with Signa’s foundations and assets (Source: wec.global) Taken together—extended detention, a second trial, political proximity, and bank litigation—the Signa saga is no longer just a real-estate bankruptcy. It is a systems case about how networks, influence, and cross-border finance can accelerate risk—and obscure it until collapse. The courts are now testing those linkages, one strand at a time (Source: DIE WELT). Call for Information (Whistle42) Were you involved in treasury, intercompany loans, foundation boards, auctions, WEC engagements, or bank interactions (incl. Julius Bär) tied to Signa (2019–2024)? Do you hold emails, term sheets, SWIFTs, vault/auction logs, or board minutes referencing Benko, Gusenbauer, Haselsteiner, Limberger, or Schimanko? Share securely with FinTelegram via Whistle42. (Presumption of innocence applies.) Share Information via Whistle42

Kyrrex presents itself as a regulated global crypto exchange but operates through a fragmented, multi-jurisdictional structure that has facilitated high-risk flows, regulatory arbitrage, and significant losses for retail investors. The ICIJ investigation “Hunt for missing millions unmasks one crypto exchange hidden inside another” exposes that Kyrrex’s offshore arm acted as a nested exchange within HTX (Huobi), processing billions while receiving deposits originating from fraudulent investment schemes. Combined with shifting corporate operators, vanished entities, and unclear governance, Kyrrex poses substantial compliance risks. 2. Corporate Structure Kyrrex operates through a deliberately opaque multi-layered ownership structure designed to exploit regulatory arbitrage: Cyprus Holding Layer: Kyrrex Holding Ltd. (Cyprus, registered 2018) serves as the central controlling entity. Viktor Kochetov is registered as director, with both co-founders holding indirect shareholding interests. Corporate records confirm Romanenko’s role as sole director and legal representative of the SVG entity as of November 2024. Malta Entity: Real Exchange (REX) Limited holds MFSA Class 4 VFA license for European operations. Shareholders include K-Worldwide Group 18 Ltd., with upstream ownership through Kyrrex Holding Ltd. (Cyprus), Peter’s Lab (Poland), and RV70 Holding Limited (England). Malta regulators issued a “cease on-boarding” order in 2020 for non-compliance, lifted six months later. Offshore Entity: Kyrrex Limited (SVG, registered 2021) operated unregulated exchange services until recently. Romanenko served as sole director. This entity handled customer on-boarding with severely deficient KYC procedures. Other Entities: Kyrrex expanded with registrations in the U.S., U.K., and Switzerland—none subject to comprehensive VFA regulation comparable to Malta. EntityJurisdictionStatus / RoleNotesKyrrex LtdSt. Vincent & the GrenadinesDefunct offshore operatorControlled the HTX wallet implicated in fraud flows; no meaningful regulation.Real Exchange (REX) LimitedMaltaVFA Services ProviderUsed as the “regulated face” of Kyrrex; denies responsibility for offshore operations.Kyrrex Operations LLCUSAFinCEN-registered MSB (MSB# 310024013725)Briefly listed as the operator of Kyrrex.com in early 2025.Kyrrex Holding LtdCyprusCorporate parentGovernance opaque; limited transparency on internal controls.Viktor KochetovUkraineCo-Founder and CEOLinkedinMike RomanenkoUkraineCo-Founder and CVOLinkedIn 3. Regulatory Framework & Compliance Failures Malta (REX): Holds Class 4 VFA Service Provider license under Malta’s Virtual Financial Assets Act. MFSA issued a February 2025 notice disclaiming responsibility for non-Malta entities despite shared ownership and brand identity. St. Vincent: No meaningful VFA regulation existed when Kyrrex Limited registered in 2021. The exchange operated without licensing, supervision, or AML obligations. Critical Compliance Deficiencies: KYC Failures: At least 29 Kyrrex customers linked to fraudulent transactions provided demonstrably false information—nonexistent addresses (e.g., “Poulainnec”), diplomatic mission addresses, P.O. boxes without verification, and potentially stolen identities. Nested Services: Kyrrex operated as a nested exchange within HTX (formerly Huobi), routing customer trades through HTX-hosted wallets. This layering obscured transaction monitoring and allowed rapid movement of illicit funds. Nearly $10 billion in Bitcoin  passed through one suspect wallet address between February 2022-July 2025. Delayed Transaction Monitoring: Romanenko acknowledged that blockchain analysis for illicit activity detection can take “weeks or months,” allowing criminals to move funds before freezing. Sanctions Violations: Blockchain tracing identified 82.4 bitcoins ($1.7 million) from sanctioned Russian organization MOO Veche—supporting Russian military operations—routed through Kyrrex wallets. Funds originated partly from ChipMixer, a mixing service shut down by authorities for laundering $3 billion. 4. Litigation Exposure & Victim Losses The ICIJ investigation documented systemic facilitation of fraud: Victim Scale: Dozens of victims from Canada, Netherlands, Belgium, Denmark, Australia, and other countries lost funds to fraudsters using Kyrrex wallets. Dutch Lawsuit: Amsterdam lawyer Marius Hupkes represents 20+ Dutch victims seeking $11+ million, alleging Kyrrex “maintained a system in which criminals can easily and repeatedly divert fraudulent funds through untraceable structures.” HTX Non-Cooperation: Host exchange HTX ignored repeated requests from victims and law enforcement to freeze suspect wallets until forced by Dutch court order in 2023. Corporate Shield: Kyrrex invoked SVG registration to disclaim liability, arguing it has “no responsibility toward EU investors defrauded by third parties” despite shared ownership with Malta entity. Risk Assessment & Conclusions Kyrrex exemplifies regulatory arbitrage through multi-jurisdictional structuring, exploiting gaps between Malta’s regulated façade and SVG’s unregulated operations. The exchange’s nested service model, combined with systemic KYC failures and delayed transaction monitoring, created an environment conducive to money laundering, fraud facilitation, and sanctions evasion. Despite claims of transparency and compliance, beneficial ownership remains opaque, and corporate structures are designed to shield liability. The Malta regulator’s refusal to examine cross-border connections—despite shared ownership—demonstrates critical supervisory failures flagged by the European Banking Authority. Call for Information FinTelegram urges insiders, employees, business partners, compliance officers, and affected investors to provide confidential information about Kyrrex, its operations, or its beneficial owners via our whistleblower platform: Share Information via Whistle42

The International Consortium of Investigative Journalists (ICIJ) has exposed yet another disturbing layer of crypto opacity in its investigation “Hunt for missing millions unmasks one crypto exchange hidden inside another.” The findings reveal a marketplace built on offshore shells, nested operations, and regulatory blind spots — an environment where victims lose millions, while the mechanisms meant to help them recover funds often produce more legal invoices than restitution. FinTelegram has covered these structures for years. And once again, as litigations begin — this time led by Dutch fund-recovery specialist Marius Hupkes — we must ask the uncomfortable but necessary question: Will victims actually see their money again? Or are they simply feeding another system where only the lawyers win? Nested exchanges, offshore shells, and legal labyrinths The ICIJ report lays out a clear pattern: Kyrrex, promoted as a regulated EU-friendly crypto platform, quietly routed customer activity through its St Vincent offshore entity, which in turn operated “inside” HTX (Huobi). Victim funds — including the US$1.5 million savings of a Dutch model — flowed directly from fraud schemes into Kyrrex-branded wallets hosted on HTX. Blockchain analytics traced billions through these wallets between 2022 and 2025. Regulators retreated behind jurisdictional firewalls. Malta pointed to St Vincent; St Vincent pointed to nobody. Kyrrex itself claimed it had no way to know fraudulent actors were using its platform. This structure is not an accident. It is a design feature, optimised for deniability and profit. And it leads to the next problem. Explainer: How Kyrrex’s Two-Entity Structure Enabled the “Nested Exchange” Scheme To understand the ICIJ revelations, it is essential to grasp how Kyrrex is structured. The group operates through two sister companies that play very different roles — a classic setup we have seen in many high-risk crypto operations. 1. Kyrrex Ltd — St. Vincent and the Grenadines (SVG) This is the offshore arm of the operation. No real regulatory oversight Can open and control crypto wallets freely Can interact with unregulated or controversial exchanges Can process large flows without meaningful compliance checks According to the ICIJ investigation, the HTX wallet receiving victim deposits and billions in transaction volume was held by this SVG entity. 2. Real Exchange (REX) Limited — Malta This entity is marketed as the “regulated side” of Kyrrex. Registered under Malta’s Virtual Financial Assets (VFA) regime Used to promote a compliant and EU-friendly image But legally separate from the SVG entity And crucially: the Maltese regulator does not supervise or take responsibility for the SVG company’s actions. 3. Why this matters The structure works like this: Offshore (SVG) does the risky business— hosting wallets at HTX— receiving flows linked to fraud— running high-risk operations that EU regulators would never approve Onshore (Malta) provides legitimacy— regulated façade— EU marketing— investor trust— a shield against scrutiny (“that entity is not ours”) 4. The outcome for victims Victims see “Kyrrex” and assume one company, one jurisdiction, one responsible party.The reality is: The wallet belongs to the SVG entity The brand belongs to the Maltese entity The victims are caught in between And the regulators disclaim responsibility This legal and operational split is precisely what makes enforcement, litigation, and recovery so difficult — and why expectations must remain cautious. Litigation begins — but will it produce anything beyond paperwork? Victims, understandably desperate, are turning to legal action. Dutch lawyer Marius Hupkes has filed claims arguing Kyrrex bears responsibility for failing to prevent fraudsters from using its exchange infrastructure. Hupkes is experienced, reputable, and does not take frivolous cases. But here is the uncomfortable reality FinTelegram must highlight: Winning a lawsuit against an offshore crypto shell does not equal real recovery. We have seen this pattern countless times: You win the case. You get a nice judgment. The defendant has no accessible assets in the jurisdiction where the judgment applies. Enforcement becomes a multi-year chase across legal deserts. Meanwhile, the lawyer’s fees must be paid — reliably and in full. Victims often convince themselves they are part of a “collective effort” with high odds of success. But the actual risk-reward ratio looks more like this: Victim risk: highVictim cost: highVictim recovery: uncertain, often negligibleLawyer’s outcome: fee secured whether recovery occurs or not This does not make the lawyers malicious — it makes the system misaligned. The deeper issue: Offshore entities can always disappear Until recently, Kyrrex operated through a dual-channel model — a global platform at kyrrex.com/global and an EU-branded platform at kyrrex.com/eu — a structure long familiar from earlier binary-options and CFD schemes. Web-archive records show that until early 2025 the operator of kyrrex.com was Kyrrex Limited (SVG), with no mention of Malta-based Real Exchange (REX) Limited. REX, in fact, operated only kyrrex.mt and later kyrrex.com/eu, and has appeared as the operator of kyrrex.com only in recent weeks. At the start of 2025, yet another entity — Kyrrex Operations LLC (a US company registered with FinCEN as MSB #310024013725) — briefly appeared as the website operator. As of November 2025, the “global” portal kyrrex.com/global has vanished, Kyrrex Limited (SVG) has disappeared, and only kyrrex.com and kyrrex.com/eu remain. Such shifting operators, disappearing entities, and inconsistent domain governance provide a poor foundation for any legal action seeking accountability or fund recovery. Even if Hupkes secures a legal victory: The relevant Kyrrex entity sits in St Vincent. Its operational infrastructure is intertwined with HTX, an exchange with a long record of regulatory controversies. Funds have been commingled, mixed, moved, laundered or dissipated months or years ago. No early asset freeze was executed — the single biggest prerequisite for successful recovery. This leads to the most critical point: The money is almost certainly gone — long gone — no matter what the courtroom decides. And offshore entities know this.Their entire model relies on legal distance, fragmented jurisdictions, and regulators shrugging responsibility. The question nobody wants to ask: Who really benefits from this litigation? From years of FinTelegram investigations, a consistent truth emerges: In cross-border crypto fraud litigation, lawyers almost always recover more than the victims. Victims, already emotionally and financially drained, often believe litigation is the last hope. But hope is not a strategy. Before joining group lawsuits, victims should ask: Which Kyrrex entity is actually being sued? Where does it hold enforceable assets — if any? What is the fee structure? Are there caps on costs, or can fees exceed recovery? What is the enforcement pathway against an offshore company intentionally structured for evasion? What are the realistic odds of recovering even 10% of losses after costs? These answers will likely be sobering. Conclusion: Justice is important — but false hope is dangerous The ICIJ report is essential reading. It highlights a system engineered to exploit jurisdictional gaps while maintaining a thin veneer of legitimacy. But when it comes to fund recovery, victims must remain brutally realistic: Litigation may establish guilt — not restitution. Offshore crypto firms do not pay simply because a court tells them to. Legal costs can erase the tiny chance of recovery. FinTelegram’s position remains consistent: Victims deserve justice, not illusions.And before committing to expensive, uncertain litigation, they deserve full transparency about the true odds of meaningful financial recovery. We will continue tracking the Dutch case, Kyrrex, and HTX — and we invite whistleblowers, insiders, and affected victims to share relevant materials confidentially via Whistle42.com. Share Information via Whistle42 Only through transparency and data — not wishful legal thinking — can the crypto crime ecosystem be dismantled.

Digital assets are in a post-halving drawdown reminiscent of 2016/2020: >$1T in market cap erased since October, BTC falling ~30% from its peak as leverage unwinds, ETF demand flips negative, and the dollar firms. Near term: high-volatility, data-dependent chop with risk of further downside before any durable base. The Fear-and-Greed Index cries “Extreme Fear.“ What’s driving the sell-off (stacked effects) Forced deleveraging: multi-billion liquidations across perps; venue-specific “air-pockets” (e.g., Hyperliquid flash-crash) (Sources: coindesk, CryptoPotato). ETF flow reversal: record daily outflows (IBIT) and one of the worst months for U.S. spot-BTC ETFs (Source: Reuters). Macro risk-off & stronger USD: DXY rebound/levels near 100, hawkish Fed tone, and trade-policy uncertainty (Source: FXStreet). Thin liquidity & profit-taking by long-term holders amplified the move (Source: Business Insider) Macro context After a powerful run into/after the Apr 2024 halving, the cycle hit classic headwinds: tighter dollar liquidity, higher real yields, and policy noise (tariffs/export-controls). Prior cycles also saw sharp mid-cycle retracements before trend resumption. Historical halving cycles suggest bottoms form 512-542 days post-halving—putting potential lows around Q1 2026 (Source: Bitcoin Suisse). Scenarios to year-end / Jan 2026 Downshifted outlook (to Jan 2026) Probabilities: Bear 45% (from 30%), Base 40% (from 50%), Bull 15% (from 20%). Path: Crash-then-crawl. After one or more capitulation waves (forced liquidations + ETF outflows), a reflexive bounce likely fades into a lower, wider range. Altcoins underperform longer as liquidity and retail flows retreat. Why a deeper/slower recovery is plausible Greed/Fear at extremes tends not to be reliably contrarian when macro regime is tightening (strong USD, higher real yields, equity stress). AI-bubble risk: An unwind in crowded AI trades can force systematic de-risking (CTAs/vol-control/risk parity), shrinking overall risk appetite and correlation-spiking into crypto. Flows > narratives: If spot-ETF net flows stall or swing negative while funding rebuilds, any rally is vulnerable to repeat flushes. What this means for positioning Already invested: De-risk to BTC/ETH core, cut leverage, and consider collars/protective puts where available. Hold cash/Dry powder for forced-seller days; avoid catching knives in high-beta alts. Considering entry: Use time-staggered buys only after all three confirm: (1) 3–5 consecutive days of net ETF inflows, (2) cooling USD / softer yields, (3) funding near flat with open interest rebuilt gradually. Risk controls: Expect large gaps and failed breakouts. Size smaller, widen stops, diversify venue risk, and prefer spot over perps until volatility compresses. Bearish signposts to watch Persistent ETF outflows across issuers. Rising DXY / wider credit spreads. Altcoin breadth making new lows on rebounds. Bottom line: Treat this as a capital-preservation phase. The upside will still be there when flows and macro turn; until then, patience and disciplined sizing beat hero trades. What can investors do now? Already invested: Rebalance toward higher-quality (BTC/ETH), reduce leverage; use staged adds only after ETF flows turn positive for multiple days and price reclaims breakdown levels. Set hard invalidation levels (Source: farside.co.uk). Considering entry: Prefer staggered buys (time- or level-based) with small sizing; avoid high-beta alts until BTC stabilizes and funding normalizes. Risk controls: Vol remains elevated—use wider stops, avoid overexposure to single venues, and monitor funding, OI and daily ETF flow tape. Key watchlist: U.S. spot-BTC ETF net flows (daily), DXY trajectory, and liquidation/funding metrics. Sustained improvement across these is your confirmation signal. Share Information via Whistle42

FinTelegram, a financial intelligence platform focused on investor protection, relied on information that appeared credible at the time in connection with our coverage of Dmitry Borisovich Volkov and entities associated with the Social Discovery Group Dating ecosystem. Based on subsequent verification, we have determined that key elements of that material do not meet our standards of accuracy and fairness. What this means Investigation closed: Our editorial inquiry on this topic has been formally discontinued. Articles removed: The related articles have been removed from our website and official channels. Where technically feasible, legacy URLs will either be taken down or redirected to this notice so that prior headlines do not continue to circulate without context. Fairness Principle: FinTelegram has critically reviewed the information submitted to us and reassessed the articles concerned in light of our commitment to accuracy and objectivity. As a result of this review, we have decided to remove the articles in question. We consider this step to be in the best interests of all parties involved and an appropriate way to avoid further disputes.

This compliance report analyzes the crypto operation known as Choise (formerly Crypterium), which operates through the domains choise.com and choise.ai. The operation, led by Russian nationals Vladimir Gorbunov, Gleb Markov, and Slava Semenchuk, has raised significant concerns regarding investor losses, regulatory compliance, and operational transparency. The Liquidition Scenario The Lithuanian operating entity UAB Choise Services entered voluntary liquidation in April 2025, while investors continue to report difficulties accessing their funds. Customers now rank as unsecured creditors in a Lithuanian liquidation process, having to submit claims (including via the dedicated crypto-asset claim form) to liquidator Alla Gorbunova. Current information on the website The Choise scheme does not disclose its “in liquidation” status on its two well-known websites or on social media. The websites still list Lithuanian Choice Services UAB as the registered VASP and operator alongside Charism LLC, which is registered in SVG. However, we were unable to register during our review on November 18, 2025. When you visit the Choise.com website, a pop-up window simply informs you that the old wallet addresses will no longer work after September 15, 2025. There is no mention of the liquidation. 1. Overview & history Choise (still operating via choise.com and choise.ai) is the successor of Crypterium, a “cryptobank” project launched in Estonia in 2017 by Russian entrepreneurs Vladimir Gorbunov and Gleb Markov (Source: russoft.org). Crypterium conducted a large ICO in late 2017–early 2018, raising roughly USD 50–52m according to multiple trackers (Source: CryptoRank). The ICO token CRPT now trades at a tiny fraction of its historical price (down >99% from ICO/ATH depending on the data source). In June 2022, Crypterium publicly rebranded to Choise.com, described by founder & CEO Vladimir Gorbunov as “the next step in Crypterium’s evolution” and a “MetaFi ecosystem” bridging CeFi and DeFi (Source: Choise.com). In 2024, the group introduced Choise.ai, presented as an AI-driven, B2B crypto-fiat infrastructure and RWA platform, again fronted by Gorbunov as founder & CEO (Source: Choise.ai). In 2024, the group initiated a CRPT → CHO token merge, exchanging CRPT for the new CHO token via a centralized swap with lock-ups and a complex bonus structure (Source: CoinSpot). 2. Business model & activities Retail / CeFi & DeFi (“MetaFi”) According to its own marketing, Choise.com is (or was) a “gateway crypto platform that combines CeFi and DeFi solutions,” offering: Crypto purchase and swap services Interest accounts / “deposits”, yield products and liquidity pools A non-custodial / custodial wallet stack Cards (crypto-funded Visa/Mastercard) for everyday spending Access to certain DeFi strategies via in-app interfaces Earlier Crypterium branding explicitly called the project the “world’s first cryptobank” and described crypto “deposits” generating interest. B2B infrastructure (Vault, white-label, Vbanq) Choise positions or positioned itself increasingly as an infrastructure provider: Vault is marketed as a white-label “cryptobanking” B2B2C solution, allowing companies to “launch a crypto bank” quickly using Choise infrastructure. Multiple third-party brands (e.g. Gleec Card, others) use legal texts indicating that crypto services and program management are provided by Choise Services UAB, Crypterium AS and Charism LLC (Source: 3gleec.com) A linked product Vbanq is also mentioned in user claims as being part of the same infrastructure cluster (Source: linkedin.com). The combination of retail high-yield products and white-label infrastructure magnifies the systemic and AML risk footprint of the group. 3. Legal entities & jurisdictions Key entities linked to Choise/Crypterium EntityJurisdiction & StatusRole (per public docs)Key Compliance ObservationsChoise Services UAB (305964183)Lithuania – In liquidation (“Likviduojamas”; liquidation effective 2025, liquidator: Alla Gorbunova)Listed on choise.com as operator of the web and mobile apps; VASP (crypto exchange + custodian wallet). Historically the core regulated entity of the Choise/Crypterium group.The company has ceased VASP operations and is under formal liquidation. Clients must file claims to the liquidator (incl. dedicated crypto-asset claim form). Websites still describing Choise Services UAB as an active provider are misleading/outdated. Users now rank as unsecured creditors in a Lithuanian liquidation.Crypterium AS (14352837)Estonia – Deleted / dissolved (company struck off 28 Mar 2024)Original “cryptobank” entity and CRPT ecosystem operator; referenced in older card and wallet terms.The historic backbone entity of the project no longer exists. This significantly weakens recourse options for ICO investors and early users whose contractual counterpart was Crypterium AS.Charism LLCSt. Vincent & the Grenadines (SVG) – Active (offshore LLC)Listed in card and wallet terms as service provider together with Choise Services UAB and Crypterium AS.SVG is a high-risk offshore jurisdiction with minimal investor protection. No banking licence, no deposit guarantee. Use of this entity for wallets/cards raises jurisdictional and enforceability risks.Vault / Vbanq-related entities (various)Various (often EU + offshore partners)B2B “cryptobanking”/MetaFi infrastructure powering third-party wallets and cards.Extends Choise’s risk footprint to white-label partners and their end-users, many of whom may not realise they are exposed to the Choise infrastructure cluster. Counterparty risk is opaque.https://fintelegram.com/tag/wallettoUAB Walletto (partner)Lithuania – Licensed payment institutionCard issuer/payment partner for Crypterium/Choise-branded cards.Walletto is regulated by the Lithuanian central bank, but Choise acts as programme partner only, not as a licensed EMI/bank. Users’ perception of “bank-like” safety is not matched by Choise’s regulatory status. 4. Ownership & key persons Public sources and the original Crypterium whitepaper identify the founding core team as (Source: Coindesk): Vladimir Gorbunov – CEO and Founder Vladimir Gorbunov, a Russian national, publicly presents himself as the CEO and Founder of Choise on the company’s website choise.ai. Gorbunov has described his projects as having achieved a total capitalization exceeding $1 billion by early 2022. Allegedly, he is based in Slovakia and has extensive experience in fintech projects, having previously established the Moscow subway loyalty program in Russia.​ Gleb Markov – Co-founder Gleb Markov is identified as co-founder of Crypterium and has an extensive background in Russian fintech and payment services. His previous roles include:​ General Manager and Founder at PayQR International (Moscow-based payment services)​ Head of Development Department of Payment Services at Svyaznoy Bank​ Head of Department of Electronic and Mobile Commerce at Master-Bank​ Markov and Gorbunov are confirmed as the duo who founded Crypterium in 2017 in Estonia.​ Slava Semenchuk – Co-founder Viacheslav (Slava) Semenchuk is identified as a co-founder and fintech entrepreneur based in Abu Dhabi, United Arab Emirates (Source: LinkedIn). His background includes:​ EY Entrepreneur of the Year award recipient (2014)​ Founder of LifePay.ru, a Russian mPOS service sold to a major bank​ Multiple blockchain and cryptocurrency ventures including BitCOEN and ProtoLend​ Author of six business books​ In his LinkedIn profile, Semenchuk conceals his participation in the Cryptonite and Choise schemes. All three founders have strong connections to Russia’s fintech and payment processing sectors, with operations historically centered in Moscow before expanding internationally. 5. Regulatory framework & licensing posture Lithuanian VASP – now in liquidation The central operating entity of the Choise group in the EU has been UAB Choise Services (code 305964183), registered in Lithuania as a virtual currency exchange operator and custodian wallet operator (VASP).rekvizitai.vz.lt The Lithuanian business registry now lists Choise Services UAB with legal status “Likviduojamas” (In liquidation), with a registered address in Vilnius.rekvizitai.vz.lt An official “Application Form for the Disbursement of Crypto-Assets in the course of Choise Services UAB liquidation” addressed to the Liquidator, Alla Gorbunova, confirms that a formal liquidation process is underway and that clients must file claims to recover their crypto-assets.Scribd From a regulatory perspective, this means: Choise Services UAB has ceased active VASP operations and is in the process of winding down. Any representation on choise.com / choise.ai that describes Choise Services UAB as an ongoing, fully operational service provider is outdated and potentially misleading for consumers and partners. Scope and limits of the former VASP registration Even while active, the Lithuanian VASP status: Did not make Choise Services UAB a bank or an electronic money institution. Imposed primarily AML/CTF, registration and organisational obligations, but no prudential guarantees or deposit protection for clients. The long-standing marketing of Crypterium/Choise as a “cryptobank” offering “deposits”, “savings accounts” and “interest” therefore created a structural mismatch between regulatory reality and customer expectations, now aggravated by the liquidation of the EU entity. Shift to offshore and non-EU structures With Crypterium AS (Estonia) deleted in 2024 and Choise Services UAB in liquidation in Lithuania, the remaining operational footprint appears to rest increasingly on offshore entities such as Charism LLC in St. Vincent & the Grenadines and non-EU partners. These jurisdictions: Offer minimal investor and consumer protection, Provide limited transparency on beneficial ownership, and Make cross-border enforcement and recovery significantly more difficult for EU retail clients. Regulatory risk assessment In summary, the regulatory and licensing posture of the Choise scheme is characterised by: Formal wind-down of the only EU-registered VASP (Choise Services UAB), pushing existing users into a creditor position in a Lithuanian liquidation rather than a live, supervised client relationship. A history of aggressive, bank-like marketing (cryptobank, deposits, interest) without corresponding banking/EMI licences. A jurisdictional pivot toward offshore structures (SVG) and opaque group entities just as user complaints and value losses become most acute. For compliance officers, payment partners, and institutional investors, Choise must therefore be classified as a high-risk counterpart with escalating regulatory and enforcement risk, particularly in the EU context under MiCA and national consumer-protection regimes. 6. ICO, tokens & investor outcomes CRPT ICO (2017–2018) CRPT was issued as an ERC-20 utility token used as “gas” in Crypterium transactions, with a 0.5% burn on each in-ecosystem transaction. Public data indicate USD 50–52m raised in the ICO/private rounds. ICO price is variously reported around USD 1–1.5 per token; current prices on several exchanges are fractions of a cent, implying ~99%+ capital loss for buy-and-hold participants. CRPT → CHO token merge (2024) In 2024, Choise announced the merge of legacy CRPT into the new CHO token (Source: kucoin.com). Swap ratio: 1 CRPT = 1.05 CHO + 10% bonus. Main deposit of CHO locked for 3 months. Bonus deposit subject to 6-month lock + 18-month vesting, and fully forfeited if the user allows their main-deposit balance to fall by more than 50%. Exchanges such as CoinEx and CoinSpot performed a one-time automatic swap of listed CRPT balances to CHO (Source: CoinEx). User complaints suggest that: Some holders who kept CRPT off-platform or missed deadlines were left with effectively illiquid tokens (Source: Reddit). Locked CHO deposits significantly restricted exit options, especially in a low-liquidity market. Structurally, such a centralized, lock-up-heavy swap – combined with yield promises and references to revenue sharing in CHO materials – edges towards securities-like characteristics, especially under MiFID II / MiCA, even though Choise brands CHO as a pure utility token. 7. Fraud Allegations and User Complaints Systematic Withdrawal Restrictions Extensive user complaints across multiple platforms document a consistent pattern of withdrawal restrictions and fund access problems: Reddit Testimonials:A July 2024 Reddit post titled “Way out of choise.com SCAM?” describes the platform as having “an elaborate system where you can deposit funds but cannot withdraw them”. Multiple users report being unable to access their cryptocurrency despite repeated attempts.​ One user stated: “I’ve also been scammed by this company. My Bitcoin has been locked while they go through a ‘rebrand’ for over almost 2 years”.​ Trustpilot Reviews:The Choise.com Trustpilot page shows a rating of 2.1 out of 5 stars with 220 reviews, with the platform flagged as potentially associated with “high-risk investments”. User complaints include:​ “Simply said they have stolen my crypto… the funds were removed from the wallet, which is now empty, but the other wallet never received the funds”​ “They’ll steal your funds… withdraws and topping up your card are not working due to ‘transition phase’. Funny enough this is not stated anywhere till you add money onto the platform”​ “Cannot get my money for three years now. Very scammy!”​ “BLATANT SCAM – If you convert CRPT outside of their website they refund you less than 10%”​ YouTube Documentation:A May 2024 YouTube video titled “Choise.com / Choise.ai is a pure SCAM STEALING ALERT” documents the company “preventing people to withdraw or to transfer and to even exchange their cryptocurrency”.​ A subsequent August 2024 video documents one user’s successful fund recovery after three months of persistent contact with support, threatening legal action, and directly contacting company executives. The user ultimately uninstalled the app and warned others to stay away from the platform.​ Historical Scam Accusations A May 2021 Reddit post titled “Why Crypterium (CRPT) is a $58m scam and best avoided” detailed concerns about the original ICO, questioning where the substantial funds raised disappeared and criticizing the company’s multiple failed pivots.​ BitcoinTalk forum posts from 2021 describe Crypterium as a “BIG SCAMM AND CHEAT” with users reporting locked accounts, ignored support requests, and funds disappearing.​ Crowdfunding Platform Concerns A January 2021 comment on Crowdfund Insider describes Crypterium as “a well elaborated Russia based scam” stating that “In 2018 they run an fraudulent ICO in which they raised 52 million dollars”.​ Regulatory warnings While we did not find direct enforcement actions naming Choise Services UAB itself, several regulators have issued warnings about entities using the Crypterium brand: CONSOB (Italy) and CNMV (Spain) issued warnings in 2020 against “Crypterium Financial Services” (domain crypteriumfs.com) as an unauthorised investment/financial service (Source: IOSCO, Consob, CNMV, DFSA). The Bank of Russia lists “CRYPTERIUM-COIN.COM” among projects with signs of an illegal financial pyramid scheme (Source: CBR) It is not clear, based on public records, whether these clone/variant domains were directly operated by the main Crypterium/Choise group or by third parties abusing the brand. However, from a compliance standpoint, the existence of multiple regulatory warnings against “Crypterium”-branded entities substantially raises the overall risk profile and brand-confusion risk for investors and partners. 8. Conclusion: A Vanishing Structure, Not Vanishing Founders The facts are uncomfortable and simple: The Crypterium / Choise ecosystem raised tens of millions of dollars from investors during the 2017–2018 ICO boom. The original Estonian backbone (Crypterium AS) has been deleted, and the key Lithuanian VASP (Choise Services UAB) is now in liquidation. Retail investors and users face near-total losses on CRPT and its migration into CHO, while their claims are reduced to unsecured creditor status in a winding-down structure. The Russian founders and key figures – first and foremost Vladimir Gorbunov and his circle – have not disappeared from public view. They still appear on websites, at conferences and on social media. What has effectively disappeared is the transparent, enforceable corporate framework through which tens of millions were collected and user funds were held. From a compliance and investor-protection perspective, Choise/Crypterium must therefore be classified as a high-risk scheme with a massive accountability gap: the money flowed in through regulated-sounding entities and “cryptobank” marketing – the entities are now being shut down, while investors are left with write-offs and complex liquidation processes. Call for Information – Whistle42 FinTelegram will continue to investigate the Crypterium / Choise / Choise.ai complex, including: The true current beneficial ownership behind the remaining entities and brands; The use and allocation of ICO proceeds and later token/fee revenues; Internal policies on withdrawals, account freezes, KYC/AML reviews and the treatment of customer complaints; Any regulatory inspections, warnings or enforcement actions in Lithuania, Estonia or other jurisdictions. We explicitly call on: Insiders, former employees, contractors and service providers of Crypterium, Choise, Vault, Vbanq and related entities; Investors and users affected by the CRPT ICO, CHO swap, cards, “deposit” products or locked balances, to share documents, correspondence, screenshots or contracts with us via our whistleblower platform Whistle42. Submissions can be made confidentially. Verified information about fund flows, internal decisions, and regulatory interactions will help us close this accountability gap and support victims, regulators and law-enforcement authorities in understanding what really happened behind the Choise scheme. Share Information via Whistle42

Strategy (ex-MicroStrategy) has transformed itself into the world’s biggest listed Bitcoin treasury company, holding about 649,870 BTC acquired for roughly $48.4 billion at an average cost above $74k per coin. After Bitcoin’s recent fall from six-figure highs to around $91k, the market is again debating whether a deeper correction could push Strategy toward solvency stress or even bankruptcy (Source: TIKR.com). On 10 November, Michael Saylor reiterated on X that “we hodl 641,692 BTC” and promptly added more, underlining his conviction despite rising volatility. Strategy’s Position in a Sustained BTC Downtrend Strategy finances its BTC stack with a mix of convertible notes, secured loans and equity issuance, with total debt estimated around $10–11 billion (Source: BitMEX). Independent analyses suggest a theoretical debt-coverage/“liquidation” level in the low-$20k BTC range, far below current prices, meaning that even a 60–70% drawdown from here would likely leave the company solvent on paper (Source: 21shares). The real risk in a prolonged correction is different: Equity collapse: MSTR trades as a geared BTC proxy. A deep bear market would hammer the stock, raising capital-markets and refinancing risk (Source: Investopedia). Refinancing & covenants: Lower equity value and wider credit spreads could make rolling or retiring debt materially harder and more expensive. Accounting & sentiment: Large mark-to-market losses could trigger impairments, downgrades and negative feedback from wary shareholders and lenders. Bankruptcy is still a tail scenario but can’t be ruled out if BTC collapsed toward or below the $20k area and stayed there while credit markets seized up. Impact on the Broader Crypto Market Strategy controls more than 3% of all BTC that will ever exist (Source: The Block). Any forced liquidation or distressed restructuring would be systemically bearish: direct selling pressure, loss of a key bullish narrative (“corporate BTC standard”), tighter lender risk appetite for BTC-backed borrowing and structured products. Even without bankruptcy, a prolonged Strategy drawdown would chill institutional appetite and likely widen the next crypto winter. Link to an AI Bubble Bust As FinTelegram has argued in its AI-bubble doomsday briefing, a sharp AI-tech crash would likely trigger a broad risk-off phase. Strategy is doubly exposed: it is listed as a tech stock and fully tied to BTC, which increasingly trades like a high-beta macro asset. An AI bust with tightening liquidity, higher real rates and falling tech valuations would greatly increase the probability of a deep BTC bear phase – and, by extension, of serious stress at Strategy. Working hypothesis: bankruptcy remains a low-probability tail risk, but the combination of an AI-driven equity crash and a 60–80% BTC drawdown would push Strategy close to that edge and would be structurally negative for the entire crypto segment. Share Information via Whistle42

When FinTelegram’s recent investor briefing outlined a tail-risk “AI bubble crash” scenario, it was a macro thought experiment. Peter Thiel’s Thiel Macro LLC now adds a very real data point: according to SEC filings, the fund sold its entire Nvidia stake – around 537,742 shares worth roughly $100 million – during Q3 2025 (Source: Reuters). The move comes just as central banks, from the ECB to the Bank of England, and even tech leaders like Google’s Sundar Pichai, warn of bubble-like dynamics and “irrational” AI spending (NYPost.com) At the same time, SoftBank and other large investors have also exited or reduced Nvidia positions, intensifying the debate over whether AI valuations are peaking (Source bitget.com). Read more about the AI Bubble fears here. How Much Does Thiel’s Move Matter? Nvidia is the key equity barometer for the AI trade. Its chips power data centres, model training and much of the AI arms race. A complete exit by an insider-level tech investor like Thiel inevitably looks like a vote of no confidence in current pricing, even if his fund has not publicly framed it that way (Source: finextra.com). However, portfolio mechanics matter. Thiel Macro had a highly concentrated Nvidia position; taking profits and reducing single-name risk near all-time highs is rational risk management. Read purely as a timing call, the sale is a warning signal, not definitive proof that the AI cycle is over. Revisiting the Doomsday Scenario In our FinTelegram briefing, we described a doomsday variant where: AI megacaps fall 60–75%, broad equity indices drop 30–40%, and crypto suffers a 60–80% drawdown in BTC and ETH, with many altcoins effectively wiped out. Thiel’s exit and other large divestments slightly increase our estimated probability that such an extreme unwind could occur over the next 2–3 years – from roughly 10–15% to the upper end of that range. They indicate that sophisticated capital is starting to de-risk at the margin. Our view: this is not a call to panic, but a clear reminder to investors that AI and crypto exposures are tightly linked high-beta trades. Concentration, leverage and liquidity risk should now be treated as primary portfolio variables, not footnotes. Share Information via Whistle42

Early-stage utility token linked to payment institution faces scrutiny over business model and alleged casino facilitation Executive Summary KYCoin (symbol: KYC) represents an early-generation utility token issued by NUN-TECH SA, a Luxembourg-registered IT services company operating within the Olky Group ecosystem. Launched in 2021 on a private ledger before migrating to the Polygon (Ethereum) blockchain, KYCoin serves as an access token for KYC verification services, payment order routing, and transactions within the Olky Group’s network of payment and crypto-asset services. The token operates in conjunction with Olky Payment Service Provider SA, a licensed payment institution supervised by Luxembourg’s Commission de Surveillance du Secteur Financier (CSSF) under authorization number 47/13. Both entities share the same Luxembourg address, raising questions about corporate independence and operational separation.​ Recent intelligence suggests that the Olky Group infrastructure may be facilitating illegal casino activities, allegations that warrant regulatory scrutiny given the group’s authorization to serve high-risk sectors, including crypto and Web3 businesses.​ Corporate Structure and Ownership NUN-TECH SA was established in Luxembourg in April 2017 with registered capital of €35,392 and employs between 1-10 people. The company holds Luxembourg trade register number B214016 and operates from 7A rue de Turi, L-3378 Livange, with an additional branch at 48 Quai du Lazaret, Marseille, France. According to company documentation, NUN-TECH is presented as part of the Olky Group, though the precise ownership structure remains opaque.​ Olky Payment Service Provider SA (trade register B165776) operates as a société anonyme with capital of €2,271,111.00. The company was founded in January 2012 and received its payment institution license (number 47/13) from Luxembourg’s Ministry of Finance in 2013. Olky Payment Service Provider initially operated from 7A rue de Turi in Livange before relocating its registered office to 1 Op de Leemen, L-5846 Fentange. Both addresses appear to be shared office facilities in Luxembourg business parks.​ The Olky Group comprises five entities: OlkyPay (payment services), OlkyPass and Algoreg (KYC/AML services), OlkyWallet (crypto services), and OlkyRent (SaaS). The group employs over 100 staff across Luxembourg and France, and allegedly processed more than €8 billion in transactions by 2024. Franck Rouayroux serves as CEO of both the Olky Group and OlkyPay.​ KYCoin Token: Business Model and Regulatory Framework KYCoin operates as a utility token providing access to three primary services within the NUN-TECH/Olky ecosystem:​ OlkyPass KYC Passport: A digital identity verification service powered by Algoreg technology that enables users to complete Know Your Customer (KYC) requirements once and utilize this “passport” across the Olky partner network. The system utilizes document analysis, adverse media screening, and risk scoring to facilitate customer onboarding for regulated businesses.​ Bank Identity Management: The ability to link payment accounts to aliases (email addresses, phone numbers, QR codes) for simplified payment routing.​ Payment Order Routing: Transfer of KYCoin tokens between network participants to execute fiat or crypto-asset payment orders within the partner ecosystem.​ The token was initially launched in 2021 on a private ledger before migrating to the public Polygon blockchain (Ethereum layer-2 network), where it operates as an ERC-20 compatible token. According to Olky’s marketing materials, KYCoin enables “ultra-fast” value exchange within a “limited network” of Olky partners subject to KYC requirements.​ Regulatory Status and Compliance Concerns Payment Institution Authorization: Olky Payment Service Provider operates under Luxembourg payment institution license 47/13, supervised by the CSSF and passported throughout the European Union and European Economic Area via the Autorité de Contrôle Prudentiel et de Résolution (ACPR) in France. The company is registered with the CSSF under number Z00000006.​ Crypto-Asset Services: OlkyWallet is described as “currently being authorized” by France’s Autorité des Marchés Financiers (AMF) and ACPR as a digital asset service provider. However, comprehensive searches of public registries did not confirm completed PSAN (Prestataire de Services sur Actifs Numériques) registration, raising questions about the operational status of crypto-asset services.​ KYCoin Regulatory Classification: The token’s status under the EU’s Markets in Crypto-Assets (MiCA) regulation remains unclear. MiCA, which entered into force in June 2023 with stablecoin provisions applicable from June 2024, establishes comprehensive frameworks for utility tokens, asset-referenced tokens, and e-money tokens. As an early-generation utility token launched before MiCA implementation, KYCoin’s compliance with current regulatory standards requires verification.​ AML/CFT Obligations: As a Luxembourg-registered virtual asset service provider, NUN-TECH would be subject to Anti-Money Laundering and Counter-Financing of Terrorism (AML/CFT) obligations under Luxembourg law. The CSSF maintains a public registry of licensed cryptocurrency entities, though NUN-TECH’s presence in this registry could not be confirmed during research.​ The Payment Institution-Utility Token Nexus The close operational relationship between NUN-TECH (token issuer) and Olky Payment Service Provider (licensed payment institution) warrants regulatory examination. Payment institutions are subject to strict capital requirements, governance standards, and operational safeguards under the EU Payment Services Directive (PSD2). The use of a utility token to facilitate payment routing within a licensed payment institution’s ecosystem creates potential regulatory arbitrage concerns, particularly regarding:​ Capital adequacy: Whether token-based payment routing circumvents payment institution capital requirements Consumer protection: Whether token holders receive equivalent protections to payment service users Supervisory oversight: Whether the CSSF’s supervision extends to token-mediated transactions Operational independence: Whether NUN-TECH operates with adequate separation from the licensed payment institution Casino Facilitation Allegations Intelligence received by FinTelegram indicates that the Olky Group infrastructure may be facilitating illegal casino activities. This allegation is particularly concerning given that: The Olky Group explicitly markets its services to “high-risk sectors” including crypto, Web3, and industries traditionally refused by conventional banks.​ Online gambling payment processing has been identified as a high-risk sector for money laundering, with regulators worldwide increasing scrutiny of payment facilitators serving unregulated gambling operators.​ FinTelegram previously launched an investigative campaign specifically targeting payment processors in the online casino and gambling industry, examining licensing credentials and transaction facilitation mechanisms.​ Luxembourg payment institutions operating in high-risk sectors face enhanced AML/CFT obligations and ongoing CSSF supervision. The CSSF has previously issued warnings regarding fraudulent activities misusing the names of legitimate Luxembourg payment institutions, including Olky Payment Service Provider itself in December 2021.​ Summary of Key Compliance Indicators CategoryDetailsRegulatory StatusToken KYCoinUtility token (non-MiCA)Token IssuerNUN-TECH SA, Luxembourg (B214016)​IT services company, unclear VASP statusToken TypeUtility token (KYC)​Early generation, MiCA compliance uncertainBlockchainPolygon (Ethereum layer-2)​Public blockchain deploymentLaunch Date2021 (private ledger), later migrated to Polygon​Pre-MiCA implementationPartner Payment InstitutionOlky Payment Service Provider SA (B165776)​CSSF license 47/13, EU passporting​Shared Address7A rue de Turi, Livange, Luxembourg​Potential independence concernsGroup StructureOlky Group (5 entities, 100+ employees)​Complex corporate arrangementTransaction Volume€8+ billion processed (2024)​Significant operational scaleTarget SectorsHigh-risk including crypto, Web3, and traditionally underserved​Enhanced AML/CFT obligationsCasino AllegationsInsider reports of illegal activity facilitationRequires investigationManagementFranck Rouayroux​Karima LachgarDual role across group entities Regulatory Questions Requiring Resolution MiCA Compliance: Has KYCoin undergone regulatory assessment under MiCA provisions for utility tokens, including whitepaper requirements and issuer authorization?​ VASP Registration: Is NUN-TECH registered with the CSSF as a virtual asset service provider, as required under Luxembourg’s AML/CFT framework?​ OlkyWallet Status: What is the current registration status of OlkyWallet with French authorities (AMF/ACPR) as a digital asset service provider?​ Payment Services Boundary: Does KYCoin-mediated payment routing constitute provision of payment services requiring direct authorization?​ Casino Facilitation: Has the CSSF investigated allegations of illegal casino activity facilitation through Olky Group infrastructure?​ Conclusion and Call for Intelligence KYCoin represents an early-stage utility token operating within a complex ecosystem of licensed payment services and emerging crypto-asset offerings. While Olky Payment Service Provider maintains legitimate regulatory authorization from the CSSF, the business model’s reliance on a utility token for core functionality, combined with the group’s focus on high-risk sectors and recent allegations of casino facilitation, warrant comprehensive regulatory review. The close operational integration between NUN-TECH (token issuer) and Olky Payment Service Provider (licensed institution), evidenced by shared addresses and group affiliation, raises questions about regulatory perimeter and supervisory effectiveness. As MiCA implementation progresses and European regulators enhance oversight of crypto-asset services, the KYCoin model may face increased scrutiny regarding compliance with transparency, consumer protection, and operational standards. Whistleblower Call to Action FinTelegram invites insiders with knowledge of KYCoin, NUN-TECH SA, and the Olky Group to provide information through the Whistle42 platform (www.whistle42.com). Whistle42 offers confidential intelligence submission, community discussion forums, and the F42 Whistleblower Reward Program providing token-based compensation for valuable information.​ Information of particular interest includes: Evidence regarding alleged illegal casino facilitation Details of KYCoin transaction flows and partner network operations Documentation of regulatory compliance measures (or lack thereof) Internal communications regarding business model and risk management Customer complaints or operational issues By contributing to this investigation, whistleblowers help protect consumers, strengthen financial integrity, and support regulatory authorities in maintaining oversight of evolving payment and crypto-asset ecosystems. Share Information via Whistle42

Regulators from the ECB, Bank of England, IMF and WEF now explicitly warn that AI-driven equity valuations look bubble-like and vulnerable to an abrupt correction. The artificial intelligence investment bubble presents a critical financial stability risk that demands immediate portfolio rebalancing. The regulators have escalated warnings from cautionary to alarming, drawing explicit parallels to the dot-com collapse of 2000 and the 2008 financial crisis.  Worst-Case / Doomsday Scenario The structural vulnerability centers on circular financing mechanisms where AI enterprises extend investment capital to each other’s services, artificially inflating revenue streams divorced from genuine market demand. Non-bank private credit now finances 50% of AI infrastructure development—data centers, GPU fleets, and chip fabrication—totaling trillions in leveraged positions. When this circular arrangement unwinds, debt obligations cascade through the financial system faster than traditional equity corrections.​ AI’s current valuation represents approximately one-third more capital concentration than the entire 1990s internet bubble, amplifying potential downside severity. Should deployment fail to generate projected returns, institutional liquidation could trigger margin calls across overleveraged treasury and venture debt positions, creating forced selling that accelerates market collapse (Source: NYTimes.com) Trigger.A cluster of shocks hits simultaneously: Several AI megacaps miss earnings and guide lower on AI monetisation (Source: goldmansachs.com). US yields spike as markets re-price debt sustainability and central banks stay restrictive to fight a second inflation wave (Source: Reuters). Global growth rolls over, exposing overinvestment in data centres and AI infrastructure (Source: The Times of India). Equity shock.Highly concentrated AI leaders (the “Magnificent 7”) drop 60–75%; global tech indices fall 50–65%; broad US and European benchmarks lose 30–40% (Source: Le Monde.fr).Risk-parity and vol-targeting strategies de-risk mechanically, margin calls explode, and ETFs amplify forced selling. Crypto Market Impact (BTC, ETH, Altcoins) Crypto has recently traded increasingly in lockstep with US equities, especially during Fed-driven risk-off episodes (Source: bloomberg.com) In a full AI bubble burst: Bitcoin (BTC): narrative flips from “digital gold + AI infrastructure play” to pure high-beta risk asset. A 60–80% drawdown from pre-crash levels is plausible as leverage is flushed from perp markets and major lenders tighten collateral rules. Current $94,000–$95,000 levels collapse to $19,000–$38,000 support zones. Ethereum (ETH): bears added earnings-style risk via NFT, DeFi and rollup activity. In a deep liquidity shock, ETH could fall 70–90%, with DeFi liquidations, protocol treasury losses and L2 funding stress. Altcoins: long tail tokens, AI-themed coins and illiquid DeFi assets could see 90–100% peak-to-trough declines, with many never recovering. Stablecoin redemptions and potential issuer stress would further drain on-chain liquidity. The result: This severity exceeds traditional recession correlations due to liquidation cascades: overleveraged positions force algorithmic selling at market prices, eliminating bid support and accelerating volatility. We could face a multi-year crypto winter, widespread project failures, and intensified regulatory crackdowns on leverage, stablecoins and retail marketing. Probability & Macro Preconditions FinTelegram’s qualitative assessment: Base case (50–60%): orderly derating – AI stocks correct 20–30%; BTC/ETH −40–60%; no systemic crisis. Adverse case (25–35%): deeper but manageable AI and crypto drawdown without broad financial instability. Doomsday tail (10–15% over 2–3 years): scenario outlined above, contingent on: renewed inflation forcing further rate hikes, recession in US/EU with earnings collapse, sovereign-debt or private-credit stress interacting with AI and crypto bubbles (Sources: Reuters, ECB, BOE). Actionable Takeaways (Not Investment Advice) Treat AI-linked tech and crypto as correlated high-beta risk, not diversification. Stress-test portfolios for 60–80% crypto drawdowns and 30–40% equity drops. Favour robust liquidity, limited leverage, and clear exit rules over AI or crypto FOMO trades.

Major central banks are now openly warning that the AI hype is inflating a dangerous equity bubble. After the Bank of England’s alarm over “stretched” valuations and the risk of a sharp correction, the European Central Bank (ECB) is also warning that AI-driven stock prices could fall abruptly, with systemic consequences for global markets. Key Facts ECB warning: In its Financial Stability Review, the ECB highlights a possible “bubble” in AI-related equities, driven by extreme optimism and concentration in a handful of mainly US tech giants (Source: Reuters) BoE red flag: The Bank of England’s Financial Policy Committee says equity valuations “appear stretched,” especially in AI-focused tech, and warns of a risk of a “sharp market correction” (Source: Central Banking). Global chorus: IMF, major banks and CIOs increasingly compare current AI exuberance to the dot-com era, warning that many projects will not earn back invested capital (Source: AP News). Dangerous concentration: AI and big-tech names now account for around 40% of the S&P 500, amplifying index and ETF vulnerability if sentiment turns (Source: AP News). Market stress visible: Ongoing sell-offs and comments from big-tech executives that “no company is immune” if the AI bubble bursts show that even insiders are preparing for downside (Source: theguardian.com). Short Analysis For FinTelegram, the message from central banks is clear: AI has become the new narrative for old speculative patterns. The rally is narrow, highly leveraged (directly and via derivatives), and increasingly financed by funds that have already run down their cash buffers. Forced selling in an AI correction could rapidly spill over into broader markets, including Europe. At the same time, corporate AI capex and infrastructure spending are approaching extreme levels. If earnings disappoint or technological leadership shifts, today’s “must-own” AI champions could become the epicentre of a sharp de-rating. Retail investors piling into AI-themed ETFs, structured products and CFD trading are likely to absorb disproportionate losses when volatility spikes (Source: wealth.db.com). Call for Information FinTelegram is monitoring AI-driven market risks, including leveraged retail products, opaque structured notes, and aggressive AI-themed marketing by brokers and banks. Insiders, risk managers, and clients with relevant information about mis-selling, leverage practices, or hidden exposures are invited to contact us securely via our whistleblower platform Whistle42.com. Share Information via Whistle42

A UK casino player has lifted the curtain on yet another payment setup sitting in the grey zone between regulated fintech and criminal gambling flows. Her email chain with Olky / Nun-Tech / KYCOIN describes how a Luxembourg-French “web3 payment” structure allegedly bypassed gambling and crypto blocks to send money straight into the wallet of Gamblezen, a Curaçao casino owned by Altacore N.V. If her account is accurate, which we believe it is based on the evidence, KYCOIN is not just a “utility token”, but a highly efficient payment facilitator for unlicensed gambling. 1. The whistleblower and her case The UK player (FinTelegram knows the name) is not a passive victim. Over several weeks, she has: Documented KYCOIN-labelled card transactions that her bank’s fraud team later flagged as suspicious. Explained that gambling and crypto purchases are blocked on her NatWest account, yet KYCOIN payments still went through – implying non-gambling, non-crypto MCC codes were used. Shown that these transactions were in reality deposits to Gamblezen, a casino operated by Altacore N.V., licensed only in Curaçao and explicitly targeting EU players (Source: IGamingExpert). In her emails, the UK player accuses Olky/Nun-Tech of: Deliberately miscoding transactions to evade card blocking (neither MCC 7995 for gambling nor 6051 for crypto, as confirmed by her bank). Sending funds directly to the casino’s wallet, leaving her with no real “KYCOIN account” or control over the tokens. Completely ignoring repeated GDPR/DSAR requests and refund demands, while obsessively flagging her negative Trustpilot reviews instead of answering her. She escalates to Mastercard fraud, the CSSF in Luxembourg, FATF, the UK Gambling Commission, UK MPs and investigative journalists, and copies FinTelegram on the entire correspondence. Her allegation is simple: Olky/Nun-Tech, via KYCOIN, knowingly or negligently process payments for an illegal online casino, while hiding the nature of those transactions from banks and consumers. 2. The official story: Olky, Nun-Tech, and KYCOIN On paper, the structure looks clean and sophisticated: Olky Payment Service Provider SA (OlkyPay) is a Luxembourg-licensed payment institution, supervised by the CSSF and passported across the EU (Source: Olky.eu). They claim to have more than 1 million dlients. Nun-Tech SA is an IT / software company of the Olky Group, with a registered office in Luxembourg and a French branch in Marseille trading under the brand KYCOIN (Source: pappers.fr) Olky and Nun-Tech share the same registered office address in Luxembourg. KYCOIN (symbol “KYC”) is branded as a utility token issued by Nun-Tech to access services like OlkyPass (KYC passport) issued by Olky, bank-identity aliases, and “FIAT or crypto order routing within a network of partners” (Source: nun-tech.fr) The Nun-Tech T&Cs describe the mechanism clearly: Users must acquire KYCOIN on kycoin.io, olkypass.com, or partner payment pages to access Nun-Tech services. Payment Orders are routed by transferring KYCOIN from the user to a “Beneficiary” who must also hold an OlkyPass. Once routed, OlkyPay executes the underlying fiat payment. French central-bank guidance even cites KYCOIN as a model “utility token” whose circulation is limited to a network of AML-regulated partners (PSPs, PSANs, etc.) (Source: Banque de France). And yet, Olky’s own marketing for KYPAY boasts that the product can be used “for all activities, even high-risk”, and allows merchants to collect cash via cards and instant transfers without a distance-selling contract (Source: Olky.eu). This positioning, combined with the tokenised routing layer, makes the system extremely attractive for offshore gambling operators. 3. How the system can be weaponised for illegal gambling Based on the player’s detailed chronology and FinTelegram’s analysis, the alleged flow looks like this: Player visits Gamblezen (Altacore N.V., Curaçao). The deposit page includes a KYCOIN / Nun-Tech integration. It’s embedded page behind “Card” or “Crypto” buttons. It is not a clearly branded option in the cashier. Player enters card details. The merchant descriptor later shows as “KYCOIN / Nun-Tech / Olky”, not “Gamblezen”. The transaction passes because the MCC is not 7995 (gambling) and not 6051 (crypto) – both of which are blocked on the player’s account. Internally, Nun-Tech’s system records a purchase of KYCOIN and immediately routes a Payment Order to the casino’s OlkyPass/KYCOIN wallet. The player never sees or controls any KYCOIN balance (Source: nun-tech.fr). Gamblezen credits the player’s casino account in fiat or chips. From the bank’s perspective, the cardholder has simply bought “KYCOIN / IT services” from a Luxembourg/French tech firm – not gambled at an offshore casino. This aligns disturbingly well with: Nun-Tech’s own T&Cs, which emphasise that routed payment orders are irrevocable and that Nun-Tech only “uses best efforts” to help in cases of fraud, while stressing that only the Beneficiary (here, the casino) can restore a KYCOIN balance (Source: nun-tech.fr). Player reports on CasinoGuru and other forums, where KYCOIN appears in connection with Curacao-licensed casinos using “wrong” MCC codes and where Nun-Tech’s reply is simply to “contact the merchant” (Source: casinoguru-it.com). From a compliance perspective, this is exactly the “crypto-purchase disguise” pattern FinTelegram has already documented with other processors: card payments presented as token purchases on a “regulated” crypto/fintech platform, but instantly forwarded to illegal gambling schemes. 4. Behavioural red flags: silence to the victim, noise to Trustpilot Throughout the entire email chain, one pattern stands out: Zero substantive response from Olky/Nun-Tech to Dymond’s GDPR, MCC-code and KYC questions. Repeated attempts to remove her Trustpilot reviews, forcing her to repost them, while she simultaneously copies regulators, Mastercard, MPs and investigative journalists. For a group that presents itself as a highly regulated, AML-serious fintech, this behaviour is striking. A genuinely compliant PSP facing allegations of miscoded gambling/crypto transactions would normally: Open a structured complaint case; Provide at least partial information on the merchant, MCC and KYC used; Coordinate with its acquiring partners and, where appropriate, support chargeback or refund. Instead, according to the emails, Olky/Nun-Tech appear to treat the issue primarily as an online-reputation problem, not a compliance incident. 5. Regulatory and compliance questions FinTelegram’s analysis and the whistleblower’s evidence raise a series of concrete questions for supervisors and card schemes: MCC misclassification & card-scheme rules If Dymond’s bank correctly states that MCC 7995 and 6051 were not used, under what merchant category were KYCOIN transactions processed? Were these descriptors intentionally chosen to bypass responsible-gambling and crypto blocks, in breach of Mastercard rules and national consumer-protection law? Use of a “utility token” as a de facto payment instrument KYCOIN is formally restricted to a network of AML-regulated partners. How did a Curaçao casino (Altacore N.V.) – already banned or sanctioned in jurisdictions like Sweden for targeting local players – qualify as an acceptable “Beneficiary”? Is Nun-Tech/Olky using the “utility token” label to effectively operate a cross-border money-remittance system outside the perimeter of stricter gambling-payment regulation? AML / CFT and KYC procedures Dymond states she never completed a KYCOIN account registration or KYC process yet was able to transact large amounts. If true, where exactly was KYC performed – by Olky/Nun-Tech, by the casino, or not at all? How does Nun-Tech reconcile its AML obligations with the explicit disclaimer in its T&Cs that it has “no control” over the nature of the goods and services delivered by Beneficiaries? Group governance and responsibility Nun-Tech’s statutes show Olkyrent SA and associated individuals as shareholders, confirming it as part of the Olky Group (Source: pappers.fr). Who in the group (board, risk committee, compliance function) approves high-risk partners such as offshore casinos, and how is that decision documented? CSSF and ACPR oversight Given that the CSSF has already issued a warning about fraudulent activities misusing the name of Olky Payment Service Provider SA (Source: cssf.lu), what steps are being taken to ensure that Olky’s own group infrastructure is not enabling similar abuses – this time not by impostors, but allegedly by its partners? FinTelegram does not claim that every KYCOIN transaction is illegal. But the combination of token-based routing, marketing to high-risk activities, weak response to serious complaints, and recurrent links to Curacao casinos is a textbook red-flag scenario for payment-facilitator abuse. 6. Summary table – Entities, Roles, and Links A. Brands & entities Legal entity / IndividualJurisdictionRole in the systemNotesOlky Payment Service Provider SALuxembourg (CSSF-authorised payment institution; FR branch) Doing business as Olky (Olky.eu), executes euro payment orders routed via Nun-Tech / KYCOINProvides KYPAY, IBAN, card & transfer rails; positioned as “neobank for everyone” and “for all activities, even high-risk” Nun-Tech SALuxembourg (B214016) with French branch “KYCOIN” in Marseille (annuaire-entreprises.data.gouv.fr)Issues KYCOIN utility token and operates OlkyPass / payment-routing layerPart of Olky Group; shareholders include Olkyrent SA and associated individuals (pappers.fr)Olky Group / Nun-TechEUKYC passport giving access to KYPAY, KYCOIN wallet and partner services Required for both users and “Beneficiaries” in Nun-Tech routing modelAltacore N.V.Curaçao Offshore online casino allegedly integrated with KYCOIN deposit pathAltacore casinos have been criticised and banned in several jurisdictions for targeting local players without licencesVarious group entitiesLU/FRCrypto-euro wallet and web3 strategy arm2023 article notes recruitment of Karima Lachgar to lead Olky Wallet and regulatory strategy; Nun-Tech cited as “entity of the Olky Group” (dehfi.com)Karima LachgarLuxembourg, FranceCEO of Olky Wallet / Group Head of Legal & Regulatory Strategy (Olky Group)Key figure for group-level compliance and web3 strategy. 7. Call for information FinTelegram will continue to investigate the Olky / Nun-Tech / KYCOIN system and its relationships with offshore casinos such as Gamblezen (Altacore N.V.). We invite: Current and former staff of Olky, Nun-Tech, or associated partners; Bank and card-scheme insiders familiar with KYCOIN-coded transactions; Players who see “KYCOIN / Nun-Tech / Olky” on their statements after deposits to online casinos; to share information and documentation with us – securely and, if desired, anonymously – via our whistleblower platform Whistle42.com. Share Information via Whistle42 Cases like this show that regulated-looking fintech shells can become the perfect camouflage for illegal gambling payments. It is time regulators and card schemes take a very hard look at KYCOIN and the Olky group’s “high-risk” ambitions.

ICIJ’s new Coin Laundry investigation confirms what FinTelegram has warned for years: the world’s largest crypto exchanges have been awash with funds tied to money launderers, scam cartels, drug syndicates, and North Korean hackers – even after guilty pleas in the U.S. The industry’s “compliance theatre” increasingly looks like a business model. Key Facts ICIJ traced tens of thousands of transactions and found major exchanges, including Binance, OKX, Kraken, HTX, and Coinbase, processing billions linked to crime networks and sanctioned actors (Source: icij.org). Cambodia-based Huione Group, designated a money-laundering concern by the U.S. Treasury, sent at least $408 million in tether to Binance and $226 million to OKX in the year after their U.S. plea deals for AML violations (Source: Axios). Wallets linked to the Sinaloa cartel, Chinese fentanyl traffickers and Russian launderers for North Korea’s weapons program all used brand-name exchanges to move funds. North Korean hackers routed about $1.5 billion stolen from the Bybit exchange through THORChain; a $900 million ether surge then hit a handful of Binance deposit addresses. Sources describe overwhelmed compliance teams and a fragmented supervisory regime that still treats systemically important exchanges more like money transmitters than banks, despite their trillions in annual trading volume. Compliance Analysis The Coin Laundry is not a story about a few rogue wallets; it is an indictment of an ecosystem. Binance, OKX and others emerge as central pipes in a global shadow banking system where dirty tether and bitcoin are routinely washed into “clean” fiat – long after regulators claimed victory with multi-billion-dollar settlements and court-supervised monitors (Source: Wikipedia). The Huione flows are particularly explosive: a human-trafficking-linked payments hub pushing roughly $1 million a day in stablecoins into customer accounts at exchanges that were supposedly under enhanced scrutiny. This is not residual legacy risk; it looks like business-as-usual revenue being quietly tolerated because it generates fees – until journalists connect the dots. FinTelegram’s own investigations over recent years point to the same structural weakness: illegal online casinos, unlicensed sportsbooks and high-risk CFD/FX schemes systematically route player deposits and victim funds through crypto payment processors and exchanges to break the audit trail. The very same rails highlighted by ICIJ for scam compounds, drug cartels and state-sponsored hackers are also used to launder gambling and online-trading proceeds at scale. Crypto is no longer just the getaway car for darknet markets – it has become the cashier cage for the global grey gambling and online-trading industry. Regulators come off badly. Europe’s new consumer-protection and transparency rules arrived late and narrow; in the U.S., enforcement has swung between aggressive crackdowns and abrupt political U-turns, while under-resourced supervisors struggle to police exchanges classified as mere “money transmitters.” At the same time, blockchain analytics firms posture themselves as watchdogs, but, as the ICIJ notes, often avoid publicly naming the big platforms that pay their invoices. Call for Information – Whistle42 FinTelegram will continue to follow the Coin Laundry trail, with a special focus on illegal gambling, offshore brokers, and their crypto payment facilitators. We call on insiders, compliance officers, ex-employees of exchanges and payment processors, and affected players to share documents and information with us via our secure whistleblower platform Whistle42. Help us map – and expose – the crypto money-laundering infrastructure before the next wave of victims pays the price. Share Information via Whistle42