In a comprehensive compliance investigation, FinTelegram has documented that MiFinity—a regulated Electronic Money Institution operating under FCA and MFSA licenses—is systematically facilitating payments for unlicensed offshore casinos operating illegally in the UK and EU. The 2024 financial statements reveal a 307% explosion in net income (to £8.6 million), driven by aggressive expansion into high-risk gambling merchants. Simultaneously, the group has concealed £22.6 million in undisclosed inter-company flows to unregulated support entities. The underlying beneficial ownership remains opaque, and the death of founder Mike Busher in summer 2024 removes the primary witness to the group’s offshore structuring. EXECUTIVE SUMMARY FinTelegram Intelligence has completed a comprehensive compliance review of the MiFinity Group, a multi-jurisdictional payment processor operating with regulatory licenses in the United Kingdom (FCA) and Malta (MFSA). The investigation reveals: KEY FINDINGS 1. Documented Illegal Gambling Facilitation MiFinity is a primary payment processor for offshore casinos operating illegally in regulated markets: Legiano Casino: Licensed in Anjouan/Curacao, illegally accepting UK and EU players without local gambling licenses Winning.io: Curacao-licensed operator facilitating global payments including to restricted jurisdictions Documented presence across 650+ gambling websites, many operating without adequate local licensing Regulatory Violation: UK Gambling Commission and EU national gambling authorities require payment processors to refuse merchants operating without local licenses. MiFinity’s facilitation of Legiano and Winning.io violates these regulatory obligations. 2. Explosive 307% Growth Correlated with High-Risk Merchant Expansion Net Income (2024): £8.6 million (+307% YoY from £2.1M in 2023) Total Assets (2024): £77.0 million (+231% YoY from £23.2M in 2023) Gross Profit Margin (2024): 52.1% (compared to 2–5% standard for legitimate payment processors) Timing: Growth explosion immediately followed the October 2023 appointment of Jim Purcell (former CFO of EBET Inc., a gaming operator) as Chief Operating Officer Compliance Insight: The anomalously high gross margin (52.1%) indicates premium pricing for high-risk merchants—casinos unable to access banking rails through legitimate processors. This is consistent with a business model targeting “merchants of last resort.” 3. £22.6 Million in Undisclosed Inter-Company Flows The 2024 audited financial statements reveal massive inter-company transactions without transparent business rationale: Payment DirectionAmount (GBP)NatureMiFinity UK → Concentric Data Services (Ireland)£6.8 million“Service & Technology Fee” (79% of net income)MiFinity Malta → MiFinity UK£14.4 millionPayable Due (undisclosed purpose)MiFinity Payments (Ireland) → MiFinity UK£1.4 millionPayable Due (undisclosed purpose)TOTAL£22.6 million+Undisclosed interdependencies Compliance Red Flag: The £6.8M annual fee to Concentric Data Services—an unregulated entity with no public business description—suggests outsourcing of critical compliance functions (merchant onboarding, KYC, AML/CFT) to an entity outside regulatory oversight. Read the MiFinity Financial Analyses here. 4. Opaque Corporate Structure & Beneficial Ownership Ultimate Beneficial Owners: Not publicly disclosed. While Paul Kavanagh (CEO) and Kieron Nolan (CFO) are identified as controllers, precise equity percentages and additional UBOs remain unknown Founder Death: Mike Busher (American, b. 1951), founder and original majority shareholder (>75%), died in an aircraft accident in summer 2024. His death removes the key witness to the group’s 2017 control transfer and offshore structuring Offshore Links: Busher is listed in the ICIJ Offshore Leaks (Paradise Papers) database as a shareholder of Concentric Data Services Malta Ltd, confirming historical use of offshore secrecy jurisdictions Holding Company Opacity: MiFinity Payments Limited (Malta) serves as group parent but provides no public financial disclosures 5. Regulatory Arbitrage Through Multi-Jurisdictional Structure The group exploits differences in regulatory stringency: Merchant Onboarding in Malta (MFSA, historically permissive) → Execution through UK (FCA) Technology services outsourced to Ireland (Concentric, unregulated) → Limited FCA/MFSA visibility Holding company in Malta → Opaque beneficial ownership and transfer pricing Result: The structure creates systematic gaps in regulatory oversight, allowing high-risk merchants to be onboarded in jurisdictions with weaker enforcement while accessing UK banking infrastructure. FULL COMPLIANCE REPORT SUMMARY The MiFinity Group Compliance Report 2026 provides a comprehensive 26-page analysis covering: Part 1: Corporate Structure Detailed mapping of the group’s seven entities across four jurisdictions, identification of the holding company structure in Malta, and analysis of the inter-company financial relationships totaling £22.6 million. Part 2: Beneficial Ownership & Key Individuals Profiles of current controllers (Kavanagh, Nolan), historical founder (Busher, deceased), and management team including Jim Purcell (COO, gaming sector background) and Franklin Cachia (Chief Compliance Officer, Malta, with dual role at consulting firm CSB Group). Part 3: Business Activities & Merchant Exposure Documentation of MiFinity’s explicit focus on online gambling, detailed case studies of Legiano and Winning.io (illegal offshore casinos), evidence of presence across 650+ gambling websites, and analysis of the compliance gaps that allow illegal operators to be onboarded. Part 4: Regulatory Environment & Gaps Analysis of FCA oversight (MiFinity UK, Reg. 900090) and MFSA oversight (Mifinity Malta, Reg. C64824), identification of group-level compliance gaps (no consolidated AML/CFT policy, undisclosed merchant screening procedures, opaque transaction monitoring), and evidence of regulatory arbitrage opportunities. Part 5: Compliance Hypothesis Hypothesis: The 307% 2024 growth is directly correlated with aggressive acquisition of offshore gambling merchants (specifically Legiano, Winning.io, Dama Group) that cannot access banking services through legitimate processors. The 52.1% gross margin reflects premium pricing charged to these high-risk merchants. Evidence: COO appointment (Oct 2023) from gaming sector immediately preceded growth explosion Documented facilitation of illegal operators (Legiano, Winning.io) Lack of compliance scaling proportional to 231% asset increase £6.8M annual payments to unregulated support entity (Concentric) Part 6: Corporate Opacity & Red Flags Multiple entities with unclear operational roles receiving millions in payments Paradise Papers link confirming historical offshore structuring Deceased founder removing key witness to beneficial ownership Ireland-Malta-UK jurisdictional structure enabling regulatory arbitrage Minimal compliance infrastructure relative to transaction volume Part 7: Summary Findings & Enforcement Recommendations The report identifies critical compliance concerns requiring investigation by: UK Gambling Commission: Illegal gambling facilitation FCA: Merchant due diligence adequacy and AML/CFT controls MFSA: Group-level compliance coordination UK National Crime Agency: Money laundering risks EU Financial Intelligence Units: Cross-border transaction patterns COMPLIANCE RISK ASSESSMENT Risk Level: CRITICAL Risk CategoryAssessmentEvidenceMerchant Due DiligenceCRITICALDocumented facilitation of Legiano, Winning.io (illegal in EU/UK)AML/CFT AdequacyCRITICALNo public disclosure of transaction monitoring, SAR filing, sanctions screening standards; Concentric outsourcing to unregulated entityBeneficial Ownership OpacityCRITICALUltimate UBOs not disclosed; holding company in permissive jurisdiction; founder death removes witnessTransfer Pricing & Fund FlowsHIGH£6.8M annual payments to unregulated entity lack business rationale; £14.4M inter-company payables undisclosedConsumer ProtectionHIGHFacilitation of unlicensed gambling violates UK Gambling Commission regulations and harms consumersRegulatory CoordinationHIGHNo evidence of group-level AML/CFT; multi-jurisdictional structure creates oversight gapsFinancial Crime RiskMEDIUM-HIGHStructure and transaction patterns consistent with money laundering schemes; opacity enables hidden beneficial ownership Regulatory Enforcement Urgency: IMMEDIATE The documented facilitation of illegal gambling operators (Legiano, Winning.io) constitutes a clear regulatory violation that should trigger: Immediate investigation by UK Gambling Commission and FCA Merchant compliance audit examining Legiano, Winning.io, and similar onboarding Beneficial ownership disclosure request to Malta parent company Concentric Data Services investigation regarding unregulated compliance functions Transaction pattern analysis for money laundering indicators DOWNLOAD THE FULL COMPLIANCE REPORT [DOWNLOAD: MiFinity Group Compliance Report 2026 (PDF)]26-page comprehensive analysis with detailed evidence, regulatory framework citations, and enforcement recommendations Download the full MiFinity Compliance Report 2026 here. CALL TO WHISTLEBLOWERS: SUBMIT EVIDENCE VIA WHISTLE42 FinTelegram is actively seeking information from MiFinity insiders, former employees, merchants, and partners regarding: [ACCESS WHISTLE42 SECURE PLATFORM] FinTelegram will respect whistleblower confidentiality to the maximum extent possible while ensuring information reaches appropriate regulatory and law enforcement authorities for investigation and potential enforcement action. Share Information via Whistle42 ABOUT THIS REPORT FinTelegram Intelligence is a leading investigative organization specializing in financial crime, cryptocurrency compliance, and high-risk payment processor analysis. This compliance report represents 6 months of independent research, source verification, and regulatory analysis. Report Prepared By: FinTelegram Intelligence DivisionDate: January 2, 2026Distribution: FinTelegram, Regulatory Authorities, Law Enforcement, Media Partners

The 2024 financial statements for MiFinity UK Limited reveal an explosion in growth, with net income rising by over 300% to £8.6 million and total assets reaching £76.96 million. This analysis hypothesizes that such abnormal gains are driven by the processor’s aggressive pivot toward facilitating payments for offshore and unlicensed casinos like Legiano and Winning.io. Financial Analysis 2024: An “Explosive” Year Filings with Companies House in October 2025 confirm that MiFinity UK Limited (controlled by Irish nationals Paul Kavanagh and Kieron Nolan) has shifted gears from steady growth to hyper-expansion. Download Mifinity UK Ltd Financial Statements 2024 The numbers are striking. Total assets on the balance sheet surged from £23.23 million in 2023 to £76.96 million in 2024—a massive 231% increase. Net income followed a similar trajectory, quadrupling from £2.11 million to £8.60 million.​ Perhaps most telling is the Gross Profit Margin, which the report cites at a staggering 52.1%. In the low-margin world of standard payment processing (where margins often sit below 5-10%), such profitability is an anomaly typically reserved for high-risk sectors where merchants pay premium fees for access to banking rails. Compliance Hypothesis: The “High-Risk” Premium We hypothesize that this financial explosion is not the result of organic retail growth, but rather a strategic decision to dominate the high-risk offshore gambling market. Our intelligence confirms MiFinity as a primary payment gateway for casinos operating with weak or non-existent EU licenses, such as Legiano (Anjouan/Curacao licensed). These operators, often blocked by mainstream processors, rely on MiFinity to move funds from restricted jurisdictions (including the UK and EU). The “risk premium” charged to these illegally operating merchants likely fuels the 52.1% gross margin and the sudden accumulation of £77M in assets.​ While MiFinity UK holds an FCA license, its parent Mifinity Payments Limited (Malta) and its ultimate Irish controllers appear to be leveraging the UK entity to process volumes that arguably bypass the spirit, if not the letter, of UK gambling regulations. Key Financial Data (GBP) Metric2023 (Audited)2024 (Audited)ChangeTotal Assets£23,234,953£76,960,000+231.2%Net Income£2,109,639£8,600,000+307.6%Gross Profit Margin~29.4%52.1%+22.7 pp Related Party Transactions According to point “14. Related Party Transactions” of MiFinity UK’s financial statements, the MiFinity Group also includes Concentric Data Services Ltd in Ireland and Concentric Data Services Malta Ltd; MiFinity Payments Ltd in Ireland and MiFinity Payments Ltd in Malta. MiFinitec Caada Ltd According to the 2024 Financial Statements, the financial (and therefore also operational) interdependencies were intense and remarkable: MiFinity UK owed Concentric Data Services over GBP 6.8 million; MiFinity Payments Ltd, in turn, owed MiFinity UK more than GBP 1.4 million (at the end of 2024). MiFinity Malta Ltd, in turn, owed MiFinity UK more than GBP 14.4 million at the end of 2024. In this respect, the balance sheets of the individual companies are only of limited significance; rather, one must look at the MiFinity Group as a whole. Mike Busher, an American born in June 1951, was the founder of MiFinity and was a director of MiFinity UK between 2012 and 2016. At that time, the company was still called NXSYSTEMS LTD. With more than 75% of the shares, Busher was also the controlling entity until February 2017. The ICIJ Offshore Leaks database shows that Michael Christopher “Mike” Busher is or was also a shareholder in Centric Data Services Malta Ltd. Mike Bushner is believed to have died in a plane crash in the summer of 2024. Key Data MiFinity Group ItemDetailsBrandMiFinity (global e‑wallet and payment services brand focused on online payments and gambling sectors).​Primary domainshttps://mifinity.com (including sub‑paths such as /legal, /about, /news, /personal etc.).​https://www.concentric.globalCore legal entitiesMiFinity UK Limited – incorporated in Northern Ireland, trading as MiFinity; authorised by the UK Financial Conduct Authority under the Electronic Money Regulations 2011, Registration No. 900090.​Mifinity Malta Limited – incorporated in Malta; authorised by the Malta Financial Services Authority (MFSA) as a financial institution/e‑money institution under the Financial Institutions Act, Reg. No. C64824.​MiFinity Payments Ltd (Ireland)MiFinity Payments Ltd (Malta)Concentric Data Services Ltd (Ireland) Concentric Data Services Malta Ltd (Malta)Jurisdictions & regulatorsUnited Kingdom – MiFinity UK Limited is an authorised Electronic Money Institution supervised by the FCA under the Electronic Money Regulations 2011.​Malta – Mifinity Malta Limited is authorised and regulated by the MFSA as a financial institution / EMI, with passporting for cross‑border services in the EEA.​Key individualsPaul James Kavanagh – Irish national; CEO and director of MiFinity UK Limited; publicly identified as co‑founder and key controller of the MiFinity group.​Kieron (Kieren) John Nolan – Irish national; CFO, director, and co‑founder; identified as person with significant control in UK company data.​Jim Purcell – Irish national; COO.Business activitiesE‑money issuance, e‑wallet services, payment processing, and merchant acquiring‑type services; supports card payments, bank transfers, alternative methods, and in some constellations crypto‑linked flows.​Operates as a high‑risk payment processor, with a pronounced focus on online casinos, gambling, and sports‑betting platforms, including operators in weakly regulated or unlicensed offshore jurisdictions.​Primary client segmentOnline gambling and betting operators (including Curacao/Anjouan and other offshore‑licensed casinos), casino affiliates and related high‑risk merchants that require cross‑border payment processing into and out of the EU/UK.​End‑users are retail customers using the MiFinity e‑wallet to deposit to and withdraw from these gambling platforms, often in jurisdictions where local licensing is absent or unclear.​ Whistleblower Call to Action The explosion in MiFinity’s numbers raises urgent compliance questions. We call on insiders, former employees, and partners to share information regarding MiFinity’s onboarding of offshore gambling merchants. If you have information, please contact us anonymously via Whistle42. Share Information via Whistle42

1. Case Summary — Germany Ends Sanctions Probe via Monetary Settlement German prosecutors in Munich have formally discontinued a criminal investigation into Russian‑Uzbek billionaire Alisher Usmanov concerning alleged violations of sanctions and the German Außenwirtschaftsgesetz (Foreign Trade and Payments Act), on the condition that Usmanov pays €10 million (Source: SZ). The case stemmed from allegations that Usmanov, who has been subject to EU and U.S. sanctions since 2022, arranged payments (~€1.5 m) through foreign‑based firms for security services at properties near Tegernsee and allegedly failed to declare valuable assets to German authorities — conduct prosecutors viewed as potential sanctions/non‑compliance (Source: n-tv). Prosecutors and the Munich Regional Court (Landgericht München II) agreed that in light of “special circumstances of this individual case” and unresolved legal questions around sanctions application, the matter could be closed under German criminal procedural law through a monetary condition (Geldauflage), without a conviction or penalty (Source: Deutschlandfunk). The payment is not treated as a fine or punitive sanction; the presumption of innocence remains intact, and the prosecution cannot be reopened on the same facts once the payment is completed (Source: DIE WELT). According to prosecutors, €8.5 m of the €10 m will go to Bavaria’s treasury and €1.5 m to social support charities (e.g., prisoner welfare and victim support) (Source: Reuters). This resolution follows a previous 2024 German discontinuation of a money‑laundering investigation against Usmanov on similar terms (payment of ~€4 m), again without admission of guilt. 2. Legal and Procedural Context Under German law, prosecutors may discontinue proceedings by imposing a Geldauflage — a conditional financial contribution — when it serves procedural efficiency and public interest, and where outright prosecution may not be warranted or legally certain. Such an arrangement: is not a conviction; does not establish guilt or liability; and maintains the presumption of innocence under criminal law. German authorities highlighted unresolved questions relating to sanctions rules and formal requirements, particularly concerning how EU sanctions obligations intersect with German law and reporting duties. This sort of prosecutorial discretion is relatively rare in high‑profile sanctions cases, especially involving politically exposed persons (PEPs) with frozen assets, leading to divergent reactions in legal and policy circles. 3. Usmanov’s Broader Sanctions and Legal Challenges Sanctions status: Usmanov was placed on the EU sanctions list in February 2022 following Russia’s invasion of Ukraine; similar sanctions were imposed by the U.S., UK, and Canada. He has challenged his sanctions designations, including an appeal to the EU General Court (dismissed in 2025) and legal actions against the EU Council and media outlets over alleged defamatory reporting (Source: Wikipedia). Litigation history in Germany: German courts previously found aspects of law enforcement conduct — including property search warrants — to be unlawful, citing formal violations and legal shortcomings. Some cases involved alleged misattribution of property ownership and contested links between Usmanov and entities purportedly connected to him. Ongoing enforcement landscape: At present, there is no public indication of equivalent criminal sanctions or prosecutions against Usmanov continuing in other jurisdictions directly tied to the German case. However: EU and U.S. sanctions remain in force, including asset freezes and travel bans. Compliance and sanctions enforcement agencies in various jurisdictions continue to monitor and enforce restrictions against sanctioned individuals, and legal challenges may continue indirectly through administrative sanctions proceedings. Wikipedia 4. Compliance Implications and Evaluation For sanctions compliance analysts and investigators, this development underscores several important themes: a. Sanctions Enforcement Complexity Sanctions cases involving PEPs and globally diversified asset structures pose unique legal challenges, particularly when: ownership structures involve trusts and indirect holdings, and the application of reporting obligations across jurisdictions remains legally unsettled. Wikipedia Courts may scrutinize enforcement mechanisms and procedural requirements, affecting prosecutorial strategies. b. Prosecutorial Discretion vs. Public Policy The use of a monetary settlement (Geldauflage) in lieu of prosecution — without a formal penalty — raises policy questions: Does such a settlement effectively enforce compliance norms? Might it create perceptions of unequal treatment for high‑net‑worth PEPs? How should sanctions enforcement balance legal certainty, resource allocation, and enforcement impact? These questions are increasingly relevant in cross‑border sanctions enforcement. c. Asset Freezes vs. Criminal Liability Sanctions regimes (EU, U.S., UK) can operate independently of criminal prosecutions. Freezes restrict economic interaction, while criminal liability requires proof of specific statutory violations. Usmanov’s case illustrates how sanctions obligations may intersect with domestic criminal law, but regulatory enforcement does not automatically lead to conviction. 5. Conclusion The termination of the German proceedings against Alisher Usmanov against a €10 million monetary condition — without conviction or admission of guilt — reflects a legal compromise shaped by unresolved legal questions, procedural considerations, and prosecutorial discretion. While this preserves Usmanov’s presumption of innocence, it also highlights the challenges regulators face in enforcing sanctions and foreign trade laws against sophisticated global actors. The sanctions frameworks under which Usmanov remains designated continue to have legal force, and compliance scrutiny persists, even as discrete criminal proceedings are resolved. For FinTelegram intelligence and compliance monitoring, this case demonstrates the nuanced interplay of sanctions enforcement, legal defenses, and prosecutorial strategy — and underscores the need for continued observation of how such high‑profile sanctions matters evolve across jurisdictions. Share Information via Whistle42.

Offshore casinos are no longer “just unlicensed websites.” They are increasingly engineered systems designed to be hard to regulate: anonymous operator presentation, jurisdiction-neutral legal clauses, and—most importantly—multi-layer payment architectures that turn a “casino deposit” into something else entirely. FinTelegram’s recent Stellar investigation illustrates how crypto rails (including bridged stablecoins like USDC.e), open-banking style flows, and payment intermediaries can effectively free offshore operators from meaningful constraints—raising an uncomfortable question: does regulation still work if enforcement can’t touch the rails? Read our Stellar Report here. Key Facts Offshore casinos can swap domains and brands quickly; enforcement measures like warnings and blacklists are often slow, fragmented, and easy to route around. Modern payment stacks split a single “deposit” into multiple counterparties (on-ramp, PSP rail, wallet transfer, settlement layer), obscuring merchant-of-record and weakening consumer redress. In the Stellar cluster documented by FinTelegram, recurring patterns include “fake bank transfers” that are actually crypto purchases (e.g., USDC.e) followed by automatic transfers to casino wallets—plus repeated appearances of the same facilitators. The competitive distortion is structural: regulated operators bear licensing and compliance cost; offshore operators externalize cost to consumers and the financial system. Short Analysis 1) The enforcement gap is structural, not accidental Classic gambling enforcement assumes an operator has identifiable ownership, a stable jurisdiction, and bank rails that regulators can pressure. Offshore casino networks increasingly avoid all three. They “export” gambling into regulated markets while keeping legal entities, infrastructure, and settlement arrangements outside practical reach. Regulators can publish warnings—but warnings do not stop payments. 2) Payment architecture has become the real regulatory battleground The crucial shift is the replacement of direct gambling payments with proxy transactions. “Deposits” are re-framed as: crypto purchases (sometimes bridged variants like USDC.e), open-banking style payments through intermediaries, or e-wallet/aggregator flows where the payee is a third party and the casino receives crypto or pooled settlement elsewhere. This doesn’t only complicate chargebacks. It breaks the supervisory levers regulators historically relied on: the purpose becomes blurry, the merchant-of-record becomes debatable, and the jurisdictional hook disappears. 3) Why offshore casinos are getting bolder When enforcement is slow or ineffective, the economics shift. Offshore operators rationally become more aggressive: expanding into restricted markets, scaling affiliate distribution, and hardening deposit flows against reversal. Over time, “compliance” becomes a cost center for regulated firms—and a competitive handicap. 4) Does regulation still make sense? Yes — but only if it targets chokepoints This is not an argument for deregulation. It is a warning that enforcement must migrate from the casino brand to the rails. Offshore casinos can rotate domains cheaply; they cannot operate without: payment gateways and PSPs enabling disguised deposits, crypto on-ramps and stablecoin rails used as “fake-fiat,” open banking facilitators and consent flows, affiliates and traffic brokers powering distribution. If regulators focus only on the offshore “operator” while ignoring the chokepoints, the outcome is predictable: more volume, more harm, less redress. Call for Information FinTelegram is building case files on the payment chokepoints that enable offshore gambling at scale. If you have evidence on gateway operators, on-ramps, merchant descriptors, acquiring banks, open-banking facilitators, affiliate networks, or withdrawal failures linked to “fake-fiat” deposit flows (including USDC.e), please submit it via Whistle42.com. Share Information via Whistle42

FinTelegram has expanded its review beyond Legiano and observed a repeatable pattern across multiple casino brands attributed to the operator Stellar Ltd: near-identical site structures, minimal operator disclosure, boilerplate “applicable law” clauses, and the same payment rails—most notably “fake bank transfers” facilitated by Polish Chainvalley that convert fiat into USDC.e and forward it to casino wallets. This report consolidates the pattern and explains why USDC.e adds bridge-risk on top of the already deceptive “fake-fiat” UX. Key Facts Casino review aggregators attribute brands such as Ragnaro, Astromania, SpinFin (and others) to Stellar Ltd (Source: Online Casino Groups). Across Stellar-branded sites we reviewed, operator/jurisdiction disclosure is weak, and legal language is often generic or template-like—e.g., SpinFin’s terms literally include a placeholder “laws of [insert jurisdiction]” (Source: SpinFin Casino). The Legiano rail (already published) appears reusable across the network: utPay/Chainvalley checkout → Skrill/Neteller funding → USDC/USDC.e purchase → automatic transfer to casino walle (Source: FinTelegram, Chainvalley) In MiFinity-branded flows, FinTelegram again observed the payee CANAMONEY EXCHANGE LTD (Canada) d/b/a CenturaPay (Source: CenturaPay). Read our Legiano reports here. Short Analysis 1) “Anonymity by Design.” A legitimate gambling operator typically discloses the licensed entity, the licensing authority, and a concrete governing law/jurisdiction. In the Stellar cluster, those anchors are frequently missing or diluted into non-answers (“applicable law”)—or left as template placeholders. This is not a cosmetic defect; it is a dispute and enforcement obstacle. 2) The Payment Architecture is the Same—Because it’s a Template What players experience as a “bank transfer” or “fiat deposit” is, in practice, a crypto purchase executed through a third-party on-ramp and forwarded to a casino wallet. Chainvalley’s own terms contemplate delivering virtual currency to a user-specified wallet address and even freezing crypto/fiat under its rules—confirming the flow is built as an exchange/on-ramp product, not a casino deposit product. For the player, the consequence is predictable: the transaction becomes “I bought crypto and received it,” not “I paid a gambling merchant,” which can undermine chargeback narratives and complicate complaints. 3) Why USDC.e is a second risk layer FinTelegram’s screenshots show USDC.e being purchased in these cashier flows. USDC.e is typically “bridged USDC”—a representation created via third-party bridge mechanics, not native issuance on that chain. Circle’s own documentation and legal terms state that bridged USDC is not issued/redeemed by Circle and is not backed by Circle’s USDC reserves, adding dependency on bridge integrity (“bridge risk”) (Sources: Circle, Circle, USDC, Avalanche).In short: fake-fiat rail + bridged stablecoin = less transparency, weaker redress, more technical failure modes. Call for Information FinTelegram is expanding the Stellar/Legiano case into a broader investigation of this casino template and its payment chokepoints. If you are a player, affiliate manager, PSP/acquirer insider, or have evidence about merchant descriptors, settlement accounts, token contract addresses for the “USDC.e” used, wallet clusters, chargeback outcomes, or payout/withdrawal issues across Legiano/SpinFin/Ragnaro/Astromania/MonsterWin and related brands, submit securely via Whistle42.com. We will publish dedicated deep-dive compliance notes on Chainvalley and CenturaPay/CANAMONEY as this case expands. Share Information via Whistle42

Daftcode’s Kryptonim: How a Warsaw Venture Builder’s Crypto Payment Processor Enables Offshore Casino Fraud Through Deceptive Banking Infrastructure Despite publishing explicit prohibitions against gambling transactions in its Terms of Service, Kryptonim sp. z o.o.—a cryptocurrency payment processor owned by Warsaw-based venture builder Daftcode—systematically processes cryptocurrency payments for illegally operating offshore casinos, including Neon54, LuckyWins (Dama N.V.), and Winning.io. FinTelegram’s latest compliance investigation documents how Kryptonim‘s technical infrastructure, combined with deliberate obfuscation through payment aggregators, enables players to believe they are making bank transfers while actually purchasing stablecoins that bypass traditional chargeback protections. INVESTIGATION SUMMARY FinTelegram’s compliance research division has completed a comprehensive investigation into Kryptonim sp. z o.o. (KRS 0001017630), a Polish virtual asset service provider incorporated February 3, 2023, and documented systematic facilitation of cryptocurrency payment flows for illegal offshore casinos operating without proper licenses in EU member states and Canada. FinTelegram’s complete 40-page compliance profile—“Systematic Facilitation of Illegal Gambling Payments: A Comprehensive AML/CTF Compliance Analysis of Kryptonim sp. z o.o.”—is now available for download. The profile includes: Complete beneficial ownership analysis and Daftcode venture builder governance structure Detailed documentation of payment flows through Neon54, LuckyWins, and Winning.io Screenshots showing fake banking infrastructure and merchant integration AML/CTF control gap assessment Regulatory enforcement risk analysis comparing KuCoin precedent Operational recommendations for compliance remediation Download the Full Kryptonim Compliance Report here. Key Findings: 1. Controlled by Daftcode Venture Builder Network Kryptonim operates as a portfolio company of Daftcode sp. z o.o., a Warsaw-based venture builder founded in 2011 by Kacper Szcześniak (Malta resident), Jędrzej Szcześniak, Daniel L., and Jarek Berecki. Unlike traditional venture capital (10-30% ownership stakes), Daftcode’s venture building model retains 50%+ control of portfolio companies, including Kryptonim. This structure ensures Daftcode’s founders exercise substantive decision-making authority over Kryptonim’s compliance approach, merchant acceptance policies, and operational risk tolerance. Kacper Szcześniak, primary Kryptonim shareholder (96% disclosed ownership), simultaneously serves as Oxla CEO and investor across 25+ Daftcode portfolio companies. This concentration of authority among founding partners with competing portfolio interests creates organizational conflicts that systematically devalue specialized compliance expertise in favor of portfolio-wide revenue optimization. 2. Fake Banking Infrastructure at Winning.io FinTelegram’s uploaded screenshots document Kryptonim’s technical integration with Winning.io casino (operated by Scatters Group). Players selecting “Instant Banking” or “Wise – Instant Banking” deposit options are redirected through Rillpay (Costa Rica-registered payment aggregator) to Kryptonim’s checkout page, where they unknowingly purchase USDC stablecoins (108.16 USDC for 100.00 EUR) that are automatically transferred to Winning.io’s pre-configured wallet address. This architecture accomplishes three compliance violations simultaneously: (1) it mischaracterizes the merchant category code as “purchase of digital assets” rather than “gambling payment,” (2) it eliminates players’ ability to initiate chargebacks by establishing the contractual relationship with Kryptonim rather than the casino, and (3) it uses false “Wise” and “Revolut” branding to suggest legitimacy from regulated payment service providers. Kryptonim’s system displays warnings when players attempt to modify the pre-populated destination wallet address (“may cause transaction to fail or result in loss of funds”), creating friction that discourages address modification while maintaining plausible deniability about merchant integration. 3. Regulatory Violation and Control Deficiencies Kryptonim’s Terms of Service explicitly prohibit “using credit cards for online gambling, betting, or any other iGaming activities.” Yet documented transactions for Neon54, LuckyWins, and Winning.io demonstrate systematic processing of precisely this prohibited category. The company lacks adequate merchant due diligence procedures, transaction monitoring controls, and suspicious activity reporting (SAR) protocols to prevent or detect casino-pattern transactions. Kryptonim faces regulatory transition to EU’s Markets in Crypto-Assets (MiCA) licensing regime by Q2 2025, requiring capital injection (EUR 50,000+ minimum), independent board oversight, and remediation of documented control gaps. CALL FOR INFORMATION FinTelegram seeks additional information from players, compliance professionals, and industry insiders regarding: Experiences with Kryptonim payment processing for offshore casinos (Neon54, LuckyWins, Winning.io, or others) Technical evidence documenting additional casino operators using Kryptonim or Rillpay infrastructure Documentation of payment failures, fund loss, or difficulty withdrawing deposited funds through Kryptonim Information about other crypto payment processors facilitating illegal gambling in EU/Canada Regulatory correspondence or complaints filed with KNF (Poland), FINTRAC (Canada), or FCA (UK) regarding Kryptonim Submit information confidentially to: [FinTelegram contact information] Share Information via Whistle42

FinTelegram is seeing a growing pattern in offshore casino cashier flows: what looks like a normal fiat deposit (e.g., via Skrill) is quietly re-routed into a crypto purchase—often USDC.e—that is then sent to a prefilled casino wallet. This “fake banking rail” reduces chargeback leverage and adds a second risk layer: USDC.e is bridged USDC, not native issuance. Key Facts In cashier flows like the Legiano / Chainvalley setup, the user pays fiat (e.g., 150 EUR via Skrill) while the checkout states they are buying USDC.e and sending it to a specified wallet address—with the consent checkbox already ticked. This is not a “casino deposit” in the traditional sense; it is a crypto purchase + transfer, which can materially weaken dispute/chargeback narratives. USDC.e is typically a bridged form of USDC moved from Ethereum to another chain via third-party bridging infrastructure—not issued by Circle (Sources: USDC, Circle). Short Analysis 1) The “fake-fiat” rail:This flow is designed to feel like a bank/PSP deposit to a gambling account, but it functions as a consumer crypto purchase. The UX does the rest: minimal disclosure, a pre-ticked consent statement, and a prefilled destination wallet that the user is effectively discouraged from changing. The result is predictable: the player sees a casino balance credit, but the payment trail is now “fiat → crypto purchase,” not “fiat → gambling merchant.” That distinction matters for consumer protection, dispute handling, and AML controls—especially in offshore gambling contexts where card acquiring and banking rails are often constrained. 2) Why “USDC.e” raises the stakes:USDC.e explainer: USDC.e usually denotes bridged USDC (ported from Ethereum), meaning it is a different token contract than “native” USDC on that chain and introduces an additional bridge-risk layer on top of the deposit flow. Circle and USDC documentation explicitly distinguish bridged forms (commonly branded “USDC.e”) from native USDC and note that bridged forms are not issued by Circle and rely on third-party mechanisms. 3) The compliance angle (why processors should care):When regulated PSP rails (or PSP-adjacent e-money rails) are used to fund crypto purchases that immediately feed offshore gambling wallets, the risk profile changes. Key concerns include: inadequate informed consent, purpose/merchant-of-record opacity, potential circumvention of gambling-payment restrictions, and elevated AML exposure. If the casino later faces payout friction, players may only discover after the fact that their “deposit” was a crypto transaction—often involving a bridged asset with its own infrastructure dependencies. Call for Information FinTelegram is expanding its mapping of USDC.e “casino rails.” If you are a player, PSP insider, compliance officer, or former contractor with information about Chainvalley-style checkouts, merchant descriptors used on Skrill/Neteller statements, the token contract address (to verify whether it is canonical USDC.e or a lookalike), the chain/network used, or payout/withdrawal issues linked to these flows, please report securely via Whistle42.com. Share Information via Whistle42

The offshore casino Legiano, operated by Stellar Ltd under an Anjouan Gaming Board licence, has been found using deceptive “fake-fiat” deposit mechanisms that systematically mislead players about the true nature of their transactions. This compliance analysis examines the payment infrastructure and identifies substantial regulatory violations by both the casino operator and its on-ramping partners. Our Legiano (legiano.com / legiano-1212.com) reviews shows a recurring “fake-fiat” deposit pattern: what is presented as a normal fiat top-up is, in reality, an embedded crypto purchase (USDC) that is automatically routed to the casino’s wallets via app.chainvalley.pro—with only minimal, pre-ticked disclosure. This setup shifts the transaction from “deposit to a casino” into “consumer bought crypto,” materially weakening chargeback and complaints leverage and raising AML/consumer-protection red flags for the payment processors involved. Key Facts Three deposit options at Legiano are branded as UTRG (Lithuania) d/b/a utPay, yet route users to app.chainvalley.pro (Source: utPay) The checkout includes a small consent line (“buy crypto and send to the specified address”) that is already ticked; changing the destination wallet triggers warnings and appears effectively blocked. Users ultimately purchase USDC, which is then transferred to casino wallets (example wallet provided: 0x7519…4496). Funding for the USDC purchase is processed via Skrill/Neteller (embedded e-money rails). Card deposits and “Jeton Bank” deposits are routed via api.payment-gateway.io “MiFinity” deposits appear payable to CANAMONEY EXCHANGE LTD (Canada) operating as CenturaPay (Source: CenturaPay). Anjouan’s license register lists Stellar Ltd, but legiano.com does not appear among the authorized URLs shown for Stellar Ltd (as of the register’s latest update displayed) (Sourcde: Anjouan Gaming). Short Analysis 1) Why this is “fake-fiat” (and why it matters): A player believes they are depositing fiat into a gambling account. Instead, the flow converts them into a crypto purchaser, then immediately forwards the crypto to the casino. This creates a compliance “shield”: the player received the crypto they “ordered,” so chargebacks/disputes become structurally harder—precisely the opposite of what regulators expect in high-risk gambling payments (clear consent, transparent merchant purpose, and effective consumer redress). chainvalley.pro+1 2) Likely compliance breaches and control failures (operator + on-ramper): Misleading presentation / inadequate consent: pre-ticked crypto-purchase consent and low-salience disclosure raise unfair-commercial-practice concerns and undermine “informed authorization.” AML/CTF & sanctions exposure: embedded on-ramps enabling offshore gambling flows demand enhanced merchant due diligence, transaction monitoring, and clear purpose labeling—especially where the end beneficiary is an offshore casino wallet. Gambling-payments facilitation: when processors knowingly (or negligently) provide rails into unlicensed/offshore gambling, they invite regulatory scrutiny, de-risking actions, and partner terminations. Entity Profiles (short) Chain Valley Sp. z o.o. (chainvalley.pro / app.chainvalley.pro) — Poland Incorporated in Poland on May 16, 2023, Chain Valley positions itself as a compliant fiat-to-crypto bridge, claiming “comprehensive legal compliance” and “streamlined KYC/AML” on its website. Key Findings Identified in Chainvalley policies as a Polish company (KRS 0001036419, Warsaw address) collecting extensive KYC/SOF data (Source: chainvalley.pro). Listed in Poland’s register for virtual-currency activity (entry shows CHAIN VALLEY Sp. z o.o., KRS 0001036419) (Source: slaskie.kas.gov.pl).Key questions: Who is the “merchant of record” in these Legiano flows, why is utPay branding used at selection, and what controls stop “embedded crypto buys” from being used as gambling-payment circumvention? CANAMONEY EXCHANGE LTD d/b/a CenturaPay (centurapay.com) — Canada Incorporated under the Canada Business Corporations Act, CenturaPay markets itself as a FINTRAC-registered Money Services Business and claims compliance with PCI DSS, KYC/AML, and GDPR standards. At Legiano, deposits made via the MiFinity e-wallet option are routed to CenturaPay, which acts as the payment processor of record. Key Findings CenturaPay states it is a trading name of CANAMONEY EXCHANGE LTD (Corp. No. BC1465281) with MSB Registration Number C100000299 and a North Vancouver business address (Source: centurapay.com) FINTRAC notes MSBs must register and that registration is a compliance obligation (not a “quality stamp” on risk controls) (Source: fintrac-canafe.canada.ca).Key questions: What is CenturaPay’s exact role behind MiFinity-routed deposits, and what gambling-merchant screening/monitoring is applied? Conclusion The Legiano case exemplifies a growing compliance blind spot: offshore casinos using crypto on-ramps to disguise the nature of player deposits, thereby bypassing traditional payment-processor controls and eliminating consumer recourse. Both Chain Valley and CenturaPay appear to prioritize transaction volume over due diligence, enabling a casino that operates without credible oversight. Key Data Table Brand / Role in flowDomains observedLegal entity (as known)JurisdictionRegulatory / licensing posture (relevant)Payment facilitators / gatewaysKey notes (compliance relevance)Legiano (offshore casino)legiano.comStellar Ltd (operator, per your review)Anjouan / Union of Comoros (offshore)Offshore gambling licence regime (“Anjouan Gaming” / similar)Uses multiple rails incl. crypto + PSPs belowPresents fiat-style options but routes users into crypto purchase/transfer flows (“fake-fiat”).utPay (payment option label at casino)utpay.ioUtrg, UAB (d/b/a utPay)LithuaniaCrypto/on-ramp positioning (CASP/VASP-type activity implied by service + T&Cs)Routes into Chainvalley checkout (per your screenshots)Three “utPay” options appear in Legiano’s cashier, but actual execution is via Chainvalley.Chainvalley (crypto on-ramp / checkout)chainvalley.pro, app.chainvalley.proChain Valley Sp. z o.o.PolandListed in Poland’s virtual-currency activity register (per public register)Skrill / Neteller fund the crypto buy; USDC forwarded to casino walletCore “fake-fiat” component: user is converted into “crypto buyer,” then USDC is auto-sent to casino wallet. Consent box is pre-ticked; wallet-change is practically blocked (per your screenshots).Stablecoin used in deposit(on-chain transfer)USDC (stablecoin)(issuance is non-local; token flows are global)Cryptoasset transfer; consumer redress differs materially from card/bank depositsBought via Chainvalley flow; then transferred to casino walletFunctional outcome: player can’t credibly pursue classic chargeback because they “received crypto,” which was then sent onward.Destination wallet (casino)(example) 0x7519d6836d1Adc49aa524840A4b0e7b471634496(wallet beneficiary: casino operator side)(on-chain)Outside card scheme redress mechanismsReceives USDC from on-ramp flow“Wallet hard-lock” warnings suggest intent to prevent user-controlled destination changes.Card / “Jeton Bank” deposit gatewayapi.payment-gateway.io (and payment-gateway.io)Unknown / not transparently disclosed (from public-facing domain)UnknownUnknownProcesses card deposits + deposits presented as “Jeton Bank”Gateway domain repeatedly appears in gambling-related traffic/infra; needs KYB/KYT mapping in follow-up.MiFinity (e-wallet option at casino)(brand-level) mifinity.com(e-wallet operator not analysed here)(varies)(varies)Player payments routed to CenturaPay/CANAMONEY (per your screenshots)MiFinity option appears to pay an external processor, not directly the casino—needs merchant-of-record clarity.CenturaPay (payment processor / payee in MiFinity flow)centurapay.comCANAMONEY EXCHANGE LTD (trading name: CenturaPay)Canada (BC)States MSB registration (FINTRAC MSB no. shown on site)Receives player funds via MiFinity option (per your review)High-risk role if servicing unlicensed gambling flows; KYB/merchant screening and transaction monitoring questions.Skrill / Neteller (funding rails inside “crypto buy”)skrill.com, neteller.com(brand-level; group entity varies)(varies)(typically e-money/regulated PSP rails; depends on entity)Used as payment methods to fund USDC purchaseKey risk: regulated rails potentially being used to “launder” gambling deposits into crypto transfers.PaysafeCard (deposit option at casino)paysafecard.com(brand-level)(varies)(varies)Voucher-based deposit methodIf offered into offshore gambling, raises merchant acceptance / purpose-labelling questions. Source notes (for the “known” legal-entity fields) Chain Valley Sp. z o.o. (KRS 0001036419, Warsaw address) is stated on Chainvalley’s policy pages. Chain Valley is listed in Poland’s “Rejestr działalności w zakresie walut wirtualnych” (virtual-currency activity register) with KRS 0001036419. utPay.io Terms: “utPay.io refers to the company Utrg, UAB …” Lithuanian company directory entry for UTRG, UAB shows website utpay.io and registration details. CenturaPay site states it is a trading name of CANAMONEY EXCHANGE LTD, with MSB registration number displayed. payment-gateway.io / app.payment-gateway.io appears in gambling-related scans/traffic context (useful as an OSINT pointer; operator still needs identification). Call for Information FinTelegram will publish detailed compliance reports on both Chain Valley and CenturaPay in the coming weeks. If you are a Legiano player, a processor insider, or a merchant-risk/AML professional with knowledge of Chainvalley, utPay/UTRG, CenturaPay/CANAMONEY, or api.payment-gateway.io (merchant descriptors, acquiring banks, KYB files, screenshots, correspondence, blocked withdrawals, dispute outcomes), please submit information via Whistle42.com. FinTelegram will follow up with dedicated deep-dive compliance reports on Chainvalley and CenturaPay. Share Information via Whistle42

Former Alameda Research CEO Caroline Ellison—one of the central insiders in the FTX collapse—is scheduled to leave federal custody in January 2026, according to updated Bureau of Prisons records cited by multiple outlets. Her early release, after extensive cooperation, re-raises the core question: Was FTX a politically targeted crypto casualty—or a classic, old-school fraud wearing a “new finance” hoodie? Key Points Ellison pleaded guilty, cooperated heavily, and testified against Sam Bankman-Fried (SBF); she is now set for release around Jan. 21, 2026 (BOP-record reporting) (Source: Yahoo Finanzen). SBF was convicted on 7 counts and sentenced to 25 years for misappropriating customer funds and related fraud conspiracies (Source: US DOJ). SBF’s playbook now: appeal (seeking a new trial) + a parallel pardon/clemency campaign aligned with a “politicized prosecution” narrative (Sources: ft.com, Reuters). The “Biden was hostile to crypto, therefore I’m innocent” thesis conflicts with the trial record: insider testimony, controlled backdoors, fabricated lender materials, and customer-asset misuse are governance and fraud facts, not ideology (Source: US DOJ). Ellison’s Situation: Early Release, But Not a Clean Reset Ellison was sentenced to two years in September 2024 after pleading guilty to multiple fraud/conspiracy counts and providing what the court called substantial assistance—yet the judge still imposed prison time given the scale of harm. Her custody status has already shifted toward community confinement, consistent with “end-of-sentence” federal practice (Source: Business Insider). Now, late-December reporting—citing updated BOP records—puts her release in January 2026 (some earlier reporting showed later projected dates, illustrating how BOP projections can move). Separately, the SEC has pursued/secured officer-and-director bars against key FTX/Alameda executives; Ellison agreed to a multi-year restriction from leadership roles at public companies (Source: US SEC). What FTX Was: The Case in Plain Language The government’s theory—accepted by the jury—was not complicated crypto theology. It was misappropriation + concealment: FTX (the exchange) held customer assets. Alameda Research (the affiliated trading firm) received special privileges and access. Billions in customer deposits were allegedly routed/used to plug Alameda losses, make investments, buy assets, and fund political influence—while customers were told their money was safe and liquid. SBF was found guilty on two counts of wire fraud and five conspiracy counts (including securities/commodities fraud and money laundering conspiracy) and sentenced to 25 years. Other insiders split into two buckets: Cooperators (e.g., Gary Wang, Nishad Singh) who received time served / no prison outcomes after assisting prosecutors (Source: Courthouse News). Non-cooperator/other track (e.g., Ryan Salame) who received a substantial custodial sentence (90 months). Ellison’s role, per courtroom testimony and public case narratives, sat at the center: she ran Alameda and admitted to decisions and communications used to mask Alameda’s true risk and funding—including the kind of lender-facing picture management that compliance teams treat as a “do not pass go” red flag (Source: The Guardian). SBF’s Current Exit Strategy: Appeal + Pardon Narrative On the legal track, SBF is pursuing an appeal arguing he did not get a fair trial (including complaints about evidentiary rulings). The Second Circuit heard arguments in November 2025; reporting describes judges as skeptical (Source: Reuters). On the political track, reporting says SBF’s family and representatives have explored Trump-era clemency/pardon channels, a marketplace increasingly shaped by access, intermediaries, and narrative alignment (Source: Bloomberg). Media coverage also frames SBF’s public messaging as a PR campaign designed to make clemency thinkable (Source: WIRED). And yes—SBF has tried to brand himself as a victim of a “crypto-hostile Biden administration,” implying political bias drove his conviction (Source: DL News). Was FTX “Just” a Victim of Biden’s Crypto Stance? A hostile regulatory climate can shape industry growth. It does not explain away customer-asset misuse, deception to lenders/investors, and concealed related-party privileges. The FTX prosecution was built on: insider testimony (including Ellison and others), internal controls/permissions evidence, and classic fraud elements—misrepresentation, reliance, concealment, and diversion. Calling that “a Biden problem” reads less like a legal argument and more like a clemency pitch tailored to a political moment. Even if some FTX customers may ultimately recover funds through bankruptcy processes, that does not retroactively legalize how the funds were allegedly taken and used. FinTelegram view: FTX wasn’t “cancelled.” It failed the oldest compliance test in finance—segregation of client assets and conflicts-of-interest controls—and then allegedly lied about it at scale. Call for Information (Whistle42) Do you have firsthand information about cyberfinance wrongdoing—exchange/prime broker conflicts, payment-rail laundering, stablecoin settlement abuse, offshore casino or shadow trading flows, or compliance cover-ups? FinTelegram is building case files on the sector’s chokepoints. Submit tips—anonymously if needed—via Whistle42. Share Informtion via Whistle42

FinTelegram has completed an in‑depth compliance investigation into Lithuanian VASP UTRG UAB d/b/a utPay. The findings indicate that utPay has evolved into a high‑volume payment hub for unlicensed online casinos and sports betting operators, particularly targeting German players through deceptive “fake bank transfer” schemes.​ Summary of the Compliance Report FinTelegram’s long‑form compliance report on UTRG/utPay, now available as a downloadable document linked in this article, reconstructs the group’s structure, licensing status, traffic patterns, and merchant portfolio using registry data, Similarweb analytics, and previous investigative work on NovaForge and associated casino networks. The report identifies UTRG UAB as a Lithuanian‑registered virtual currency exchange and depository wallet operator whose payment gateway app.utpay.io processed more than 720,000 visits in November 2025, nearly 80% of which originated from Germany.​​ Traffic and referral analysis shows that at least 58% of utPay’s observed traffic is driven by casino, gambling, and sports betting sites, with the top five referrers all being offshore casinos such as Legiano and BetAlice. These flagship merchants are operated by Marshall‑Islands entities within the NovaForge network and licensed in high‑risk jurisdictions like Anjouan or via non‑EU regulators such as PAGCOR, meaning they are not authorized to serve German players under the GlüStV 2021 regime.​​ Analysis and Interpretation The report documents how utPay’s checkout is embedded in casino cashier pages as a “bank transfer” or card deposit option, while the underlying transaction is in fact a crypto purchase from UTRG followed by an on‑chain transfer to the casino operator. This structure allows offshore casinos to route German player deposits via regulated SEPA and card rails while formally categorizing the payment as a crypto exchange transaction rather than gambling, effectively bypassing German payment blocking measures and bank‑side gambling controls.​​ FinTelegram’s analysis highlights that 42% of utPay’s referral traffic in November 2025 came from BetAlice and Legiano (connected to Fat Pirate), both linked to NovaForge Ltd, a Marshall Islands vehicle previously exposed by FinTelegram as the successor structure to the collapsed Rabidi Group network of illegal casinos. Combined with the complete lack of publicly disclosed beneficial owners, overdue financial filings in Lithuania, and the imminent MiCA licensing deadline, the pattern strongly suggests a business model optimised for regulatory arbitrage rather than long‑term, compliant operations.​​ Compliance Hypothesis Download the full UTRG Compliance Report 2025 here. Based on the compiled evidence, FinTelegram formulates the following working compliance hypothesis: UTRG UAB d/b/a utPay operates as a crypto‑based payment facilitator whose core business consists in processing German player deposits for unlicensed offshore casinos through deceptive “fake bank transfer” flows, thereby enabling large‑scale violations of German gambling law and creating a high‑risk channel for money laundering and player‑loss recycling. This hypothesis is supported by: The overwhelming German traffic share to app.utpay.io and the exclusive referral pattern from gambling domains.​​ The integration with NovaForge‑controlled casinos documented as part of an illegal, multi‑jurisdictional network using Cyprus‑based payment agents and high‑risk processors such as MiFinity and Binance.​​ The structural opacity around UTRG’s beneficial owners and the lack of current audited financial statements despite very strong growth in transaction volumes.​ The report concludes that UTRG/utPay should be classified as a critical‑risk counterparty for banks, payment institutions, and crypto exchanges and that Lithuanian and German authorities, in cooperation with other EU supervisors, should review the case in the context of MiCA licensing and GlüStV 2021 enforcement.​ Call to Whistleblowers and Insiders FinTelegram’s investigation into utPay and the NovaForge casino network is ongoing. The current report is built on open‑source intelligence, registry data, traffic analytics, and previous enforcement precedents, but important questions remain unanswered—especially regarding internal ownership structures, banking relationships, and the exact flow of customer funds between UTRG, casino operators, and associated payment agents in Cyprus and elsewhere.​ If you have insight into utPay, NovaForge, or their banking and payment structures, visit Whistle42 and help FinTelegram shed more light on this suspected high‑risk payment gateway. Your information may be crucial for regulators, affected players, and future enforcement actions. Share Information via Whistle42

After nearly twelve years of legal limbo, Austria’s justice system is now reportedly paying back €125 million—the record bail posted by Ukrainian oligarch Dmytro Firtash after his 2014 arrest in Vienna. The repayment lands right after an Austrian appeals court definitively blocked his extradition to the U.S.—partly because prosecutors missed a deadline. A Christmas present, and a compliance scandal in slow motion. Key Facts Bail repayment: Austrian media reported that courts must repay Firtash his €125M record bail after the extradition saga effectively ended (Source: Krone) Extradition to the U.S. blocked: Vienna’s Higher Regional Court rejected prosecutors’ final appeal as inadmissible—widely reported as linked to a missed appeal deadline and/or procedural defects (Source: Reuters). Core U.S. case: Firtash was indicted in the U.S. over an alleged bribery conspiracy tied to Indian titanium mining licenses (often described as ~$18.5M in bribes); he denies wrongdoing (Source JUS. DOJ). Immunity angle: Austrian proceedings referenced claimed international-law immunity linked to a Belarus representative role (Source: AP News). Ukraine angle: Reuters reports Firtash is also wanted in Ukraine (separate allegations) and yet was not extradited there either (Source: Reuters). Vienna residency & networks: Multiple reports over years place Firtash in Vienna-Hietzing, renting a villa linked to Austrian investor Alexander Schütz (politically connected donor in past reporting) (Sources: Austrian Parlament, Profil). Short Analysis Austria has now delivered a remarkable double outcome: no extradition and (reportedly) €125 million returned—a sum that was once justified as the “seriousness premium” needed to keep a globally-connected oligarch from vanishing. If this repayment is correct, it raises the obvious question: what exactly did twelve years of Austrian proceedings achieve—other than turning Vienna into a long-term safe base for a high-risk political-business actor? The compliance red flag is the procedural core: Austria’s final “no” was widely reported as not primarily a substantive vindication, but the consequence of formal barriers—including prosecutors missing deadlines. That is not a technicality in a case of this magnitude; it is a governance failure. When the state loses a decade-long extradition fight through avoidable procedure, “rule of law” starts to look like rule-by-process. Then there is the geopolitical asymmetry: Firtash fought U.S. extradition for years, while Ukraine also wanted him back and President Zelensky publicly pressed Austria to help return fugitive oligarchs—Firtash included in Ukrainian media coverage. Yet Austria remained the end-station. For FinTelegram, this is the real “Firtash case”: Vienna’s ability (or willingness) to enforce cross-border accountability when power, money, and local networks collide. Call for Information Do you have first-hand knowledge about Firtash’s residency arrangements in Vienna, his local facilitators, legal/PR intermediaries, or any political/economic networks that influenced this outcome? FinTelegram invites insiders, affected parties, and whistleblowers to submit information securely via Whistle42.com. Share Information via Whistle42

PlatinCasino is an offshore casino without regulatory permission in the UK or the EU. Its cashier labels a deposit option “Sofort,” but our testing indicates a very different mechanism: an open-banking style bank-selection and authorization flow via secure.bankgate.io, leading into a user’s bank (e.g., Revolut) to approve a third party. This is a classic chokepoint: regulated rails enabling offshore gambling deposits. Key facts (what we observed) Selecting “Sofort” on PlatinCasino opens a pop-up at secure.bankgate.io (bank selection / routing UI). (Confirmed) Choosing a bank (e.g., Revolut) redirects to the bank’s Open Banking domain (e.g., oba.revolut.com) for login and authorization. (Confirmed) The Revolut authorization screen shows the user is asked to authorize a third party (e.g., “PERSPECTEEV SAS” in our capture). (Confirmed) A bankgate endpoint returns a SALTEDGE-branded error page (404), suggesting infrastructure linkage between bankgate.io and SALTEDGE. (Corroborated) This rail can operate even when the casino itself appears offshore and accessible across EU/UK jurisdictions with limited friction at onboarding. (Confirmed in our deposit UX tests; merchant-of-record details remain Unknown) Rail Map Mini (hop sequence) platincasino.com (cashier) → “Sofort” secure.bankgate.io (bank picker / gateway) oba.revolut.com (bank login + consent) → “Authorize [third party]” Return to gateway/casino flow (completion/confirmation step) (Indicated; receipt evidence pending) Why this matters This is not just “another payment option.” It’s a compliance chokepoint: open-banking rails can become a high-velocity funding path into offshore gambling, shifting the risk burden to intermediaries (gateway/TPP/banks) while players may assume “Sofort” means a familiar consumer method. Read more We publish the full SALTEDGE Compliance Note with entity transparency, risk flags, and evidence gaps to resolve (merchant-of-record, payee details, contracting chain). Read the full report here. Call for Information (Whistle42) Worked at SALTEDGE / bankgate.io, in onboarding, risk, compliance, or partnerships? Or deposited via this “Sofort” flow and can share receipts/merchant descriptors? Submit securely via Whistle42.com. Share Information via Whistle42

Our PlatinCasino review indicates that the casino’s “Sofort” deposit option is not Klarna’s Sofort in the traditional sense, but a bank-to-bank open-banking rail that runs through secure.bankgate.io, a gateway branded to SALTEDGE (Salt Edge Limited). The flow redirects users into Revolut’s Open Banking authorization to approve a third party—creating a sophisticated domain-hop sequence that allows an unlicensed Curaçao offshore casino to tap regulated EU/UK financial infrastructure for player deposits. Key points Salt Edge Limited (UK) presents itself as an FCA-authorised open-banking provider and publicly positions Payment Initiation as a solution for iGaming deposits and payouts (Sources: Salt Edge Blog, Salt Edge Blog, Salt Edge Case Study). Companies House shows Tamara Royz (Canada) as the Person with Significant Control (PSC), holding >75% of shares/voting rights (Sources: UK Companies House). Salt Edge’s filed accounts show a small balance sheet and negative equity (~£41.6k)—not a big firm operationally, yet linked to a high-risk vertical rail (Source: UK Companies House). In the PlatinCasino “Sofort” flow, secure.bankgate.io appears to broker the bank selection and handoff into bank authorization—an A2A deposit rail that can bypass classic card-acquiring friction and KYC expectations at the casino layer (per your tests). The branding/UX suggests a white-label open-banking payment interface. Whether Salt Edge is acting as a regulated TPP in this specific flow—or as a technical service provider behind another regulated PISP—requires clarification. What we observed in the PlatinCasino deposit rail In PlatinCasino’s cashier, “Sofort” is presented as a familiar consumer payment brand. In practice, the deposit path we tested routes users into an open-banking style journey: PlatinCasino → secure.bankgate.io: a pop-up payment window opens where the user selects their bank (e.g., Revolut). The user is then redirected into the bank’s Open Banking authorization flow (e.g., oba.revolut.com) to approve a third party (e.g., PERSPECTEEV SAS). After authentication/consent, the user is returned to the payment journey—effectively enabling an offshore casino to receive funds through a regulated, bank-native flow. This is the compliance crux: a Curaçao-licensed (often EU-unlicensed) gambling operator appears able to use regulated open-banking rails to accept EU/UK deposits, even where the casino itself remains outside meaningful EU supervision. SALTEDGE profile and risk interpretation Regulatory posture vs product reality Salt Edge publicly states that Salt Edge Limited is authorised by the FCA and positions itself as an open-banking platform offering Account Information and Payment Initiation, including UK/EU payment initiation documentation. Critically, Salt Edge also markets open-banking payments directly into the iGaming sector—explicitly describing deposits/top-ups and payouts via Payment Initiation as an iGaming use case. That doesn’t prove wrongdoing. But it raises the probability that bankgate.io is not an accidental appearance; it may represent a deliberate high-risk vertical integration pathway. Ownership & financial signal Companies House lists Tamara Royz as the PSC with >75% control. In fact, SALTEDGE appears to be a Canadian scheme. Its LinkedIn profile lists Ottawa, Canada, as its headquarters. Royz also lists Canada as her place of residence in her LinkedIn profile. Crunchbase names Dmitrii Barbasura, Garri Galanter, Tamara Royz as the founder of SALTEDGE. Salt Edge’s accounts show negative equity of ~£41,553, indicating a thin capital base for a firm that—at least in market positioning—touches high-risk payment flows. This matters because thinly-capitalised fintech intermediaries can be more vulnerable to high-risk merchant concentration, complaints escalation, and compliance strain. The “bankgate.io” question Your screenshots show secure.bankgate.io as the operational gateway UI, and a SALTEDGE-branded 404 page appears when probing the domain/path—supporting an operational linkage between “bankgate” and SALTEDGE branding. (Internal test evidence.) However, to be precise and defensible in compliance terms, FinTelegram should frame this as: Confirmed: PlatinCasino deposit flow uses secure.bankgate.io and redirects to bank Open Banking authorization (e.g., Revolut). (Your test evidence.) Corroborated: SALTEDGE branding appears on a bankgate.io error page and Salt Edge publicly offers payment initiation products for iGaming (Source: saltedge.com). Open question: Is Salt Edge the TPP of record (PISP/AISP) in this exact PlatinCasino flow, or an underlying technical provider for another regulated entity? Compliance conclusion If an EU/UK-regulated open-banking stack is enabling deposits into a Curaçao offshore casino that appears accessible without meaningful KYC at onboarding, regulators and banks should treat this as a “chokepoint” exposure. The compliance risk is not merely “illegal gambling,” but also: merchant due diligence / high-risk merchant acceptance misleading UX (“Sofort” branding implying a familiar consumer method while actually running an open banking consent rail) AML/CTF and source-of-funds expectations displaced from the casino onto fragmented intermediaries potential licensing perimeter questions depending on who is the regulated payment initiator of record. FinTelegram will continue investigating who the merchant of record is, which entity receives funds, and which compliance controls (if any) screen offshore gambling merchants in the bankgate stack. Summarizing Table Brand / ProductLegal entityJurisdictionRegulatory posture (public)Key individuals / controlDomains / endpoints observedRole in PlatinCasino railSALTEDGE (open banking platform)www.saltedge.comSalt Edge Limited (Company #11178811), United KingdomCanada (HQ)FCA-authorised Account Information Service Provider(Ref No (822499).PSC: Tamara Royz (>75% control). Salt Edge founder (link): Dmitrii Barbasurasecure.bankgate.io; (SALTEDGE-branded 404 page observed on bankgate path); saltedge.com product/docsGateway UI for “Sofort” option: bank selection + redirect into bank Open Banking authorizationPlatinCasino (offshore casino)Latiform B.V. (operator stated by you)Curaçao (offshore gaming environment)Not an EU/UK licensed casino in your tests; accessible across EU/UK with deposit options—platincasino.com (cashier flows open multiple gateway domains)Origin merchant / cashier initiating the open banking flowBridge (authorization counterparty shown)Perspecteev SASFranceRegulated fintech (per public legal mentions on bridgeapi.io)—oba.revolut.com shows “Authorize PERSPECTEEV SAS” in the flow (your screenshot)Third party presented in Revolut Open Banking consent step Rail Mini StepUser-facing labelDomain hopWhat the user seesLikely functionEvidenceConfidence1Deposit method: “Sofort”platincasino.comCasino cashier shows “Sofort” as payment optionInitiates A2A/open banking deposit flow (not classic Klarna checkout)Your cashier screenshot + test descriptionConfirmed2Redirect / pop-upsecure.bankgate.ioBank selection screen (Italy + banks incl. Revolut, UniCredit, Poste, etc.)Open banking gateway UI / bank picker + consent journey launcherYour secure.bankgate.io screenshotConfirmed3Select bankoba.revolut.comRevolut login/consent pageBank Open Banking authorization (SCA + consent)Your Revolut OBA screenshot(s)Confirmed4Authorize third partyoba.revolut.com“To authorise PERSPECTEEV SAS”Consent to TPP / payment request initiator shown by the bankYour “Perspecteev SAS” screenshotConfirmed5Return / completionsecure.bankgate.io → platincasino.comUser returns to gateway/casino flow after consentFinalizes payment initiation / confirmation back to merchant flowFlow inference based on standard OB journey; requires transaction receipt proofIndicated Call for Information (Whistle42) Have you processed payments, onboarding, compliance, risk, or partner management for SALTEDGE / Salt Edge / bankgate.io? Are you a player who deposited via “Sofort” on PlatinCasino (or other casinos) and can share receipts, merchant descriptors, confirmation emails, or bank references? Please contact FinTelegram via Whistle42 with documents/screenshots. Anonymous submissions welcomed. Share Information via Whistle42

Hyperliquid markets itself as a non‑custodial, permissionless DEX for perpetual futures, thereby positioning its high‑risk leverage products outside traditional licensing regimes. In substance, however, Hyperliquid operates a foundation‑controlled Layer‑1 with closed‑source infrastructure, a concentrated validator set, and discretionary market intervention powers that closely resemble a centralized exchange (CEX) without formal custody. From a European regulatory perspective, such a structure is more appropriately assessed under MiCA and, where relevant, MiFID II, rather than treated as exempt “DeFi.”​ Structural Analysis: CEX in DeFi Clothing Hyperliquid publicly describes itself as a decentralized, non‑custodial derivatives exchange running on its own high‑performance blockchain. Users deposit collateral into protocol smart contracts and maintain legal ownership of assets, which is then used as margin for leveraged perpetual futures.​ Read our Hyperliquid reports here. However, key structural elements are neither open nor credibly decentralized: Closed‑source node code and HyperBFT: The consensus client, including the HyperBFT implementation and critical logic (oracle, matching, liquidations), is closed source and distributed as a single binary, making independent technical audit impossible and creating a “black‑box” trading venue.​ Validator concentration and foundation control: Public validator letters and analysis report that approximately 80% of staked HYPE, and thus effective consensus power, is controlled by foundation‑linked nodes. The foundation also designs the delegation program and sets qualification criteria, enabling it to gate access to the validator set.​ Discretionary market intervention: In past stress events, Hyperliquid validators/foundation have intervened by delisting markets, fixing settlement prices and altering liquidation outcomes via validator votes, demonstrating centralized decision‑making that goes beyond “code‑is‑law” execution.​ Functionally, this is equivalent to a CEX with: Internal matching and risk engines, Centralized control over listing, liquidations and oracle behavior, But implemented via foundation‑controlled infrastructure rather than a traditional corporate IT stack.​ Download our Hyperliquid Compliance Report 2025 here. Hyperliquid in Numbers From a financial‑stability perspective, Hyperliquid is no niche experiment but a systemic player in on‑chain leverage. As of mid‑2025, public analytics place its total value locked (TVL) in the range of 3.5–4.3 billion USD, with the core HLP and related pools alone accounting for several hundred million in user collateral. Daily notional derivatives volumes oscillate between roughly 4 and 20 billion USD, with open interest figures reported in the high single‑ to low double‑digit billions, ranking Hyperliquid among the top three crypto derivatives venues globally and the clear market leader among so‑called perpetual DEXs. Cumulative perp volume has crossed the trillion‑dollar mark in recent months, illustrating that this foundation‑controlled venue is already a trading giant in the cyber‑finance segment, operating effectively under regulators’ radar while offering high‑risk leverage products to EU and global clients.​ The “Unknown Foundation”: Governance Without Transparency A striking feature of Hyperliquid’s setup is the opacity surrounding the Hyper Foundation (website), the entity presented as steward of the protocol and ecosystem. Public materials describe it as a Cayman‑based foundation company that “supports development of the Hyperliquid protocol and ecosystem,” but offer no detailed corporate registry data (e.g., LEI, registration number, directors, or audited financials). Ecosystem profiles and the foundation’s own website likewise omit beneficial ownership disclosure, group structure, and governance arrangements, leaving regulators and compliance officers without the basic counterparty information normally expected for an operator of a multi‑billion‑dollar trading venue.​ Despite this lack of transparency, the Hyper Foundation explicitly positions itself at the center of network control. Official documentation (whitepaper here) shows the foundation designs and runs the validator delegation program, sets eligibility criteria (including jurisdictional and KYC/KYB filters), and reserves the right to change these criteria at any time, making it the effective gatekeeper for consensus participation. It is also the focal point for institutional partnerships and incentive schemes: reports on Circle’s strategic HYPE investment and prospective validator role describe Circle as becoming a “direct stakeholder in the Hyperliquid ecosystem” through engagement with the foundation, underlining its central coordinating function.​ This combination—opaque Cayman foundation, closed‑source infrastructure, and foundation‑curated validator set—means that public claims such as “no single entity owns or operates the Hyperliquid network” are, at best, incomplete. From a compliance and supervisory standpoint, the Hyper Foundation is the de facto operator and governance nexus of a global, highly leveraged trading platform, yet it does not currently meet even minimal transparency standards expected of a regulated market operator in the EU or comparable jurisdictions. Regulatory Hypothesis: MiCA / MiFID II Applicability MiCA expressly targets crypto‑asset service providers (CASPs) that operate trading platforms, with only fully decentralized models potentially falling outside scope. Hyperliquid’s governance and validator structure clearly fails this “fully decentralized” threshold: a known foundation coordinates development, controls most consensus stake, and administratively shapes validator composition and protocol parameters.​ Accordingly: For non‑financial‑instrument crypto derivatives, Hyperliquid should be assessed as a MiCA‑regulated CASP operating a trading platform and providing execution of orders for third parties, irrespective of its non‑custodial design.​ Where underlyings or structured products qualify as financial instruments, operators and controlling entities fall within the MiFID II perimeter (e.g., operation of a multilateral system and investment services in derivatives), with associated organizational, conduct and prudential requirements.​ The decisive regulatory test is control, not marketing labels: Hyperliquid’s effective centralization means it should be treated as a CEX‑like venue without custody, not as an exempt DeFi protocol.​ Call for Information FinTelegram invites insiders, former team members, validators, technical contractors and counterparties with knowledge of Hyperliquid’s validator arrangements, governance structures, and intervention practices to provide information in confidence via our whistleblower platform Whistle42. Share Information via Whistle42

FinTelegram’s PlatinCasino test reveals a “bank transfer” deposit flow that is, in substance, a fiat-to-crypto purchase executed via Bitcan Sp. z o.o. and ARI10’s gateway stack (including gatewaycpay.com and aripayments.com). The UX is likely to mislead players while routing stablecoins directly to a merchant wallet—turning regulated bank rails into a high-risk casino funding pipeline. Key points What users see: “Bank Transfer” on a casino deposit page. What actually happens (per gateway screen): user buys USDC (or comparable stablecoin) and funds are forwarded to a designated wallet (merchant). Who appears in the flow: Bitcan Sp. z o.o. (Poland) as data controller/processor + ARI10 legal docs and product pages (ARI10/ARIPayments) (Source: ari10.com). Traffic intelligence: Semrush indicates gatewayapay.com → aripayments.com is a dominant referral route; gatewayapay.com itself receives notable traffic from vavada.com—suggesting reuse of the same rail for other gambling brands (Source: Stack Overflow). Regulatory reality check: Poland’s “Register of Virtual Currency Activities” is a registration, not a licence/authorization; it does not equate to prudential supervision (Source: slaskie.kas.gov.pl). MiCA angle: EU CASP rules apply, with transitional/grandfathering mechanics depending on member state implementation—this makes cross-border compliance posture and partner due diligence critical (Source: esma.europa.eu). Read our PlatinCasino report here. What we can evidence from the PlatinCasino deposit flow Bitcan facilitates fake bank transfers for PlatinCasino (Screenshot Dec 20, 2025) Gateway handoff: Selecting “Bank Transfer” on PlatinCasino launches a payment window hosted on gatewaycpay.com (bank picker + “check the data” step). Bitcan named as the processor: The consent text explicitly references “Bitcan sp. z o.o.” as the entity processing personal data. Crypto purchase disclosure (small print): The same screen states the user is buying USDC for the fiat amount and that funds will be transferred to a specified wallet (merchant destination). ARI10 legal documents used: “Terms & Conditions” links route to ari10.com (Gateway service T&Cs), indicating an integrated product stack under ARI10 branding (Source: ari10.com). Redirect stage: After confirmation, the flow redirects to aripayments.com/t/… with a “Redirecting to payment page…” screen (Polish-language page prompt visible). This strongly suggests tokenized, session-based funnel links rather than a “public” landing page. Interpretation: The casino “bank transfer” is operationally an on-ramp purchase: user’s bank transfer funds the on-ramp; the on-ramp releases stablecoins to the casino wallet. That’s a classic “conversion chokepoint” in FinTelegram 2.0 terms: fiat rail → on-ramp → stablecoin → merchant wallet. Who/what is ARI10? ARI10 Sp. z o.o. (Poland, Poznań) is presented as a crypto-asset service provider offering an exchange, on-ramp gateway, and crypto payment gateway (Source: ari10.com). Bitcan Sp. z o.o. (Poland, Poznań) is shown in ARI10’s legal footer as the entity in Poland’s Register of Virtual Currency Activities (RDWW-227) (Source: slaskie.kas.gov.pl). Founders / leadership (per ARI10): Mateusz Kara (CEO & co-founder), Artur Pszczółkowski (co-founder), Piotr Bień (co-founder), Izabela Mazur (COO) (Source: ari10.com) Ownership signal (open registry view): rejestr.io indicates ARI10’s shareholding includes family foundations, and Bitcan’s shareholder chain points back to ARI10 (Source: Rejestr.io). Traffic intelligence: why gatewayapay.com matters Your operational observation (gatewayapay.com feeding aripayments.com) aligns with Semrush “traffic journey” style indicators: aripayments.com: Semrush shows gatewayapay.com as a top referrer and gatewaycpay.com also materially present, consistent with “gateway → ARIPayments” funnels. (Source: community.cloudflare.com). gatewayapay.com: Semrush shows inbound traffic from vavada.com and outbound destinations including aripayments.com and litpay.pl, which is consistent with a deposit/checkout hop chain (Source: Stack Overflow). Compliance interpretation: Even if gatewayapay.com’s operator is obscured, it functions as a routing layer into a regulated-sensitive activity (fiat→crypto conversion) and should be treated as a high-risk gateway node. Compliance assessment (FinTelegram view) 1) Consumer deception/transparency risk Labeling this as “Bank Transfer” while the gateway itself frames it as buying stablecoins and sending them to a designated wallet creates a high likelihood of consumer misunderstanding—particularly where the disclosure appears as small print in a checkout step. 2) AML/CTF and illicit-gambling exposure On-ramps are a first-line AML chokepoint. If the downstream merchant is an offshore casino accessible without meaningful KYC, the on-ramp faces elevated exposure to: gambling payments laundering, chargeback/complaint patterns, sanctions/geoblock evasion, “layering” via stablecoins after fiat entry. Bitcan’s own materials acknowledge AML/KYC obligations for crypto exchange activity, but the core risk is merchant and funnel due diligence (who is being funded and how the flow is marketed) (Source: bitcan.pl). 3) “Registration ≠ authorization” (Poland) Poland’s virtual currency activity register is not a “license.” It is a registration regime; this nuance matters for counterparties and banks that may assume “regulated” equals “authorized” in the prudential sense. 4) MiCA readiness and cross-border posture MiCA’s CASP regime raises the bar for governance, conduct, and operational controls across the EU, with transitional mechanisms. For a gateway stack visibly used across borders (Italian banks shown in your test flow), the compliance question is not theoretical: who is the regulated perimeter entity, and which partners provide any PSD2/open-banking components (if any)? Compliance conclusion ARI10/Bitcan appear to operate a scalable on-ramp + gateway stack (ARIPayments, gatewaycpay, and likely additional gateway front-doors) that can be embedded into offshore casino deposit UX. In the PlatinCasino case, the design effectively turns a “bank transfer” into a crypto purchase and stablecoin delivery to the casino wallet, while presenting limited upfront clarity. This makes ARI10/Bitcan a priority chokepoint for: banks (monitoring inbound transfers to on-ramp beneficiaries), regulators (high-risk merchant controls; misleading payment presentation), payment compliance teams (merchant category policy enforcement), and investigators (wallet attribution + gateway domain ownership mapping). Summary Table Brand / ProductDomain(s)Legal entity (published / observed)JurisdictionRole in the railKey individuals (published)Transparency / risk notesPlatinCasino (merchant use-case)platincasino.comLatiform B.V. (operator, per your case file)CuraçaoOffshore casino receiving value via stablecoin rail—Deposit UX labels “Bank Transfer”; gateway indicates crypto purchase + wallet deliveryARI10 (group brand)ari10.com, exchange.ari10.comARI10 Sp. z o.o.Poland (Poznań)Crypto exchange + gateway/on-ramp product stackMateusz Kara (CEO), Artur Pszczółkowski (Co-founder), Piotr Bień (Co-founder), Izabela Mazur (COO)Legal docs and product pages used inside payment funnelARIPayments (product)aripayments.comPresented as ARI10 product stackPoland (group)Redirect / funnel stage to execute payment flow—Tokenized /t/ URLs observed; not a typical public landing pageBitcan (processor named in checkout)bitcan.plBitcan Sp. z o.o. (RDWW-227 per ARI10 footer)PolandData processing + fiat→crypto conversion (per checkout language)(See ARI10 leadership list above)Registration in Polish VASP register ≠ prudential license; high-risk merchant exposureGateway front-door (PlatinCasino)gatewaycpay.comNot clearly disclosed on-page (gateway UI references Bitcan + ARI10 docs)UnknownBank selection + consent + checkout stepUnknownKey “domain hop” that reduces end-user transparencyGateway front-door (other casinos indicated)gatewayapay.comUnknown / obscuredUnknownReferral hop into ARIPayments (per traffic intelligence)UnknownAppears to route users from vavada.com to ARIPayments; requires ownership mappingVavada (indicated casino integration)vavada.comUnknown (not assessed in this report)UnknownTraffic source into gatewayapay.com—Included as “indicated” based on traffic journey signals Rail Map Mini FlowStepUser-facing labelDomain hopOperator (known / suspected)FunctionConfidencePlatinCasino1Deposit → “Bank Transfer”platincasino.comLatiform B.V. (operator)Initiates deposit methodConfirmed (screenshots)PlatinCasino2Bank selectiongatewaycpay.com/gateway/…/selectGateway UI; Bitcan referenced laterSelect bank / countryConfirmed (screenshots)PlatinCasino3“Check the data” + consentgatewaycpay.com/gateway/…Bitcan Sp. z o.o. named in consentConsent + disclosure of crypto purchase; wallet transfer describedConfirmed (screenshots)PlatinCasino4T&Cs / Privacy linksari10.com (Gateway T&Cs)ARI10 Sp. z o.o.Legal docs for gateway serviceConfirmed (screenshots)PlatinCasino5Redirectaripayments.com/t/…ARI10 product stackRedirect layer to payment pageConfirmed (screenshots)PlatinCasino6Execute paymentUser’s bank domain (varies)BankUser authorizes transfer; funds go to on-ramp flowCorroborated (flow logic)PlatinCasino7Stablecoin deliveryOn-chain transfer to merchant walletDestination wallet (merchant)Funds released to a designated wallet (per checkout text)Confirmed (checkout text); on-chain verification pendingVavada (indicated)1Deposit journeyvavada.com → gatewayapay.comUnknownTraffic indicates gateway front-doorIndicated (traffic intelligence)Vavada (indicated)2On-ramp layergatewayapay.com → aripayments.comUnknown → ARI10 stackRoutes user into ARIPayments railIndicated (traffic intelligence) Call for Information (Whistle42) Are you a player, payments insider, bank compliance officer, or former employee/contractor with insight into ARI10/Bitcan/ARIPayments, gatewaycpay.com, gatewayapay.com, or casino integrations using “bank transfer” as a wrapper for crypto on-ramps? Submit documentation, descriptors, wallet addresses, or internal policies securely via Whistle42. Share Information via Whistle42.com

FinTelegram’s deposit-flow tests at PlatinCasino (platincasino.com) show a deliberately confusing payments stack: “bank transfers” that actually buy stablecoins and push them to wallets, plus “Sofort”/open-banking flows that route users through EU-regulated fintech rails. The result: an offshore casino can collect player funds across Europe while keeping onboarding friction—and KYC prompts—remarkably low. Key Points PlatinCasino is presented as a Curaçao-licensed operator (Latiform B.V.) but is accessible across multiple EU/UK jurisdictions (Source: cert.gcb.cw). “Bank Transfer” triggers a fiat→crypto purchase flow referencing Bitcan sp. z o.o. and ARI10, with small-print explicitly describing crypto purchase + wallet delivery. The checkout UI discloses stablecoin settlement (USDC/USDT) to specific EVM wallet addresses (per screenshots), undermining the “bank transfer” framing. “Sofort” is implemented as an open-banking initiation journey (secure.bankgate.io → bank selection → Revolut OBA), requesting consent to authorize PERSPECTEEV SAS (Bridge) (Source: bridgeapi). SALTEDGE branding appears on a bankgate.io 404 screen during the hop—suggesting a white-label/open-banking infrastructure layer. Another “anonymous” open-banking gateway appears via checkout.transactgrid.com, leading to Revolut consent to authorize “Bank Pay” (operator unclear). Short Narrative In the PlatinCasino cashier, “Bank Transfer” does not behave like a conventional pay-by-bank deposit. Instead, the user is routed to gatewaycpay.com, asked to confirm personal data, and required to accept terms referencing Bitcan sp. z o.o. The screen copy states the user is buying crypto and sending it to a designated address (irreversible transaction). Extended Analysis 1) The operator + regulatory setting PlatinCasino is operated by Latiform B.V. (Curaçao) under a Curaçao Gaming Control Board license shown in the regulator’s certificate portal (Source: cert.gcb.cw). In practice, this offshore setup routinely collides with EU national gambling regimes—yet the payments layer (below) helps the casino access EU rails anyway. In our reviews, we had no problem registering with PlatinCasino as residents of various EU jurisdictions and the UK and making deposits via crypto or FIAT without KYC. The payment facilitators involved should also have no problem with PlatinCasino illegally targeting players in these jurisdictions. In parallel, PlatinCasino’s “Sofort” option—normally associated by consumers with mainstream pay-by-bank—runs as a multi-hop open-banking consent flow: secure.bankgate.io presents bank selection; choosing Revolut redirects to Revolut’s OBA login where the user is asked to authorize PERSPECTEEV SAS. 2) Chokepoint #1 — “Bank transfer” that is actually a stablecoin purchase Your screenshots show the decisive tell: the user is told they buy USDC for EUR and that funds will be transferred to specific 0x… wallet addresses. This looks like a fiat-to-crypto on-ramp gateway embedded inside a casino “deposit” journey—i.e., a deposit disguised as a bank transfer, executed as a crypto purchase. The entities surfaced in-flow align with ARI10’s own positioning as a crypto payment gateway / on-ramp/off-ramp provider (Source: ari10.com)ARI10’s legal notes also list Bitcan Sp. z o.o. and indicate inclusion in Poland’s Register of Virtual Currency Activities (RDWW-227) (Source: ari10.com). Important compliance nuance: Poland’s VASP register is a registration regime and does not equal prudential supervision—a point the Polish government itself flags in public guidance about the register (Source: Gov.pl). Compliance trigger: consumer deception risk (misleading payment method labeling), plus AML/KYC gap risk when “bank transfer” UX masks an on-ramp and stablecoin settlement layer. 3) Chokepoint #2 — “Sofort” as open banking authorization (Bridge / Perspecteev) The Revolut consent screen in your evidence explicitly requests authorization for PERSPECTEEV SAS. Bridge’s legal disclosures identify Perspecteev SAS as the entity behind Bridge and describe its regulatory framework (PSD2-context service structure) (Source: bridgeapi). This matters because it demonstrates how an offshore casino can still present users with a familiar EU fintech trust surface (bank selection → Revolut login → consent screen), even where the underlying merchant is an offshore gambling operator. 4) Chokepoint #3 — transactgrid + “Bank Pay” (unattributed) A second open-banking gateway appears at checkout.transactgrid.com, which we could not reliably attribute via public records at the time of writing. The downstream Revolut OBA consent requesting authorization for “Bank Pay” suggests a separate TPP/merchant descriptor. One possible lead is Paybank2bank, which publicly describes itself as operated by Intense Technologies SRL (Romania)—but we cannot confirm it is the same “Bank Pay” shown in your Revolut screen (Source: PayBank2Bank). Why this matters: unattributed gateways are classic chokepoints—they are the points where regulated financial rails meet opaque merchant networks. Rail Map Mini Distribution: PlatinCasino front-end (platincasino.com) [Confirmed – observed] Collection layer A (disguised on-ramp): gatewaycpay.com → Bitcan/ARI10 terms → aripayments.com redirect [Confirmed – observed] Conversion/Settlement: EUR → USDC/USDT purchase; stablecoins routed to EVM wallets [Confirmed – observed] Collection layer B (open banking): secure.bankgate.io → Revolut OBA → authorize Perspecteev (Bridge) [Confirmed – observed / Corroborated – entity] (Source: bridgeapi.io). Collection layer C (open banking, unattributed): checkout.transactgrid.com → Revolut OBA → authorize “Bank Pay” [Confirmed – observed / Operator Unknown] Actionable Insight For regulators, banks, and open-banking providers: PlatinCasino’s flow illustrates a repeatable pattern—merchant risk is shifted away from the casino UI and into payment “hops” (gateway domains, white-label connectors, and stablecoin settlement). The compliance question is not only who processes the payment, but who performs merchant due diligence on the gambling counterparty at each hop—and whether consumer-facing labels (“Bank Transfer”, “Sofort”) are materially misleading. Summarizing Tables Entity & jurisdiction transparency Brand / ComponentRole in the deposit flowDomains / endpoints observedLegal entity (as evidenced)JurisdictionRelated individuals (public-facing)Notes / transparency flagsPlatinCasinoOffshore casino (merchant / deposit origin)platincasino.comLatiform B.V. (imprint/ownership presented)CuraçaoNot disclosed on the casino imprint (as observed)Accessible across EU/UK jurisdictions in testing; deposits possible with minimal friction and no meaningful KYC prompts (observed).“Bank Transfer” rail (disguised crypto purchase)Misleading method label: user selects “Bank Transfer” but flow states crypto purchase + wallet transfer gatewaycpay.com/gateway/… aripayments.com/t/… Terms/Privacy links route to ari10.com Bitcan sp. z o.o. (named in consent on checkout screen); legal links routed via ARI10 pagesPoland (per in-flow entity naming)Not consistently disclosed in the player UXCheckout copy indicates stablecoin settlement and a destination wallet. Consumer-facing “bank transfer” framing is contradicted by the crypto purchase wording (observed).ARI10Crypto gateway ecosystem / legal-document host referenced by the flowari10.comARI10 sp. z o.o. (as presented on company site / legal pages)PolandLeadership listed on company materials (e.g., Mateusz Kara; Izabela Mazur; Artur Pszczółkowski)Brand/entity layering: user consents to Bitcan wording but is routed to ARI10-hosted legal documents (observed).BitcanEntity named in consent (“processing of my personal data by Bitcan…”) and transaction framingNamed inside the gatewaycpay.com checkout UI; legal links to ari10.comBitcan sp. z o.o. (named in-flow)PolandNot reliably disclosed inside the casino journey beyond the consent lineConsent language + “irreversible” warning are consistent with a crypto purchase / on-chain transfer rather than a normal bank transfer deposit (observed).gatewaycpayHosted checkout UI for the disguised “Bank Transfer” railgatewaycpay.com/gateway/…Not clearly disclosed on the domain itself (in-flow references point to Bitcan/ARI10)Unknown (in-flow context indicates Polish entities)n/aKey “chokepoint” domain: handles bank selection, data check, consent, and crypto purchase disclosures (observed).ARIPaymentsRedirect / handoff layer after consentaripayments.com/t/…Not clearly disclosed in the redirect URL itselfUnknown (in-flow context indicates Polish ecosystem)n/aTranslation prompt indicated Polish page language during redirect; additional hop increases opacity for users and investigators (observed).“Sofort” rail (open banking PIS)Brand misdirection: “Sofort” label triggers open-banking authorisation journeysecure.bankgate.io/payments/connect/… → oba.revolut.com/…In-flow operator not clearly disclosed; Salt Edge branding appears on related bankgate endpoint screensUnknown (gateway) / UK (Salt Edge context)n/aUX behaves as open banking payment initiation, not a classic Klarna Sofort checkout (observed).bankgate.io (open banking gateway)Open banking bank-selection / routing UIsecure.bankgate.ioNot clearly disclosed in-flow; Salt Edge branding observed on error pageUnknown (gateway) / UK (Salt Edge context)n/aSalt Edge logo appears on a secure.bankgate.io 404 screen (observed), suggesting infrastructure involvement.SALTEDGEOpen banking infrastructure / gateway tooling (as suggested by branding)saltedge.com (brand shown on bankgate-related screen)Salt Edge (corporate structure varies by jurisdiction; UK presence publicly described)UK (public-facing positioning)n/aBranding suggests Salt Edge technology in the chain; direct contracting party for this merchant flow is not confirmed from the screenshots alone.Bridge / Perspecteev SASTPP/PISP being authorised by the user (open banking) Authorisation shown at oba.revolut.com (“To authorise PERSPECTEEV SAS”) Legal presence: bridgeapi.io Perspecteev SAS d/b/a Bridge FrancePublic-facing leadership exists on company materials (not always shown in the authorisation screen)Critical chokepoint: a regulated EU fintech entity is the explicit authorisation counterparty within an offshore casino deposit journey (observed).Revolut (example bank tested)User bank login and authorisation endpointoba.revolut.com/ui/index.html?…Revolut entity depends on the customer/account (not determinable from screenshots alone)Multi-jurisdictional (group)n/aUser is prompted to authorise a third party (e.g., Perspecteev SAS; “Bank Pay”) enabling the deposit via open banking (observed).TransactGridAdditional open banking gateway UI (operator unclear)checkout.transactgrid.com/…Unknown (no clear imprint/attribution identified in this review)Unknownn/aSecond chokepoint: bank-selection gateway with unclear operator, licensing, and complaint channel.“Bank Pay” / “PayBank” (authorisation label)TPP label shown to the user during open banking authorisationAppears within oba.revolut.com authorisation (“To authorise Bank Pay/PayBank”)Unknown (label only; no confirmed corporate mapping)Unknownn/aAttribution gap: the authorisation name is shown, but the underlying legal entity is not transparently disclosed to the user within the casino deposit journey (observed). Rail Map Mini Step“Bank Transfer” (disguised crypto purchase)“Sofort” (open banking via bankgate → Revolut → Perspecteev SAS)Other open banking option (TransactGrid → Revolut → “Bank Pay”)1platincasino.com deposit modal → user selects Bank Transfer (observed)platincasino.com deposit modal → user selects Sofort (observed)platincasino.com deposit modal → user selects an open banking method (observed)2Pop-up at gatewaycpay.com/gateway/<id>/select → country/bank selection (observed)Pop-up at secure.bankgate.io/payments/connect/<id> → bank selection (observed)Pop-up at checkout.transactgrid.com/… → bank selection (observed)3 gatewaycpay.com/gateway/<id> “Check the data” → consent checkbox includes: “I consent to the processing of my personal data by Bitcan sp. z o.o. …” Terms/Privacy links route to ari10.com (observed) Redirect to oba.revolut.com/ui/index.html?… → “Sign in to Revolut” “To authorise PERSPECTEEV SAS” (observed) Redirect to oba.revolut.com/ui/index.html?… → “Sign in to Revolut” “To authorise Bank Pay / PayBank” (observed) 4 Same screen discloses crypto purchase/transfer logic: user buys USDC/USDT for EUR and funds are transferred to a specified wallet address (observed) User authorises Perspecteev SAS in Revolut OBA; payment initiation proceeds (return URL not captured) (observed) User authorises “Bank Pay/PayBank” in Revolut OBA; payment initiation proceeds (return URL not captured) (observed) 5aripayments.com/t/<id> appears (“Redirecting to payment page…”, Polish UI prompt) (observed)During gateway probing, a secure.bankgate.io screen shows Salt Edge branding with a 404 error (observed)Operator attribution remains unclear for transactgrid.com (gap)6 Handoff continues to the selected bank flow; outcome described as crypto purchase + on-chain transfer to wallet (as stated on checkout) (observed) Net effect: offshore casino deposit executed via regulated open banking rails (TPP shown to user = Perspecteev SAS) (observed)Net effect: offshore casino deposit executed via open banking rails with unattributed/unclear TPP identity behind the “Bank Pay/PayBank” label (observed) Call for Information Are you a player affected by these deposit flows, or an insider at any of the involved gateways/TPPs (ARI10/Bitcan, bankgate, transactgrid, Bridge/Perspecteev, or banking partners)? FinTelegram is building a rail pack on PlatinCasino’s payment stack. Submit information securely via Whistle42.com (screenshots, bank descriptors, wallet destinations, email receipts, chargeback/freeze experiences). Share Information via Whistle42

Hyperliquid — one of the most hyped DeFi perps venues of the post-2024-halving cycle — just recorded weekly net capital outflows of more than $430 million (third-largest weekly outflow on record, per widely cited Dune tracking). At the same time, Bitcoin is ~30% below its October peak and a growing set of analysts argue the market is already shifting into a bearish regime — a macro backdrop that tends to punish leverage-first venues and native-exchange tokens hardest. Key Points Capital exit: >$430M net outflow in seven days; AUM/TVL metrics are reported to have fallen materially since September highs (Sources: Phemex, CCN). Competitive squeeze: rivals like Lighter and Aster are tightening the “perps DEX wars,” siphoning attention, traders, and incentive-driven flow (Source: TheBlock). Token reflexivity risk: HYPE has been reported down sharply from its highs (≈60% off ATH in some trackers), with forced-liquidation headlines amplifying downside pressure (Sources: CryptoPotato, KuCoin) Regulatory exposure remains structural: FinTelegram has documented EU access to perps without KYC/geo-blocking, putting Hyperliquid in the MiFID II derivatives perimeter risk zone (Source: FinTelegram). If BTC’s bearish thesis hardens, Hyperliquid faces a “double whammy”: lower volumes + higher scrutiny (Source: Binance). Download the full Hyperliquid Compliance Report 2025 here. Short Narrative Hyperliquid’s rise in this halving cycle followed a familiar DeFi playbook: win the “pro trader” mindshare, compress fees, make UX feel CeFi-fast, and let permissionless access do the distribution. That worked — until the cycle turned and competitors copied the playbook with more aggressive incentives and fresh narratives. The result: a visible liquidity leak, with on-chain dashboards showing a sharp weekly net outflow north of $430M. Extended Analysis 1) Outflows are not just “sentiment” — they are revenue and safety signals. Hyperliquid is often described as a perps-venue with an embedded token flywheel: trading activity → fees → buyback/burn mechanics. Multiple industry writeups describe an automated mechanism that routes the large majority of fees into HYPE buybacks (via an “Assistance Fund” concept). If volumes compress in a bear phase, the buyback narrative weakens at exactly the wrong moment (Source: OKX). Separately, reports cite a decline from ~September highs in assets/AUM/TVL, consistent with traders pulling stablecoin collateral off-platform (Source: CCN). 2) Competition is now direct — from both DeFi and CeFi. In DeFi, rivals (Lighter, Aster) are explicitly targeting Hyperliquid’s crown: perps liquidity + speed + incentives. In CeFi, Binance/Kraken-like venues can offer deep liquidity, cross-margining, and institutional rails — and in a risk-off tape, traders often prioritize “execution certainty” over ideology. Hyperliquid can’t assume cycle-peak loyalty. 3) The bear-market thesis matters because perps venues are leverage thermometers. Bitcoin is currently around $88.6k (today’s snapshot), but the more important point is positioning: analysts citing on-chain demand slowdown (e.g., CryptoQuant-referenced reporting) argue conditions resemble an early bear transition (Source: DL News).If that regime persists, perps activity typically shrinks, liquidations spike, and tokens linked (even indirectly) to venue usage become high-beta casualties — exactly what recent HYPE price/whale-liquidation headlines suggest (Source: KuCoin). 4) The HYPE Token Collapse: Tokenomics Under Pressure The HYPE token’s 60% collapse from its $59.31 September all-time high to approximately $24 in December reflects both Hyperliquid-specific failures and broader bear market dynamics. Analysts predict further deterioration to $19.46 by December 22—a 67% decline from peak—with the Fear & Greed Index registering “Extreme Fear” at a reading of 20.​ The token’s technical structure faces severe pressure. Trading below all major moving averages (MA3, MA5, MA10, MA21, MA50, MA100, MA200), with 85% of technical indicators signaling bearish trajectories, HYPE exhibits the characteristics of an asset in structural decline. The Relative Strength Index (RSI) at 35.81 suggests oversold conditions, but historical patterns from the 2022-2023 bear market demonstrate that oversold can remain oversold for extended periods.​ 5) Regulation is the non-cyclical threat — and Hyperliquid is sitting in the blast radius. FinTelegram’s own compliance tests documented that EU residents could trade perps without KYC/geo-blocking, with Terms that (at least as observed) do not clearly exclude EU/EEA/UK. That combination is precisely what invites a “Binance-era” enforcement arc: warnings, access measures, and action against EU-facing solicitation (Source: FinTelegram). In a bear market, regulators also tend to face less political friction: retail losses create the mandate. Final Hypothesis Hyperliquid is unlikely to “die like FTX” for the same reason FTX died: FTX collapsed around centralized custody, hidden balance-sheet leverage, and alleged misuse of customer assets — failure modes that are harder (though not impossible) to replicate in a more transparent, on-chain venue. However, Hyperliquid can absolutely suffer an “FTX-like cycle outcome”: a brutal contraction where outflows + falling HYPE + shrinking volumes + regulatory pressure force a strategic pivot (EU gating/KYC, restricted jurisdictions, compliant distribution) and trigger a long drawdown in market relevance. Base case (most likely): Hyperliquid survives, but de-risks and professionalizes, potentially sacrificing “permissionless growth” to stay standing.Bear case: a sustained BTC bear + continuing weekly outflows + first serious EU/US enforcement vector produces a reflexive spiral that permanently shrinks Hyperliquid’s dominance. Call for Information Are you a trader, market maker, integrator, or former contributor with insight into Hyperliquid’s liquidity management, Assistance Fund mechanics, incentive spend, or jurisdictional controls? Share documentation (screenshots, wallet traces, Terms snapshots, comms) via Whistle42.com. We protect sources. Share Information via Whistle42

A Dec 19, 2025 analysis by The Shift News argues that Malta’s supervision failures during a peak mis-selling era left hundreds of retail investors trapped in the collapse of Australia’s LM Managed Performance Fund—and that even after liquidation proceeds reached Malta in late 2024, distribution to beneficiaries still hasn’t happened. Key Facts The Shift says the product was widely sold in Malta (2008–2013), often framed as “execution-only”, despite allegedly targeting financially unsophisticated retirees (Source: TSN). The fund entered compulsory liquidation in Australia in 2013; interest stopped and capital was not repaid at maturity (Sources: TSN, International Advisor). The Shift identifies All Invest Co Ltd, MFSP Financial Management Ltd, and Hollingsworth Financial Services Ltd as key MFSA-licensed distributors, with MFSA action coming only after losses materialised. Investor redress was structurally limited: Malta’s Investor Compensation Scheme covers 90% up to €20,000 per investor. Liquidation proceeds were reportedly remitted to Zenith Finance Ltd (formerly MFSP) as nominee; more than a year later, funds remain undistributed and releases are allegedly demanded from investors. Short Analysis From a compliance standpoint, the case is a textbook collision between MiFID suitability/product governance and a sales culture that used “execution-only” labelling to bypass real risk assessment. Notably, MFSA itself said in 2013 it was investigating how LM Investment Management products were sold in Malta, suggesting supervisory awareness while distribution continued. The post-collapse phase is equally damaging: The Shift describes liquidation proceeds sitting inside a court-supervised nominee structure while investors are asked to sign broad liability waivers—raising consumer-protection and governance red flags, even before questions of civil liability are reached. Call for Information Were you sold LM/Zenith products in Malta, worked at a distributor, or have documents on MFSA communications, nominee holdings, or release demands? Share securely via Whistle42.com. Share Information via Whistle42

US crypto exchange Coinbase has filed lawsuits against Michigan, Illinois, and Connecticut after state officials moved to treat “prediction markets” as gambling. Coinbase argues these products are federally regulated derivatives (“event contracts”) under the Commodity Futures Trading Commission (CFTC)—and that a state-by-state crackdown would choke a fast-growing, high-risk “everything exchange” trend. Key Facts Coinbase seeks declaratory + injunctive relief to stop the three states from applying state gambling laws to prediction-market products (Source: TradingView). Coinbase’s position: CFTC jurisdiction is exclusive for event contracts; “50-state” gaming oversight is unlawful and unworkable (Source: PYMNTS.com). The rollout is tied to Coinbase’s planned expansion into prediction markets, reportedly including an integration with Kalshi (a CFTC-regulated venue for event contracts) (Source: PYMNTS.com). The broader market is already in litigation: states have been challenging Kalshi, with mixed court outcomes (e.g., Nevada finding Kalshi subject to state gaming rules; Massachusetts seeking to block Kalshi’s sports markets) (Source: Reuters). Short Analysis What are prediction markets? They let users trade contracts whose price reflects the probability of an outcome (e.g., “Team A wins,” “Policy X passes”). In U.S. legal terms, many are structured as event-based derivatives—but states argue that, in practice, they resemble sports betting and should require gaming licenses, consumer protections, and taxes. Why Coinbase is suing: this is a preemption fight. Coinbase wants a court to confirm that if an event contract is a CFTC-regulated product, state gaming regulators can’t re-label it as gambling. For compliance teams, the core risk is regulatory fragmentation: if states win, “prediction markets” become a patchwork of prohibitions, geo-blocking, and enforcement exposure. If Coinbase wins, the U.S. effectively moves toward a federal lane for event contracts—potentially accelerating mainstream distribution and blurring the line between “price discovery” and “unlicensed sportsbook.” Meta Data Title tag: Coinbase Sues 3 States Over Prediction Markets (CFTC vs Gambling Law) Meta description: Coinbase is suing Michigan, Illinois, and Connecticut to block state gambling rules from restricting CFTC-style prediction markets—raising a key compliance question: derivatives venue or de facto sportsbook? Keywords: Coinbase, prediction markets, event contracts, CFTC, state gambling regulators, Kalshi, compliance risk Pub date: 20 Dec 2025 Author: FinTelegram Research Desk Tags: #Coinbase #PredictionMarkets #CFTC #GamblingLaw #Compliance Canonical URL: (FinTelegram URL) Image Alt Text Dark-toned courtroom scene overlaid with a probability chart and “event contract” ticket, with U.S. state outlines confronting a CFTC-style seal—symbolizing federal vs state regulation of prediction markets. Call for Information Are you a US-based user, exchange employee, payments/affiliate partner, or state-level compliance insider with information on Coinbase’s prediction-market rollout, geo-blocking, vendor rails, or regulator communications? Share evidence securely via Whistle42.com. Share Information via Whistle42

While testing deposit rails at the offshore casino Vegadream, FinTelegram found an unexpected handoff: selecting CoinsPaid opened a separate crypto payment page branded GammaG (gammag.ge). The pop-up instructed users to send USDT on the “Binance network” (BSC) to a specific address and displayed the merchant descriptor “STARDUST GLOBAL CCS LTD (Starscream)”. This looks like a classic “label vs. execution” chokepoint worth documenting. Key Facts Observed flow (confirmed): Vegadream → “CoinsPaid” deposit option → GammaG payment pop-up (gammag.ge) → USDT (BSC) deposit instructions. GammaG self-description: GammaG presents itself as a Georgia-registered entity (“GammaG LLC”) offering digital currency payment solutions, including hosted wallets and exchange-related functionality (per its own legal pages) (Source: status.gammag.ge). Industry pairing signal: A third-party casino helpdesk (Wikibet) lists “Coinspaid / GammaG” together as the crypto deposit/withdrawal method, suggesting the two brands can appear as a combined rail in iGaming contexts (Source: support.wikibet.com). No public “ownership link” found (yet): We have not found a clear, primary-source statement that GammaG is owned/operated by CoinsPaid, or vice-versa. (At this stage, what we do have is an operational linkage on the merchant side and recurring co-mention in iGaming support materials.) Rail Map Mini Rail Map (Mini) — GammaG / CoinsPaid Handoff Case: GammaG (gammag.ge) appears behind “CoinsPaid” at Vegadream (vegadream.com) • Focus: crypto deposit execution layer • Observed rail: USDT on BSC (“Binance network”) • Descriptor shown: STARDUST GLOBAL CCS LTD (Starscream) Step Layer Rail Node What happens Evidence Confidence 1 Distribution Vegadream (vegadream.com) Player opens deposit screen Screenshot: deposit UI Confirmed 2 Collection CoinsPaid (UI label) Player selects “CoinsPaid” as the deposit method Screenshot: CoinsPaid selected Confirmed 3 Collection GammaG (gammag.ge) Checkout pop-up/window opens branded “GammaG” Screenshot: GammaG checkout page Confirmed 4 Collection Merchant/descriptor Checkout displays “STARDUST GLOBAL CCS LTD (Starscream)” Screenshot: descriptor in header Confirmed 5 Cash-out / Settlement Stablecoin rail Player instructed to send USDT via BSC (“Binance network”) to a shown address Screenshot: amount + chain + address Confirmed 6 Attribution CoinsPaid GammaG (corporate link) Ownership/operation link not proven via primary sources in this case file Open-source research pending Unknown 7 Pattern signal iGaming helpdesks “Coinspaid / GammaG” co-appears as a combined method in third-party iGaming support content OSINT: helpdesk references Corroborated Confidence Legend Confirmed — directly observed/replicated (screenshots, logs, documents). Corroborated — supported by independent sources, but not fully reproduced end-to-end. Indicated — plausible signal, not independently verified yet. Unknown — insufficient evidence; keep open until proven. Investigator note: This rail shows a “label vs. execution” pattern (CoinsPaid in the casino UI; GammaG at checkout). Next step is to capture the full redirect chain (HAR), collect TXIDs, and test whether deposit addresses rotate per session/user. Short Analysis What matters here is the execution layer: Vegadream labels the method as CoinsPaid, yet the user-facing payment flow is GammaG, which then routes the user into a stablecoin transfer on BSC. In practical AML terms, this is a chokepoint pattern: a recognizable gateway brand at the casino UI, but a different processor at checkout, and then an on-chain settlement leg. GammaG’s own site describes a broad set of crypto payment services (including hosted wallets and exchange-type functions), and provides a Georgia corporate footprint (Source: status.gammag.ge). That doesn’t prove wrongdoing by itself—but in combination with offshore gambling exposure, it becomes a high-risk rail worth mapping: it can reduce friction for deposits, complicate chargeback/complaint paths, and (depending on implementation) weaken effective KYC/transaction monitoring at the point where funds enter the gambling ecosystem. Read our CoinsPaid reports here. The open question is whether GammaG is acting as: (A) a merchant-side substitute (casino calls it “CoinsPaid,” but actually uses GammaG), (B) a reseller/aggregator layer connected to CoinsPaid, or (C) a processor-of-record while CoinsPaid is only a UI label / legacy naming artifact. Right now, we can confirm the operational handoff (CoinsPaid button → GammaG flow) but we cannot confirm corporate control. Actionable Insight For compliance teams, treat GammaG (gammag.ge) and the displayed merchant descriptor “STARDUST GLOBAL CCS LTD (Starscream)” as high-risk gambling rail indicators, especially when encountered in EU-facing traffic. Where “CoinsPaid” appears at UI level, validate who actually executes checkout and document redirects, descriptors, and on-chain deposit addresses/tx hashes. Follow our Crypto Payment Processor Watch series here. Call for Information (Whistle42) FinTelegram is building a case file on GammaG as a crypto rail used by offshore casinos. If you are: a player with deposit/withdrawal history involving GammaG or a “CoinsPaid” method that opens a GammaG window, an insider at a casino affiliate/payment ops desk, PSP, or compliance function, a counterparty (bank/EMI/crypto exchange) seeing related flows, please share: payment emails, screenshots, transaction hashes (TXIDs), wallet addresses used, merchant descriptors, refund/withdrawal correspondence, and any KYC/verification steps (or lack thereof). Submit securely via Whistle42.com (anonymous accepted). Share Information via Whistle42