A single UK player may have done what regulators failed to do: by chasing refunds from Golden Lion, FreshBet, GoldenBet, and other illegal online casinos, she has mapped an apparent network of UK-registered “web portals”, “software” and “consultancy” firms – including Future Insight Consultancy Ltd and its Malta arm – that seem to act as payment agents and corporate infrastructure for Curaçao-licensed offshore casinos targeting UK and EU consumers. 1. The whistleblower-player and her dossier The documents show a remarkably sophisticated dossier built by a private UK player. She links deposits to Golden Lion, GoldenBet, FreshBet, and other offshore brands with dozens of merchant descriptors and UK companies that never advertised themselves as gambling businesses at all. Her emails to GoldenBet include a combined GDPR/DSAR and refund demand. She explicitly frames her case under UK/EU GDPR and the UK Payment Services Regulations 2017 (PSR 2017), demanding disclosure of MCC codes, routing paths, processors and “sub-merchant” relationships – language that would not look out of place in a regulatory notice. The casinos respond with the usual soft-focus PR (“compliance manager is reviewing your case”) but provide no hard information, no merchant IDs and no meaningful route to a refund. 2. Future Insight: accountancy shop or payment-network coordinator? On paper, Future Insight Consultancy Ltd is an accountancy and business advisory firm based in Gravesend (Suite 13, Whitehall Place, 47 The Terrace, DA12 2DL) with a sister entity in Malta. Its marketing explicitly targets “finance and brokerage” and other high-risk sectors (Source: Future Insight). Future Insight Consultancy Ltd is not currently listed in the official ICAEW public firm directory, nor does it appear in public HMRC supervised-business registers accessible online as of November 2025. While the company states compliance with both ICAEW and HMRC standards, there is no direct record in the main public registers of either authority confirming current verification for the corporate entity itself. Companies House records show that Blue Ocean Development AI Ltd and Lingo Ventures Ltd both use the Whitehall Place address and are “c/o Future Insight Consultancy Ltd” – sharing the same mailbox and corporate services provider (Sources: Future Insight, Companies House). The victim’s bank statements link these entities to her gambling deposits via non-gambling MCC codes such as “computer programming / digital services”. Crucially, in the email chains, Future Insight’s Operations Director, Macy O’Shea, replies from an @futureinsight.eu address and states that she has forwarded the victim’s correspondence (and her detailed evidence) to the “compliance department” of the relevant companies. This is only plausible if Future Insight has a live, operational role with those entities – not just a passive maildrop. Future Insight founder Michele Yianni (Source: www.micheleyianni.com) The investigating player then writes directly to founder Michele Andrula Teresa Yianni(-Attard), aka Michele Yianni, who is publicly listed as the controlling person in the Future Insight Cosultancy Ltd via its parent company Future Insight Group Ltd (Source: Companies House). She is also a director of Future Insight’s Maltese company (Source: Malta Database). Questions for Future Insight: Why Future Insight displays the ICAEW Chartered Accountants logo although we cannot locate it in the ICAEW register (Source: Future Insight). Why the firm does not appear in HMRC’s supervised-business register, with supervision apparently via the Institute of Accountants and Bookkeepers (IAB) instead. On what basis Future Insight is responding on behalf of Blue Ocean and Lingo Ventures and “forwarding” complaints to their compliance staff. FinTelegram’s take: at minimum, Future Insight appears to function as a central corporate and communication hub for a cluster of payment-linked entities used by offshore gambling operators. Whether it has crossed the line into unauthorised payment services or payment agency under PSR 2017 is a question for the FCA and HMRC – but the red flags are significant. During our review, we identified Suite 13, Whitehall Place, 47 The Terrace, Gravesend, Kent, DA12 2DL as a central hub used by the Future Insight group. A Companies House search shows that hundreds of companies are registered at this address, with dozens explicitly annotated as “c/o Future Insight Consultancy Ltd” (see Companies House search link above). While not every entity at this address will necessarily function as a payment facilitator for offshore or illegal gambling operators, the clustering of so many finance- and tech-related companies at a single corporate service address suggests that a significant subset may be involved in such activities. In any case, this location clearly warrants closer scrutiny from a compliance, supervisory, and law-enforcement perspective. 3. UK “web portals” and “software firms” in Curaçao gambling flows The dossier doesn’t stand in isolation. Open-source evidence shows that several of the companies she names are already known in gambler forums as front-end merchants for Curaçao-licensed casinos using “wrong” MCC codes: Terraverse Ltd – originally incorporated as Interray Ltd, with SIC “computer programming activities”. CasinoGuru threads identify “TERRVERS” and emails at interray.ltd@ / support@gainkit.com as merchants used by Curaçao casinos, with players complaining about hidden gambling charges and MCC misclassification (Source: CasinoGuru). TraverseTraverse Ltd markets itself as a digital marketing agency, yet UK players report struggling to recover money from “traversetraverse Terrvers” after deposits to Curaçao-licensed casinos using Trading212-branded cards (Source: CasinoGuru). MYDATES LTD / Grottobook.com operated the e-book site grottobook.com. CasinoGuru threads connect Grottobook/MyDates to exactly the same Curaçao MCC-misuse issue, with card schemes seeing “digital goods” while funds appear to support gambling (Source: CasinoGuru). MYDATES was voluntarily struck off and dissolved on 23 September 2025 – exactly as the victim notes (Source: Companies House). The evidence shows her own deposits routed through Lingo Ventures Ltd, Blue Ocean Development AI Ltd, Frank Finance Ltd, Maxify Finance Ltd and others, often coded as IT/digital services rather than gambling, despite their economic link to Golden Lion, GoldenBet and related brands. From a compliance perspective, this looks less like coincidence and more like a merchant-routing architecture designed to: Sidestep bank blocks on MCC 7995 (gambling), Hide the involvement of Curaçao and other high-risk gambling operators, and Fragment liability across a web of small UK entities with minimal capital and opaque offshore connections. 4. Offshore casinos and the UK marketing overlay At the gambling-operator end of the chain, the dossier focuses on: GoldenBet.com – owned by Santeda International B.V. under a Curaçao eGaming licence. GoldenLion.bet / Golden Lion Casino and sister brands such as SpinsHeaven, run by Lava Entertainment / WinBet N.V. from Curaçao, with multiple reviews highlighting payment issues and weak player protection. In parallel, Rex Media Group Ltd, a UK marketing outfit, openly runs comparison sites steering UK players toward foreign casinos, including non-UK-licensed operations. Put together, you get a familiar FinTelegram pattern: offshore casinos under light-touch Curaçao oversight, aggressively marketed into the UK, with London/Gravesend front companies and a Malta-connected accountancy firm providing the routing and corporate camouflage. 5. Compliance & regulatory questions FinTelegram sees at least five immediate questions for regulators and card schemes: Unauthorised payment services:Are Lingo Ventures, Blue Ocean Development AI, Terraverse, MyDates and others effectively acting as payment institutions or agents for offshore casinos without FCA authorisation, in breach of the Payment Services Regulations 2017? MCC masking and consumer deception:Why are multiple UK entities with SIC codes like “web portals” or “computer programming” repeatedly appearing as merchant of record for gambling deposits, using non-gambling MCC codes? Future Insight’s role and AML supervision:If Future Insight is simply an accountant, why is its operations director forwarding player complaints to “compliance” functions, and what exact services (if any) does it provide to these payment shells? How is the firm supervised for AML in the UK and Malta? Professional mis-branding:If Future Insight is not actually a firm of ICAEW Chartered Accountants, should it be displaying ICAEW’s logo and implying that level of professional oversight? UK gambling & consumer law:Do GoldenBet, Golden Lion and related brands – licensed only in Curaçao – illegally target UK customers through this network of payment and marketing fronts, outside UK Gambling Commission control? At this stage, FinTelegram cannot conclude that Future Insight “coordinates” the entire network. But the concentration of payment-linked entities at its Gravesend address, the Malta connection, and the active involvement of its staff in communication around disputed gambling payments make it a natural focal point for regulators. Summary Table – Network Overview A. Brands, entities & jurisdictions Legal EntityJurisdiction / Reg. officeApparent Role in NetworkKey People / NotesFuture Insight Consultancy LtdUK – Gravesend, Suite 13, Whitehall PlaceAccountancy / corporate services; registered office for several PSP-like firmsFounder: Michele Yianni(-Attard); Ops Director: Macy O’Shea Future Insight Consultancy Ltd (C99569)Malta – St Paul’s BayMaltese arm of Future Insight; accounting & back-office servicesDirector: Michele Andrula Teresa Yianni(-Attard) Malta DatabaseFuture Insight Group LtdUK – Gravesend, Suite 13, Whitehall PlaceHolding companyDirector: Michele YianniBlue Ocean Development AI LtdUK – “c/o Future Insight Consultancy Ltd”, GravesendAppears as merchant for player transactions; likely payment facilitator / tech frontDirectors/beneficial owner: Antal Szemere (Hungary)Lingo Ventures LtdUK – “c/o Future Insight Consultancy Ltd”, GravesendMerchant descriptor for card charges coded as IT services; linked to casino depositsDirector/beneficial owner: Eva Kamenyeva (Hungary)Frank Finance LtdUK – c/o Future Insight, GravesendAdditional company in same hub; appears in the transaction listPossible payment / finance facilitator; Directors: Michele Yianni, Renat Nadyukov. Former beneficial owner: Michele Yianni, now: Mcap Finance (Cayman) LtdMaxify Finance LtdUK – c/o Future Insight, GravesendSame address cluster; role unclear but likely financial / routingDirector/beneficial owner: Olha Velyka (Ukraine)Terraverse Ltd (ex Interray Ltd)UK – 128 City Road, London“Computer programming” firm; merchant behind Curaçao casino deposits using wrong MCCPSC: Chrysoula Tzagkidou ; email domains gainkit.com; widely flagged in forums.TraverseTraverse LimitedUK – 128 City Road, LondonDigital marketing agency; appears on card statements tied to Curaçao casinosPlayers report issues recovering funds from “traversetraverse Terrvers;” Director(beneficial owner: Yuejun Liu aka Yue Jun Liu (Chinese)MYDATES LTD / Grottobook.comUK – 85 Great Portland Street, London (dissolved)Web-portal / ebook front; merchant of record for casino-linked deposits with non-gambling MCCPSC: Mihails Dubrov (Latvia) dissolved 23 Sep 2025 Santeda International B.V.CuraçaoOffshore online casino & sportsbook taking deposits via UK merchant frontsOperator of GoldenBet Casino; Curaçao licence onlyLava Entertainment / WinBet N.V.CuraçaoNetwork of non-UK-licensed casinos (Golden Lion, Savanna Wins, SpinsHeaven, etc.)Multiple complaints on withdrawals & fairnessRex Media Group LtdUK – Leigh-on-Sea, EssexGambling marketing / affiliate agency promoting non-UK-licensed casinos to UK playersOperates casino comparison sites targeting UK trafficMcap Finance (Cayman) LtdCayman IslandsBeneficial owner Frank Finance B. Key individuals IndividualRole / CapacityLinked Entities / FunctionsMichele Andrula Teresa Yianni-Attardaka Michele Yianniaka Michele Yianni-AttardFounder/directorFuture Insight Consultancy (UK & Malta); possible hub for Blue Ocean, Lingo Ventures Malta Database+1Ohla Velyka Director/beneficial ownerMaxify FinanceAntal Szemere Director/beneficial ownerBlue Ocean Development AI LtdEva Kamenyeva Director/beneficial ownerLingo Ventures LtdRenat NadyukovDirectorFrank Finance LtdYuejun Liu aka Yue Jun LiuChrysoula Tzagkidou TraverseTraverse LimitedMacy Maria O’SheaOperations DirectorFuture Insight Consultancy Ltd; forwards complaints to clients’ “compliance” teamsChrysoula Tzagkidou Director/beneficial ownerTerraverse LtdOlena AndreouFormer director/beneficial owner/Person with Significant Control (PSC)Terraverse Ltd / Interray Ltd – UK programming firm linked to Curaçao MCC-misuseMihails DubrovPSC / directorMYDATES LTD / Grottobook.com – dissolved UK “web portal” merchant used in casino flows Call for Information FinTelegram will continue to investigate the Future Insight / Whitehall Place hub and its apparent role in routing payments for offshore casinos. We invite insiders, former employees, compliance staff, and affected players with knowledge of: Future Insight’s real role for Blue Ocean, Lingo Ventures, Frank Finance, Maxify Finance; Any acquiring bank or processor relationships behind Terraverse, TraverseTraverse, MyDates / Grottobook; Internal policies on MCC assignment and gambling merchant onboarding; to contact us confidentially via our whistleblower platform Whistle42.com. Share Information via Whistle42 As this case shows, one persistent player can expose a whole hidden payment infrastructure.

The U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) has moved against a network of ten Mexico-based casinos it claims are controlled by a criminal group laundering funds for the Sinaloa Cartel. Using its Section 311 powers, FinCEN proposes to cut these gambling venues off from the U.S. financial system via correspondent-banking restrictions. Key Facts Action: FinCEN issues a finding and Notice of Proposed Rulemaking (NPRM) under Section 311 of the USA PATRIOT Act (Source: FinCEN.gov). Scope: Transactions involving 10 named Mexican gambling establishments (Emine, Mirage, Midas, Palermo, Skampa casinos) are deemed a class of transactions of primary money laundering concern. Measure: Proposed “Special Measure 5” – prohibiting U.S. covered financial institutions from maintaining correspondent accounts used to process transactions involving these casinos. Context: Parallel OFAC sanctions on the Hysa Organized Crime Group and 27 related entities, coordinated with the Mexican government, which has frozen accounts of multiple betting houses (Source: U.S. Department of the Treasury). Reporting: No new SAR obligation, but institutions are asked to flag relevant SARs with the label “FIN-311-Gambling-Establishments.” Short Analysis FinCEN’s move is a textbook example of how the U.S. now weaponises the infrastructure of global finance against organised crime. Rather than only sanctioning individuals or companies, the bureau designates a class of transactions—here, payments involving ten identified casinos—as inherently high-risk and seeks to choke them off at the level of U.S. correspondent banking. The finding asserts that these casinos have for years funneled illicit payments to senior Sinaloa Cartel figures and even received instructions on how to defeat AML screening. FinCEN.gov+1 Combined with OFAC’s blocking sanctions on the Hysa network and Mexico’s own asset freezes, this is a triangular enforcement model: (1) sanctions, (2) Section 311 de-risking of the banking perimeter, and (3) domestic actions by partner FIUs. For compliance officers, this is another signal that gambling—especially cross-border casino flows—sits firmly in the “cartel finance” red zone. Operationally, FinCEN’s approach is also procedural: there is an NPRM with a 30-day comment period before the rule becomes final, but institutions are expected to react now—updating screening lists, reviewing correspondent relationships and nested accounts, and recalibrating SAR narratives using the prescribed keyword tag. At the same time, FinCEN prominently advertises its whistleblower program, signalling that banks, staff and intermediaries who see violations of the eventual special measure can monetise inside knowledge if it leads to penalties above USD 1 million. For global banks, this is not just a Mexico story. Any institution maintaining U.S. dollar correspondent accounts must ensure those accounts are not used—directly or indirectly—to clear payments for the listed casinos or their banking partners. Failure to do so risks not only enforcement under the Bank Secrecy Act but also reputational damage for “facilitating cartel finance” in a sector that FinCEN has now publicly labelled a primary money-laundering concern. Call for Information FinTelegram is monitoring cross-border gambling, cartel finance, and bank exposure to Mexican casinos. Insiders at financial institutions, payment providers, casino operators, or regulators who have information on these or similar laundering structures are invited to submit documents and tips—securely and, if desired, anonymously—via Whistle42.com. Share Information via Whistle42

FinTelegram has received an extensive email chain from a UK player and other victims alleging that the Estonian Niko Technologies OÜ (brand: Niko-Tech / Elegro) is prolifically facilitating payments for unlicensed online casinos, including Curacao-licensed operators targeting self-excluded UK players. The correspondence paints a picture of transaction masking, misleading merchant descriptors and stonewalling of refund requests. From “technical provider” to alleged transaction launderer Victims report bank statements showing descriptors such as “Nikotpf” and Active Web Ltd / Realmtix, while the actual spending took place at unlicensed casinos such as Goldenbet. According to the emails, these transactions were miscoded under non-gambling MCCs to bypass bank gambling blocks and the UK GamStop self-exclusion regime. Niko’s support repeatedly replies that it is only a technical gateway, does not hold client funds and that players must contact their bank or the “merchant” – despite the processor’s own brand appearing as the payment descriptor. Corporate footprint vs. compliance marketing Corporate records show Niko Technologies OÜ, reg. 14511282 in Estonia, with Ukrainian national Yurii Lamdan as 100% shareholder and board member. The company reports multi-million euro financial services turnover in recent years (Source: Inforegister). In parallel, Niko advertises itself as a FINTRAC-registered Money Service Business in Canada, offering FX, money transfer and virtual currency services, emphasising PCI DSS Level 1 and “Compliance & Transparency in Modern Payments.” This public marketing stands in sharp contrast to the victim reports and forum discussions around its role in high-risk gambling flows. Public complaints and UK regulatory angle On Trustpilot, Niko Technologies currently shows a 100% one-star profile, with multiple reviews explicitly accusing the company of processing payments for illegal casinos, using masked MCCs and being “the same as Elegro” (Source: Trustpilot). CasinoGuru forum threads link Active Web Ltd / Realmtix.com as the merchant of record for Goldenbet deposits, again in the context of Curacao-licensed casinos using incorrect merchant category codes to slip through banking controls (Source: Casino Guru). Separately, the UK Financial Conduct Authority (FCA) has issued a warning naming Elegro / Niko Technologies as an unauthorised firm targeting UK consumers (Source: FCA). Taken together, these strands suggest a recurring pattern: Niko-linked brands sitting in the payment chain of non-UK-licensed casinos aggressively advertising to UK players, including those deliberately seeking “Non-GamStop” casinos. Compliance assessment – open questions From an AML and card-scheme perspective, the key red flags are: Transaction laundering / MCC masking via front merchants such as Active Web / Realmtix instead of transparently coding gambling transactions. Facilitation of unlicensed remote gambling into the UK, where operators must hold a UKGC licence and payment intermediaries are expected to conduct jurisdictional checks. FINTRAC and Estonian AML duties: a regulated MSB and financial-services company cannot simply hide behind “we are only technical” when confronted with detailed evidence of repeated, similar complaints. At the time of writing, Niko’s responses in the email chain focus on disclaiming responsibility; they do not address the core allegations of transaction masking, merchant vetting or SAR/STR filing. FinTelegram will continue to monitor Niko Technologies, related brands (Elegro, Realmtix/Active Web) and their casino clients as part of our Crypto Payment Processor Watch series, alongside earlier reports on PayOp, Swapped and other high-risk processors. Key Summary Table TypeBrand / NameDomains / ReferencesLegal Entity / PositionJurisdiction(s)Key IndividualsPayment provider / FinTechNiko Technologies / Niko-Tech / “Nikotpf” descriptorniko-technologies.eu, niko-tech.eu; Niko Payments app; AML policy & “Regulation” pages Niko Technologies OÜ, reg. 14511282 (Estonia), licensed virtual currency / financial services provider; MSB registered with FINTRAC (Canada) Estonia (incorporation & FIU FVT000416); Canada (FINTRAC MSB); UK branch registered at Companies House Yurii Lamdan – founder, board member, 100% shareholder / beneficial owner, MLRO (per AML rules) Payment / crypto brand in same groupElegroelegro.eu; Elegro crypto payment plugin; Elegro wallet apps (Source: WordPress.com)Not a separate UK-authorised PSP; FCA lists “Elegro / Niko Technologies – www.elegro.eu” as an unauthorised firm FCAEstonia / cross-border into UK (per FCA warning)(Operated/marketed by Niko Technologies group; no separate directors publicly listed in FCA warning) FCA+1Cover merchant / frontRealmtixrealmtix.com; Active Web Limited, company no. 15057358, 27 Old Gloucester Street, London WC1N 3AX; SIC 47910 (online retail) United KingdomDirectors/PSCs include Dawid Patryk Gulbicki (current PSC), Group / individualYurii LamdanPublic profiles and registry entries tied to Niko Technologies; speaker at Global Blockchain Congress 100% shareholder and beneficial owner of Niko Technologies OÜ; management board member since 2018; MLRO and board signatory on AML policy Ukrainian national; resident in Ukraine; controls multiple Estonian entities (Niko Technologies OÜ, TwinRivers OÜ) —Merchant aggregation / Niko group entityTwinRivers OÜNo consumer-facing domain identified; appears in Estonian registry at same Tallinn address TwinRivers OÜ, Estonian company 16186277; 100% owned and managed by Yurii Lamdan EstoniaYurii Lamdan – board member and sole shareholder RegulationFINTRAC (Canada)Cited in Niko’s AML policy and website as its MSB supervisor Canadian federal FIU and AML supervisor for MSBsCanada— Call for information – Whistle42 We explicitly invite players, former staff, PSP partners and bank insiders with knowledge of Niko Technologies, Elegro, Realmtix/Active Web, Goldenbet or similar schemes to contact us confidentially via our whistleblower platform Whistle42. Transaction logs, merchant onboarding documents, internal emails or compliance reports are particularly valuable. Share Informatin via Whistle42

EuroJust, in partnership with Europol and law enforcement from ten countries, coordinated a major cybercrime operation named Operation Endgame, culminating in November 2025. This operation illustrates the EU’s strategic, cross-border approach to dismantling serious cybercriminal infrastructure responsible for malware distribution, particularly infostealers, Remote Access Trojans (RATs), and botnets. Key Action Points: Coordinated International Effort: 10 countries participated (including Germany, France, Netherlands, Denmark, UK, US, Australia, and Canada), demonstrating strong judicial and law enforcement collaboration. Infrastructure Disruption: Authorities dismantled 1,025 servers and seized 20 criminal domain names, targeting infostealer and botnet networks that infected hundreds of thousands of computers globally. Arrest and Evidence Collection: The primary suspect linked to the VenomRAT was arrested in Greece, and authorities conducted 11 searches, seizing login data for over 100,000 cryptocurrency wallets. Operational Support: EuroJust enabled real-time judicial request handling and live communication between prosecutors; Europol provided analytic, forensic, and crypto-tracing support. Infostealing Cybercrime Context: Infostealing malware (like Rhadamanthys and VenomRAT) is designed to covertly extract sensitive information—such as passwords, banking credentials, email, messaging, and cryptocurrency wallet data—from victims’ devices. The stolen data is then used in secondary crimes including financial fraud and identity theft. Infostealers: Malicious programs deployed via phishing emails or fake antivirus pages that harvest data from browsers and apps. “Rhadamanthys” is a recent example sold as “malware-as-a-service.” Botnets: Networks of infected computers controlled remotely by criminals. Botnets enable large-scale data theft and facilitate further cyber-attacks. Remote Access Trojans (RATs): Tools that permit attackers to control compromised computers remotely. “VenomRAT” enabled full unauthorized access to victim systems. EU Judicial Cooperation Model: EuroJust acts as the central hub for legal coordination across member and partner states, enabling quick evidence sharing, synchronized enforcement timelines, and harmonized takedowns. This approach targets the cybercrime “kill chain” early—disrupting ransomware and data theft operations before further harm can occur. Key Compliance and Regulatory Takeaways: Cross-Jurisdictional Action: Modern cybercrime often transcends national borders. EuroJust’s collaborative network streamlines investigations, arrests, and evidence handling. Public-Private Partnership: The operation involved cybersecurity firms as crucial partners, reflecting the need for industry expertise. Crypto Asset Seizure: The identification and seizure of illicitly obtained cryptocurrency highlights the evolution of financial crime enforcement into the digital asset realm. Focus on Prevention: By proactively shutting down malware infrastructure, authorities lowered risk exposure for millions of individuals and businesses worldwide. Conclusion: Operation Endgame marks an advanced example of coordinated EU and international cybercrime enforcement, targeting the core infrastructure behind modern infostealing and botnet attacks. The model employed by EuroJust demonstrates best practices in transnational compliance, regulatory synchronization, and public-private partnership—crucial elements for modern cybercrime response and prevention . Share Information via Whistle42

Dream Finance Group promotes CoinsPaid and CryptoProcessing as top-tier crypto payment processors, boasting hundreds of millions of euros in monthly volume and more than 800,000 transactions. Yet external traffic data show only tens of thousands of visits to their main and app domains – an unusually weak digital footprint for such allegedly massive flows. Key Facts Dream Finance Group operates CoinsPaid (coinspaid.com) and CryptoProcessing (cryptoprocessing.com) as its main payment brands (Source: Cryptoprocessing). CryptoProcessing has publicly claimed €875m+ monthly turnover and ~850k transactions per month (Source: Cryptoprocessing). CoinsPaid marketing materials refer to €700m+ monthly volume and a leading market position as a crypto payment processor (Source: Cryptoprocessing). According to Similarweb data reviewed by FinTelegram, coinspaid.com had <60,000 visits and cryptoprocessing.com <30,000 visits in October 2025 – far below what one would expect for processors of this size. CoinsPaid’s transactional endpoints (e.g. app.coinspaid.com) and CryptoProcessing’s main domain likewise show negligible visible traffic in Similarweb, suggesting heavy reliance on server-to-server/API flows rather than browser-based checkouts. Public partner and award write-ups repeat Dream Finance’s volume claims but do not provide independent verification or audited numbers (Sources: Finery Markets, BVNK). Short Analysis From a pure tech perspective, an API-first B2B gateway can process large volumes with little visible web traffic: merchants integrate once, servers talk directly to CoinsPaid’s API, and a blockchain watcher plus webhooks can register deposits without any browser ever touching coinspaid.com. That explanation is technically plausible and must be acknowledged. However, the combination of very aggressive self-reported volumes and a strikingly weak digital footprint remains unusual. Processors that genuinely handle close to a billion euros a month typically have broader online visibility: more merchants, more dashboard logins, more docs, and support traffic. Here, external data suggest a highly concentrated client base in high-risk verticals, not a widely adopted PSP with thousands of small merchants. There is also a structural transparency issue. Dream Finance’s turnover numbers are self-reported, echoed by partners and award platforms, and may count multiple legs of the same flow (crypto in, FX, internal transfer, fiat out) as separate “turnover.” Without audited financials, on-chain flow analysis, or merchant-level data, these marketing figures cannot be independently validated and should be treated with caution. For regulators, banks, and merchants, the mismatch between headline volumes and digital footprint is therefore a material red flag and merits closer supervisory and counterparty scrutiny. Call for Information FinTelegram is expanding its investigation into Dream Finance Group, CoinsPaid, and CryptoProcessing. We invite current and former employees, merchants, compliance officers, and technology partners to share information, internal dashboards, contracts, or technical documentation regarding actual processing volumes and client structures. Submissions can be made confidentially via Whistle42.com, where whistleblowers may also receive tokenized rewards for substantiated evidence. Share Information via Whistle42

As Payeer faces EU sanctions and operational shutdown, scammers are exploiting the chaos by impersonating Payeer support to defraud customers through classic advance-fee scams. FinTelegram has received credible reports of fraudulent “support teams” demanding multiple cryptocurrency deposits from victims under false pretenses—representing a dangerous escalation of the compliance crisis we documented in our previous report on legitimate account freezes. The Advance-Fee Scam Pattern A Payeer customer contacted FinTelegram reporting a sophisticated impersonation scam exhibiting textbook advance-fee fraud characteristics:​ Sequential Fee Extraction: Initial “additional deposit” requested after original payment Tron (TRC20) network commission demanded Ethereum (ERC20) network commission required $225 USDT deposit “NOT on TRC20 or ERC20” (deliberate technical confusion) Additional $250 USD deposit requested Communication ceased after final payment All deposits remain “pending” with no access to funds Critical Red Flags: This pattern represents a classic 419-style advance-fee scam—each payment supposedly unlocks the next step toward accessing funds, but requirements constantly change to extract more money. Once the victim stops paying, scammers disappear.​ Legitimate Payeer vs. Impersonation Scam AspectLegitimate PayeerImpersonation ScamSupport ContactOfficial ticket system via payeer.com, client@payeer.com​Direct messages, external email, WhatsApp, TelegramFee StructureTransparent fees on website, automatically deducted from transactionsMultiple upfront “deposits” required before withdrawalWithdrawal ProcessDirect withdrawal from account balance, standard processing“Pending” status with endless additional fee requestsAccount AccessCustomer controls account (unless legitimately frozen)Customer told they must pay fees to “unlock” own fundsCommunicationProfessional responses through official channelsInformal communication; stops responding after payments No legitimate payment processor ever requires customers to make external deposits to access their own funds. Fees are deducted from transaction balances—not demanded as upfront payments.​ How This Scam Exploits Payeer’s Sanctions Crisis This impersonation fraud is directly enabled by Payeer’s current operational chaos: Timing Exploitation: Scammers target victims during the November 24, 2025 withdrawal deadline, when genuine Payeer customers are anxious about accessing funds before the EU sanctions take full effect.​ Confusion Amplification: Our previous report documented that legitimate Payeer customers face frozen accounts, unresponsive support, and withdrawal difficulties. Scammers exploit this by presenting their fraud as “additional verification” or “compliance requirements”—making victims believe the bizarre fee requests are part of Payeer’s dysfunctional sanctions response.​ Read our Payeer reports here. Trust Erosion: Payeer’s documented history of compliance failures, Lithuanian fines (€9.3 million), and sanctions violations creates an environment where customers expect unprofessional behavior and confusing demands. This makes impersonation scams harder to distinguish from legitimate operational dysfunction.​ Support Vacuum: With Payeer’s customer service overwhelmed (or deliberately unresponsive) during the EU/Russia exit process, scammers fill the void by offering “immediate assistance” through unofficial channels.​ Dual Crisis: Legitimate Freezes + Impersonation Fraud FinTelegram’s investigation reveals two concurrent threats to Payeer customers: Crisis 1: Legitimate Account Freezes (Previous Report) Real Payeer accounts frozen during mandatory withdrawal window Customers cannot withdraw despite November 24 deadline​ Payeer support unresponsive or demands “additional verification” Genuine compliance dysfunction trapping legitimate funds Crisis 2: Impersonation Advance-Fee Scams (This Report) Scammers impersonate Payeer support via external channels Victims manipulated into making multiple “fee” deposits Funds never unlocked; scammers disappear after payments No connection to real Payeer accounts or legitimate platform The convergence is devastating: Customers with genuine Payeer problems cannot distinguish legitimate (dysfunctional) support from criminal impersonators. Both patterns involve frozen funds, confusing demands, and unresponsive communication. Critical Assessment: 99% Certainty of Impersonation Based on the reported fee pattern, this is almost certainly NOT legitimate Payeer but criminal impersonation: Definitive Indicators: Legitimate payment processors deduct fees from account balances, never demand external deposits​ Sequential “unlocking” payments are the hallmark of 419 advance-fee scams​ Technical obfuscation (“NOT TRC20/ERC20”) designed to confuse victims and delay recognition Communication cessation after payment extraction is textbook scammer behavior​ How the Scam Likely Originated: Victim may have deposited funds to a fake Payeer-impersonating platform​ Or victim contacted scammers through phishing emails/social media claiming to be Payeer support​​ Scammers show fake “account balance” to create illusion of trapped funds​ Each “fee” supposedly unlocks withdrawal but only triggers next demand Victim eventually realizes fraud, but cryptocurrency payments are irrecoverable This pattern exactly matches documented cryptocurrency platform impersonation scams cataloged by law enforcement, consumer protection agencies, and fraud databases.​ Recommendations for Affected Customers If You Believe You’re Communicating with Real Payeer: Verify immediately: Contact Payeer ONLY through official website support system (payeer.com) or client@payeer.com​ Never make external deposits: Legitimate platforms deduct fees from your account balance​ Ignore unofficial channels: Payeer does not provide support via WhatsApp, Telegram, personal email, or social media direct messages Stop all payments: If “support” demands deposits before withdrawal, you’re being scammed If You’ve Already Paid “Fees”: Stop immediately: Do not make additional payments regardless of threats or promises Document everything: Save all communications, wallet addresses, transaction IDs (TXIDs), screenshots​ Report to authorities: Local police and cybercrime units​ FBI IC3 (Internet Crime Complaint Center) at ic3.gov​ FTC at reportfraud.ftc.gov​ UK Action Fraud or relevant national fraud reporting center Report to legitimate Payeer: File report through official payeer.com support to warn platform of impersonators​ Contact cryptocurrency exchanges: If scammer wallets are identified, report to major exchanges for potential freezing​ Warn others: Share your experience on fraud reporting platforms like BBB Scam Tracker, Trustpilot, and Reddit communities​ Distinguishing Real Payeer Problems from Scams: You likely have a REAL Payeer problem if: You can log into your actual Payeer account at payeer.com Account shows frozen status or withdrawal restrictions Communication occurs through official ticket system Payeer requests identity documents (not cryptocurrency deposits) You are being SCAMMED if: “Support” contacts you via WhatsApp, Telegram, personal email Demands external cryptocurrency deposits to “unlock” funds Each payment triggers new “fee” requirements Cannot verify communication through official payeer.com website “Support” stops responding after you stop paying FinTelegram’s Previous Warnings Validated FinTelegram has monitored Payeer’s high-risk operations for years, warning about:​ Lithuanian €9.3 million fine for sanctions violations (July 2024)​ Estonian license revocation (January 2023)​ EU sanctions designation (October 2025)​ Account freezing during withdrawal deadline (November 2025)​ This impersonation scam epidemic directly results from Payeer’s compliance failures and operational chaos. The platform’s documented history of regulatory violations created an environment where customers expect dysfunction—making them vulnerable to sophisticated impersonation fraud. Call for Information FinTelegram urgently requests reports from both categories of affected customers: Category 1: Legitimate Payeer Account Holders Accounts frozen during withdrawal window despite November 24 deadline Unresponsive official support preventing fund access Evidence of Payeer’s operational status and customer treatment Category 2: Impersonation Scam Victims Documentation of “support” communications demanding fee deposits Wallet addresses and transaction IDs where deposits were sent Screenshots of fake platforms or impersonator communications Submit confidential information via Whistle42 or contact FinTelegram directly. Your reports help protect the broader crypto community from both legitimate platform dysfunction and criminal impersonation schemes. Share Information via Whistle42 The November 24 deadline is 10 days away. Legitimate Payeer customers face a race against time while scammers exploit the chaos. Only through transparency, documentation, and coordinated reporting can we distinguish genuine compliance failures from criminal fraud—and hold both accountable.

Complaint Letter Exposes Payment Processor’s Role in Facilitating Unauthorized Casino Payments Through Clear Junction The high-risk payment processor PayOp (PayOp.com) and its Chief Executive Officer Anastasia Semenkova are facing serious questions after FinTelegram received a formal complaint letter from a UK customer detailing £3,675 in unauthorized gambling-related transactions processed through the platform in July-August 2025. The correspondence, which escalates previous complaints filed through PayOp’s support channels, demands immediate refunds, merchant disclosure, and compliance transparency regarding the company’s facilitation of payments to unlicensed online casinos targeting UK consumers.​ Customer complaint to PayOp CEO Anastasia Semenkova The customer explicitly references FinTelegram’s investigative reporting from October-November 2025, highlighting PayOp‘s involvement with high-risk and unlicensed gambling operators, stating that this public scrutiny “underscores the importance of timely transparency and compliance review”. Her complaint reveals that payments were processed through Clear Junction Ltd (clearjunction.com), the FCA-authorized e-money institution that maintains a partnership with PayOp to provide UK and European payment infrastructure.​ The Clear Junction Connection: Pay by Bank as Gateway for Illegal Gambling The complaint specifically identifies transactions processed via “Pay by bank” transfers facilitated by Clear Junction Ltd (Sort Code: 04-13-07, Account Number: 29904109). This payment method, which PayOp has actively promoted as part of its service offering, allows direct bank-to-bank transfers using open banking technology. The partnership between PayOp and Clear Junction was established in 2021 to “enhance [PayOp’s] bank transfer infrastructure” and provide access to UK and European payment methods.​ However, the use of this legitimate financial infrastructure to facilitate payments to unlicensed gambling operators raises critical questions about both PayOp’s merchant vetting procedures and Clear Junction’s oversight of how its payment rails are being utilized. Clear Junction Ltd is registered in the UK and authorized by the Financial Conduct Authority (FRN: 900684) as an electronic money institution, making its involvement in potentially illegal gambling transactions particularly concerning from a regulatory perspective.​ A Pattern of Facilitating Illegal Online Casino Operations FinTelegram has extensively documented PayOp’s role as a payment facilitator for illegal online casinos. Most notably, the company has been identified as the payment processor for Rolletto, an online casino operated by Cyprus-registered Santeda International B.V. that does not hold a UK Gambling Commission license. Under Section 33 of the Gambling Act 2005, offering gambling services to UK consumers without proper licensing constitutes a criminal offense.​ Read our PayOp reports here. FinTelegram’s July 2024 investigation revealed how PayOp processed a series of unauthorized transactions for Rolletto between May 24-25, 2024, involving multiple UK bank accounts, including Monzo, HSBC, and Barclays. The transactions were directed through the same Clear Junction infrastructure now referenced in the complaint. These cases demonstrate a systematic pattern rather than isolated incidents.​ Critically, these illegal operations specifically target UK consumers registered with GamStop, the mandatory self-exclusion scheme designed to protect vulnerable individuals from gambling-related harm. By processing payments for operators that deliberately circumvent GamStop protections, PayOp is not merely facilitating illegal gambling—it is enabling the exploitation of the most vulnerable players who have actively sought protection.​ Merchant Miscoding and Transaction Laundering The complaint references concerns about proper merchant identification and coding—issues that have emerged repeatedly in investigations of PayOp’s operations. While the complainent requests full disclosure of merchant details, including Merchant Category Codes (MCC), merchant IDs, and authorization codes, previous FinTelegram reporting has revealed that illegal casinos using PayOp’s services frequently employ miscoded transactions to disguise gambling payments.​ Legitimate gambling transactions should be coded under MCC 7995 (Betting, including Lottery Tickets, Casino Gaming Chips, Off-Track Betting, and Wagers at Race Tracks). However, victims have reported transactions appearing under false merchant names such as “Fomiline,” “Goriwire,” “Bitsent,” “Wintermdse,” and “Arcomet”—a practice known as transaction masking or merchant miscoding. This deliberate misrepresentation is considered fraudulent activity under payment network rules and allows illegal operators to bypass UK banking blocks on gambling transactions.​ Such miscoding practices violate PayOp’s own terms and conditions, which explicitly prohibit payments to entities offering illegal gambling services and require merchants to have all necessary authorizations and licenses. The company’s terms also empower PayOp to “annul any suspicious or fraudulent transactions and report them to authorities”. Yet multiple customer complaints and Trustpilot reviews indicate the company consistently fails to take such actions.​ PayOp’s Corporate Structure and Regulatory Status PayOp operates through Transferop Payment Gateway Ltd, a money service business registered with FINTRAC Canada (registration number M22769088), and Fintech Decision Pte. Ltd, registered with the Monetary Authority of Singapore (MAS). The company was founded in 2019 and has most of its operational team based in Ukraine. Anastasia Semenkova, who joined PayOp in 2019 as a Sales Manager, was appointed CEO in January 2024.​ While PayOp holds registrations with Canadian and Singaporean authorities, these regulatory frameworks focus primarily on money laundering and terrorist financing prevention rather than the specific compliance obligations that apply to gambling payment processing. Notably, neither FINTRAC nor MAS regulatory status provides authorization to facilitate payments for unlicensed gambling operators targeting jurisdictions where such operations are illegal.​ The company’s partnership with Clear Junction theoretically provides access to FCA-regulated payment infrastructure. However, this arrangement raises questions about the adequacy of Clear Junction’s due diligence regarding its payment processor clients and the end-use of its payment rails.​ Mounting Customer Complaints and Regulatory Scrutiny PayOp‘s Trustpilot page has become a litany of complaints from gambling addiction victims and customers seeking refunds for transactions processed to illegal casinos. Review after review describes the same pattern: PayOp processes payments to unlicensed UK casinos, customers discover the operators are illegal, PayOp refuses to reverse transactions or provide merchant information, and the company responds with identical template messages claiming they are merely a neutral payment processor.​ One reviewer stated: “PayOp/Transferop in partnership with Clearjunction, Tink and Yapily process transactions for illegal/unlicenced casinos. They have been doing this for years and causing considerable harm to vulnerable people.” Another noted: “There is clear evidence that Payop is the final recipient of funds that are then forwarded to illegal casinos operating without proper licenses. According to their own public responses, they ‘vet’ their merchants—meaning they are fully aware of whom they are partnering with.”​ Multiple reviewers have reported filing complaints with FINTRAC, the FCA, the UK Gambling Commission, Action Fraud, and other regulatory authorities. The consistency of these complaints—spanning multiple years and involving the same illegal casino operators—demonstrates that PayOp’s facilitation of illegal gambling is neither inadvertent nor short-term.​ CEO Semenkova’s Silence and Corporate Accountability PayOp CEO Ansastasia Semenkova Despite receiving formal complaints—including the detailed correspondence sent to her directly as CEO—Anastasia Semenkova has remained publicly silent on PayOp‘s role in facilitating illegal gambling operations. This silence is particularly notable given Semenkova’s public profile as a fintech leader who has given interviews about payment processing, fraud prevention, and compliance.​​ In a March 2024 interview with SafetyDetectives following her CEO appointment, Semenkova discussed PayOp‘s services and future direction. Yet there is no public acknowledgment of the mounting evidence that the company she leads systematically processes payments for illegal gambling operators that exploit vulnerable individuals.​ The complaint—which explicitly names Semenkova in her capacity as CEO and references her LinkedIn profile—demands direct accountability at the executive level. The letter requests immediate confirmation of a compliance officer contact and expects “a substantive response without further delay”. This escalation to the CEO level reflects the apparent failure of PayOp‘s support and compliance teams to address the underlying issues despite months of customer complaints.​ AML and KYC Failures The systematic nature of PayOp’s facilitation of illegal gambling raises serious questions about the company’s Anti-Money Laundering (AML) and Know Your Customer (KYC) compliance procedures. Multiple customer reviews explicitly reference violations of EU AML Directives (4th, 5th, and 6th), stating that PayOp demonstrates “willful participation or, at the very least, gross negligence in breaching KYC and AML obligations”.​ As a FINTRAC-registered money service business, PayOp is required to implement robust AML compliance programs, conduct customer due diligence, monitor transactions for suspicious activity, and file Suspicious Activity Reports (SARs) when appropriate. McColl’s complaint specifically requests “confirmation of any internal compliance review or SAR relating to these transactions” and copies of any such reports pursuant to GDPR/Data Protection rights.​ The evidence suggests PayOp either lacks adequate compliance controls or chooses not to enforce them when profitable relationships with high-risk merchants are at stake. The company’s terms and conditions explicitly authorize it to suspend merchants, reverse fraudulent transactions, and report illegal activities to authorities. Yet customers report that PayOp consistently refuses to take such actions even when presented with clear evidence of illegal gambling operations.​ Legal and Regulatory Implications The legal exposure for PayOp, Clear Junction, and their executives is substantial. Section 33 of the Gambling Act 2005 creates criminal liability not only for unlicensed operators but also for those who facilitate such operations. The offense is committed when facilities for gambling are provided to UK consumers without appropriate licensing, and when the provider “knows or should know that the facilities are or are likely to be used” in Great Britain.​ Given the volume of customer complaints, regulatory reporting, and investigative journalism documenting PayOp’s role in facilitating illegal UK gambling, it becomes increasingly difficult for the company and its CEO to claim they did not know or should not have known about the illegal nature of the transactions they were processing. Customer correspondence explicitly informing PayOp that specific merchants are unlicensed creates a clear record of knowledge.​ Beyond criminal gambling law violations, PayOp faces potential regulatory action from FINTRAC, MAS, and the FCA (through its relationship with Clear Junction) for AML compliance failures. Payment service providers that fail to implement adequate controls to prevent money laundering and fraud processing face significant penalties including license revocation, substantial fines, and reputational damage.​ Questions That Demand Answers Anastasia Semenkova and PayOp must address fundamental questions: Why does PayOp continue to process payments for operators like Rolletto and other Santeda International casinos that demonstrably lack UK Gambling Commission licenses?​ What merchant vetting procedures does PayOp employ, and why have these procedures consistently failed to identify unlicensed gambling operators?​ Has PayOp filed Suspicious Activity Reports regarding transactions to unlicensed gambling operators, as required under AML regulations?​ What oversight does Clear Junction exercise over PayOp’s use of its payment infrastructure, and is the FCA aware that Clear Junction’s rails are being used to facilitate illegal gambling?​ Why does PayOp systematically refuse to refund customers who provide evidence that transactions were processed to illegal operators in violation of PayOp’s own terms and conditions?​ What specific actions has CEO Semenkova taken since assuming leadership in January 2024 to address the documented pattern of facilitating illegal gambling operations?​ The complaint letter from Janet McColl represents far more than a single customer dispute. It is a detailed indictment of a payment processor that appears to systematically prioritize transaction volumes and fee revenue over legal compliance and consumer protection. The reference to FinTelegram’s reporting in the complaint demonstrates that customers are becoming increasingly informed about the payment infrastructure that enables illegal gambling—and increasingly willing to hold that infrastructure accountable.​ Key Business Metrics MetricValuePayOp Trading NamePayOpWebsitehttps://payop.comPayOp Legal EntityTransferop Payment Gateway Ltd / FinTech Decision Pte LtdPayOp Registration (Canada)FINTRAC Registered MSBPayOp Registration (Singapore)MAS Regulated (Singapore)PayOp Founded2016PayOp HeadquartersVancouver, Canada / Singapore / UkraineCountries Coverage170+ countriesPayment Methods Supported500+ payment methodsCurrencies Supported100+ currenciesTarget IndustriesHigh-risk: Gambling, Gaming, Forex, CryptoPartnership (2021)Strategic Partnership (Nov 2021)Key Personnel (PayOp)Anastasia Semenkova (CEO), Denys Myloserdov Call for Whistleblowers and Victims FinTelegram urgently calls on insiders, players, victims, and other whistleblowers to come forward with additional information about PayOp, Clear Junction, and their facilitation of illegal online casino operations. If you have experienced unauthorized gambling transactions processed through PayOp or Clear Junction, if you have internal knowledge of these companies’ merchant vetting or compliance procedures, or if you possess documents relating to their relationships with unlicensed gambling operators, please submit this information through FinTelegram’s Whistle42 whistleblower platform. Share Information via Whistle42 Submit your information to Whistle42 today. Together, we can demand transparency, accountability, and protection for consumers in the financial services industry.

Background & Career Brigitte Häuser-Axtner is a German banking and payments executive who rose through the ranks of the now-collapsed Wirecard Group. Industry publications describe her as Vice President Digital Sales and later Executive Vice President Sales Digital Goods at Wirecard AG – a front-row role in the group’s global digital payments expansion (Source: Computerwoche). In parallel, corporate filings show her as a managing director of Wirecard Asia Holding Pte Ltd in Singapore, making her one of the key decision-makers in the group’s Asian hub – the very perimeter where the Wirecard balance-sheet fraud and “third-party partner” myth later imploded (Source: Wirecard Filing). The Asia–OCAP Nexus Häuser-Axtner’s name has surfaced repeatedly in connection with the controversial oCap Management structure in Singapore. Parliamentary testimony before the German Bundestag highlighted a potential double conflict of interest: oCap’s managing director, Carlos Häuser – a long-time Wirecard executive – was married to Häuser-Axtner, while Wirecard Asia Holding had extended a loan to oCap. Financial press and investigative reporting later suggested that Wirecard may have been “looted” in its final phase via such related-party loans – with Wirecard Asia Holding and its directors sitting at a critical junction (Source: ft.com). Arrest in Singapore – Operation “Chargeback” On 4 November 2025, Singapore police arrested Häuser-Axtner on the basis of a German arrest warrant, as part of the Europol-coordinated Operation “Chargeback”, a global crackdown on subscription fraud and credit-card laundering networks (Source: StraitsTies.com). According to German authorities, she is wanted for the alleged formation of a criminal organisation abroad, computer fraud, gang-related offences and money laundering under German jurisdiction. Singaporean authorities emphasised that she is not accused of offences committed in Singapore itself; her arrest is purely in execution of the German request under the bilateral extradition treaty (Source: The Straits Times). Operation “Chargeback” targets three card-fraud networks that misused the data of more than 4.3 million cardholders across 193 countries, causing at least €300 million in damage – with Wirecard named by German media as one of four payment service providers whose infrastructure allegedly enabled the scheme (Source: Europol). Why Her Case Matters for the Wirecard Story FinTelegram has documented for years how Wirecard acted as a cyber-finance hub for high-risk merchants, online fraud and, in the case of Jan Marsalek, even alleged Russian intelligence operations. Read our Wirecard reports here. Häuser-Axtner’s arrest moves the scandal deeper into the operational heart of Wirecard’s Asian business. If prosecutors can prove that a former Wirecard Asia director helped facilitate global subscription fraud after the collapse narrative was already known, it would confirm a long-standing FinTelegram thesis: that Wirecard was not an isolated “black swan” but part of a broader, systemic failure of payment-sector compliance and supervision. At this stage, all allegations against Brigitte Häuser-Axtner remain unproven; she is entitled to the presumption of innocence. However, her profile – senior Wirecard deal-maker, Asia holding director, spouse of a related borrower, now an Operation “Chargeback” suspect – makes her one of the most important figures to watch as the Wirecard saga enters its next, law-enforcement-driven chapter. Share Information via Whistle42

Circle, a leading U.S. stablecoin issuer, delivered robust financial results in Q3 2025, beating market expectations on nearly all fronts. The company’s stellar growth highlights both Circle’s dominant position in the stablecoin landscape and the vital role stablecoins now play in digital finance. Significance of Stablecoins Stablecoins are digital assets pegged to traditional currencies, designed to enable frictionless transfers, trading, and payments on blockchain systems. As a bridge between traditional finance and cryptocurrencies, stablecoins offer price stability and are increasingly used in trading, cross-border payments, DeFi applications, and as a store of value. Their surging adoption reflects growing demand for transparent, efficient, and regulated digital currencies tied to real-world assets.​ Stablecoin Market Situation Q3 2025 Q3 2025 marked a record period for the stablecoin sector, with total market capitalization surging by $41 billion to $311 billion—the largest quarterly expansion since 2021. Trading volumes topped $10 trillion, more than doubling quarter-over-quarter, as active user counts climbed to new highs. USDC, Circle’s flagship dollar-backed stablecoin, strengthened its market share to 29% and accounted for over $73.7 billion in circulation, solidifying its role as a key liquidity driver and on- and off-ramp for both institutional and retail users.​ Circle’s Q3 2025 Financial Highlights Total revenue and reserve income: $740 million (up 66% year-over-year, beating consensus forecasts) Net income: $214 million (up 202% year-over-year) Adjusted EBITDA: $166 million (up 78%, margin of 57%) USDC in circulation: $73.7 billion (up 108% year-over-year) On-chain transaction volumes: $9.6 trillion (6.8x year-over-year growth) Cash and equivalents: $1.35 billion as of September 30, up from $1.12 billion in Q2 Earnings per share: $0.64 (vs. $0.22 estimated)​ This extraordinary performance was powered by rising USDC circulation, boosted platform adoption, and increasing reserve income amid high global interest rates. Operational leverage expanded, helping Circle outperform on profitability as well as top-line growth.​ Strategic and Market Implications The Q3 results underscore Circle’s resilience and its importance in the regulated stablecoin segment, especially following its successful public listing and the U.S. federal stablecoin framework enacted earlier this year. Accelerated adoption of USDC, new partnership integrations, and robust reserve management point to enduring demand for compliant digital dollars. Despite these achievements, Circle’s share price saw downward pressure in the aftermath of the report, reflecting investor concerns about future reserve yields amid potential interest rate cuts. Nonetheless, the strong quarter cements Circle as the sector’s prime beneficiary of the ongoing institutionalization and mainstreaming of stablecoins.​ Stablecoins have moved to the core of digital asset infrastructure, and Circle’s performance in Q3 2025 reflects the sector’s pivotal role in shaping the future of finance..

Former Wirecard Asia director Brigitte Häuser-Axtner, a German national wanted by prosecutors in Germany, has been arrested in Singapore under an extradition request. Her arrest is part of Operation “Chargeback”, a Europol-coordinated action against three fraud and money-laundering networks that allegedly abused the card data of more than 4.3 million victims in 193 countries, causing damages of over €300 million and misusing the infrastructure of four major German payment providers – one of them, according to Der Spiegel, being Wirecard. Key Points Arrest in Singapore: Häuser-Axtner was arrested on 4 November 2025 by the Singapore Police Force following a request from German authorities under an existing extradition treaty (Source: The Straits Times). Alleged offences: Germany wants her for suspected formation of a criminal organisation abroad, computer fraud, gang-related offences and money-laundering under German jurisdiction. Singapore police emphasised that, based on current information, she is not accused of committing crimes in Singapore (Source: The Straits Times). Operation Chargeback: The coordinated raid – dubbed “Operation Chargeback” – targeted three major fraud and money-laundering networks, involved 44 suspects, and has so far resulted in 18 arrests across Europe, North America and Asia. Scale of the scheme: Between 2016 and 2021, the networks allegedly abused card data from more than 4.3 million cardholders in 193 countries via low-value fake subscriptions (around €50) for porn, dating and streaming sites, processed through over 500 shell companies, generating losses exceeding €300 million. Misuse of German PSPs: Europol and German authorities say the networks compromised four large German payment service providers. While Europol did not name them, Der Spiegel identified Wirecard as one of the firms whose infrastructure was used. T Insiders under suspicion: At least six suspects, including executives and compliance officers, are accused of deliberately granting the networks access to payment infrastructure in return for payments – a direct hit to the credibility of compliance functions at the involved PSPs. Wirecard background: Häuser-Axtner previously held senior roles at Wirecard, including Vice President Digital Sales at Wirecard AG and managing director of Wirecard Asia Holding Pte Ltd, according to corporate documents and public profiles (Source: Computerwoche). Already on the radar: In the German Bundestag’s Wirecard inquiry, she was mentioned in connection with loans from Wirecard Asia Holding to OCAP, a company run by her husband, raising early red-flag questions about conflicts of interest and governance (Source: ft.com). Short Narrative On 4 November 2025, Singapore police quietly arrested Brigitte Häuser-Axtner at Germany’s request. Only days later, the operation was publicly revealed as part of “Operation Chargeback”, a Europol-driven crackdown on global subscription-fraud rings that had been siphoning money from millions of cardholders for years. According to the Singapore Police Force and reporting by The Straits Times, German authorities allege that Hauser-Axtner was involved in forming a criminal organisation abroad and in computer-fraud and money-laundering schemes. She is now facing extradition proceedings; a further court mention in Singapore has been scheduled, while German investigators continue to work the case. The underlying fraud scheme is staggering: from 2016 to 2021, credit-card data of more than 4.3 million individuals was used to push fake, low-value subscriptions for porn, dating and streaming offers through a web of hundreds of shell companies, mostly in the UK and Cyprus. The charges were kept small and vaguely labelled so cardholders would ignore them or not recognise them as fraud. At the centre: four major German payment processors whose acquiring and processing infrastructure, according to investigators, was infiltrated or compromised. One of those processors, unnamed in official Europol releases, has been identified by Der Spiegel as Wirecard – the now-insolvent fintech giant whose collapse in 2020 cost banks, investors and partners hundreds of millions of euros and remains one of Europe’s largest financial-crime cases. Extended Analysis – Wirecard’s Long Shadow and Compliance Failure 2.0 The arrest of Brigitte Häuser-Axtner demonstrates that Wirecard is far from a closed chapter. While former CEO Markus Braun is on trial in Munich and former COO Jan Marsalek is still at large, German authorities are now clearly turning their attention to secondary layers of the Wirecard network – regional directors, risk managers and compliance insiders who allegedly opened the doors for global fraud schemes. Open questions abound: What exactly is Häuser-Axtner alleged to have done? The German arrest warrant covers formation of a criminal organisation, computer fraud, gang-related offences and money-laundering, but the public documents do not yet spell out whether the accusations are limited to the fake-subscription scheme, to classic Wirecard balance-sheet fraud – or to both. How deep went the insider collusion? Europol says six suspects, including executives and compliance officers, are accused of actively facilitating access to payment systems for criminal networks. That means these were not merely “abused” PSPs; at least part of the criminality allegedly came from inside the house. Where were the regulators and card schemes? The scheme ran for five years, involved millions of cards and hundreds of shell merchants in high-risk verticals (porn, dating, streaming). Yet it took a pattern of suspicious-activity reports at Germany’s FIU and a multi-year, multi-country investigation to shut it down. Häuser-Axtner is not an unknown figure. She appears in Wirecard offering documents as a managing director of Wirecard Asia Holding Pte Ltd, alongside Jan Marsalek. Parliamentary testimony in the Bundestag’s Wirecard inquiry noted that the Asia entity granted a multi-million euro loan to OCAP, a company led by her husband Carlos Häuser – a transaction that already raised red flags about governance and related-party dealings long before the current fraud allegations (Source: dserver.bundestag.de). From a compliance perspective, Operation Chargeback looks less like a pure external hack of payment infrastructure and more like a textbook case of “Crime-as-a-Service” meeting weak – or complicit – internal controls: card data obtained via phishing and other cyber-fraud methods; funnelled into fake sites fronted by hundreds of shell companies; processed through major PSPs whose internal risk and AML systems either failed to detect the patterns or were actively overridden (Source: DIE WELT). For regulators, especially BaFin, the European Banking Authority and the card schemes, this raises an uncomfortable question: if a collapsed and disgraced payment champion like Wirecard can still appear in the centre of a 2025 enforcement operation, how robust are today’s gatekeepers in the high-risk PSP sector? Actionable Insight – What Banks, PSPs and Investors Should Do Now Re-screen ex-Wirecard staff: Financial institutions should systematically re-assess senior hires with Wirecard backgrounds, especially those who held roles in Asia, risk, compliance and merchant acquiring. Häuser-Axtner’s arrest shows that legal exposure for former insiders is far from over. Re-analyse historic merchant portfolios: Acquirers and card issuers should run retrospective analytics on transactions from 2016–2021 in the porn/dating/streaming verticals, with a special focus on sub-€50 recurring charges and shell-company patterns. Many victims may never have recognised the fraud. Demand transparency from PSPs: Investors in payments and fintech companies should now expect full disclosure on any past relationships with the networks implicated in Operation Chargeback, including cooperation with authorities and remedial measures taken. Call for Information – Help Map the Wirecard Aftermath FinTelegram will continue to follow Operation Chargeback and the proceedings against Brigitte Häuser-Axtner and other suspects in Germany and beyond. We are particularly interested in: Internal communications, risk reports or compliance memos from Wirecard or other unnamed PSPs relating to subscription merchants in high-risk verticals; Information on the use of shell companies in the UK, Cyprus or other jurisdictions to process online subscriptions; Details on the role of former Wirecard managers and compliance officers who later surfaced in other fintech or payment projects. Insiders, former staff, merchants and victims can contact us confidentially via our whistleblower platform Whistle42.com. Submissions can be made anonymously and will be handled with the utmost care. Share Information via Whistle42

Chinese fraudster Zhimin Qian – also known as “Yadi Zhang” – has been sentenced in London to 11 years and eight months for laundering billions in bitcoin linked to a vast Ponzi scheme that defrauded more than 128,000 investors in China. The UK’s largest-ever crypto seizure, more than 61,000 BTC, now sits at the centre of complex cross-border restitution battles. Key Facts Main actor: Zhimin Qian (aka Yadi Zhang), 46/47, Chinese national, dubbed a “bitcoin pioneer” and “cryptoqueen” (Source: theguardian.com). Scheme: High-yield crypto “investment” through Tianjin-based company Blue Sky, a classic Ponzi fraud running between 2014–2017 and targeting Chinese retail investors (Source: ft.com) Victims & damage: Over 128,000 victims, roughly 40bn yuan (~£4.3–4.6bn) raised, most converted into bitcoin. Flight & aliases: Fled China in 2017 via Myanmar, travelled on a St Kitts & Nevis passport, living in Europe under the alias Yadi Zhang and fantasising in diaries about ruling the micronation “Liberland”. UK laundering hub: Settled in London; attempted to turn BTC into real estate and luxury goods, including a £24m Hampstead property and Dubai homes, triggering suspicious activity reports (SARs). Crypto seizure: Met Police seized 61,000 BTC (then valued around £5.5bn, now ≈£5bn) from a Hampstead house and safety deposit box – the UK’s largest recorded crypto seizure. Source: en.wikipedia.org). Arrest: After years on the run, Qian was tracked in early 2024 via activity on a long-dormant wallet and arrested in York with extra wallets holding c. £60m plus fake passports and cash. Co-defendants: Jian Wen, former takeaway worker, jailed May 2024 for 6y 8m for laundering part of the bitcoin and subject to a £3m recovery order. Seng Hok Ling, Malaysian associate, sentenced to 4y 11m for transferring criminal crypto assets (Source: MetPolice News). Current focus: Civil proceedings to decide how much of the seized bitcoin can be returned to victims in China and what may ultimately be retained by UK authorities (Source: APNews.com) Short Analysis The Chinese cryptoqueen Zhimin Qian From a cybercrime and AML perspective, the Qian case is a textbook example of how early-stage crypto hype, weak retail protection, and golden-passport arbitrage can be weaponised at scale. A China-centred Ponzi scheme was rapidly transformed into a cross-border money-laundering operation using bitcoin as the primary value rail, routed through high-end London real estate and offshore identities. The investigation also shows the maturing of crypto-forensics and SAR-driven policing. Qian’s downfall began when a £24m property deal in London tripped AML alarms. Blockchain traces, seized devices, and international evidence from Chinese authorities eventually tied 61,000 BTC back to a mass-victim Ponzi in Tianjin, allowing prosecutors to frame the proceeds as criminal property under the UK Proceeds of Crime Act (POCA). Finally, the unresolved question is victim restitution vs. state recovery. Thousands of Chinese victims lost life savings and homes, while the seized bitcoin has massively appreciated. The ongoing civil fight over who benefits from that uplift underscores an uncomfortable policy gap: existing confiscation regimes were not designed for volatile, cross-border digital assets on this scale. Call for Information FinTelegram continues to map high-risk crypto investment schemes and cross-border laundering networks connected to this case and similar operations. Insiders, compliance officers, affected investors, or professionals with information about Blue Sky, related investment vehicles, facilitators, or service providers are invited to submit information confidentially via Whistle42.com. Share Information via Whistle42

The whistleblower has provided critical intelligence revealing that Ethereum wallet 0xab47bd435cd07300e912bdf8373e2d0145dce690 serves as a payroll distribution node for unregulated forex boiler rooms in Cyprus, processing over $20 million per month in employee payments. Funds originate from CoinsPaid and AlphaPo, two crypto payment processors that function as a single criminal infrastructure despite appearing as separate entities. Critical Discoveries The CoinsPaid-AlphaPo Connection: The investigation confirms these are not independent companies but a unified payment processing network:​ Shared ownership: Alexander Horst Riedinger (beneficial owner), Max Krupyshev (CEO), Ivan Montik (hidden controller)​ Same compliance department: Violating fundamental AML principles​ Identical technology: Both use Merkeleon white-label software​ Financial interdependence: AlphaPo funded CoinsPaid salaries after 2023 hack​ Simultaneous hacks: Both hit by North Korean Lazarus Group on same day (July 22, 2023), losing $97.3 million combined​ The $20M Monthly Payroll Operation: Based on documented Cyprus boiler room economics, this scale indicates: 300-500+ employees: Front-line sales agents plus support staff Major international operation: Consistent with the €600 million fraud network dismantled in October 2025​ Cyprus hub: Limassol call centers targeting European victims​ Recent Enforcement Context: Between October 27-29, 2025, European authorities raided Cyprus boiler rooms, arresting several suspects (seven in Limassol) connected to a €600 million cryptocurrency fraud network. The wallet’s November 5, 2025, transaction of 300,000 USDC occurred one week after these raids, suggesting continued operations or emergency fund movements.​ Money Laundering Infrastructure Transaction Flow: Victims deposit to fake forex platforms Funds processed through CoinsPaid/AlphaPo merchant accounts Converted to USDC and transferred to wallet 0xab47bd435cd07300e912bdf8373e2d0145dce690 Disbursed to employee wallets or cash-out services in Cyprus Converted to EUR via crypto ATMs, OTC desks, or complicit money service businesses Red Flags: Large round-number USDC transfers (300,000 USDC) Exclusive stablecoin usage indicating commercial operations Timing correlation with law enforcement actions High transaction velocity consistent with payroll distribution Regulatory Failures Estonian FIU: Despite licensing Dream Finance OÜ (CoinsPaid), appears unable to monitor cross-border crypto flows effectively​ CySEC (Cyprus): Former chairman admitted “ineffective supervision”; multiple boiler rooms operate despite regulatory presence​ Jurisdictional Arbitrage: CoinsPaid/AlphaPo exploit gaps between Estonia, Cyprus, Saint Vincent, Curaçao, and El Salvador regulations​ Call for Whistleblower Information The report includes an urgent request for insiders to provide: Evidence of connections between CoinsPaid/AlphaPo and this wallet Merchant client lists showing boiler room accounts KYC documentation for wallet beneficiaries Details of Cyprus boiler room structures and payroll processes Internal compliance concerns that were ignored Share Information via Whistle42

A 2019 €50 million deal over the BeFree/Softswiss gambling empire has spiralled into a cross-border legal war: liquidation proceedings in the BVI, a massive defamation and hacking lawsuit in Tel Aviv, and now a corporate arbitration in Vienna. FinTelegram explains the dispute that pits Softswiss founders against their Israeli–BVI investors. 1. The commercial core: Softswiss and BeFree According to the BVI Court of Appeal, the underlying business is the Softswiss Group, an online gambling / iGaming software group held through Befree Limited, a Cypriot company. Originally, Befree was beneficially owned by Softswiss founders Dzmitry Yaikau and Ivan Montik via two Cypriot vehicles, Primefuture Limited and Bitcapital Limited. In April 2019, BVI company Capital WW Investment Limited (major shareholder: Reza/Revaz Megrelishvili) entered into a Share Purchase Agreement (SPA) with Primefuture and Bitcapital to acquire 60% of Befree for €50 million. The purchase price was partly funded by a €30m loan from BVI company Tall Trade Limited under a 24 May 2019 Loan Agreement. On 30 July 2019, Capital WW became the registered holder of 60% of Befree. A Shareholders’ Agreement (SHA) required that at least 50% of Befree’s net profits be distributed as dividends to shareholders at least every six months; the first dividend was due no later than 30 April 2020 – but no dividends were ever paid. Under the Loan Agreement, Capital WW had to start repaying quarterly instalments (at least €2m each) from 8 September 2019 onwards, regardless of whether it received dividends from Befree. Capital WW did not repay the first tranche and never repaid subsequent instalments. This commercial structure is the backbone of all later litigation. 2. The BVI insolvency case: Tall Trade v. Capital WW 2.1. Tall Trade’s winding-up application Because Capital WW failed to pay, Tall Trade served a statutory demand on 13 December 2019, then applied in February 2020 to appoint liquidators over Capital WW. A first liquidation application lapsed automatically after six months; Tall Trade filed a second one in October 2020. Capital WW resisted liquidation on two main grounds: Cross-claim for conspiracy – it alleged Tall Trade (through its beneficial owner Roland Isaev) conspired with the Softswiss founders (beneficial owners of Primefuture and Bitcapital) to withhold Befree dividends, starving Capital WW of cash so it would default on the loan. Improper purpose – that Tall Trade’s winding-up petition was part of this alleged wider conspiracy to force Capital WW into insolvency and regain control of BeFree and the the Softswiss Group on the cheap. Capital WW relied heavily on hacked Telegram messages to support this conspiracy theory. Learn more about the BeFree court findings here. 2.2. First-instance judgment (Jack J) and the role of hacked messages Jack J in the BVI Commercial Court: Refused to admit the hacked Telegram messages under section 125 of the Evidence Act 2006, after balancing their probative value against the way they were obtained. Held that Capital WW had taken no effective steps to enforce dividend rights (e.g., arbitration under the SHA or suing the alleged conspirators). Found no sufficient evidence of an actionable conspiracy involving Tall Trade or Isaev, even assuming the messages were considered. Emphasised that Capital WW’s obligation to service the loan was independent of dividends, under clause 5 of the Loan Agreement. Concluded that Tall Trade was a creditor of an insolvent company and properly appointed liquidators over Capital WW. 2.3. Court of Appeal: liquidation confirmed In January 2022, the Eastern Caribbean Court of Appeal dismissed Capital WW’s appeal and affirmed liquidation. Key points: The alleged conspiracy was not supported by sufficient evidence; Capital WW failed to meet even a relatively low threshold for an actionable conspiracy cross-claim. The trial judge’s decision to exclude the hacked Telegram messages was a proper exercise of discretion under the Evidence Act and was not perverse.Tall Trade Befree Softswiss BVI… Capital WW remained in persistent default under the loan and had done nothing to obtain dividends or otherwise enforce its shareholder rights – undermining its claim of being the victim of others’ wrongdoing.Tall Trade Befree Softswiss BVI… Bottom line in BVI: The courts treated this as a straightforward case of an unpaid loan to an insolvent holding company, not as a proven conspiracy by the Softswiss founders or Isaev. Capital WW is now in liquidation, with any “conspiracy” claim left as a potential asset in the liquidator’s hands. Read our Softswiss reports here. 3. The Israeli proceedings: BeFree dispute + alleged smear campaign 3.1. Parties and claims In Tel Aviv District Court case 22978-01-22 (Montik & Others v. Megrelashvili & Others), the Softswiss side (plaintiffs) is: Ivan Montik Pavel Kashuba (Softswiss/Dream Finance figure) Dzmitry (Dmitry) Yaikau The defendants (and counter-claimants) include: Revaz (Reza) Megrelishvili Ofer (Josh) Baazov – Israeli-Canadian tech and gambling entrepreneur, former PokerStars owner Avraham Ben-Elisha A fourth counter-defendant (Roland Isaev) is mentioned in the Tel Aviv protocol as a “defendant on counter-claim”. This Tel Aviv case combines: Corporate/commercial claims arising out of the BeFree/Softswiss deal (essentially the same 2019 transaction structure seen in the BVI case). Defamation and cyber-smear claims, alleging an aggressive online and hacking campaign. 3.2. Alleged global smear and hacking operation Calcalist/CTech and Ynet report that the lawsuit in Tel Aviv revolves around accusations of a massive global smear campaign targeting the Softswiss founders and their Russian partner, Roland Isaev. According to the claim and the media coverage: After the BeFree financial dispute erupted, an alleged campaign was launched involving: Around 1,000 anonymous videos posted online, some styled as news or investigative reports. Distribution across 300+ websites accusing the Softswiss founders of fraud, theft, money laundering, and alleging links between Isaev and the murder of a Bulgarian journalist. Targeted sending of these videos and links to Softswiss employees, including explicit threatening messages, some signed as “The Israeli Intelligence” or impersonating a well-known Israeli cyber firm. The plaintiffs allege that materials used in this smear campaign were obtained via illegal hacking of phones and servers. Calcalist further reports that: The Belarusians (Montik, Yaikau, Kashuba, Isaev) hired Israeli cyber-security consultant Gabi Alon to investigate. Alon and his team allegedly uncovered a hacking operation run by Sagi Lahmi, described as Baazov’s “right-hand man,” who supposedly hired a Jewish-Russian hacker to infiltrate the phones and servers of the plaintiffs and others. Chat logs cited in the article show detailed discussions about: “Mirroring” phones (full remote access). Hacking WhatsApp, Telegram, Signal, email. A “price list” for each hack: e.g. €35,000 for a server, €45,000 for WhatsApp, higher packages for full device takeover. Specific targets: Kashuba, Isaev, Alon. Baazov and his co-defendants deny these allegations and argue in their defence and counterclaim that: They were victims of fraud and a “sophisticated sting” in the BeFree investment. The Belarusians and Isaev use the Israeli defamation lawsuit as part of a cross-border campaign to intimidate and defame them. They have filed a counterclaim of roughly NIS 93 million alleging conspiracy, fraud and an online smear effort by the Softswiss/Isaev side. The Tel Aviv District Court has already ruled that the defamation suit is not vexatious and can properly be heard in Israel. 3.3. Latest procedural twist: sending the corporate fight to Vienna In a more recent order (2024/2025), the Tel Aviv court records that: The plaintiffs on the counterclaim (Montik, Kashuba, Yaikau) and counter-defendants 1–3 (Megrelishvili, Baazov, Ben-Elisha) agreed that their corporate disputes would be resolved by arbitration at the Vienna International Arbitral Centre (VIAC) in Vienna, Austria. On that basis, the court ordered a stay of proceedings with respect to those corporate / shareholder disputes. The fourth counter-defendant (Isaev) is not a party to this arbitration agreement.CoinsPaid Court Order Israel In other words: Corporate and shareholder issues (ownership rights in BeFree/Softswiss, performance of the SPA/SHA, alleged fraud in the investment) are being moved to confidential arbitration in Vienna. The defamation / smear / hacking issues remain with the Tel Aviv District Court. This mirrors the BVI pattern: hard corporate questions (dividends, shareholder rights, loan servicing) are pulled into technical insolvency and arbitration forums, while reputation and cyber-war issues play out in public in Israel. 4. How the BVI and Israeli cases fit together Putting it all together: Same asset, different fora: At the centre is control over the Softswiss / BeFree structure – important in global online gambling and related payment flows. Same people, shifting alliances: On one side: Softswiss founders Montik, Yaikau, their associate Kashuba, and Russian partner Roland Isaev. On the other: the “investor” camp – Reza Megrelishvili, Ofer Baazov, Avraham Ben-Elisha and their BVI vehicle Capital WW. BVI outcome: Courts treat it as a pure insolvency problem: Capital WW borrowed €30m, didn’t pay it back, and failed to prove any actionable conspiracy against Tall Trade / Isaev; the company is wound up. Israel/Vienna outcome (so far): Defamation & cyber-smear: A live case in Tel Aviv alleging large-scale online attacks and hacking, with detailed media reporting on alleged hacker contracts and price lists. Corporate / ownership issues: Now pushed into VIAC arbitration in Vienna, away from the public eye. From a legal-analysis perspective: The BVI courts have already signalled scepticism toward conspiracy narratives when not backed by solid, admissible evidence – especially where key evidence is illegally obtained communications. The Tel Aviv court, by contrast, has accepted jurisdiction over the defamation case and is now being fed extensive materials about alleged hacking and smear operations through evidence gathered by cyber experts and a co-operating hacker. The shift to Vienna arbitration means the true commercial terms of the BeFree/Softswiss deal and any alleged fraud around it may never be fully visible to the public, unless an award is later challenged or enforced in a public court. 5. Why this matters for FinTelegram readers For FinTelegram, this multi-jurisdiction litigation is significant because: Softswiss, and the related structures around Dream Finance / CoinsPaid, Chance Foundation, and others, sit in the middle of Europe-facing online gambling and crypto-payments ecosystems. The disputes hint at: Serious disagreements over beneficial ownership and control, Alleged use of covert cyber-operations and smear campaigns to tilt corporate disputes, and Potential regulatory and AML/KYC red flags where beneficial ownership structures and financing flows are opaque. The fact that: A BVI Court of Appeal decision, A major defamation and hacking proceeding in Tel Aviv, and A VIAC arbitration in Vienna all stem from the same 2019 BeFree/Softswiss transaction suggests that the corporate and reputational risks around this group are far from resolved. Summarizing Table Here’s a compact overview table you can plug into the report: Name / BrandTypeJurisdiction / SeatSide in DisputeRole in Softswiss–BeFree CaseSoftswissBrand / corporate group (iGaming platform)Operated via Befree Ltd (Cyprus) and other offshore entitiesCore asset contested by both campsOnline gambling / iGaming software group whose ownership and profit rights (via Befree) are at the heart of the BVI, Israeli and Vienna disputes.Befree LimitedHolding companyCyprusCentral vehicleCypriot holding company through which Softswiss is controlled; 60% sold to Capital WW for €50m in 2019, triggering the later conflict.Capital WW Investment Limited (in liquidation)Investment / holding companyBritish Virgin IslandsInvestor camp (Baazov / Megrelishvili)Bought 60% of Befree under the SPA; borrowed €30m from Tall Trade; defaulted and was wound up in BVI after failing to repay and failing with a conspiracy defence.Tall Trade LimitedCreditor / SPVBritish Virgin IslandsSoftswiss/Isaev campLender of €30m to Capital WW; petitioned to liquidate Capital WW in BVI; alleged by Capital WW to be part of a conspiracy but courts rejected that and appointed liquidators.Primefuture LimitedShareholder vehicleCyprusSoftswiss founders’ campFormer shareholder of Befree; held Softswiss interests beneficially for Dzmitry Yaikau and sold part of them to Capital WW under the SPA.Bitcapital LimitedShareholder vehicleCyprusSoftswiss founders’ campFormer shareholder of Befree; held Softswiss interests beneficially for Ivan Montik and co-sold to Capital WW under the SPA.Ivan MontikIndividual (Softswiss co-founder)Belarusian national (multi-jurisdictional business)Plaintiff in IsraelCo-founder and major beneficial owner of Softswiss (via Bitcapital/Primefuture); plaintiff in the Tel Aviv defamation/hacking suit, alleging a smear and cyber-attack campaign by the investor side.Dzmitry (Dmitry) YaikauIndividual (Softswiss co-owner)BelarusianPlaintiff in IsraelCo-owner of Softswiss via Primefuture; part of the “Belarusian plaintiffs” in Tel Aviv and alleged hacking target (phone “mirroring” operations).Pavel KashubaIndividual (Softswiss / Dream Finance figure)BelarusianPlaintiff in IsraelSenior partner with Montik and Yaikau; co-plaintiff in Tel Aviv; one of the main targets of the alleged hacking (WhatsApp/Telegram/Signal “mirroring”).Revaz (Reza) MegrelishviliIndividual investorIsraeli / Georgian businessmanInvestor camp / defendant & counter-claimantMajority shareholder of Capital WW; claims he was cheated out of his 60% Befree stake; defendant in the Israeli defamation case and plaintiff in a NIS 90m+ counterclaim for conspiracy and fraud.Ofer BaazovIndividual investor / gambling entrepreneurIsraeli-CanadianInvestor camp / key defendantHigh-profile gambling and tech investor; central defendant in the Tel Aviv suit; accused of orchestrating an online smear and hacking campaign; he denies this and claims the Belarusians defrauded and persecuted him.Avraham Ben-ElishaIndividual investorIsraeliInvestor camp / defendant & counter-claimantAssociate of Baazov and Megrelishvili; co-defendant in the defamation action and co-plaintiff in the large Israeli counterclaim over the BeFree investment.Roland IsaevIndividual (beneficial owner of Tall Trade; Softswiss partner)Russian businessmanSoftswiss/creditor camp; also targetAlleged UBO of Tall Trade; portrayed by Capital WW as part of a “Befree conspirators” group in BVI (allegation rejected by the courts); also a central victim/target in the alleged Israeli hacking and smear operations.Sagi LahmiIndividual (alleged operations man)IsraeliInvestor camp operativeDescribed in Israeli media as Baazov’s “right-hand man”; allegedly hired a Jewish-Russian hacker to break into phones/servers of Montik, Kashuba, Isaev and investigator Gabi Alon as part of the dispute.Gabi AlonIndividual (cyber/security consultant)IsraeliSoftswiss side expertCyber-security consultant hired by the Belarusian side to trace the source of defamatory videos and hacking; key witness exposing Lahmi’s and the hacker’s activities in Israel and Cyprus.Unnamed Jewish-Russian hackerIndividual (cooperating hacker)Based partly in Cyprus / Russia (per media)Third-party operative / witnessAllegedly hired by Lahmi for illegal intrusions; later cooperated with Alon’s team, providing recordings that document a detailed hacking “price list” and operations against the Softswiss side.Tel Aviv District CourtCourtIsraelNeutral forumHearing the mutual defamation and hacking claims between the Belarusian (Softswiss) camp and the Israeli investor camp; has ruled the case is not vexatious and should proceed in Israel.BVI Commercial Court & Eastern Caribbean Court of AppealCourtsBritish Virgin IslandsNeutral forumDecided the Tall Trade v. Capital WW winding-up proceedings, excluded hacked Telegram evidence, and confirmed liquidation of Capital WW.Vienna International Arbitral Centre (VIAC)Arbitral institutionVienna, AustriaNeutral forumChosen forum (per shareholder arrangements and Israeli court order) for the corporate/shareholder disputes over BeFree/Softswiss between the founders’ camp and the investor camp; running in parallel to the Tel Aviv defamation case. 6. Call for information – Whistle42 FinTelegram will continue to track: The Vienna arbitration on the BeFree/Softswiss corporate dispute, The ongoing Tel Aviv defamation and hacking case, and Any knock-on effects for Softswiss, Dream Finance / CoinsPaid, and associated structures. We explicitly invite insiders, former employees, business partners, technical contractors, and advisers with knowledge of: The BeFree / Softswiss share deals and internal shareholder agreements, The financing and beneficial ownership of Capital WW, Tall Trade, and related vehicles, Any use of cyber-hacking, fake news sites, paid content farms or reputation-management agencies in connection with this dispute, or The real UBO structure behind Softswiss, Dream Finance / CoinsPaid and allied entities, to contact us confidentially via our whistleblower platform Whistle42. All submissions will be treated with maximum care. Share Information via Whistle42

The so-called Chance Foundation (chance.foundation) presents itself as an “investment hub” for startups. Internal documents obtained by FinTelegram, however, show it structured as a private fund pooling the interests of Softswiss and CoinsPaid founders Ivan Montik, Pavel Kashuba, and Dzmitry Yaikau, with tentacles into iGaming, crypto payments and side tech ventures. Key Facts The website chance.foundation describes Chance Foundation as an “investment hub” that helps startups with capital, expertise and infrastructure – not as a charity. (Source: chance.foundation) An internal investor slide labels “Chance Foundation (private fund for investments)” and places it above three Cyprus vehicles: BITCAPITAL (UBO: Ivan Montik), PRIMEFUTURE (UBO: Dzmitry Yaikau) and WRU Investments (UBO: Pavel Kashuba). Chance Foundation UBOs The same slide connects Chance Foundation’s web to the Softswiss Group, Dream Finance OÜ / CoinsPaid, the Merkeleon Group, and the N1 casino cluster (N1 Interactive, N1 Bet Nigeria, N1 Ghana, N1 Greece and others). Chance Foundation UBOs Additional “side investments” shown under Chance Foundation include Hypetrain (Welmi Inc., USA), Deepcake Inc. (USA) and ProteiQ Biosciences GmbH (Germany). Chance Foundation UBOs A critical site run by former insiders claims “everything at CoinsPaid and the overall group under the ‘Chance Foundation’ is designed to make things as obscure as possible,” echoing the idea of a central but opaque ownership hub (Source: coinspaidscam.com) Parallel court proceedings in Tel Aviv between Montik, Kashuba, Yaikau and rival stakeholders highlight deep corporate conflicts around the Dream Finance / CoinsPaid perimeter; much of that dispute is now being shifted to arbitration in Vienna. Short Analysis Publicly, Chance Foundation markets itself as a neutral investment platform; internally, it is portrayed as a private fund pooling the economic interests of the Softswiss / CoinsPaid founders. The investor slide places Chance Foundation at the top of a dense structure of Cyprus, Malta, Estonia, Georgia, Ghana, Nigeria and Singapore entities, with clear lines down into Softswiss (iGaming software), the N1 casino brands, and Dream Finance / CoinsPaid (high-risk crypto payment processing). In substance, this looks less like a foundation in the philanthropic sense and more like a family-office-style control and capital hub. For AML, sanctions and supervisory audiences, this matters. If Chance Foundation is indeed the central allocation vehicle for Montik, Kashuba and Yaikau, then gambling operators, game studios and crypto PSPs that appear “separate” on paper may in fact be tightly related parties. This has implications for group-wide risk assessment, conflicts of interest (payments + casinos under one roof), and for tracing funds in the event of enforcement, insolvency or criminal proceedings. At the same time, the sparse public footprint of Chance Foundation – beyond its minimal website and scattered LinkedIn references – reinforces criticism that the group’s top-level ownership architecture is deliberately low-visibility. The Compliance Issue From a compliance perspective, the whistleblower material on Chance Foundation raises a fundamental red-flag: if the insider information about the ultimate beneficial owners of Softswiss and Dream Finance is accurate, then the beneficial-owner data filed in the company registers of Estonia, Lithuania, and Austria are materially wrong. These registers currently show Austrian citizen Alexander Horst Riedinger as UBO of A.R. Merkeleon and key Dream Finance (CoinsPaid) entities, while the Chance Foundation chart and insider testimony point instead to Ivan Montik, Pavel Kashuba and Dzmitry (Dmitry) Yaikau – together with Russians Roland Isaev and Paata Gamgoneishvili – as the true controlling beneficial owners of the Softswiss–CoinsPaid complex, with Max Krupyshev acting as CEO and director rather than ultimate owner. This picture is supported by the Polish commercial register entry for Dream Payments, where Krupyshev is listed as director and Yaikau as beneficial owner, This Polish entity holds the shares in Primefutures Ltd and WRU Investments Ltd in Cyprus. These are the companies that are said to be behind the Chance Foundation, alongside Ivan Montik’s BitCapital. More supporting evidence comes from the already reported lawsuits in Israel and the decided case in the British Virgin Islands, which both describe Montik, Kashuba, Yaikau, Isaev and Gamgoneishvili as economic controllers. In that scenario, the Estonian FIU, as competent AML authority for Dream Finance OÜ, would have received incorrect UBO information; under EU AML rules and corresponding national laws, knowingly providing false or misleading beneficial-owner data to registries or supervisors is a punishable offence and can lead to licence withdrawal, heavy fines, and personal liability for managers. Taken together, these indicators strongly suggest that Riedinger may be acting as a nominee / front man in the official filings – a constellation that, in FinTelegram’s assessment, warrants immediate scrutiny by the Estonian, Lithuanian, Austrian and Polish authorities. Brand / PersonTypeDomainsKey Legal Entities Key Individuals / UBOsRole in Chance Foundation / Softswiss–CoinsPaid NetworkChance FoundationInvestment hub / “private fund”chance.foundationChance Foundation (jurisdiction unclear – internal slide only) Chance Foundation UBOsUBO triangle: Ivan Montik, Pavel Kashuba, Dzmitry (Dmitry) YaikauPresented in internal materials as the top-level investment pool for the founders’ stakes in Softswiss, Dream Finance/CoinsPaid, Merkeleon, N1 and side tech/biotech bets. Chance Foundation UBOsSoftswissiGaming software / aggregator brandsoftswiss.comSoftSwiss Group entities; Dama N.V. (Curaçao) and other casino operators using SoftSwiss platform Ivan Montik (Belarusian UBO), Paata Gamgoneishvili & Roland Isaev (Russian UBOs, per FinTelegram intel) Core gambling tech and casino platform of the network; provides white-label casinos and game aggregation to N1 brands and other schemes; tightly linked to Merkeleon and CoinsPaid payment flows. Dream Finance GroupCoinsPaid / CryptoProcessing / Dream PaymentsCrypto PSP brandcoinspaid.com, cryptoprocessing.comDream Finance OÜ (Estonia – core entity), Dream Finance UAB (Lithuania), Dream Finance S.A. (other jurisdictions) Official BOs include Max Krupyshev (Ukrainian), Alexander Horst Riedinger (Austrian); group is also connected to the Chance/Softswiss UBO triangle via historic ownership and governance ties.Acts as the network’s crypto payment processor, funnelling gambling and high-risk merchant flows; marketed as “world-leading” crypto ecosystem but closely integrated with Softswiss casinos and Chance Foundation’s investment stack. N1 Casino / N1 Bet clusterB2C gambling brandsn1casino.com, n1casino.gr, n1-bet.ng, etc. Chance Foundation UBOsN1 Interactive Ltd (Malta), N1 Greece (Malta), N1 Interactive Africa (Nigeria), N1 Ghana, N1 Games RSD OOO (Serbia), N1 Capital (Malta) Chance Foundation UBOsUltimately linked to Chance Foundation UBOs (Montik/Kashuba/Yaikau) and Softswiss platform providers.Front-end casino brands of the ecosystem, running on Softswiss software and serviced by CoinsPaid/Dream Finance for crypto payments; economic proceeds roll up to the Chance Foundation ownership layer.SoftswissMGA-regulated gambling entity in Maltasoftswiss.comStable Aggregator LimitedMontik, Isaev, GamgoneishviliThe center piece of the Softswiss/Dream Finance hubMerkeleon / A.R. MerkeleonExchange / auction / payment softwaremerkeleon.comMerkeleon GmbH (Austria), Merkeleon Georgia LLC, Merkeleon Poland, related holding companiesControlled from the same owner circle around Montik, Isaev, Gamgoneishvili (per FinTelegram & OSINT). Acts as tech and payment infrastructure provider within the group (crypto exchanges, auction software), complementing Softswiss casinos and CoinsPaid payment processing. Side portfolio (Hypetrain, Deepcake, ProteiQ)VC-style portfolio brandshypetrain.io, deepcake.io, proteiq.com Chance Foundation UBOsWelmi Inc. (Delaware, USA), Deepcake Inc. (Delaware, USA), ProteiQ Biosciences GmbH (Germany) Chance Foundation UBOsBacked via Chance Foundation / UBO vehicles of Montik, Kashuba, Yaikau.Non-core VC / diversification bets (marketing tech, deepfake studio, biotech) that demonstrate Chance Foundation’s role as a broad investment hub beyond gambling and crypto.Ivan MontikPerson (UBO / founder)–BITCAPITAL (Cyprus); stakes in Softswiss; interests routed via Chance Foundation–Belarusian-born founder and key UBO of Softswiss and CoinsPaid, central architect of the Chance Foundation structure and historic driver of Softswiss, N1 and CoinsPaid alliances.Pavel KashubaPerson (UBO / investor)–WRU Investments (Cyprus); participations in Softswiss, N1 and CoinsPaid via Chance Foundation–Part of the Chance UBO triangle; long-time Softswiss/CoinsPaid insider; appears in Israeli litigation against Megrelashvili & others over control and smear-campaign allegations.Dzmitry YaikauDmitry YakauPerson (UBO / investor)–PRIMEFUTURE (Cyprus); stakes in Softswiss / N1 / CoinsPaid via Chance Foundation–Third member of the Chance UBO triangle; co-owner in Softswiss–N1–Merkeleon complex and party to Israeli proceedings alongside Montik and Kashuba.Max KrupyshevPerson (CEO / official BO)coinspaid.com, cryptoprocessing.comOfficial BO and Co-Founder & CEO of CoinsPaid / CryptoProcessing; linked to Dream Finance entities in Estonia, Lithuania and elsewhere.Public face of the CoinsPaid group; bridges the Dream Finance PSP business to regulators and partners.Director and CEO in the Dream Finance GroupPaata GamgoneishviliPerson (Russian–Georgian entrepreneur–Linked as UBO/beneficial stakeholder in Softswiss and Merkeleon structures (often together with Roland Isaev).UBO SoftswissUBO Softswiss Call for Information FinTelegram is continuing to map the Chance Foundation ecosystem and its links to Softswiss, Dream Finance / CoinsPaid, N1 casinos and related tech ventures. We invite current and former employees, advisers, business partners and banking contacts to provide documents, charts, contracts or internal presentations that clarify the true ownership and control structure of Chance Foundation and its portfolio companies. Information can be submitted securely via Whistle42.com. Share Information via Whistle42

An Israeli court has effectively moved the corporate heart of the CoinsPaid/Dream Finance crypto payment processor group conflict out of Tel Aviv and into Vienna arbitration, while ordering both camps to re-plead their mutual “smear campaign” allegations in far greater detail. The ruling reframes the dispute as a dual track: corporate control fight in Austria, defamation dogfight in Israel. Key Facts Civil case Montik & Others v. Megrelashvili & Others (22978-01-22) pits two former CoinsPaid/Dream Finance camps against each other: the alleged beneficial owners of the Dream Finance Group, Ivan Montik, Pavel Kashuba and Dmitry Yaikau (aka Dzmitry Yaikau aka Dmitry Yakau) versus Rivaz Megrelashvili, Ofer Josh Bazov and Ben Elisha Avraham, plus Roland Yakoblevich Ishaev as an additional defendant. Both sides accuse each other of running a massive online “smear campaign” – hundreds of videos, websites and posts allegedly targeting the opposing camp, framed as defamation and invasion of privacy. The counterclaim also bundles extensive corporate disputes relating to the parties’ former business relations, widely understood to include the Dream Finance/CoinsPaid universe. In March 2025, Judge Yaakov Shaked criticised the plaintiffs’ non-appearance, stressed the need for personal attendance, and floated a global solution: move both the main suit and counterclaim to arbitration in Austria, where the contracts’ arbitration clauses point. On 29 October 2025, Judge Amir Weitzenblit ordered that the corporate disputes between parties 1–3 on both sides be stayed and sent to VIAC arbitration in Vienna, while keeping defamation/privacy issues in Tel Aviv. Defendant 4 (Roland) is excluded from the arbitration agreement. The court sharply criticised both sides’ pleadings as “overly general” and ordered fully itemised defamation claims: each publication must be quoted verbatim, dated, located, linked to specific defendants, and tied to a concrete damages calculation. The counterclaim is split into two new proceedings: (i) publications/defamation vs. all four counter-defendants; and (ii) corporate disputes vs. Roland alone (including a controversial multi-million-shekel claim for “abuse of process”). Download the Court Order here (Hebrew). Short Analysis The Israeli court has drawn a hard line between business governance and reputation warfare around CoinsPaid and Dream Finance. The commercial and shareholder-style grievances – who controlled what, when, and under which agreements – will now be fought in confidential VIAC arbitration in Vienna, not in open Israeli court. For outside observers, this means that key evidence about ownership structures, profit allocation and decision-making in the Dream Finance/CoinsPaid complex will likely surface, if at all, only through leaks or later enforcement actions. At the same time, the Tel Aviv file is being pared down to a forensically clean defamation case. Judges Shaked and Weitzenblit have refused to tolerate vague accusations of “hundreds of videos” and “dozens of platforms” without citations. Each side must now pin its narrative to specific URLs, timestamps and quotes. For the broader CoinsPaid story – already under scrutiny for alleged compliance failures and opaque volume claims – this creates a rare opportunity: a future public record listing who published what about whom, and on which factual basis. In effect, the court is forcing the rival camps around CoinsPaid to move from information warfare to evidence-based litigation. Read our CoinsPaid reports here. Call for Information FinTelegram has reviewed the Israeli court decisions and related documents supplied by whistleblowers. We are now mapping the Vienna arbitration track and the Israeli defamation proceedings into the wider Dream Finance/CoinsPaid risk profile. We invite current and former insiders, counterparties, and legal advisers with knowledge of these disputes, the underlying shareholder agreements, or related arbitration filings to contact us via Whistle42.com. Share Information via Whistle42

How a Vienna “World Economic Council” Network Turned Up in the Middle of Secret-Service-Style Ops and Gold Deals The latest revelations by the Austrian news outlets Krone and News about the “forensic project” run through the law firm of Vienna attorney Stefan Prochaska add a new – and troubling – dimension to the already dramatic Signa/Benko scandal. They also sharpen the focus on the World Economic Council (WEC) network and its key figures, Thomas Limberger, Robert Schimanko, and Moshe Buller, about whom FinTelegram has been reporting for months. The Latest Exposures According to internal correspondence and billing records obtained by News and Krone, Prochaska’s firm coordinated a so-called “forensic” project for Signa in 2023, for which around EUR 800,000–1,000,000 in costs accrued – 90% of which were passed on as “third-party services”. These invoices reveal that external security contractors were embedded in the project, including the Estonian-Austrian security firm Seitenberg around Kyrill Lapin. Separately, documents published by News show that the Israeli ex-intelligence officer Moshe Buller and his International Intelligence Agency (IIA) were formally mandated by Signa in February 2023 to “investigate” long-time Benko confidant Dieter Berninghaus – an operation explicitly requested by “two senior Signa managers and a Vienna law firm.” Buller is not just any private operative: he appears as a “WEC Ambassador” on the website of the Vienna-registered World Economic Council GmbH (WEC) and was appointed by WEC in a formal letter in 2020 (read more here). The WEC has since removed the ambassadors from its website. Apparently, things have gotten a little too heated for people in the Signa/Benko camp. Download Moshe Buller’s Appointment Letter here. In parallel, FinTelegram has already documented how WEC leaders Limberger and Schimanko moved into the heart of the Benko foundation structure in late 2024 – just before and after the collapse of Signa – and how the INGBE Foundation in Liechtenstein then sold 360 kilograms of gold worth more than EUR 30 million in March 2025, while Benko was already in pre-trial detention (Sources: Krone, Puls24, FinTelegram). Taken together, these strands raise a central forensic question: Was the WEC network – directly or indirectly – part of a coordinated strategy to shield assets and manage intelligence operations for Benko, orchestrated via the law firm Prochaska? FinTelegram does not assert this as fact, but the pattern of overlaps demands closer scrutiny. 1. Prochaska’s “Forensic Project”: Legal Advice or Covert Operations Hub? The News article on “Benko-Anwalt Stefan Prochaska: Der Mann fürs Grobe” describes internal emails from Signa’s then CFO Arthur Mühlberger, who complains about the soaring costs of Prochaska’s “forensic” project – nearly EUR 1 million, largely composed of external “Fremdleistungen” (third-party services). Key points: Prochaska’s invoices to Signa contain high five-figure cash expenses and extensive “third-party” positions. In the billing details, the name of a staff member of Seitenberg, a security company with offices in Tallinn, Tbilisi and Vienna, appears repeatedly. The article notes that Prochaska and Seitenberg’s managing partner Kyrill L. are also linked corporately. The services were apparently re-invoiced via the law firm to Signa, with poor internal transparency, prompting Mühlberger to demand detailed breakdowns of all cash expenses and service logs. In a nutshell: Prochaska’s firm seems to have functioned as billing and coordination hub for opaque external “forensic” and security operations – a setup that offers both legal privilege and layering of responsibility. When we place this beside the operations documented for IIA/Moshe Buller, the picture sharpens: News shows a confidential IIA report in which Buller confirms that his agency was hired “in February 2023, after a meeting with the client” to investigate Berninghaus – expressly on behalf of Signa and Benko, commissioned by “two senior Signa managers and a law firm in Vienna.” News.at The objective was to determine whether Berninghaus was a “risk person” for Signa/Benko – the classic language of internal surveillance and control. The logical inference – which investigators will now have to test – is that Prochaska’s “forensic” budget may have served as an umbrella for such intelligence contracts, channeled through a legally privileged structure. 2. WEC Enters the Scene: Ambassadors, Foundations, and Gold FinTelegram has extensively mapped the World Economic Council (WEC) ecosystem: a for-profit GmbH in Vienna (WEC World Economic Council GmbH) with a deliberately WEF-like brand, tied to the Berlin-based NGO IWS-WEC, and closely interwoven with the SilverArrow Capital Group of bankers Thomas Limberger and Robert Schimanko. Read our reports on the WEC here. Some facts already established: WEC Board / Partners Thomas Limberger – former Oerlikon CEO, co-founder of WEC, SilverArrow partner. Robert Schimanko – former banker with past links to the Manhattan Investment Fund and Madoff feeder structures, WEC partner and IWS supervisory board member. Peter Nussbaum – WEC partner and chairman of IWS-WEC. WEC Ambassadors Moshe Buller – Israeli intelligence and cybersecurity specialist; founder of International Intelligence Agency (IIA); formally appointed as WEC Ambassador in 2020 and, according to Austrian media, engaged by Signa to spy on top manager Berninghaus and his family. US lawyer William H. Shawn. Benko Foundations In November 2024, Limberger and Schimanko joined the boards of the two key Benko foundations: Laura Privatstiftung (Austria) – Limberger as board member. INGBE Stiftung (Liechtenstein) – Schimanko as board member. Gold Sale On 11 March 2025, during Benko’s pre-trial detention, the INGBE Stiftung sold more than 360 kg of gold for around EUR 30 million, credited to an account at a Liechtenstein private bank. The sale triggered a suspicious transaction report to the Liechtenstein FIU, which was passed to the Austrian WKStA. Historical records show that INGBE held gold worth over EUR 81 million in 2021 and still around EUR 45 million in mid-2022, plus roughly EUR 23 million in cash and currency reserves. Read more about the Asset Whisperer Schminko here. The WKStA has described the gold sale as “practical rather than economic”, suggesting an intention to move assets beyond the grasp of European authorities and explicitly citing this as evidence of flight and concealment risk. It is against this backdrop that the presence of three WEC-linked figures – Limberger, Schimanko, and Buller – in the immediate operational environment of Benko’s asset structures and intelligence operations becomes highly relevant. 3. Hypothesis: Was WEC’s Network Part of a Pre-Collapse “Shielding” Strategy? FinTelegram emphasizes: At this stage, there is no judicial finding that WEC, its officers, or its ambassadors have committed crimes in the Benko matter. However, based on publicly available information, the following working hypothesis is reasonable and should be examined by investigators: Hypothesis:Starting no later than 2023, a network around WEC and its partners – including SilverArrow Capital and the IIA of WEC Ambassador Moshe Buller – was used, via the law firm of Stefan Prochaska, to gather intelligence on internal critics and key partners (e.g. Berninghaus) and to prepare and execute asset protection measures, including foundation restructuring and the monetisation/transfer of gold and other assets. This hypothesis is supported by: Temporal Sequence 2023: Prochaska’s “forensic project” with high external security costs; IIA/Buller mandated to surveil Berninghaus on behalf of Signa/Benko and a Viennese law firm. 2024: WEC partners Limberger and Schimanko move into two core Benko foundations. March 2025: INGBE (with Schimanko on board) sells 360 kg of gold for EUR 30+ million during Benko’s detention, triggering a money-laundering alert. Functional Roles Prochaska as legal coordinator and billing node for covert “forensic” and intelligence services. Buller/IIA as covert intelligence operator, officially mandated to monitor a key insider. Seitenberg as another security contractor integrated into the same cost structure. Limberger & Schimanko as post-collapse foundation controllers, overseeing structures that held significant hidden assets (gold and art). Organisational Overlay: WEC WEC is not an NGO but a private GmbH in Vienna, positioning itself – in its own marketing – as an elite economic council and global network. Its ambassador system (including Buller and US lawyer William H. Shawn) provides a ready-made international platform for intelligence, lobbying, and financial structuring around high-risk clients. From a forensic perspective, such a network has all the hallmarks of a dual-use structure: Outwardly: a high-end business and policy network. Inwardly: potentially a toolbox for crisis management, including information control, surveillance, and asset migration. Whether this toolbox was used to help locate missing investor money or to shield Benko’s private wealth from creditors is precisely the question prosecutors now need to resolve. 4. Key Questions for Prosecutors and Regulators FinTelegram believes the following questions are central and demand answers: Mandates & Money Flows Which exact mandates did the law firm of Stefan Prochaska sign in relation to “forensic” or security services for Signa? Did these mandates explicitly cover IIA/Moshe Buller, Seitenberg, or other WEC-linked persons or entities? Were WEC or SilverArrow-related entities directly or indirectly compensated from Signa, its subsidiaries, or Benko-controlled foundations? Role of WEC in Foundation Governance What was the concrete decision-making role of Limberger and Schimanko in the Laura and INGBE foundations, particularly in: the sale of 360 kg of gold, the movement of art and other high-value assets, any restructuring or change of beneficiaries? Did they approve or facilitate transactions that weakened creditor positions? Intelligence & Surveillance To what extent did IIA and other security contractors target journalists, former insiders, or critical business partners – and on whose legal instruction? Were these operations primarily for risk management – or to intimidate and silence potential witnesses and whistleblowers? WEC’s Governance & Discovery Duties Did WEC introduce internal policies to prevent its platform from being used in connection with controversial or criminal activities? Once the Signa situation escalated, were any steps taken within WEC or IWS-WEC to distance the organisation from Benko and his structures – or did integration deepen? 5. Call to Whistleblowers: Help Clarify WEC’s True Role FinTelegram and its German-language network platform Wiener Zocker see the emerging WEC–Benko–Prochaska–Buller constellation as a high-risk nexus at the intersection of: elite business networking, opaque foundation and offshore structures, and private intelligence operations targeting insiders and critics. We stress again: We are not accusing WEC, SilverArrow, or the individuals named of proven illegal conduct. We are, however, stating that the convergence of roles, timelines, and money flows raises serious and legitimate questions in one of Europe’s largest white-collar crime cases. To get to the bottom of this, we need insiders: Use our whistleblower platform Whistle42. The gold trail, the “forensic” invoices, and the WEC network are no longer just background noise – they may be central elements in understanding how assets and information were managed around René Benko and Signa. Share Information via Whistle42 We will continue to follow the money. And with your help, we will also follow the truth.

Meta Platforms is brazenly profiting from a torrent of fraudulent advertisements, prioritizing revenue over user safety and regulatory compliance. A Reuters investigation exposes that Meta projected 10% of its 2024 revenue—approximately $16 billion—from ads promoting scams and banned goods, while serving users an estimated 15 billion high-risk scam ads daily. Cory Doctorow’s Facebook Fraud Files analysis frames this as “enshittification,” where unchecked monopolies degrade services for profit, with Meta‘s anti-fraud teams hamstrung by quotas and revenue “guardrails” that shield high-spending scammers. Key Findings from Reuters Investigation Internal documents from 2021–2025 reveal Meta’s complicity: Scale of Fraud: Platforms like Facebook and Instagram host ads for counterfeit goods, crypto scams, illegal casinos, and sextortion schemes, contributing to one-third of all U.S. scams and 54% of UK payment-related losses. engadget.com Enforcement Failures: Meta ignores 96% of valid reports, slow-walks fixes, and applies “penalty bids” to suspect ads instead of bans, deeming it “easier to advertise scams on Meta than Google.” sfgate.com High-value accounts rack up 500+ violations without shutdowns if they exceed $135 million in revenue impact. thehill.com Real-World Harm: Victims suffer devastating losses—tens of thousands defrauded, teen suicides from sextortion—while Meta’s algorithms funnel more scams to affected users. archive.is Doctorow’s thread amplifies this, highlighting how fines pale against profits, enabling systemic neglect in a monopolistic environment. Implications for FinTelegram As a financial news and anti-scam platform, FinTelegram faces indirect risks: Meta’s ecosystem amplifies investment frauds, potentially eroding user trust if our content intersects with tainted promotions. Compliance gaps could expose us to regulatory scrutiny under U.S. SEC probes into Meta’s financial scam ads. Recommendations Immediate Actions: Audit Meta-linked promotions; enhance user education on scam indicators. Long-Term: Advocate for stricter ad regulations; collaborate with regulators to demand Meta accountability. Meta’s greed-fueled inaction is intolerable—fines must exceed profits to enforce change. This report underscores the urgent need for oversight. Failure to act perpetuates a fraudulent digital economy. Call for Information If you are a whistleblower, insider, or victim impacted by scam activities on Meta platforms like Facebook or Instagram, FinTelegram urges you to come forward. Share your experiences, evidence, or insights confidentially via our secure reporting portal at fintelegram.com/report or by emailing tips@fintelegram.com. Your input could expose more abuses, drive accountability, and protect others—together, we can dismantle this profit-driven fraud ecosystem. Share Information via Whistle42

Compliance Alert: Regulatory Violation Pattern Continues Payeer—the Russian-linked high-risk payment processor now under EU sanctions—is reportedly freezing customer accounts during the very withdrawal period meant to allow exit before full sanctions take effect on November 25, 2025. This development transforms a compliance crisis into potential customer fund seizure, continuing Payeer’s documented pattern of regulatory violations. The Sanctions Trap Mechanism Following Payeer’s inclusion in the EU’s 19th sanctions package (October 23, 2025), the platform announced a November 24, 2025, withdrawal deadline for Russian and EU customers. However, multiple customers now report accounts frozen precisely when they attempt to withdraw:​ Verified accounts suddenly require “additional” AML/KYC checks Communication ceases after document submission Withdrawal functions remain disabled despite compliance Significant sums at risk: Individual reports document $25,000+ frozen​ One affected customer states: “Payeer froze my account after full KYC/AML verification. They requested proof-of-funds documents, I submitted everything, and now they don’t respond. The system says withdraw by November 24, but I cannot access my funds.“​ Read our Payeer reports here. Deliberate Non-Compliance: A Documented Pattern FinTelegram has monitored Payeer’s compliance failures for years, issuing repeated warnings about this high-risk platform:​ July 2024: Lithuania imposed a record €9.3 million fine on Payeer for deliberately violating international sanctions—allowing Russian transactions through sanctioned banks while generating €164 million in revenue. Lithuanian authorities concluded Payeer “deliberately failed” to conduct proper customer identification “to avoid the loss of significant revenue“.​ January 2023: Estonia revoked Payeer’s VASP license, forcing relocation to Lithuania.​ October 2025: EU sanctions designated Payeer for “providing crypto-asset services undermining EU sanctions” and “facilitating transactions with sanctioned Russian banks“.​ The current account freezing during the withdrawal window fits this established pattern: prioritizing revenue retention over customer rights and regulatory compliance. Financial Reconciliation Analysis Payeer‘s business model relied heavily on sanctioned Russian customers and circumvention services. With €164 million+ in historical revenue from compliance violations, the platform now faces:​ Immediate revenue collapse from EU/Russia exit Outstanding Lithuanian fines (€9.3 million) Potential asset seizures under sanctions enforcement Customer withdrawal obligations during a 15-day window Freezing customer accounts during this window may represent a liquidity crisis disguised as compliance procedures—using “additional verification” to delay or prevent withdrawals the platform cannot honor. Urgent Recommendations for Affected Customers Document everything: Screenshots of account status, all communications, transaction histories, verification submissions File complaints immediately: Estonian Financial Intelligence Unit (FIU) Lithuanian Financial Crime Investigation Service (FCIS) Your national financial regulator Legal consultation: With November 24 approaching, seek immediate legal advice for potential fund recovery actions Public disclosure: Report incidents to consumer protection authorities and financial regulators Withdraw alternative funds: If you have accounts with other crypto platforms, exit immediately—Payeer’s collapse signals broader sector risk Call for Information FinTelegram urgently requests affected Payeer customers and insiders to come forward with evidence of account freezes, withdrawal denials, and internal operational details. This compliance failure affects potentially thousands of customers across the EU. Submit confidential information via Whistle42. Documentation of frozen accounts, communication records, and insider knowledge of Payeer‘s liquidity status are critical to protecting affected customers and exposing this sanctions evasion network.​ Share Information via Whistle42 The November 24 deadline is 15 days away. Time is running out for affected customers—but transparency and enforcement must prevail.

A forensic traffic and financial intelligence analysis of Dream Finance Group—through its operating brands CoinsPaid and CryptoProcessing—reveals an alarming chasm between the group’s loudly proclaimed transaction volumes/revenue and its digital footprint. The mismatch between claimed figures and observable web and API traffic not only defies industry logic but raises urgent questions about the veracity of the underlying business, the reliability of its financial reporting, and the effectiveness of compliance oversight in the Estonian crypto sector. Key Facts: The Dream Finance Group Claims CoinsPaid claims on its website CoinsPaid and CryptoProcessing market themselves as top global crypto processors, claiming a monthly volume of €700–800 million and over 800,000 transactions per month. CoinsPaid’s audited 2024 revenue: €32.4 million, with a >51% profit margin—a figure only reconcilable with implausibly low fees or grossly exaggerated transaction claims. Similarweb (October 2025): coinsPaid.com <60,000 visitors; CryptoProcessing.com <30,000 visitors—and crucially: near-zero relevant traffic to any API or merchant dashboard domains. Read our Dream Finance financial analysis 2024 here. Traffic Intelligence Analysis: All Plausible Hypotheses—And Their Fatal Weaknesses Hypothesis 1: B2B White-Label/“Super-Merchant” Concentration Architecture: Most Dream Finance transaction volume allegedly comes from large “super-merchants” (e.g., the SoftSwiss iGaming platform), aggregating activity from hundreds of downstream casino brands. Supporting Facts: CoinsPaid’s founders and SoftSwiss (incubated together; overlapping beneficial owners around the Belarusian Ivan Montik). SoftSwiss powers 200+ live casinos; CoinsPaid is deeply embedded as payment rail. Casino operators and players never visit CoinsPaid; all tech sits behind iGaming provider dashboards. Critical Gaps: Even in a pure aggregator model, SoftSwiss and other “super-merchants” would still require direct, regular access to CoinsPaid’s merchant API dashboards for settlement, reconciliation, compliance, support, and key management. Near-zero observed API/dashboard traffic is irreconcilable with actual operations. Hypothesis 2: API-Only Processing Is Invisible to Web Analytics Similarweb traffice intelligence analysis Cryptoprocessing.com October 2025 Argument: Payment APIs communicate “server-to-server,” so merchants and their users generate almost no browser-based sessions for Similarweb/traffic analytics platforms to measure. Critical Weakness: B2B processors like Stripe, Adyen, and Coinbase handle hundreds of millions in server-to-server payments, yet their API portals, documentation, and management dashboards draw significant measurable traffic from merchant finance teams and developers. Even a handful of large clients, if real, would generate hundreds to thousands of monthly dashboard admin sessions. Near-zero is not possible in a functioning payments business. Hypothesis 3: Volume Claims Are Inflated or Fabricated Direct Evidence: When legitimate processors scale, both transactional and admin/support-facing digital activity grow proportionally. Direct and white-label models alike require operational oversight and reconciliation. Financial Statement Red Flag: At industry-standard fees (0.5–2%), Dream Finance’s claimed €8.4 billion annual processing would yield €42–168 million in revenue. Actual reported: €32.4 million (2024). Revenue “gap” at 1% fee: missing €51.6 million (61% shortfall). Reported fees average just 0.39%—vastly lower than market norms, only plausible with extremely concentrated, below-market business, or “creative accounting”.​ Conclusion: The most parsimonious explanation is that claimed volumes are inflated—by 62–81% depending on the assumed industry fee level. Comparative API/Web Traffic Analysis: Why Zero API Traffic is Damning Stripe (legitimate leader): $1T annual processing, 88.6M monthly visits Traffic per €1B processed: ~88,600 visitors CoinsPaid (claimed): €8.4B annual/€700M monthly, 90,000 total visitors to both main sites, zero dashboard/API traffic Traffic per €1B processed: ~10,714 visitors (8.3x less traffic per billion than Stripe) API/admin traffic: Zero. Expected minimum (by merchant/“super-merchant” support needs): 200–12,500+ admin sessions monthly—actual: zero. Binance/Coinbase: Both process billions daily; API/developer documentation and dashboard traffic confirm busy merchant/client admin activity at scale. Bottom Line: Dream Finance’s API and dashboard touchpoints show not low—but literally zero—digital activity. Without this, reconciliation, compliance, and financial operations are impossible at any volume, let alone €8+ billion yearly. Why This Discrepancy is Highly Questionable—and Damning—from a Compliance Perspective Impossible operational footprint: No observable merchant/admin traffic = no real merchant operations. Unverifiable volumes: No public audit trail, no on-chain reconciliation, no usage evidence. Financial statement mismatch: Actual fees/revenue imply the real volumes are a fraction of what management claims. Complex group structure & shared ownership: Cross-ownership between CoinsPaid, SoftSwiss, and others enables circular self-validation and potential intra-group wash trading. Regulatory arbitrage risk: Light-touch Estonian VASP regime, with minimal scrutiny for claimed operational metrics. Historical warning signs: Major security breaches, heavy 2023 losses, and industry allegations reinforce doubts about operational transparency and governance. Investor/partner deception risk: Market-facing misstatements undermine integrity with banks, business partners, and regulators—the core of compliance failure. Simulated Financial Comparison—2024 Actuals vs. Stated Claims MetricPublic ClaimActual 2024 StatementImplied DiscrepancyMonthly processing volume€700–800 million€700M (base for model)—Annualized volume€8.4 billion——At 1% processor fee€84 million revenue€32.4 million revenue€51.6 million “missing”Actual implied fee0.386%—61% lower than normalApp dashboard sessions (expected)200–12,500+0Dashboard/admin “ghost town” Conclusion & Whistleblower Call No real payment operation at scale can exist without back-office API and merchant dashboard access. The complete absence of this activity—despite massive public claims—signals either a fraudulent shell, gross misrepresentation, or both. This discrepancy is not a technical quirk or analytic artifact; it is a fundamental, structural compliance failure and a likely act of deception. **FinTelegram urgently calls on anyone with inside knowledge of Dream Finance Group, CoinsPaid, or CryptoProcessing—**from employees to contractors to partners—to come forward, confidentially and securely, via the Whistle42 platform. Whistleblowers are the essential bulwark against systemic abuse in the crypto sector. The truth must surface. For confidential submissions and further information relating to Dream Finance, CoinsPaid, CryptoProcessing, and their affiliates, contact FinTelegram and our whistleblower platform partner at Whistle42.​ Share Information via Whistle42 Only with transparency and insider cooperation can the true scale—and nature—of the Dream Finance operation be brought to light. This report is part of FinTelegram’s ongoing investigation series into high-risk crypto payment processors and digital asset compliance failures in the EU and beyond. Follow our updates for further revelations on this developing compliance scandalandal.

Aleksandr “Sasha” Ivanov, the Ukraine-born founder of the Waves blockchain platform, stands accused of orchestrating one of cryptocurrency’s most brazen frauds—a systematic scheme that stripped approximately $530 million from investors through his lending protocol Vires Finance. Ivanov now faces multiple lawsuits and allegations of extortion. Whistleblower informed FinTelegram that he continues to threaten disappointed investors.​ Background and Early Ventures Born in Ukraine and educated at Moscow State University’s theoretical physics department, Sasha Ivanov completed postgraduate studies at Leipzig University before entering the cryptocurrency space. In 2013, he launched Coinomat.com, promoted as the first instant cryptocurrency exchange, followed by CoinoUSD in 2014. He founded Waves Platform in 2016 through an ICO that raised $16 million (29,445 BTC), positioning it as a blockchain competitor to Ethereum with simplified token creation capabilities.​ The Vires Finance Scheme Between January and March 2022, Ivanov allegedly executed a complex market manipulation scheme through Vires Finance, the Waves-based lending protocol. Waves was marketed as a faster, more user-friendly “Russian Ethereum,” with its own L1 chain, WAVES token and later the algorithmic stablecoin Neutrino USD (USDN) plus lending protocol Vires Finance.GetBlock.io+1 USDN repeatedly lost its dollar peg and was even flagged as an “investment warning” by the Korea Federation of Exchanges due to volatility. Vires offered eye-catching yields of 30–70% APY on stablecoins and at one point held over $1.2bn in deposits. In early 2022, a cluster of wallets borrowed almost all USDC/USDT liquidity from Vires using USDN as collateral, then cycled those funds through exchanges into WAVES, helping to drive a spectacular price spike. By this mechanics, the WAVES token was artificially pumped to an all-time high of $61.30 by March 31, 2022.​ The WAVES were then leveraged to mint more USDN, repeating the cycle until all available liquidity was drained. When users raised alarms, WAVES crashed 93-95%, and USDN depegged catastrophically—currently trading at approximately $0.01. Vires Finance users were left holding worthless USDN while their valuable stablecoins had vanished, resulting in over $530 million in losses.​ When WAVES fell and USDN depegged, ordinary depositors were left with more than $530m in “bad debt,” effectively trapped in depreciating USDN. Legal Proceedings and Extortion Allegations FTX‘s Alameda Research, which lost $90 million in the collapse, filed a lawsuit in November 2024 accusing Ivanov of blackmail and fraud. Court documents reveal that Ivanov privately demanded that Alameda publicly support Waves and Vires Finance, threatening to freeze their assets if they refused. Caroline Ellison, then-Alameda co-CEO, described the situation as “gross” noting “they stole our money and are holding it hostage”. After FTX’s bankruptcy, Ivanov ceased communication with the liquidators attempting to recover funds.​ In November 2024, Alameda Research (within the FTX Recovery Trust) sued Ivanov and associated entities in the US Bankruptcy Court (D. Delaware), seeking roughly $90m allegedly trapped in Vires. The complaint accuses him of siphoning about $530m from Vires—of which $90m belonged to Alameda—by using USDN as dummy collateral, borrowing user USDC/USDT, pumping WAVES, and then refusing to return Alameda’s funds. The complaint characterises this as blackmail, fraud and a 530m Ponzi scheme. Separately, crypto trader Avraham “Avi” Eisenberg, himself convicted in 2024 for a $115 million DeFi-related market manipulation scheme, continues pursuing a $14 million lawsuit against Ivanov, alleging a “global Ponzi scheme.” Eisenberg’s legal team has struggled to serve Ivanov, who investigators believe resides in Dubai but travels frequently.​ In a ruling issued on May 23, 2025, a U.S. District Judge vacated all criminal convictions against Eisenberg and granted his motion for acquittal. Dissolution and Threats In 2023, Ivanov dissolved the legal entities operating Waves and Vires Finance—DLTech and Numeris Ltd.—further obstructing recovery efforts. When investors confronted him on social media, Ivanov threatened violence, writing “I will visit you one by one with my friends from the Russian mafia,” and posted photos from a Dubai hotel challenging accusers to meet him. He later claimed these were “jokes”.​ Sasha Ivanov Empire: Organizational Structure Summary Based on a comprehensive investigation, the following table maps the complex web of trading names, legal entities, jurisdictions, and key personnel comprising Aleksandr “Sasha” Ivanov’s cryptocurrency empire: Trading Name/ProjectDomain/WebsiteLegal EntityJurisdictionStatusKey IndividualsRoleWaves Platformwaves.techWaves Platform LtdUnited KingdomDissolved August 2018Aleksandr ‘Sasha’ Ivanov (Oleksandr Ivanov)Founder & CEOWaves Platform (post-UK)waves.techWaves Association (referenced in CEO statement)Switzerland (Luzern canton – referenced)Relocated 2018, later dissolvedAleksandr IvanovFounderWaves Platform (operating entity)waves.techDLTech LtdSeychellesDissolved November 2023Aleksandr IvanovFounder & ControllerVires Financevires.financeNumeris LtdSeychellesDissolved June 2023Aleksandr IvanovFounder & ControllerNeutrino Protocol / USDNneutrino.atDeveloped by Ventuary Labs (DAO structure)N/A (decentralized)Active but depegged ($0.01)Alexey PupyshevCo-author/Protocol DeveloperNeutrino Protocol / USDNneutrino.atDeveloped by KozhinDev teamN/AActive but depeggedVladimir KozhinTechnical DeveloperCoinomatcoinomat.comUnknownUnknownDefunctAleksandr IvanovFounder (2013)CoinoUSDN/AUnknownUnknownDefunctAleksandr IvanovCreator (2014)Tidex Exchangetidex.comUnknownEstonia (referenced), later EU jurisdictionActive with regulatory concernsAleksandr IvanovAlleged affiliationVostok (enterprise blockchain)N/AVostok entityRussiaSold July 2019 to GHP GroupAleksandr IvanovOriginal Founder (sold entire stake to Mark Garber)Waves Enterprisewavesenterprise.comPart of Globalchain LtdRussiaActive under new ownershipMark Garber (GHP Group)Acquirer/PartnerGlobalchain LtdN/AGlobalchain LtdRussia (Moscow)Active (joint venture est. Oct 2019)Aleksandr Ivanov & Mark GarberCo-founders (50/50 ownership)Waves LabsN/AUnknownUnknownClaimed “hacked” May 2023Aleksandr IvanovAssociated entityVentuary LabsN/AUnknownUnknownDeveloper of Neutrino ProtocolAlexey PupyshevCo-founder/Developer Key Individuals Aleksandr “Sasha” Ivanov (also known as Oleksandr Ivanov) Born: November 1977 Nationality: Ukrainian Education: Moscow State University (theoretical physics), Leipzig University (postgraduate) Current Residence: United Arab Emirates (Dubai, alleged) Role: Founder of Waves Platform, Vires Finance, Coinomat, CoinoUSD; Controller of DLTech Ltd and Numeris Ltd (both dissolved 2023) Alexey Pupyshev Nationality: Russian Education: Saint Petersburg State University Role: Co-author of Neutrino Protocol, Waves Technology evangelist, co-founder of Gravity Protocol, Ventuary Labs developer Vladimir Kozhin (KozhinDev) Nationality: Russian Role: Lead developer of Neutrino dApp and USD-N stablecoin implementation Mark Garber Nationality: Russian Organization: GHP Group (chairman) Role: Acquired Vostok from Ivanov (July 2019); 50% co-owner of Globalchain Ltd joint venture with Ivanov (October 2019) Corporate Structure Pattern Ivanov’s empire exhibits a deliberate pattern of offshore incorporation (Seychelles), strategic dissolution (UK entity 2018, Seychelles entities 2023), and jurisdictional opacity. The dissolution of DLTech Ltd and Numeris Ltd in 2023—following the Vires Finance collapse and amid multiple lawsuits—appears designed to obstruct creditor recovery efforts.​ The UK entity Waves Platform Ltd (Company No. 10348537) was incorporated August 26, 2016, and voluntarily struck off August 14, 2018. Ivanov subsequently claimed the operation relocated to Switzerland (Luzern canton), though no definitive Swiss commercial register evidence for a “Waves Association” entity was located in available public records.​ Sources · Sasha Ivanov Empire: Organizational Structure Summary Based on comprehensive investigation, the following table maps the complex web of trading names, legal entities, jurisdictions, and key personnel comprising Aleksandr “Sasha” Ivanov’s cryptocurrency empire: Trading Name/ProjectDomain/WebsiteLegal EntityJurisdictionStatusKey IndividualsRoleWaves Platformwaves.techWaves Platform LtdUnited KingdomDissolved August 2018Aleksandr ‘Sasha’ Ivanov (Oleksandr Ivanov)Founder & CEOWaves Platform (post-UK)waves.techWaves Association (referenced in CEO statement)Switzerland (Luzern canton – referenced)Relocated 2018, later dissolvedAleksandr IvanovFounderWaves Platform (operating entity)waves.techDLTech LtdSeychellesDissolved November 2023Aleksandr IvanovFounder & ControllerVires Financevires.financeNumeris LtdSeychellesDissolved June 2023Aleksandr IvanovFounder & ControllerNeutrino Protocol / USDNneutrino.atDeveloped by Ventuary Labs (DAO structure)N/A (decentralized)Active but depegged ($0.01)Alexey PupyshevCo-author/Protocol DeveloperNeutrino Protocol / USDNneutrino.atDeveloped by KozhinDev teamN/AActive but depeggedVladimir KozhinTechnical DeveloperCoinomatcoinomat.comUnknownUnknownDefunctAleksandr IvanovFounder (2013)CoinoUSDN/AUnknownUnknownDefunctAleksandr IvanovCreator (2014)Tidex Exchangetidex.comUnknownEstonia (referenced), later EU jurisdictionActive with regulatory concernsAleksandr IvanovAlleged affiliationVostok (enterprise blockchain)N/AVostok entityRussiaSold July 2019 to GHP GroupAleksandr IvanovOriginal Founder (sold entire stake to Mark Garber)Waves Enterprisewavesenterprise.comPart of Globalchain LtdRussiaActive under new ownershipMark Garber (GHP Group)Acquirer/PartnerGlobalchain LtdN/AGlobalchain LtdRussia (Moscow)Active (joint venture est. Oct 2019)Aleksandr Ivanov & Mark GarberCo-founders (50/50 ownership)Waves LabsN/AUnknownUnknownClaimed “hacked” May 2023Aleksandr IvanovAssociated entityVentuary LabsN/AUnknownUnknownDeveloper of Neutrino ProtocolAlexey PupyshevCo-founder/Developer Key Individuals Aleksandr “Sasha” Ivanov (also known as Oleksandr Ivanov) Born: November 1977 Nationality: Ukrainian Education: Moscow State University (theoretical physics), Leipzig University (postgraduate) Current Residence: United Arab Emirates (Dubai, alleged) Role: Founder of Waves Platform, Vires Finance, Coinomat, CoinoUSD; Controller of DLTech Ltd and Numeris Ltd (both dissolved 2023) Alexey Pupyshev Nationality: Russian Education: Saint Petersburg State University Role: Co-author of Neutrino Protocol, Waves Technology evangelist, co-founder of Gravity Protocol, Ventuary Labs developer Vladimir Kozhin (KozhinDev) Nationality: Russian Role: Lead developer of Neutrino dApp and USD-N stablecoin implementation Mark Garber Nationality: Russian Organization: GHP Group (chairman) Role: Acquired Vostok from Ivanov (July 2019); 50% co-owner of Globalchain Ltd joint venture with Ivanov (October 2019) Corporate Structure Pattern Ivanov’s empire exhibits a deliberate pattern of offshore incorporation (Seychelles), strategic dissolution (UK entity 2018, Seychelles entities 2023), and jurisdictional opacity. The dissolution of DLTech Ltd and Numeris Ltd in 2023—following the Vires Finance collapse and amid multiple lawsuits—appears designed to obstruct creditor recovery efforts.​ The UK entity Waves Platform Ltd (Company No. 10348537) was incorporated August 26, 2016, and voluntarily struck off August 14, 2018. Ivanov subsequently claimed the operation relocated to Switzerland (Luzern canton), though no definitive Swiss commercial register evidence for a “Waves Association” entity was located in available public records.​ Conclusion Sasha Ivanov‘s trajectory from theoretical physicist to accused crypto fraudster epitomizes decentralized finance’s darkest vulnerabilities. With lawsuits mounting, entities dissolved, and investors devastated, the Waves founder exemplifies how centralized control masquerading as decentralization can facilitate massive theft. Whether residing in Dubai or elsewhere, Ivanov remains elusive while his victims—from retail investors to major institutions like Alameda Research—continue seeking justice for losses exceeding half a billion dollars. Call for Information If you have any information about Sasha Ivanov and his activities, please share it with us via our whistleblower system, Whistle42. Share Information via Whistle42