Dream Finance OÜ, the Estonian core entity behind the CoinsPaid/CryptoProcessing brands, has published its audited 2024 financials. The numbers show a spectacular turnaround from a large 2023 loss to a strong profit. It is also noteworthy that Dream Finance UAB in Lithuania also achieved an impressive profit of just over €1 million in 2024, with revenues of slightly more than €1.9 million. Business profile & volumes Dream Finance OÜ has been operating since 2019 as a crypto payment processor under the brands CryptoProcessing (B2B) and CoinsPaid (B2C). Its services include virtual wallets, crypto–fiat conversion, SaaS licensing of its processing platform, cross-chain deposit recovery and OTC trading. Processed transaction volume rose from €7.9bn in 2023 to €9.1bn in 2024 (≈14% growth), indicating continued client demand despite security incidents and regulatory headwinds. Download the Financial Statements 2024 here. 2024 in Estonia Swing Back Into Profit Revenue (sales): €32.37m (2023: €25.18m) – +29% Other operating income: €14.02m (2023: €8.44m), largely from FX and crypto valuation gains (~€12.7m) Operating result: +€21.83m (2023: –€24.14m) Net result: +€23.10m (2023: –€24.13m) Equity: +€10.06m (2023: –€13.03m) This means roughly 50% net margin on total operating income (~€46.4m) – an extremely high profitability level driven not only by fees, but also by crypto and FX price effects. 2024 in Lituania: +50% Net Margin The Lithuanian subsidiary, Dream Finance UAB, likewise reports an extraordinary improvement in 2024, with a profit of just over €1 million on revenues of slightly more than €1.9 million. In 2023, the same entity recorded less than €30,000 in revenue and a loss of just under €10,000, indicating a very small-scale operation. The 2024 figures therefore imply a gross profit margin of around 52% in Lithuania alone. Taken together, the Estonian and Lithuanian entities of Dream Finance generate more than €24 million in net profit for 2024, corresponding to a group-wide profit margin in excess of 50%—an unusually high level for a crypto payment processor. Hacks, Losses & Client Fund Coverage The management report confirms two major hacks: A 2023 attack with a loss of ~€39.95m, shown as “incident-related loss” in 2023, other operating expenses. A 5 January 2024 hack with losses of €4.08m, of which €3.44m is recorded as incident-related loss in 2024. The company states that: The stolen funds were tagged and reported to Estonian police; €932,902 was traced and fully returned to company accounts on 12 February 2025. It was able to cover all losses from both hacks, achieving positive equity by Q3 2024 and positive own funds by Q4. To secure client balances, Dream Finance took out a €20m loan, parked on a separate bank account, and repaid €12m by year-end. The balance sheet shows €8m of short-term loans (4.5% interest, maturing August 2025) plus a separate €0.95m loan (5%, March 2025). Client funds coverage at 31.12.2024: Liability – client deposits: €163.87m Assets held for clients (per notes): Cash and demand deposits (incl. client cash): €52.51m, of which €41.51m are client deposits. Crypto on client accounts (recorded as “inventories”): €117.36m across >37 coins, mainly BTC and various USDT/USDC variants. On paper, client liabilities are fully (and slightly over-) covered by cash plus client-crypto positions at the reporting date. However, this model is structurally exposed to price volatility on Binance, Kraken and Finery, where these assets are held. Revenue mix: Curaçao and Cyprus dominate The geographic breakdown of 2024 revenue is particularly relevant from a compliance angle: Curaçao: €21.99m Cyprus: €6.87m Other EU (incl. Estonia): €1.70m Other non-EU (UK, Singapore, BVI, etc.): €1.80m Curaçao alone accounts for ≈68% of reported sales; Cyprus adds approx. 21%. Dream Finance is therefore heavily dependent on offshore and Cypriot business, both jurisdictions closely linked to online gambling and high-risk merchants – classic AML exposure zones FinTelegram has reported on for years. Regulatory context and 2025 headwinds The report highlights: Implementation of MiCA processes to access the EU market. ISO 27001 certification obtained in 2024; internal audit of transaction monitoring scheduled for May 2025. ESMA’s requirement to delist major stablecoins (USDT, DAI) by 31 March 2025; Dream Finance complied, which led to significant client outflows and a sharp revenue decline in April 2025. Additional 2025 revenue reduction due to termination of customer contracts following a stricter internal risk strategy. This suggests that the exceptionally strong 2024 profit is unlikely to be repeated under the new regulatory regime and client mix. The Insider View We interviewed a company insider about the 2024 financial statement to get a better feel for the actual situation in this group of companies. From an investor-protection perspective, the questions and concerns he raised are obvious: who provided the €20 million emergency loan that Dream Finance says it used to “secure client funds” after the hacks – of which €12 million was repaid in 2024 but €8.95 million in short-term loans (4.5–5% interest) still sits on the balance sheet – and why is the lender completely undisclosed? How can a company that booked incident-related losses of €39.95 million in 2023 and a further €3.44 million in 2024, with the management report itself acknowledging a 5 January 2024 hack of €4.08 million, still show that “the 2023 hack had no negative impact on the business model” and at the same time increase revenue from €25.18 million to €32.37 million (+29%) and flip from a net loss of €24.13 million to a net profit of €23.10 million in just one year? Finally, is it sustainable – or even plausible in a regulated-style financial intermediary – that Dream Finance achieves an effective net margin of around 50–70%, with €12.73 million of its €14.02 million “other operating income” coming from FX and virtual-currency revaluation gains rather than core fees, in a year immediately following two major hacks and a period of negative equity (–€13.03 million at end-2023 to +€10.06 million at end-2024)? The recent profitability of the company is abnormally high; the private company that was considered the most profitable in the world in the beginning of the 2000 was Glencore (before they went public) and they were operating at a fraction of the level of profitability of CoinsPaid. Company Insider Overall, a closer look at the CoinsPaid/CryptoProcessing group reveals multiple red flags, starting with the opaque origin of the emergency funding. For FinTelegram’s investor and regulator readership, Dream Finance OÜ’s 2024 report confirms that CoinsPaid has, at least on paper, stabilised its balance sheet after severe security incidents. At the same time, it underlines why the group remains on our radar: offshore concentration, stablecoin dependence, and a risk profile that is tightly coupled to high-risk merchants and volatile crypto markets. The Beneficial Owner Question From a compliance and beneficial-ownership perspective, the structure around the Dream Finance Group (operating as CoinsPaid and CryptoProcessing) raises material questions. According to the Estonian register, Austrian national Alexander Horst Riedinger is recorded as the sole beneficial owner, while Ukrainian citizen Max Krupyshev, resident in Germany, is registered as CEO. Dream Finance used to be a division of Riedinger’s Austrian company A.R. Merkeleon GmbH, which is recorded as a software business. The Austrian commercial register shows A.R. Merkeleon itself split 50/50 between Riedinger and the Cyprus-registered company Skylock Investments Ltd, for which no publicly identifiable natural-person owner is disclosed. Whistleblower information available to FinTelegram suggests that Riedinger may act primarily as a front and that the actual controlling interests behind CoinsPaid could lie with co-founder and Softswiss founder Ivan Montik, as well as Pavel Kashuba and Dzmitry Yaikau—persons who are also registered as beneficial owners of the Polish CoinsPaid entity. As a matter of fact, Dzmitry Yaikau is officially registered as a beneficial owner of Dream Payments Sp. z o.o. Polish company registry sources list him among the entity’s beneficial owners, confirming his role and association with the company FinTelegram’s experts are currently in the process of analysing corporate records and additional evidence to verify or refute these whistleblower allegations before drawing final conclusions. Key Data Table MetricValueTrading NamesCoinsPaid, CryptoProcessing, AlphaPoFounded2018DomainsCoinsPaid.com, CryptoProcessing.comLinkedInhttps://www.linkedin.com/company/cryptoprocessing-com/ HeadquartersTallinn, EstoniaLegal EntitiesDream Finance OÜ, Dream Finance UAB, Dream Finance US LLC, Dream Finance S.A. Dream Payments Sp. z o.o. Dream Finance US LLCCEOMax Krupyshev a/k/a Maksym Krupyshev(Ukraine) Beneficial Owner (UBO)Alexander Horst Riedinger (Austria)Key IndividualsIvan Montik, Pavel Kashuba, Dzmitry Yaikau, Hanna DrabysheuskayaTotal Processing Volume (Q3 2025)>€875M p.m. (CryptoProcessing)Monthly Transaction Volume1M transactions p.m. Merchant Accounts800+ OperatorsLicense – EstoniaFIU Estonia CASP LicenseBusiness ModelCrypto Payment Gateway & ExchangeTarget IndustriesiGaming, Online Gambling, High-RiskMajor Security Incidents$37.3M Hack (July 2023), $7.5M Hack (2024)Former Brand NamesAlphaPo (integrated operations)Related EntitiesSoftSwiss, A.R. Merkeleon GmbH Share Information We will continue to map ownership structures (Estonia-Lithuania-Cyprus-Curaçao), follow regulatory developments under MiCA, and collect further whistleblower information on CoinsPaid’s client base and transaction flows. Share Information via Whistle42

FinTelegram has been contacted by the payment processor PayDo in relation to several reports previously published on our platform. PayDo has informed us that, in its view, certain statements and presentations in these reports are factually incorrect and/or presented in a misleading context. In response, PayDo has provided FinTelegram with additional documentation and explanations intended to clarify its corporate structure, business activities, and compliance posture. We have accepted this material for review and have initiated an internal verification process. FinTelegram’s mission is to deliver the best possible, fact-based, and fair financial intelligence. This also means that we are prepared to reconsider and, where appropriate, correct, update, or contextualize previously published information. Once our review of the PayDo material has been completed, we will – if necessary – update the relevant reports and/or publish a separate follow-up article summarizing the outcome of our assessment. We explicitly welcome constructive interaction with the legal entities and individuals mentioned in our reports. Our experience shows that open dialogue, supported by verifiable information, can improve the quality and balance of financial intelligence, without weakening our commitment to critical and independent reporting. We therefore also encourage other organizations and individuals referenced in FinTelegram reports to contact us if they believe that information requires clarification or updating. Submissions should be supported by clear, verifiable evidence so that our editorial team can properly review and, where appropriate, reflect these facts in future updates. Constructive cooperation with FinTelegram can help ensure that our reports remain accurate, fair, and up to date—in the interest of investors, regulators, and all market participants. Contact FinTelegram

German investigators have dismantled an international network of online credit card fraud and money laundering as part of the large-scale operation “Chargeback.” Among those arrested, according to German media reports, is Unzer founder Mirko Hüllemann, who is under investigation for suspected fraud and money laundering in connection with fake subscription portals and suspicious transactions routed through several payment service providers. Key Points The Koblenz General Prosecutor’s Office, the Federal Criminal Police Office (BKA), the Financial Intelligence Unit (FIU), and BaFin have been conducting Operation “Chargeback” since late 2020 against an international fraud and money laundering network built around fake subscription websites. Between 2016 and 2021, credit card data of around 4.3 million cardholders in 193 countries is alleged to have been misused, with more than 19 million bogus subscriptions processed via approximately 2,000 fake websites, causing damage of more than €300 million. Payments were processed via four German payment service providers: Unzer (formerly Heidelpay), Nexi Germany, Payone, and Wirecard. In this context, Unzer founder Mirko Hüllemann was arrested in Spain on a German arrest warrant; according to German media, he is accused of fraud and money laundering. The investigation is ongoing; there has been no conviction (presumption of innocence applies). Unzer had already been the target of a BaFin special audit in 2022: the regulator identified serious deficiencies in onboarding, compliance, and AML, imposed a ban on onboarding new customers, appointed a special representative, and fined Unzer €350,000; Luxembourg’s regulator also imposed an AML-related sanction. Unzer has told the media that the current investigation concerns former employees and that all relationships with the accused were terminated in 2021. Short Narrative With Operation “Chargeback,” German authorities are claiming one of the largest blows against online credit card fraud in Europe. The perpetrators allegedly used stolen or leaked credit card data to trigger millions of micro-subscriptions via professionally run fake websites—mainly in the areas of streaming, dating, and adult content. The transaction amounts were small, and payment descriptions deliberately cryptic in order to avoid questions and chargebacks. Unzer founder Mirko Hüllemann The payments were routed through several German payment service providers, including German FinTech flagship Unzer. It is precisely at this interface between fraud network and payment infrastructure that prosecutors are now focusing their criminal investigation. According to reports by Börsen-Zeitung and WirtschaftsWoche, founder Mirko Hüllemann was arrested in Spain; the warrant is linked to the fraud and money laundering allegations surrounding the network. Among those arrested is Ruben Weigand, who was already sentenced to prison in the US in 2021 for bank fraud because he and his partners concealed credit and debit card payments for cannabis businesses. According to U.S. court documents, Hüllemann had paid bail for Weigand. Read our reports on Ruben Weigand here. In parallel, BaFin’s measures had already put Unzer firmly on the supervisors’ watchlist: a special audit uncovered serious shortcomings in governance, controls, and AML. The institution was temporarily barred from onboarding new customers and placed under the oversight of a special representative. Extended Analysis For FinTelegram, the case confirms a structural risk pattern: FinTech payment platforms are repeatedly misused as the “infrastructure layer” for global online fraud schemes—often in combination with high-risk merchant segments such as adult, dating, gambling, and opaque subscription models. Operation “Chargeback” shows that authorities are increasingly prepared to target not only the operators of scam websites but also payment executives personally when AML controls fail or are deliberately circumvented. BaFin already intervened heavily at Unzer in 2022; FinTelegram reported at the time on the expected sanctions. With the founder’s arrest, the key question now is whether the compliance gaps were merely operational failures—or part of a business model that systematically accepted high-risk merchants and large transaction volumes. For investors (including former majority shareholder KKR) and creditors, who took over Unzer in 2023 via a debt-to-equity swap, both reputational and liability risks are rising. Read our Unzer reports here. Authorities stress that the fraudulent activities were halted in 2021 and that the accused individuals no longer work in the financial sector. Nonetheless, the case will be a litmus test of whether the combination of FIU analysis, BaFin supervision, and criminal enforcement is sufficient to harden payment channels against organised online fraud networks in the long term—or whether the German FinTech ecosystem continues to offer structural loopholes. Actionable Insight Merchants & ISOs: Critically review contractual relationships with Unzer and other involved PSPs, especially in high-risk verticals; tighten internal KYC/AML standards. Investors & Lenders: Integrate scenarios for civil and regulatory follow-on risks (reputational damage, potential damages and clawbacks) into risk models. Regulators & Legislators: The case underscores the need for much closer supervision of high-risk payment business models and clearer personal accountability at management level. Call for Information FinTelegram will continue to follow the investigation in the Unzer/Mirko Hüllemann case and Operation “Chargeback.” Insiders, former employees of Unzer or other involved payment providers, affected merchants, and victims are invited to submit information, documents, or case reports confidentially. Please use the secure whistleblower system Whistle42.com for this purpose. Share Information via Whistle42

Our cybercrime experts have uncovered a dangerous scam targeting crypto casino players at RakeBit. Our compliance investigation reveals the explicit use of Changelly.pro, a fraudulent and imposter domain deliberately designed to mimic the trusted brand Changelly.com/Changelly PRO. Make no mistake: Changelly.pro has NO connection whatsoever to the real Changelly.com or its official trading platform pro.changelly.com. The RakeBit Scheme with Changelly.pro RakeBit’s “No-KYC Crypto Casino” now facilitates cryptocurrency purchases and direct wallet funding via Changelly.pro, presenting it as a legitimate third-party exchange partner. This is a critical red flag. Our review exposed chilling facts: Changelly.pro is merely a deceptive front end masquerading as a genuine crypto exchange. The “terms and conditions” button is a cruel joke—users are shunted directly to a login page, effectively barring any access to legal protections or accountability. By integrating Changelly.pro, RakeBit enables a channel for: Crypto Deposits with ZERO Traceability — creating an impenetrable black hole for victims’ funds, ideal for money laundering and exit scams. Player Rip-Offs by Proxy — operators have potential control over both the casino and the fake exchange, opening the door to orchestrated theft of user funds on both sides. Systemic Obfuscation — this scam setup may be explicitly designed to bury transaction flows and defeat forensic tracing. Is RakeBit running a two-tiered scam, or simply outsourcing deposit theft to an affiliated fraudster? Either scenario should trigger full-scale investigations. Our findings coincide with previous warnings: the real Changelly operates only from changelly.com and pro.changelly.com. Any service funneled through “changelly.pro” is a direct assault on your security and assets. Do not deposit, trade, or convert any funds using this domain. Request for Information We demand answers: Are RakeBit and Changelly.pro run by the same criminal network? What volume of player funds have been stolen through this scheme? If you possess insider intelligence, victim experiences, or technical evidence tied to RakeBit and Changelly.pro, contact us immediately! Your tip could help shut down these scam operations and hold cybercriminals to account. All information will be treated in strict confidence. Share Information via Whistle42

Executive Summary RakeBit markets itself aggressively as the “best No-KYC Casino,” operating a crypto-first gambling platform that explicitly bypasses identity verification requirements. Our investigation on November 6, 2025, reveals a concerning pattern: unrestricted registration from prohibited EU jurisdictions, including Italy, Germany, and the UK, facilitated by deeply integrated payment processors MoonPay and Changelly. Traffic analysis shows nearly 90% of visitors originate from the United States—a jurisdiction where RakeBit cannot legally operate. The platform is connected to the now-defunct TrueFlip.io casino, which redirects all traffic to RakeBit following numerous scam warnings. Whistleblower intelligence identifies Konstantin Katsev as the ultimate beneficial owner behind both operations.​ Corporate Structure and Beneficial Ownership RakeBit operates through a deliberately opaque multi-jurisdictional structure designed to evade regulatory oversight: Current Operating Entity: Innovex Tech Holdings Ltd, registered in Hamchako, Mutsamudu, Autonomous Island of Anjouan, Union of Comoros, holds the current Anjouan Gaming license. This entity is listed in RakeBit’s official terms of use.​ Previously Disclosed Entity: TECH GROUP BL LIMITADA (Costa Rica registration 3-102-880902) was initially cited as the operator. The shift from Costa Rica to Anjouan signals strategic jurisdictional shopping for lighter regulatory oversight.​ Connected Operations: TrueFlip.io was previously operated by Blockchain Games N.V., a Curaçao-registered entity. TrueFlip held both Curaçao and Cyprus licenses and operated legitimate brands including Emojino (which secured an MGA B2C license in 2020). However, TrueFlip.io ceased operations in 2025 and now exclusively redirects users to RakeBit.​ Ultimate Beneficial Owner: Based on whistleblower information and public records, Konstantin Katsev is identified as the UBO. Katsev served as Chief Marketing Officer and co-founder of TrueFlip and True Flip Group. He publicly represented TrueFlip at industry events and was instrumental in launching multiple casino brands under the TruePartners affiliate program. The migration of TrueFlip’s player base to RakeBit, combined with operational continuity, confirms common ownership and control.​ Regulatory Status: License Shopping and Minimal Oversight RakeBit’s licensing trajectory reveals calculated regulatory arbitrage: Anjouan License (Current): Anjouan offers one of the world’s most permissive gambling licenses—requiring minimal capital, no mandatory AML/KYC enforcement, processing in 2-6 weeks, and costing approximately €17,800 annually. The jurisdiction explicitly markets itself as “cheap,” “fast,” and “simple” with “no mandatory AML-KYC enforcement requirements”. This is precisely why unlicensed operators gravitate toward Anjouan.​ Costa Rica Registration: TECH GROUP BL LIMITADA registration provides basic corporate status but offers no meaningful gambling regulation or player protection. Costa Rica does not conduct gaming audits or enforce compliance standards comparable to European jurisdictions.​ Traffic Intelligence Analysis Prohibited Markets: Our traffic intelligence analysis via Similarweb shows that RakeBit accepts players from Italy, Germany, UK, and extensively from the United States despite having no authorization in these jurisdictions. In September 2025, nearly 90% of visitors to the RakeBit website came from the United States (see section below). Our November 6, 2025, registration tests confirmed seamless account creation from these restricted markets with zero verification. Read our compliance report on GamDom here. The “No-KYC” Model: Facilitating Illegal Gambling, Prediction Games, and Money Laundering Risks RakeBit‘s core marketing proposition—”No-KYC Casino”—is both its selling point and its most serious compliance violation. Players deposit and withdraw cryptocurrency without identity verification, creating an ideal environment for money laundering, underage gambling, and sanctions evasion.​ RakeBit places particular emphasis on its sports betting segment, which is disguised as a “prediction market.” Immediately after registering for the first time, users are asked to make their “predictions” on soccer matches. Contradictory KYC Standards: While RakeBit requires no KYC for gambling, payment facilitators MoonPay and Changelly—integrated directly into RakeBit’s platform—require photo ID and facial recognition scans when users purchase cryptocurrency via credit/debit cards. This creates a perverse system: players verify identity to buy crypto but remain anonymous while gambling with those funds. MoonPay and Changelly thus enable illegal gambling while maintaining superficial KYC compliance.​ Payment Facilitators: MoonPay and Changelly as Enablers According to the information provided on the RakeBit website, payments are processed by Novaflow Processing LTD, registered with company number: HE 454267 in Larnaka, Cyprus. Our research confirms a well-established pattern: Cyprus has become the European hub for high-risk payment processors serving unlicensed and offshore-licensed online casinos. The primary currency at RakeBit is cryptocurrency. However, like most other crypto-first casinos, RakeBit also offers the “Purchase Crypto” payment option via integrated crypto payment processors. In the RakeBit case, both MoonPay and Changelly are deeply embedded in RakeBit‘s payment infrastructure, offering one-click cryptocurrency purchases directly on the casino platform. These processors market themselves as regulated entities yet knowingly facilitate transactions for unlicensed gambling operators targeting restricted markets.​ MoonPay Compliance Violations: MoonPay Ltd (Seychelles) and MoonPay Ireland Ltd claim European regulatory status but have been documented processing payments for unauthorized broker schemes and unlicensed casinos. FinTelegram previously placed MoonPay on PayRate42’s Orange Compliance List due to its facilitation of illegal gambling operations, including serving U.S. customers at offshore casinos. Despite terms of service prohibiting “unlawful gambling,” MoonPay continues integration with platforms like RakeBit that explicitly target U.S. players.​ Changelly as Facilitator: Changelly, not authorized by the UK Financial Conduct Authority, operates as a crypto exchange service integrated into multiple unlicensed casinos. Changelly‘s presence on RakeBit enables seamless conversion of fiat currency to crypto, specifically for gambling purposes, directly violating European and U.S. gambling laws.​ Read our reports on MoonPay here. TrueFlip Connection and Closure Amid Scam Allegations TrueFlip.io, formerly a Curaçao-licensed casino operated by Blockchain Games N.V., built a substantial player base before its abrupt 2025 closure. On November 6, 2025, TrueFlip.io was completely non-operational—no registration or login functionality remained, only a button stating “Play at RAKEBIT now.”​ Scam Warnings Against TrueFlip: Multiple sources document fraud complaints and scam accusations against TrueFlip. The platform’s sudden closure and redirection to RakeBit appear directly linked to mounting reputational damage. By migrating the player base to RakeBit under a new brand and Anjouan license, operators attempted to distance themselves from TrueFlip’s tainted reputation while retaining the same beneficial ownership structure.​ Scam Allegations Against RakeBit RakeBit is now accumulating its own fraud complaints. On BitcoinTalk, users report account seizures and withdrawal denials: $30,000 Seizure: One player alleges RakeBit seized $30,000 and ignored all inquiries.​ $833.83 Scam: Another user reports RakeBit confiscated $833.83 after profitable sports betting, with the account frozen without explanation.​ $12,000 Withheld: A third complaint documents RakeBit withholding $12,000 in winnings.​ These complaints mirror the classic pattern of “no-KYC” casinos that accept deposits freely but invoke arbitrary compliance checks or terms violations when players attempt significant withdrawals. United States Targeting: 90% Traffic from Prohibited Jurisdiction Traffic Intelligence Analysis www.rakebit.com for Sep 2025 (Source: Similarweb). Traffic intelligence analysis via Similarweb reveals that approximately 90% of RakeBit’s visitors originate from the United States—a market where RakeBit holds no license and cannot legally operate. This traffic composition is not accidental; it reflects deliberate targeting of U.S. customers through VPN-friendly access and crypto-payment rails that circumvent traditional banking restrictions. MoonPay and Changelly’s facilitation of U.S.-based transactions makes them direct enablers of illegal gambling under U.S. federal and state law.​ RakeBit Key Data Overview CategoryDetailsWebsiterakebit.comCurrent OperatorInnovex Tech Holdings Ltd (Anjouan, Comoros)​Previous OperatorTECH GROUP BL LIMITADA (Costa Rica, reg. 3-102-880902)​Payment AgentNovaflow Processing LTD. Company number: HE 454267. Address: Archiepiskopou Makariou III, 84, office 1, 6017, Larnaka, Cyprus.Connected EntityTrueFlip.io / Blockchain Games N.V. (Curaçao)​Ultimate Beneficial OwnerKonstantin Katsev (based on whistleblower intelligence)​LicenseAnjouan Gaming (Union of Comoros)​KYC PolicyNo KYC for gambling; marketed as “No-KYC Casino”​Payment FacilitatorsMoonPay Ltd, Changelly​Primary Traffic Source~90% United States (prohibited jurisdiction)Scam AllegationsMultiple BitcoinTalk complaints: $30K seizure, $12K withheld, $833 confiscated​Restricted Markets AcceptingItaly, Germany, UK, United States (verified November 6, 2025)TrueFlip StatusClosed; redirects to RakeBit (November 6, 2025)​ Compliance Assessment: High-Risk, Multi-Jurisdictional Violations RakeBit‘s operational model violates gambling laws in the EU, UK, and United States. Its “No-KYC” marketing directly contravenes anti-money laundering regulations. Payment facilitators MoonPay and Changelly bear direct responsibility for enabling these violations by processing transactions for an unlicensed operator explicitly targeting restricted markets. The Anjouan license provides legal cover in name only—it offers no meaningful regulatory oversight, player protection, or dispute resolution comparable to MGA, UKGC, or U.S. state regulators. Call for Information: Contact Whistle42 Do you have inside knowledge of RakeBit, TrueFlip, Konstantin Katsev, or the entities behind these operations? Have you been defrauded by RakeBit or experienced withdrawal issues? FinTelegram and our partners seek additional information on beneficial ownership structures, payment processing relationships, and regulatory evasion tactics. Submit confidential tips via Whistle42, our secure whistleblower platform. Your information helps protect players and hold operators accountable. All submissions are encrypted and handled with strict confidentiality. Share Information via Whistle42

Italian tax authorities have recently seized shares worth approximately €1.29 billion (about $1.5 billion) from Lagfin, the Luxembourg-based holding company that controls more than half of the Campari Group, as part of a major tax fraud investigation. The enforcement action centers on allegations of tax evasion related to a 2018 cross-border merger involving Campari‘s Italian and Luxembourg holding companies, where authorities claim more than €5.3 billion in capital gains were not declared, thereby avoiding required Italian “exit tax” obligations.​ Details of Enforcement Actions The seizure amounts to roughly a sixth of Campari’s total market value, but only affects the controlling shareholder, Lagfin, not Campari Group (Davide Campari-Milano N.V.) or its subsidiaries directly.​ The investigation targets Lagfin and several executives, including Campari Chairman Luca Garavoglia, accusing them of fraudulent tax declarations during the merger, which aimed to move assets abroad for tax advantages.​ Lagfin and the Garavoglia family have denied all allegations and stated their intent to defend themselves, emphasizing that the company and its subsidiaries are not implicated in any wrongdoing.​ Potential Outcomes and Industry Impact Historically, similar Italian tax cases have resulted in negotiated settlements, with companies often paying a fraction of the amounts initially claimed.​ Analysts suggest that if a settlement is reached, Lagfin may regain much of the seized sum, and that the enforcement action should not impact Campari Group‘s ongoing business, sales, or corporate operations.​ Company and Market Response The Campari Group has publicly stated that the dispute is strictly between Lagfin and the Italian authorities, with no expected impact on Campari’s business or finances.​ Share prices of Campari fell roughly 5-6% following news of the asset seizure, reflecting investor concern even though the core business is not implicated.​ In summary, the latest tax enforcement against the Campari manufacturer specifically targets its controlling shareholder Lagfin over alleged undeclared capital gains and associated tax liabilities from a 2018 merger, with both Lagfin and Campari maintaining that the group’s business and its subsidiaries are unaffected by the probe. Share Information via Whistle42

World Liberty Financial, the Trump-family crypto vehicle behind stablecoin USD1, now sits at the centre of the CZ pardon controversy. A $2 billion Abu Dhabi–Binance deal executed in USD1 turned the president’s private stablecoin into a global money rail – and a long-term income stream for his own household. World Liberty Financial: the president’s DeFi side business In September 2024, Trump announced that his sons would enter the cryptocurrency marketplace with a new venture called World Liberty Financial (WLF). Eric Trump and Donald Trump Jr. are actively involved in the management of the company, and rely on three partners, Zachary Folkman, Chase Herro, and Zach Witkoff, to maintain daily operations. World Liberty Financial (WLF) is a DeFi and crypto company founded in 2024 and marketed quite openly as a Trump-family venture. A Trump-controlled business owns about 60% of WLF and is entitled to roughly 75% of revenue from token sales; the family also received 22.5 billion WLFI tokens. Independent analyses estimate that WLF has already generated hundreds of millions of dollars for the Trumps and helped add several billion to the family’s net worth since Trump’s second inauguration. The Justin Sun Case In March 2023, the U.S. SEC sued the crypto entrepreneur Justin Sun and his companies for fraud and securities manipulation (Source: SEC). In October, WLF announced its first cryptocurrency called $WLFI. In 2025, Justin Sun acquired $WLFI tokens, reportedly for at least $75 million. Sun was also named a WLF advisor (Source: The Defiant). In February 2025, shortly after Trump took office as president for the second time, the U.S. SEC paused a civil fraud case against Sun and, according to multiple observers, effectively dropped after Sun’s WLF investment and Trump’s return to office (Source: Reuters). The picture is not “some relatives doing a side hustle.” It is a head-of-state effectively sitting on the cap table – and at the top of the revenue waterfall – of a high-leverage crypto platform. USD1: “public” stablecoin, private cash flow USD1, launched in March 2025, is WLF’s dollar-pegged stablecoin, advertised as being backed by U.S. Treasuries, cash and equivalents. Around $2 billion of USD1 is now in circulation, much of it parked on Binance and partner venues (Source: CoinMarketCap) Those reserves are invested in bonds and money-market funds that generate around $80 million a year in interest for WLF. Wikipedia. If the Trump entity indeed receives 75% of WLF’s revenues, that single stablecoin product plausibly channels about $60 million per year towards the president’s family – before any upside from WLFI-token price appreciation. (That figure is an inference based on public numbers, but it gives a sense of scale.) This is why the oft-repeated line that USD1 is “just another stablecoin” is misleading. Economically, USD1 is a presidential family income stream wrapped in a DeFi wrapper. The MGX–Binance transaction that turbo-charged USD1 The real inflection point came in May 2025. Abu Dhabi-backed MGX announced it would use $2 billion of USD1 to finance an investment into Binance. On stage in Dubai, WLF co-founder Zach Witkoff boasted that USD1 had been selected as the “official stablecoin” for the deal (Source: Reuters). It also reported that Witkoff and two other World Liberty co-founders met with CZ in Abu Dhabi. Reuters and other outlets later traced an anonymous wallet that accumulated nearly the full $2 billion in USD1 in April and linked the transaction to parallel negotiations over U.S. export approvals for cutting-edge AI chips to a UAE-controlled firm close to Sheikh Tahnoun bin Zayed (Source: Wikipedia), a member of the Abu Dhabi royal family and National Security Advisor of the United Arab Emirates (UAB). In one stroke, a niche Trump-family stablecoin became a top-tier global stablecoin, with Binance as its main balance-sheet and liquidity partner – and the Trumps collecting the interest float. Why this matters for CZ’s pardon Now overlay the timelines. Binance is under U.S. criminal investigation; CZ pleads guilty over systemic AML failures; WLF launches USD1; MGX chooses USD1 for the $2 billion Binance investment; USD1 interest becomes a recurring cash stream for the Trumps; and, months later, President Trump pardons Changpeng “CZ” Zhao. Formally, no authority has proven a quid pro quo. Substantively, the structure looks like a compliance nightmare: a politically exposed stablecoin, foreign state-linked money, a crypto exchange whose founder just escaped the long-term consequences of an AML conviction. For banks, exchanges and fintechs, the conclusion is hard to dodge: USD1, WLF and any Binance USD1 liquidity programmes belong in the “high-risk, politically exposed” bucket – and anyone still doing business there should assume that regulators will one day ask why this looked like a normal counterparty. Key Data World Liberty Financial CategoryData Trading / Brand NameWorld Liberty Financial (often shortened to WLFI). Primary Legal EntityWorld Liberty Financial, Inc., a corporation incorporated in Delaware, USA (Source: sec.gov). Core Products / Tokens• USD1 – U.S. dollar stablecoin branded by World Liberty Financial; USD1 issuance and reserves are handled via BitGo, while World Liberty Financial owns the USD1 brand and platform (Source: worldlibertyfinancial.com). • WLFI – governance / platform token for the World Liberty protocol (Source: worldlibertyfinancial.com) Main Domainworldlibertyfinancial.com – corporate and ecosystem site (“Where DeFi meets TradFi”). Key Product Pages• USD1 overview: https://worldlibertyfinancial.com/usd1 worldlibertyfinancial.com • Legal docs (ToS, risk disclosures, etc.) linked under /terms, /privacy-policy, and dedicated WLFI / USD1 Risk Disclosures pages. X (Twitter)@worldlibertyfi – official X account: https://x.com/worldlibertyfi. TelegramPublic channel “World Liberty Financial – Official Trump DeFi Channel”, ~99k subscribers, at https://t.me/defiant1s. LinkedInCompany page at https://www.linkedin.com/company/worldlibertyfi/ (content blocked to our crawler by robots.txt but referenced from the official site footer). MediumOfficial Medium publication “World Liberty Financial” at https://medium.com/@wlfi. Medium Ownership & Economic InterestA Trump business entity reportedly owns 60% of World Liberty Financial and is entitled to 75% of all revenue from coin sales; the Trump family and affiliates received 22.5 billion WLFI tokens (Sources: Wikipedia, Wepopedia). Key Related Individuals (Founders / Execs)From the official “About” page: Donald J. Trump – Co-Founder Emeritus; Eric Trump – Co-Founder; Donald Trump Jr. – Co-Founder; Barron Trump – Co-Founder; Chase Herro – Co-Founder; Zak (Zachary) Folkman – Co-Founder; Steven Witkoff – Co-Founder Emeritus; Zach Witkoff – Co-Founder; Alex Witkoff – Co-Founder; Corey Caplan – Chief Technology Officer; Ryan Fang – Head of Growth; Brandi Reynolds – Chief Compliance Officer. Share Information If you have any information about WLF and its activities and connections, please share it with FinTelegram via the Whistle42 whistleblower system. Share Information via Whistle42

Donald Trump has pardoned Changpeng “CZ” Zhao, the former Binance CEO who admitted to criminal anti–money laundering failures that helped move funds for terrorists, cyber-criminals, and child abusers. Now, in a surreal twist, Trump claims on 60 Minutes he “doesn’t know” the billionaire he just rescued – even as Binance is financially entangled with his family’s own crypto venture. Key Points The conviction: In November 2023, CZ pleaded guilty to violating the U.S. Bank Secrecy Act by willfully failing to implement an effective AML program at Binance, which enabled illicit flows through the platform (Source: justice.gov). Systemic AML failures: U.S. authorities found Binance allowed billions in transactions from sanctioned jurisdictions and high-risk customers, including links to terrorist groups and child abuse material. The platform failed to report over 100,000 suspicious transactions (Source: nypost.com). Record penalties: Binance agreed to pay over $4.3 billion in criminal and regulatory penalties; CZ paid a $50 million fine and stepped down as CEO (Source: justice.gov). The pardon: On 23 October 2025, Trump granted CZ a full and unconditional presidential pardon, effectively erasing the federal conviction while leaving his admissions and the Binance monitorship intact (Source: Wikipedia) Conflict-of-interest alarm: The pardon came after Binance entered a multi-billion-dollar deal around USD1, the stablecoin of World Liberty Financial, a crypto venture tied to Trump’s sons and allies, raising “pay-for-play” concerns (Source: TIME). “I don’t know who he is”: In a 60 Minutes interview, highlighted by CNBC and others, Trump claimed he has “no idea” who CZ is, insisting he relied on recommendations and dismissing the prosecution as a Biden “witch-hunt” (Sources: CNBC, The Daily Beast). Pattern of clemency: CZ joins a growing list of white-collar and crypto offenders benefiting from Trump’s aggressive use of clemency in his second term, including Ross Ulbricht and Trevor Milton. Short Narrative On paper, the case of United States v. Changpeng Zhao was a landmark in crypto enforcement. The DOJ, Treasury, FinCEN, OFAC, and the CFTC coordinated a global action against Binance, accusing it of building the world’s largest crypto exchange by simply switching compliance off: no effective KYC, no real sanctions screening, and a deliberate focus on volume and profit over the rules (Source: thelaundrynews.com). Prosecutors said the result was predictable: Binance processed flows from sanctioned regimes and high-risk actors, including terrorist organizations and dark-web markets, and failed to report massive volumes of suspicious transactions. Treasury officials openly accused Binance of having “turned a blind eye” to its obligations, allowing money to flow to terrorists, cyber-criminals, and child abusers (Source: nypost.com). CZ took a plea, accepted a four-month prison sentence, and watched Binance agree to more than $4 billion in penalties and a multi-year independent monitorship plus an exit from the U.S. market. For global AML enforcement, it looked like a watershed moment: no one is too big to prosecute (Source: thelaundrynews.com) Then Trump signed the pardon – and blew a hole through that narrative. The pardon landed just as Binance deepened its financial links to World Liberty Financial, the Trump-family-aligned crypto project behind the USD1 stablecoin. A Senate letter and investigative reporting underline how Zhao’s pardon campaign ran in parallel to Binance’s role in boosting World Liberty’s capitalization. Days later, on 60 Minutes, Trump shrugged at the uproar and told Norah O’Donnell – and, via CNBC and others, the world – that he had “no idea” who CZ is and that he simply heard the case was a Biden “witch hunt.” Extended Analysis – Compliance View From a compliance and rule-of-law perspective, the CZ pardon is a live-fire stress test of U.S. AML credibility. Signal to the market: enforcement is negotiable.CZ did not plead guilty to a technical reporting error. The DOJ and Treasury framed Binance’s behavior as a deliberate commercial strategy that enabled sanctions breaches and serious crime. Turning around and pardoning the architect of that strategy – while his company partners with the president’s family – tells every offshore exchange: If you’re big enough and politically useful enough, there’s an escape hatch. Potential textbook case of “pay-for-play” optics.The timeline is toxic:2023–2024: guilty pleas, record fines, monitorship. Early 2025: Binance and World Liberty Financial announce a multi-billion-dollar USD1 deal that supercharges the Trump family’s crypto brand. October 2025: Trump signs the full pardon. Even if no explicit quid pro quo is ever proven, the pattern screams conflict of interest. For regulators and banks, the only rational assumption is that political risk now directly contaminates AML risk. The “I don’t know him” defense undermines governance.Trump’s claim on 60 Minutes that he doesn’t know CZ and relied on others’ advice is not exculpatory – it’s damning. It suggests the U.S. president is willing to override a multi-agency enforcement action without understanding the underlying conduct, the monitorship, or the national-security implications. Knock-on effect: regulatory backlash elsewhere.For EU and UK regulators pushing MiCA-style and FSMA-style regimes, this pardon will be cited as proof that U.S. enforcement can be neutralized politically. Expect more insistence on local licensing, ring-fenced compliance, and reduced reliance on U.S. precedents in crypto cases. For Binance, this is reputational, not legal, relief.The pardon does not erase Binance’s guilty plea, the monitorship, or the factual record in DOJ and Treasury documents. Civil suits, private litigation (including terror-finance claims), and regulatory supervision all continue. But politically, Zhao can now present himself as “cleared” – a narrative many retail users and promoters will happily adopt. Actionable Insight (for Regulators, Banks, and Investors) Treat Binance and any Trump-family-aligned crypto ventures as a combined high-risk cluster. Political proximity does not mitigate AML risk – it amplifies it. Do not downgrade risk ratings based on the pardon. For sanctions/AML purposes, rely on the original DOJ/Treasury record and ongoing monitorship, not on the political clemency. Enhance PEP and conflict-of-interest screening for any counterparties linked to World Liberty Financial, USD1, or similar vehicles that benefit from this pardon. Document your rationale. Supervisors will ask why your institution continued or discontinued relationships in light of the CZ pardon. Build that paper trail now. Call for Information Do you have information about violations of compliance or financial laws? Then share it with us via our whistleblower system, Whistle42. Share Information via Whistle42

A Web of Deception Unravels: Money Carousels, Failed Prosecutions, and Banking Giants in Crisis The collapse of René Benko’s Signa Group continues to send shockwaves through European financial markets, with creditors now filing claims totaling an astronomical €40 billion across Europe—€37 billion in Austria alone. As the 48-year-old former billionaire sits in prison, explosive new revelations about alleged financial manipulation and a sophisticated “money carousel” scheme are raising serious questions about how Europe’s financial elite enabled what may be one of the continent’s largest financial frauds. Key Facts Claims surge: Across Europe, creditors have filed >€40 billion; ~€37 billion in Austria alone; only €11.8 billion provisionally recognized so far. >3,000 creditors are chasing recoveries (Source: news.ORF.at). Julius Bär suit: The Signa Prime administrator seeks €62.2 million back from Julius Bär, alleging problematic flows shortly before insolvency; the bank contests the claim (Source: Inside Paradeplatz, Krone). Bank fallout: Julius Bär wrote off ≈CHF 586–606 million on Signa, exited private debt, and replaced its CEO in Feb 2024 (Source: Reuters). Criminal case: On Oct 15, 2025, Benko was convicted over a €300,000 transfer to his mother (creditor fraud) and acquitted on a €360,000 rent prepay; 24 months imposed; appeal filed (Source: Reuters). “Money carousel” probe: The SoKo Signa sees urgent suspicion of circular funding/sham flows across multiple strands of the inquiry (Source: wien.ORF.at). The €35 Million Shell Game: Anatomy of an Alleged Money Carousel In June 2023, as Signa teetered on the brink of collapse, investigators allege that Benko orchestrated an elaborate financial deception to convince investors to inject fresh capital. According to a 600-page report by Austria’s Special Commission (SoKo) Signa, Benko allegedly created the illusion that his Familie Benko Privatstiftung (FBPS) was contributing €35.35 million in fresh capital to a planned €350 million capital raise. The scheme allegedly worked as follows: While prominent investors, including the Swiss investors Ernst Tanner and Arthur Eugster, actually transferred €35.35 million, this money was allegedly shuttled through multiple Signa companies within hours on June 29, 2023, on Benko’s direct orders. The funds ultimately landed in the FBPS account, which then—just 40 minutes later—transferred the exact same €35.35 million back to Signa Holding as a purported “capital increase.” To obscure the true origin of the FBPS funds, investigators allege that “fictitious loan agreements” were created between the involved companies and the private foundation. This sophisticated circular flow of funds created the false impression that Benko himself was investing alongside other stakeholders, when in reality, the money allegedly came from those very investors he was trying to convince. The implications are staggering. If proven, this would mean that in Signa’s final desperate months, Benko wasn’t just failing to invest his own money—he was allegedly using other investors’ funds to create the illusion of his own financial commitment, potentially defrauding sophisticated investors who believed they were investing alongside him. Julius Bär’s €62 Million Gamble: When Risk Management Failed Spectacularly The fallout continues to reverberate through Switzerland’s banking sector. Signa Prime‘s insolvency administrator is now pursuing Swiss bank Julius Bär for €62 million in claims, arguing that Signa Prime had been operating at a loss since 2014—suggesting the business model was “doomed to fail from the beginning.“ Julius Bär‘s exposure to Signa proved catastrophic. The bank initially set aside a modest 70 million Swiss francs in November 2023, with CEO Philipp Rickenbacher proclaiming the bank wouldn’t change its risk appetite. Within months, the bank had written off the entire $700 million exposure, fired Rickenbacher, and announced a complete exit from the private credit business. Internal investigations revealed damning risk management failures: credit exposures to different Signa companies were treated separately rather than as exposure to the same borrower, and risk managers failed to grasp the complex nature of the Benko loans. The bank’s exposure included a €150 million loan linked to a Munich department store, secured only with a share pledge rather than underlying assets. The Julius Bär debacle raises uncomfortable questions: How did one of Switzerland’s most prestigious private banks so catastrophically misjudge risk? Were proper due diligence procedures followed, or were bankers blinded by Benko’s charm and the allure of high returns? Foundation Abuses: The INGBE Gold Sale The INGBE Stiftung (Foundation) in Liechtenstein, named after Benko’s mother Ingeborg, has become a focal point of investigations. On March 11, 2025—while Benko sat in detention—the foundation sold over 360 kilograms of gold valued at approximately €30 million, transferring proceeds to a private Liechtenstein bank account.​ Austrian prosecutors view this transaction as strong evidence that Benko diverted investor capital into private structures through complex foundation arrangements. In 2021, the INGBE Foundation held over €81 million in gold and liquid assets in vaults at LGT Bank, VP Bank, and Liechtensteinische Landesbank. Even in 2022, as Signa was collapsing, the foundation reportedly held €45 million in gold plus millions more in currency.​ Thomas Limberger, Robert Schimanko und William Shawn (from left) in Mar-a-Lago Robert Schimanko, a figure with past connections to the Madoff scandal and Manhattan Investment Fund, joined the INGBE Foundation board in November 2024—just as Signa‘s insolvencies were accelerating. His involvement, along with that of associate Thomas Limberger, has triggered intense regulatory scrutiny in both Austria and Liechtenstein.​ Criminal Justice Under Fire: A Two-Year Sentence That Raises More Questions Than Answers In October 2024, the Innsbruck Regional Court convicted Benko on one count of insolvency-related fraud, sentencing him to two years in prison for a €300,000 transfer to his mother that the court ruled was an attempt to keep money from creditors. However, he was acquitted on a second charge involving €360,000 in advance rent payments for a property that prosecutors argued was uninhabitable. The verdict has been widely criticized as inadequate given the scale of the alleged crimes. Prosecutors estimate the total damage from various suspected crimes at $349 million, yet this first trial dealt with a mere €660,000—a fraction of the alleged misconduct. The Austrian public prosecutor’s office faced sharp criticism both domestically and internationally for what many viewed as a weak indictment that failed to capture the scope of Benko’s alleged financial manipulations. The criticism appears justified. How can a case involving billions in creditor losses result in prosecutions over amounts that represent less than 0.002% of the total claims? Are prosecutors overwhelmed by the complexity of Benko’s corporate structure—which comprised over 1,000 interlocking companies—or is there a reluctance to pursue charges that might implicate Austria’s political and business elite? The Pre-Trial Detention Saga: A Flight Risk or Persecution? Benko has been in pre-trial detention since his arrest on January 23, 2025, with the Vienna Regional Court repeatedly extending his custody citing “urgent suspicion of a crime” and risk of committing further offenses. The court’s February 2025 decision specifically cited concerns about fraudulent bankruptcy, alleging that Benko continued to act as the “de facto power holder and economic beneficiary” of the Laura Private Foundation despite ongoing insolvency proceedings. Legal experts suggest Benko is unlikely to be released soon unless he cooperates with authorities, indicating that prosecutors may be using detention as leverage to secure his cooperation in unraveling the complex web of transactions that characterized Signa‘s final years. The Creditor Catastrophe: €40 Billion in Claims and Counting The scale of the Signa collapse is unprecedented in European corporate history. More than 3,000 creditors have filed claims totaling over €40 billion across Europe, with €37 billion in Austria alone. Of this amount, €11.8 billion has been initially recognized by the courts. According to Creditreform, the collapse resulted in 138 bankruptcies in Austria, 177 in Germany, 70 in Luxembourg, 7 in Switzerland, and several more in Italy and Liechtenstein. Each bankruptcy represents not just financial losses but jobs destroyed, pensions evaporated, and dreams shattered. Major creditors reading like a who’s who of European finance include: Deutsche Bank Allianz Julius Bär (with its devastating $700 million exposure) Raiffeisen Bank International Various German Landesbanken The Saudi Public Investment Fund (pursuing recovery through Latham & Watkins LLP) The Political Connections: When Oversight Fails Adding another layer to the scandal, Signa Prime‘s administrator is seeking damages from former supervisory board members, including former Austrian Chancellor Alfred Gusenbauer, claiming they ignored that the group was materially insolvent by March 2022—if not earlier—and signed off on improper loans between Signa companies. The involvement of political figures like Gusenbauer raises troubling questions about the cozy relationship between Austria’s political elite and its business tycoons. How many warning signs were ignored? How many regulatory oversights were waived? The Benko case exemplifies the dangers when political connections supersede proper corporate governance. Arthur Eugster’s €650 Million Nightmare Perhaps no individual investor suffered more than Swiss coffee machine mogul Arthur Eugster, who has admitted to prosecutors that he lost CHF 650 million in what may be the largest individual loss in Swiss financial history. Even more troubling, the CHF 35 million that Eugster and Ernst Tanner wired to Benko in mid-2023 was allegedly immediately recycled through Benko’s own foundation and falsely declared as his own equity injection. Read more about Arthur Eugster in the Benko context here. Eugster’s catastrophic losses serve as a cautionary tale about the dangers of blind trust in charismatic entrepreneurs, even for sophisticated investors. The Reckoning Continues The Signa collapse represents more than just a corporate bankruptcy—it’s a systemic failure of oversight, governance, and risk management that enabled one man to build a €27 billion house of cards while Europe’s financial and political elite cheered from the sidelines. As investigations continue across multiple jurisdictions, with Austrian, German, Swiss, Italian, and Liechtenstein authorities all pursuing various angles, one thing is clear: the full truth about Signa’s collapse and Benko’s role in it has yet to emerge. What we know so far may be just the tip of a very large, very expensive iceberg. The question now is whether European authorities have the will and capability to pursue justice commensurate with the scale of the alleged crimes, or whether Benko’s two-year sentence for a €300,000 transfer will stand as a monument to the inability of the justice system to tackle complex financial fraud at scale. Share Information via Whistle42 FinTelegram continues to investigate the Signa collapse and will provide updates as new information emerges. If you have information related to this case, please contact our investigation team through our secure channels.

Coin Sonic UAB, a Lithuanian-registered Virtual Asset Service Provider (VASP), is operating as a payment facilitator for offshore online casinos that appear to breach EU gambling laws. This compliance report examines how Coin Sonic‘s involvement in processing fiat bank deposits for casinos such as SlotsDynamite and SlotsAmigo—both operated by Curacao-based Coco Loco Holdings N.V.—raises serious regulatory and legal concerns.​ Operator and Licensing Overview SlotsDynamite and SlotsAmigo are crypto-friendly online casinos operating under Curacao eGaming licenses issued to Coco Loco Holdings N.V.. These casinos actively accept players from EU jurisdictions without holding the required national licenses mandated by member states such as Germany, Italy, the Netherlands, and others. Under EU law and national gambling regulations, operators must obtain licenses from each jurisdiction in which they offer services; a Curacao license does not grant legal market access within the EU.​ Independent testing confirmed that players from various EU regions can register and deposit at these casinos without restrictions, despite local prohibitions on unlicensed operators. This represents a clear violation of applicable national gambling laws across the EU.​ Coin Sonic’s Role and Regulatory Violations Coin Sonic UAB (company code 306200594) is a Lithuanian private limited company established in December 2022. It operates the crypto exchange platform InstaXchange and is registered as a VASP under Lithuanian law. VASP registration permits activities directly related to virtual assets—such as crypto-to-fiat exchange, crypto custody, and wallet services—but does not authorize the provision of general payment processing or e-money services for non-crypto transactions.​ Our investigation revealed that when players make fiat bank deposits at SlotsDynamite or SlotsAmigo, they are redirected and laundered through multiple domains. First, the payment flow passes through secure.omerpayments.com/checkout, then to InstaXchange (instaxchange.com), and finally to checkout.instantbankpayment.com—a subdomain apparently linked to Yapily, an open banking infrastructure provider. Players then select their bank and complete a standard EUR bank transfer directly to Coin Sonic‘s account at Banking Circle’s German branch (IBAN: DE73202208000056199298).​ Crucially, no cryptocurrency is involved in these transactions. Players deposit fiat currency (EUR) that is credited as casino balance for gambling purposes—not exchanged into crypto assets. This activity falls outside the scope of a VASP registration, which is limited to virtual asset services, and instead constitutes payment processing or e-money issuance requiring a Payment Institution (PI) or Electronic Money Institution (EMI) license under EU Directive 2015/2366 (PSD2).​ Coin Sonic UAB does not hold such licenses. By facilitating fiat payments for third-party merchants (illegal casinos), Coin Sonic is operating beyond its regulatory authorization and in potential breach of Lithuanian and EU financial services law.​ Yapily facilitates payments to Coin Sonic Payment Infrastructure and Compliance Gaps The payment routing involves several intermediaries. Omer Solutions (omerpayments.com) is a high-risk payment gateway explicitly serving industries, including gaming and casinos. Yapily Connect UAB, a Lithuanian-regulated payment institution authorized by the Bank of Lithuania (license LB002045), provides open banking infrastructure but is not itself a payment processor. The use of checkout.instantbankpayment.com—likely a white-label or technical layer—obscures the ultimate beneficiary and complicates compliance tracing.​ Banking Circle, a regulated financial infrastructure provider in Germany and Luxembourg, processes the actual transfers. While Banking Circle itself is licensed, its role as a banking intermediary does not absolve Coin Sonic or the casino operators from compliance obligations. Coin Sonic‘s acceptance of fiat funds on behalf of unlicensed gambling operators implicates the company in facilitating illegal gambling operations across the EU.​ Entity/DomainDescription/FunctionLegal Entity / OwnerJurisdiction / RegistrationLicensing StatusSlotsDynamite / slotsdynamite9.com (etc.)Online crypto/fiat casino (accepts EU players)Coco Loco Holdings N.V.CuracaoCuracao eGaming; unlicensed in EUSlotsAmigoOnline casino, sister to SlotsDynamiteCoco Loco Holdings N.V.CuracaoCuracao eGaming; unlicensed in EUCoin Sonic UAB d/b/aInstaXchangeCrypto exchange & payment facilitatorOperator of InstaXchangeCoin Sonic UAB (Reg. code: 306200594)LithuaniaVASP, not licensed as Payment or EMIinstaxchange.comCrypto exchange platformCoin Sonic UABLithuaniaVASPOmer Paymentsomerpayments.com &secure.omerpayments.com/checkoutHigh-risk payment gateway (casino payments)Omer SolutionsLikely offshore(not clearly disclosed)No EU payment/EMI licenseinstantbankpayment.com &checkout.instantbankpayment.comBranded payment checkout(linked to Yapily open banking infrastructure)Operated in connection with YapilyUK/LithuaniaYapily Connect UAB: PI license LT, FCA UKBanking Circle (German branch)Banking and settlement provider for Coin Sonic payments (IBAN: DE73202208000056199298)Banking Circle S.A.Germany / LuxembourgFully licensed financial institution Legal and Regulatory Implications Illegal Gambling Operations: SlotsDynamite and SlotsAmigo operate without valid EU member state licenses, making their services illegal in jurisdictions such as Germany, Italy, the Netherlands, Austria, and others. EU member states explicitly require national licenses under the principle of subsidiarity, repeatedly upheld by the European Court of Justice.​ VASP Scope Overreach: Coin Sonic’s VASP registration does not permit general fiat payment processing. The company’s facilitation of non-crypto casino deposits constitutes unauthorized payment services.​ AML/CTF Risks: Processing payments for unlicensed casinos increases exposure to money laundering, terrorist financing, and fraud risks. Coin Sonic’s involvement may breach AML obligations under the EU’s 5th and 6th Anti-Money Laundering Directives and Lithuania’s AML framework.​ Consumer Protection Failures: Players using these casinos lack the protections guaranteed under licensed EU gambling frameworks, including responsible gambling tools, dispute resolution, and fund safeguarding.​ Conclusion and Call for Whistleblowers Coin Sonic UAB appears to be operating outside the legal boundaries of its VASP registration by processing fiat payments for offshore casinos operating illegally within the EU. This arrangement benefits unlicensed operators while exposing consumers to significant risks and depriving EU member states of regulatory oversight and tax revenue.​ Regulatory authorities in Lithuania, Germany, and across the EU should investigate Coin Sonic‘s payment facilitation activities, assess compliance with payment services and AML laws, and consider enforcement action. Banking Circle and Yapily should also review their indirect involvement in these payment flows. We call on insiders, whistleblowers, and industry professionals with knowledge of Coin Sonic UAB, InstaXchange, Coco Loco Holdings N.V., or related payment schemes to come forward. Additional documentation, transaction records, internal communications, or evidence of similar arrangements would greatly assist regulatory investigations and public accountability efforts. Contact us confidentially to share information that can help protect consumers and uphold the integrity of EU financial and gambling regulation. Share Informatin via Whistle42

The EU’s 19th sanctions package (23 Oct 2025) imposes a transaction ban on Russian-linked payment platform Payeer, alongside several third-country financial operators aiding circumvention. EU operators must cease dealings; a brief wind-down for Payeer runs to 25 Nov 2025. Lithuania had already fined Payeer UAB in 2024 for sanctions/AML breaches (Source: Finance). Key Facts Measure: “Transaction ban” — EU persons/entities are prohibited from carrying out any transactions with listed operators (Source: Finance) Effective date: Package adopted 23 Oct 2025; Payeer ban starts 25 Nov 2025 (shorter start of 12 Nov for others listed) (Source: Rat der Europäischen Union). Who’s hit: Payeer plus multiple third-country banks/oil traders and additional Russian banks for sanctions circumvention support (Source: Rat der Europäischen Union) Why Payeer matters: Long associated with Russian-linked activity; EU now escalates to a full transaction ban (Source: TRM Labs) Corporate opacity: Current site shows “PAYEER trademark — Payeer E.A.S.” with a UK correspondence address; operations previously cycled via Estonia and Lithuania (Source: Payeer). Prior enforcement: Lithuania’s FCIS (FNTT) issued a record fine (~€9.3m) in July 2024 for international-sanctions and AML failures at Payeer UAB (Source: Finansinių Nusikaltimų Tyrimo Tarnyba). Read our Payeer reports here. Short Analysis The EU’s transaction-ban tool is narrower than an asset freeze but broader in practical impact: it bars EU operators (banks, PSPs, exchanges, merchants, tech vendors) from any dealings with Payeer, cutting access to payment rails, crypto services, and commercial relationships. For Payeer, the grace period to 25 Nov 2025 only enables technical wind-down; ongoing business with EU counterparties after that date would violate EU law. For compliance teams, the risk profile is now unambiguous. FinTelegram has repeatedly flagged Payeer’s Russian control/links and serial jurisdiction-hopping (Estonia → Lithuania → Paraguay E.A.S. with a UK maildrop), coupled with weak controls—concerns corroborated by Lithuania’s record FNTT penalty. High-risk merchants (gambling/forex/crypto) relying on Payeer must de-onboard and evidence termination, update sanctions screens, and ring-fence historical flows for lookbacks. Action Items for EU-regulated firms Add Payeer to Blocked Counterparty lists; 2) Halt new/renewed contracts; 3) Complete KYC/KYB remediation for connected merchants; 4) File SAR/STR where warranted; 5) Preserve records for competent-authority inspections. (Derived from EU sanctions package language.) Key data Payeer Trading namePayeerBusiness activityhigh-risk payment processor, crypto exchange,merchant service prodiverDomainhttps://payeer.comhttps://payeer.ccLegal entitiesPayeer E.A.S. (Paraguay)Payeer OÜ (Estonia)Payeer UAB (Lithuania)PayCorp Limited (Vanuatu)Fincana OÜ (Estonia)Runwill Sp. z o. o. (Poland)PAYEER LLC (Georgia)FINGATE LLC (Georgia)AKKORD WELT LP (Scotland)Worldwide System K/S (Denmark)Mayzus Financial Services Ltd (UK)PAYMENT SOLUTIONS LTD (BVI)PAYEER RUS LLC (Russia)PB24 CORP (Panama)Related individualsAnton Stjopotškin, Estonia (UBO)Joseph Olatilewa Jaiyeola, EstoniaEkaterina Olegovna Gorshkova, RussiaLiubov Svezhentseva, Russia Kosolapova Evgenia Nikolaevna, RussiaElena Kulbikova, RussiaSergey Mayzus, RussiaDmitri Allikas (old)Stanislav Lattu (old)JurisdictionsEstonia, Vanuatu, Russia,BVI, Poland, Panama, Georgia,DenmarkRegulatorsFIU Estonia renounced in Jan 2023FCIS (Financial Crime Investigation Service) LithuaniaVFSCTrustpilot rating4.6-star rating with an “Excellent” trust levelFacilitated schemesPO Trade, Pocket Option,Capital Letter, FXTradePremiums, Deal TradeOptimus Markets, Spintop Capital, SuperForexand counting Whistleblower Request We would like to know more about the Payeer Group, its beneficial owners and partners and activities. If you have any relevant information, please let us know via our whistleblowing system, Whistle42. Report Information to FinTelegram

A whistleblower alleges that Delasport Ltd (Gibraltar) runs operator-level controls for brands fronted by Bellona N.V. (Curaçao, 8048/JAZ) and Shark77 Ltd (Malta), targeting Germany and other EU markets without national authorizations or OASIS/LUGAS connectivity. EU-based marketing and payment rails allegedly complete the scheme. Read our Shark77 report here. Key Facts Brands cited: 1Bet, 18Bet, BabiBet, CasinoWinBig. Bellona N.V. licence 8048/JAZ used as umbrella; Shark77 Ltd. (MGA) linked to 18Bet/CasinoWinBig. Delasport allegedly provides not only tech but centralized PAM/CRM/risk & KYC/payment routing. Arzella Ltd. (CY) cited as EU payments conduit; PremiumTradings referenced as “sister” brand. Keymarketings Ltd. and Global Tech Market Ltd. (Ilan Shemesh) allegedly run EU affiliate acquisition/analytics. Germany (GlüStV 2021) requires GGL licence, OASIS self-exclusion, LUGAS reporting — not evidenced here. Player reports: withheld winnings, delayed withdrawals, no verified self-exclusion. Compact Facts Table (copy/paste into Gutenberg → “Custom HTML”) EntityJurisdictionRole (alleged/observed)Linked BrandsDelasport Ltd.Gibraltar (ops); Malta presencePlatform + centralized PAM/CRM/risk; operator-in-substance exposure1Bet, 18Bet, BabiBet, CasinoWinBigBellona N.V.Curaçao (8048/JAZ)Licence umbrella / operating entity1Bet, othersShark77 Ltd.Malta (MGA)B2C operator for selected brands18Bet, CasinoWinBigArzella Ltd.CyprusEU payments intermediary (alleged)Group flowsPremiumTradings—Brokerage; “sister” back-office overlaps (alleged)—Keymarketings Ltd / Global Tech Market LtdEU-based ops (alleged)Affiliate acquisition & analytics (dir. Ilan Shemesh)Traffic to listed brands Short Analysis The structure blends B2B tech with B2C operational control: if Delasport centrally manages KYC, risk, payments, and customer comms, it risks being deemed an operator in substance where unlicensed. Curaçao/Malta fronting plus EU marketing/payment nodes can create joint liability across entities for consumer-protection, AMLD, and gambling-law breaches. Germany is decisive: without a GGL licence and technical hookups to OASIS/LUGAS, any targeted offering to German residents is unlawful. Allegations of mirror domains, EU-hosted affiliate tooling, and payment detours heighten the exposure and justify coordinated action by GGL, MGA, CySEC, BaFin, OLAF/EUROJUST. Call for Information (Whistle42) Were you a customer, affiliate, contractor, or PSP for any of the brands or entities named above? FinTelegram invites documents (KYC/withdrawal correspondence, merchant descriptors/IBANs, affiliate dashboards, internal comms) via Whistle42.com. Confidential, source-protected submissions only, per Directive (EU) 2019/1937. Share Information via Whistle42

The leading US crypto exchange Coinbase has introduced a major decentralized lending service by integrating with the Morpho protocol, allowing customers to obtain crypto-backed loans and participate as lenders, all while leveraging the benefits of decentralized finance (DeFi) architecture. This model is reshaping the landscape for lending and regulation in the crypto-finance world by reducing the direct regulatory burden through its “technology facilitator” approach. Context: Coinbase x Morpho Lending In 2025, Coinbase launched crypto-backed lending powered by Morpho, representing one of the largest onchain DeFi integrations to date. The service enables users to deposit Bitcoin as collateral to borrow USDC or lend USDC to earn yield. Coinbase users interact primarily through Coinbase’s user-friendly app, while the backend is handled entirely by Morpho’s decentralized smart contracts.​ Key highlights: Users can instantly receive loans in USDC after posting Bitcoin as collateral, with the collateral managed transparently onchain by Morpho. Interest rates for loans and lender yields are determined algorithmically by the supply and demand in Morpho lending pools. The service is available to a broad base of U.S. customers, contrasting with competitors who must secure state-by-state lending licenses.​ How DeFi Lending with Morpho Works Unlike traditional lending, DeFi lending via Morpho uses permissionless, peer-to-peer smart contracts on a public blockchain. Here’s how it operates: Morpho allows anyone to create isolated lending markets pairing two assets (e.g., BTC/USDC), setting parameters such as interest rates, collateral ratios, and liquidation thresholds. Depositors (lenders) can add assets like USDC to earn interest generated by borrower demand, while borrowers provide collateral (e.g., Bitcoin) to access loans. The protocol utilizes intent-based matching, directly connecting lenders and borrowers when possible, which increases efficiency and customizability compared to pooled models.​ Risk management, interest, and liquidation parameters are enforced by immutable smart contracts, offering transparency and lowering custodial risks. Morpho’s architecture supports: Permissionless market creation (anyone can set up a lending market with their chosen parameters). Isolated risk by keeping each market separate from others (similar to Uniswap pairs). A flexible, programmable approach conducive to both retail and institutional use cases.​ Regulatory Position and the “Technology Facilitator” Model U.S. regulation mandates that lending institutions must comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) provisions. Traditionally, this involves collecting sensitive personal information and being licensed in every operational jurisdiction. However, Coinbase’s DeFi-backed loans differ: Coinbase does not lend directly or custody most of the funds; instead, its platform acts as a facilitator, routing user transactions to Morpho’s decentralized protocol. Morpho, as a permissionless, non-custodial protocol, does not inherently require user identification for participation. The protocol itself cannot discriminate or enforce regulatory checks, aligning with crypto’s open access ethos.​ This operational structure allows Coinbase to offer lending with fewer licensing barriers, avoiding direct lender status and thus some regulatory requirements. Competitors who lend from their own balance sheet or custody user funds face a patchwork of licensing obligations.​ Some argue this makes the DeFi model less susceptible to regulatory bottlenecks, though there are associated compliance and enforcement risks being debated by regulators, especially concerning consumer protections and illicit finance. Implications for the DeFi Lending Segment Coinbase’s partnership with Morpho signals a maturation of decentralized lending platforms. It combines the trusted brand and easy interface of a regulated exchange with the global, open, and often unregulated liquidity of DeFi protocols. For financial crime analysts and compliance professionals, this presents both opportunities for transparency (onchain transaction records, automated rules) and new risks (reduced KYC, cross-jurisdictional enforcement challenges). As institutional players and retail crypto holders explore these products, ongoing regulatory debates are likely to shape future developments. Some DeFi initiatives are experimenting with “permissioned pools” for compliant institutional participation, but broad adoption of non-custodial, permissionless lending remains resistant to the same level of oversight as traditional finance.​ This context will help you interpret and analyze Coinbase’s Bitcoin-backed lending offering and its market impact as described in the linked Decrypt segment.​ Share Information via Whistle42

Trustpilot is issuing a brutal verdict on crypto exchanges: Binance 1.4, Kraken 1.6, Bitstamp 1.7, Gemini 1.4, Blockchain.com 2.1—dominated by frozen-account horror stories and support dead ends. Only Coinbase and Bitpanda (3.9, Great) and Bybit (3.4, Average) escape “scam-level.” Fintechs like Revolut (4.6, Excellent) and Wise (4.3) show how far crypto’s CX still lags. Snapshot: what the ratings say today Binance: ~1.4/5 (“Bad”) across ~6k reviews (Source: Trustpilot) Kraken: ~1.6/5 (“Bad”) across ~3k reviews (regional pages show the same) (Source: Trustpilot) Gemini: ~1.4/5 (“Bad”) (1k+ reviews) (Source: uk.trustpilot.com). Bitstamp: fragmented profiles: bitstamp.net ~1.6/5 (“Bad”) (~990 reviews) and bitstamp.com ~1.2/5 (“Bad”) (~100 reviews) (Source: Trustpilot) Blockchain.com: ~2.1/5 (“Poor”) (~7k reviews) (Source: Trustpilot). By contrast, the best-scoring large players: Coinbase: 3.9/5 (“Great”) (~20k reviews) (Source: Trustpilot) Bitpanda: 3.9/5 (“Great”) (~14k reviews) (Source: Trustpilot) Bybit: 3.4/5 (“Average”) (~6–7k reviews) (Source: Trustpilot) Fintechs that also let customers trade crypto materially outperform: Revolut: ≈4.5–4.6/5 (“Excellent”) (≈300k reviews) (Source:Trustpilot). N26: ≈3.8/5 (“Great”) (~38k reviews) (Source: Trustpilot). Wise: ≈4.3/5 (“Excellent”) (270k+ reviews) (Source: ca.trustpilot.com). Bottom line: With the partial exception of Coinbase/Bitpanda/Bybit, customer sentiment toward major crypto exchanges on Trustpilot is scam-level. What the worst reviews complain about (recurring patterns) Frozen accounts & withheld funds for weeks or months. Large volumes of reviews detail “under review” holds, blocked withdrawals, or P2P escrow disputes; customers say support loops them through canned replies. Examples are visible across Binance and Blockchain.com pages. Support that feels non-existent (or bots only). Users report ticket ping-pong and AI chat walls before a human intervenes—again most evident on Binance pages. Entity maze & jurisdiction confusion. Complaints from EU users about not knowing which Binance entity actually holds their funds or handles disputes—symptomatic of global restructuring and de-risking. Withdrawal frictions & KYC re-verification. “Re-KYC after deposit,” “old card proof,” or mid-flow compliance prompts are common flashpoints. P2P marketplace risks. Disputes over releases/escrow and chargeback exposure feed “scam” narratives on Binance’s P2P. Bitstamp fragmentation. Two public Trustpilot profiles split reviews (bitstamp.net vs bitstamp.com), but both still sit in “Bad” territory. Methodology caveat (review gaming). Trustpilot has had to police fake or manipulated reviews (including crypto). It removed swathes of suspect content and has even disabled a Binance TrustScore previously—so the signal is imperfect, albeit still damning at scale (Source: The Guardian). Why are crypto exchanges so poorly rated? A working hypothesis A. Structural compliance friction > catastrophic CX.Exchanges operate under intense AML/CTF, sanctions, and fraud risk. Their default defense—automated risk engines + sweeping account reviews—freezes funds and blocks withdrawals first, investigates later. Without fast, human-grade triage, this feels indistinguishable from confiscation to retail users. The reviews show that time-to-resolution (not just freezes) drives rage. B. Product-model risk: P2P & high-velocity trading.P2P fiat ramps (escrow disputes, chargebacks) and leverage products create more disputes and more compliance flags than e-money style payments. That naturally increases suspensions and refunds friction relative to neobanks/EMIs. C. Underinvestment in human support relative to user scale.Crypto exchanges scaled globally with thin licencing per market and outsourced/AI-heavy support—the wrong mix when freezing someone’s money. Reviews repeatedly cite bot loops and delayed human escalation. D. Entity sprawl and governance debt.Multiple legal entities, migrations, and compliance clean-ups leave customers unsure who is responsible for what. That confusion compounds disputes and fuels “scam” accusations. E. Review-platform dynamics.Angry customers post more often, and some firms manipulate reviews. Even with that caveat, the volume and consistency of “frozen funds + no support” themes across thousands of reviews suggest a genuine sector-wide CX problem, not merely review bias. F. Why fintechs score better.Revolut/Wise/N26 run bank/EMI-like flows with clearer ex-ante risk scoring, fewer P2P disputes, and in-app case handling norms; they appear to have invested earlier in operational CX and communications, and it shows in “Excellent/Great” TrustScores at scale. Analyst view: what this means For regulators: These ratings are a real-time barometer of operational and consumer-protection failings—chiefly around fund accessibility and effective redress. Supervisors should scrutinize (i) time-to-resolution SLAs for freezes, (ii) P2P dispute handling, (iii) clarity about the responsible legal entity, and (iv) adequacy of human support when funds are restricted. The Trustpilot record supplies abundant, concrete case narratives. For exchanges: The reputational gap vs. fintechs is stark. The fastest win is not another marketing campaign—it’s SLAs + escalation ladders for frozen-funds tickets, transparent case status, and entity-level accountability in the EU/UK/US. Until that’s fixed, the “scam-level” perception will persist and hurt licensing efforts. For consumers: Ratings don’t prove fraud, but they do highlight predictable pain points. If you value recoverability and response times, the data suggest sticking to providers with Great/Excellent TrustScores—or at minimum, testing small withdrawals before trusting a platform with material balances. Notes on data & limitations Trustpilot ratings change and can be gamed; where possible we referenced the live company pages (some vary by domain/region) and, for Revolut/Wise, corroborating company disclosures that mirror the Trustpilot score bands. Treat these as directional, not absolute; the pattern—crypto exchanges cluster at “Bad/Poor,” leading fintechs at “Great/Excellent”—is robust across sources as of 29 Oct 2025. Share Your Crypto Experience via Whistle42

MEXC is certainly one of the most notorious crypto exchanges when it comes to compliance violations. FinTelegram has already pointed this out several times. But the number of negative customer reviews is also increasing. FinTelegram has repeatedly flagged the crypto-exchange MEXC for opaque structures and unlicensed operations. Since our previous reports, multiple national regulators and user-review signals reinforce a high-risk profile. Regulatory status & warnings (selected): • UK (FCA): MEXC Global Ltd appears on the FCA Warning List as an unauthorised firm targeting UK users (Source: FCA).• Germany (BaFin): Consumer warning and investigation notice against MEXC’s services (Source: BaFin).• Austria (FMA): Public warning that MEXC is not authorised to conduct licensable banking/financial activities in Austria (Source: FMA Österreich).• Hong Kong (SFC): Added to the SFC’s “Suspicious Virtual Asset Trading Platforms” alert list (Source: sfc.hk). FinTelegram’s dossier and prior signals (including references to the former Estonian payment arm and our Red Compliance List listing) remain relevant context for readers (Source: Fintelegram). Read our MEXC reports here. Reputation & user risk signals: • Trustpilot: MEXC holds a 1.8/5 (“Poor”) TrustScore with numerous 1-star reports citing frozen/withheld funds, withdrawal frictions, and customer-support issues. This low score is current and visible on the company’s Trustpilot profile (Source: Trustpilot)• Additional review aggregators also show very low averages, consistent with a persistently negative user-experience trend (Source: Reviews). Whistleblower allegations (corroborated where possible): A whistleblower describes (i) no effective licensing, (ii) concealed ownership and masked domain data, (iii) “Suspicious” rating on ScamAdviser, (iv) index-price methodology breaches on certain perp pairs (e.g., TRADOOR/USDT allegedly using 100% MEXC spot as the “index” for two weeks, causing a ~13% divergence and a liquidation), (v) funding-rate stuck at –0.50%, and (vi) copy-paste support loops without case IDs or remediation. ScamAdviser does flag MEXC domains with low trust scores, supporting the general “suspicious” risk signal, though ownership masking is common in crypto and not conclusive alone (Source: ScamAdviser). The DEX+ Scheme DEX+ powered by MEXC is contractually high-risk, low-recourse: broad disclaimers, custody ambiguity, no guaranteed execution, and a near-zero liability cap. Combine this with the separate fiat-on-ramp arrangements (e.g., Oceanblue handling bank transfers) and you get a split-rail model that minimizes MEXC’s responsibility while maximizing user exposure. For EU users, the MiCA compliance posture remains the key unresolved question. Calling themselves an “agent placing orders” can fall under CASP (MiCA) or investment-service analogues (depending on assets/construct). This conflicts with the “pure aggregator/info platform” narrative. The DEX+ terms say MEXC isn’t responsible for your private key/seed, yet your keys/seed are “entrusted to a third-party provider.” That’s quasi-custodial. The provider isn’t named, and the licensing status is unknown. This is a significant risk. The Oceanblue Tintech Connection In our refreshed review, we found that MEXC bank-transfer deposits for buying crypto are being routed to Oceanblue Fintech UAB (reg. code 306111081) in Vilnius—the company formerly named “MEXC Lithuania UAB.” MEXC’s own materials state that its “fiat services are operated by Oceanblue Fintech UAB.” Oceanblue’s website markets the firm as a “regulated” crypto services provider; however, in Lithuania this typically means legacy VASP registration—not a MiCA crypto-asset service provider licence from the Bank of Lithuania. We found no public evidence of a MiCA licence for Oceanblue. Oceanblue’s terms indicate that payment accounts are provided by Paytend Europe UAB (an EMI). In practice, this means Oceanblue supplies the fiat rails for MEXC’s EU deposits while MEXC itself does not hold an EU MiCA licence. The rebrand from “MEXC Lithuania UAB” to “Oceanblue Fintech UAB” underscores the close operational linkage to the MEXC scheme and its deposit flows. Red-flag takeaways: (1) reliance on a VASP-registered but non-MiCA-licensed entity for EU on-ramping; (2) name change away from an explicit MEXC label; (3) customer funds collected via a third-party EMI account for a platform with unresolved EU licensing. With the MiCA transitional period ending on 31 December 2025, users should treat this arrangement as high-risk unless clear, verifiable MiCA authorisations are published. Compliance analysis & red flags: Unlicensed solicitation across major markets (FCA, BaFin, FMA, SFC) is a decisive red flag. Users transacting with unauthorised firms lack statutory recourse (e.g., no FSCS-like protections in the UK), and supervisory escalation can trigger abrupt service curtailments. Opaque governance/ownership impedes accountability, complicates KYC/AML assurance and incident response. (MEXC’s own sites provide inconsistent compliance disclosures.) Officially, Yichen Peng is recorded as the ultimate beneficial owner of MEXC Estonia. (Sources: FinTelegram, Teatmik) Market-integrity concerns: If index components/weights or ±3% exclusion rules are not applied as published, this can distort fair-price and funding mechanisms—an unacceptable risk for derivatives users. (User testimony aligns with the pattern of complaints visible in public reviews.) Source: Trustpilot). Customer-service weak signals: High volume of unresolved 1-star complaints about withdrawals and support is typical of platforms with structural compliance gaps (Source: Trustpilot). FinTelegram position (updated): Given the mounting regulator warnings, poor user-review profile, and whistleblower allegations around pricing/funding mechanics, MEXC remains on our Red Compliance List. We advise avoiding deposits, trading, or referrals until (a) a clear, verifiable licensing posture exists in key jurisdictions, (b) ownership/management and compliance contacts are transparently published, and (c) independent audits attest to index and funding-rate governance. MEXC Key data Trading namesMEXC, MEXC GlobalMEXC VenturesBusiness activityCrypto exchangeDomainwww.mexc.comwww.mexceu.comhttps://m-ventures.iohttps://www.mexc.cohttps://www.mexc.co/venturesSocial mediaLinkedIn, X, Instagram, Youtube, MEXC Ventures on XLegal entitiesMXC Technology Pte. Ltd.Oceanblue Fintech UABMEXC Global LtdMEXC Estonia OÜOceanblue Fintech UAB (prev. MEXC Lithuania, UAB)MX Global LtdContact dataservice@mexceu.cominvestment@mexc.comJurisdictionsLithuaniaEstoniaSeychellesSingaporeEngland (User Agreement)Related individualsJohn Chen (LinkedIn) a/k/aJohn Chen JuYichen PengLjudmila BudnikovaAuthorizationEstonian FIU crypto licensePayment optionsCrypto, Credit/debit cardPayment processorsMoonPay, Banxa, MercuryoSimplex, PaytendOceanblue Fintech UABTrustpilot1.8-star rating with a “Poor” trust levelCompliance ratingRedWarningsBaFin, FMA, BCSC, SFC, FCA, CNMV Call for information: Insiders, counterparties, PSPs, and affected users are invited to provide documents (e.g., compliance notices, internal tickets, pricing logs, index-component snapshots) via Whistle42 to support further forensic review. Share Information via Whistle42

Japan has debuted the world’s first yen-pegged stablecoin, “JPYC,” issued by startup JPYC and fully convertible 1:1 to JPY with reserves held in domestic deposits and Japanese government bonds (JGBs). The issuer targets up to ¥10 trillion (~$66bn) over three years, waiving transaction fees initially and funding operations from JGB interest. Japan’s three megabanks are also preparing stablecoin initiatives, signalling a coordinated market build-out. Stablecoins are tokenised cash: Fiat-referenced digital IOUs that settle near-instantly on public or permissioned ledgers while riding open-source rails. Their strategic weight has surged in 2024–2025: over 99% of supply is dollar-denominated, giving USD an outsized footprint in crypto and cross-border flows. The Bank for International Settlements (BIS) warns this concentration can “stealth-dollarise” payment habits and strain monetary sovereignty. The euro-area central bank has echoed those concerns, noting repeated breaks from par in some coins (Source: Bank for International Settlements). Tokyo is taking a different path: regulate first, then scale. Amendments to Japan’s Payment Services Act (effective June 2023) created a bespoke perimeter—only licensed banks, trust companies or registered money transfer businesses can issue “currency-denominated assets,” with strict reserve and custody rules (including trust-bank models for third parties). That framework both enables JPYC’s launch and narrows regulatory arbitrage (Source: hubbis.com). Signals from the Bank of Japan (BoJ) are deliberately two-handed: Deputy Governor Ryozo Himino calls stablecoins potential “key players” in global payments that could partly substitute bank deposits—hence the push for globally harmonised guardrails. Japan’s cautious green light, paired with prudential rhetoric, aims to capture efficiency gains (lower fees, faster settlement, programmable commerce) without exporting risks into the banking core (Source: Reuters). Why the Yen Coin Matters (and the Limits): Domestic adoption may lag—Japan remains cash/credit-heavy, and the yen lacks the USD’s network effects. But cross-border use cases are promising: on-chain FX/treasury operations for Japanese firms, e-commerce settlement, and intragroup liquidity sweeps can benefit from 24/7 rails and atomic swaps. If megabanks co-issue interoperable JPY coins, liquidity and trust could scale faster. Still, market share will hinge on exchange listings, wallet support, and merchant rails—areas where dollar coins dominate. The Stablecoin Hype—Through a Compliance Lens: 2025’s boom reflects real utility (payments, on/off-ramps, tokenised-markets plumbing) but also regulatory externalities: opacity in reserves, run-risk under stress, illicit-finance vectors, and deposit disintermediation. BIS and central banks now frame stablecoins as part of the money system—not a sideshow—demanding bank-grade transparency, segregation, and supervision. Japan’s PSA model is a live test: if JPY coins stay at par through cycles while meeting KYC/AML standards, they will pressure peers to upreserve, disclose, and submit to oversight—or cede ground to regulated issuers. Bottom line: JPYC is small today but strategically important: a regulated blueprint for non-USD stablecoins from a G7 economy. Watch three indicators: (1) bank participation and wallets/exchange support; (2) reserve disclosure and audit cadence; (3) cross-border settlement volumes vs. dollar coins. If these trend up, the “yen on-chain” could become real infrastructure—not just a headline. Share Information via Whistle42

Tether’s CEO Paolo Ardoino says the stablecoin giant runs at a 99% profit margin and could earn $15B in 2025, outpacing Wall Street titans. We explain how a low-cost issuance model plus T-bill yields create extraordinary margins—while transparency and regulatory history keep the compliance risk dial turned up. Key Facts TheStreet: Tether touts a 99% profit margin; IPO chatter persists (Source: thestreet.com). Forecasts ~$15B 2025 profit; Q2 2025 net profit reported at ~$4.9B. (Source: Yahoo Finanzen). Market position: USDT supply ≈ $178–182B; ~500M users reported; USDC rising (Source: CoinMarketCap). Prior actions: $41M CFTC penalty (misstated reserves), $18.5M NYAG settlement (Source: CFTC). How the model makes money: Tether issues USDT against incoming dollars, invests the backing reserves—overwhelmingly in U.S. Treasuries, repos and money-market instruments—and collects the interest spread while charging minimal fees. With operating costs small relative to the $160B+ reserve base, interest income flows largely to the bottom line. Q2 2025 results (≈$4.9B net profit) and company guidance for 2025 (~$15B) square with a high-rate environment and a swelling USDT float (Source: Galaxy, Tether). Why margins look “99%”: Revenue is mostly yield on customers’ cash (economic seigniorage). If Tether books limited cost of goods sold—no interest paid to USDT holders—gross margin approaches 100%; net margins then reflect lean overheads. That said, margin optics rely on classification choices, mark-to-market gains (BTC/gold), and a rate regime that may normalize (Source: Tether) Risk & oversight lens: Despite dominance, transparency gaps persist (attestations vs. full audits), and the history of regulatory actions (CFTC, NYAG) remains part of the risk profile. Competitive pressure from USDC and new entrants is rising, even as Tether explores financing/IPO rumors at lofty valuations. For regulators, the central questions stay the same: reserve quality, liquidity under stress, and related-party exposures. Call for Information Are you a former partner, bank desk, MMF provider, auditor, or insider with documents on Tether’s reserve composition, related-party flows, or liquidity lines? Submit securely via Whistle42.com. Share Information via Whistle42

Game Insight, once a flagship mobile game developer spanning Lithuania and Russia, collapsed into insolvency in 2022–2023 amid mass layoffs, unpaid wages, and the transfer of assets outside Russia. At the center of stakeholder accusations stands Igor Matsanyuk—a former Mail.ru executive, investor, and long-time power figure behind the company. Whistleblower research and Scam-or reports suggest that the collapse was not a sudden wartime market failure, but the culmination of a planned cross-border withdrawal of assets, executed through layered corporate structures. Legal proceedings continue, while affected employees and creditors remain uncompensated. Key Points Game Insight’s Russian entity was liquidated and later declared bankrupt in 2022–2023, leaving unpaid wage and severance obligations. Bankruptcy administrators sharply criticized company leadership, signaling intent to pursue vicarious liability for “controlling persons,” including Igor Matsanyuk. Core assets and operational capacity appear to have been transferred to entities in Lithuania, the UK, and other jurisdictions before the collapse. Multiple former senior figures, including ex-president Maxim Donskikh, publicly accused Matsanyuk of withholding owed compensation. No court has yet issued a final ruling of fraud, but evidence chains indicate controlled dismantling rather than operational failure. Whistleblowers claim the liquidation was structured to protect offshore entities while allowing the Russian subsidiary to collapse under debt. Short Narrative Russian entrepreneur and Game Insight founder Igor Matsanyuk Founded in 2010 and led strategically by Igor Matsanyuk, Game Insight built a portfolio of globally popular mobile games, including Guns of Boom, The Tribez, Paradise Island, and Airport City. Officially headquartered in Lithuania, the core development workforce operated from Russia, forming a single economic unit in practice despite jurisdictional separation on paper. When the Russian business environment shifted in 2022, employees of the Russian entity reported they were abruptly informed of liquidation. Salaries went unpaid, severance obligations were denied, and workers were instructed to voluntarily resign or face termination without compensation. Within months, the Russian subsidiary was bankrupt, while new studios linked to Game Insight stakeholders continued operating in other jurisdictions. Extended Analysis Corporate Structuring and Timing Whistleblower research and public filings indicate that intellectual property, operational leadership, and revenue streams were progressively relocated from the Russian subsidiary to Lithuania and UK-connected entities before the collapse. This aligns with known asset-shielding strategies in tech companies with multi-jurisdiction operations. Timeline June 2022: Staff in Russia told of liquidation; widespread allegations of unpaid wages and pressured resignations (Source: Game World Observer). July 2022: Russian IT Union publishes critique; cites HQ profit data and argues compensation should be paid (Source: Профсоюз работников ИТ). Nov 2022: Russian entity declared bankrupt with multi-component debts, including wage/benefits arrears (Source: Game World Observer). Jan 2023: Former president Maxim Donskikh alleges personal non-payment by Matsanyuk; posts remarks cited by trade press. (app2top.com) Feb 2023: Russian subsidiary files a 154.3m-ruble claim against the Lithuanian parent in Moscow Arbitration Court; administrator signals intent to pursue vicarious liability of “controlling persons” (Source: Game World Observer). Administrator Criticism The Russian bankruptcy administrator publicly likened the wind-down to conduct typical of “domestic fraudsters”, and stated his intent to pursue personal liability claims against “controlling persons.” Such statements from court-appointed officers are highly unusual and reflect confidence in underlying documentary inconsistencies. Insider Allegations Former senior executive Maxim Donskikh publicly alleged that Matsanyuk had personally refused to repay the funds owed, consistent with the broader theme of selective obligation evasion. Regulatory and Enforcement Exposure Because assets, leadership, and beneficiaries now reside across Lithuania, Cyprus, and UK-affiliated business registrations, responsibility pursuit may extend into: Cross-border insolvency tracing Beneficial ownership audits Fraudulent conveyance litigation Criminal charges if intent to defraud can be demonstrated The case resembles known structured foreign asset evacuations in other CIS-origin tech firms collapsing during 2022–2023. Actionable Insight Cross-jurisdictional documentation recovery is essential, especially on: IP ownership transfers Revenue channel routing post-2021 Signatories on funding and severance decisions Employee and contractor testimony is strategically critical; internal Slack/Confluence logs may be key to establishing intent. Call for Information We are actively compiling further evidence. Former employees, accountants, partner studios, and vendors who hold documentation—contracts, transfer orders, internal memos, payroll correspondence—are urged to contact us securely: Share Information via Whistle42

Albania has emerged as a key node in Europe’s boiler-room economy: multilingual call-centre floors in Tirana push online “investments” (CFDs/crypto/forex), fed by aggressive lead-gen and social ads, while cross-border networks route payments and cash-outs across the EU and beyond. Recent investigations and police actions show a persistent ecosystem tied into wider Balkan operations and Israeli-linked marketing stacks. Key Points Model: Social-ad funnels + lead brokers → scripted “brokers” in Albanian call centres → white-label trading backends (e.g., Panda-style CRM/MT) → payment hops (EMIs/crypto ramps) → asset stripping; quick domain churn (Source: Vox News Albania). Scale & harm: Europol/Eurojust cases since 2019 show multi-country networks; OCCRP notes raids on 15 call centres across Albania/BG/GE/MK/UA; losses routinely in € millions per case (Source: OCCRP). Why Albania: Young polyglot workforce; legacy call-centre industry; cost arbitrage; imperfect enforcement (case attrition outside SPAK); proximity to Balkan hubs (Source: Vox News Albania). Context: Parallel “Scam Europe” probes tie Serbian/Tel-Aviv actors and football-sponsoring brands to investment-fraud stacks—illustrating shared tooling, talent, and payment rails across the region (Source: Investigate Europe). Trends: Crypto rails and AI-generated creatives/scripts supercharge reach; INTERPOL’s HAECHI VI flags soaring cyber-enabled fraud with USD 439m recovered (Apr–Aug 2025) across typologies incl. investment fraud (Source: interpol.int). Read our boiler rooms report here. Short Narrative BIRN/Balkan Insight’s latest probe details how boiler rooms in Tirana evolved from legitimate outbound call centres into multilingual fraud factories: operators work from open-plan floors, assume EU personas, and shepherd victims from teaser ads to high-pressure “account managers.” The machinery includes lead-gen farms, Panda-style CRMs, AnyDesk “support,” and rapid website rotation once blacklists appear. SPAK-led joint actions have delivered convictions and asset seizures—yet case volumes far exceed successful trials. Extended Analysis (Compliance & Ecosystem) Operating stack. Investigators describe a standardized kit: Meta/Google ad funnels and “TV-celebrity” lures; central CRMs with EU-language queues; white-label trading GUIs (showing fictional P/L); “education only” scripts for police visits; domain churn and nominee ownership across CY/EE/UK shells; and cash-out via crypto on-ramps or third-country PSPs. The OCCRP-tracked Eurojust actions (since 2019) confirm this choreography across multiple Balkan seats—including Albania. Regional tie-ins. Investigate Europe’s Scam Europe series (with BIRN) shows Belgrade call-centre clusters linked to Israeli operators and EU-facing brands (e.g., FX/crypto sites later sanctioned by regulators), underscoring a shared talent and tooling market. Albania’s role is complementary: language skills, cost base, and existing contact-centre infrastructure. Enforcement picture. SPAK joint teams with Germany (Bamberg/Bavaria) raided Tirana sites such as “Blue Energy Call,” seizing servers and charging managers; media tallies show dozens of Albanian operations since 2021, but relatively few trials reach judgment outside SPAK’s caseload. Eurojust-coordinated sweeps also targeted Milton-Group-linked centres, with Albania among the raided countries. Victim impact & typologies. Losses per case run from €10k to €1m+; victims are urged to “average down” with bonus bait and coached into remote-access sessions; withdrawals stall behind “tax/verification” fees. INTERPOL’s 2025 figures illustrate the broader surge in cyber-enabled financial crime and the centrality of investment-fraud typologies. Read our latest report on the Belgrade boiler rooms here. Regulatory/Compliance Takeaways Payments exposure: On-ramp partners and EMIs risk acting as de-facto payment facilitators to unlicensed investment services if merchant controls fail; require MCC/use-case verification, enhanced KYB, and velocity/chargeback anomaly rules tuned for “investment platforms.” Adtech risk: Demand advertiser-of-record validation and UBO attestations for “trading/crypto” campaigns; integrate negative-brand lists (celebrity/TV show lures). Data & device controls: Flag AnyDesk/remote-control downloads tied to trading journeys; require stepped-up friction on first cash-out. Law-enforcement bridges: Join Europol/Eurojust public–private cells; map Albania-linked merchant clusters and lead-buyers; build evidence packages aligned to SPAK tasking (Source: Europol). Actionable Insight (for banks/PSPs/ad platforms) Segment & surveil “online trading/investment” merchants with Albania/Balkans nexus; 2) Block remote-access tool installs during onboarding; 3) Geo-linguistic heuristics: EU-IP traffic serviced from .al offices; 4) Advertiser KYC++ for “celebrity-endorsed” creatives; 5) Case-sharing MOUs with SPAK/Bamberg to accelerate MLATs. Call for Information FinTelegram invites insiders from Albanian call centres, lead-gen agencies, PSPs/EMIs, or on-ramp partners to share documents (CRM exports, payment descriptor lists, training scripts) via Whistle42.com. Confidentiality guaranteed. Share Information via Whistle42

The investigative platform SpinangaCase recently published the Vavada Files, a series on the offshore casino Vavada and its front merchant Floxydy. These reports allege a transaction-laundering flow that disguised Vavada casino deposits as “cosmetics” purchases and routed them through PayWRX into NetworxPay infrastructure. Our spot checks confirm a Russian-language NetworxPay backoffice branded “Paywrx Connect Ltd” and public API docs matching the described gateways. This note maps the flow and flags regulatory exposures. Key Points Offshore casino: Vavada (vavada.com) is a Curacao-based offshore casino with a Cyprus-based payment agent. Front merchant (Floxydy): Charges surfaced as FLOXYBEATY, MCC 5977 (Cosmetics Stores) while funding alleged casino balances—classic transaction laundering via MCC misclassification. Source series: SpinangaCase, Parts I–III (Source: spinangacase.com). Processor layer: SpinangaCase links the flow to the Canadian MSB PayWRX marketing front, with processing handled in NetworxPay. NetworxPay’s merchant backoffice explicitly shows “Paywrx Connect Ltd” with EN/RU locales—consistent with the claim of a unified stack (Source: spinangacase.com) Tech evidence: Public NetworxPay API docs expose endpoints (gateway.networxpay.com, backoffice.networxpay.com) and receipt patterns aligned with processor behavior described in the Spinanga posts (Source: docs.networxpay.com). Risk lens: Potential breaches include MCC misuse, transaction laundering, and weak SoF checks—contrary to Visa rules and EU AMLD6 expectations referenced by SpinangaCase. Short Narrative / What we validated SpinangaCase (Oct 11–16, 2025) documents that the working Czech “cosmetics” shop Floxydy (floxydy.com) carried live checkout but also surfaced on bank statements when players funded casino accounts—timing and descriptors matched “FLOXYBEATY / MCC 5977.” Their Part III moves beyond the storefront to PayWRX and its NetworxPay backbone. Our own look confirms: backoffice.networxpay.com presents a Merchant Login footered “© 2023–2025 Paywrx Connect Ltd” with EN/RU toggle—strong indicator of shared corporate/technical control and the RU-language operational footprint Spinanga highlighted (Source: backoffice.networxpay.com). docs.networxpay.com shows standard card/APM integrations and receipt URLs that resolve under backoffice.networxpay.com—consistent with the dual brand (public marketing + private gateway) (Source: docs.networxpay.com). paywrx.com publicly positions as a FINTRAC-registered payment gateway operated by the FINTRAC registered PayWRX Connect Ltd (site blocks bot scraping), which aligns with Spinanga’s portrayal of a glossy front end (Source: paywrx.com). Operator Profile: Vavada and Magefin – the Curaçao-Cyprus payment bridge Corporate Identity Operator: Vavada B.V. Company Number: 143168 Registered Address: Hanchi Snoa 19, Trias Building, Curaçao Jurisdiction: Curaçao License Reference: 8048/JAZ (Antillephone N.V. master license family) EU Payment Agent Entity: Magefin Ltd Company Number: HE 404179 Registered Address: 23 Kennedy Avenue, Office 201, 1075 Nicosia, Cyprus Function: Acts as official payment agent of Vavada B.V., facilitating fiat and card transactions for EU/EEA players. Regulatory Status: Cyprus-registered company, not licensed as a payment institution or EMI under CySEC or the CBC public registers. Compliance Risk: The agent model potentially breaches PSD2 perimeter rules and AMLD6 due-diligence obligations when it intermediates funds for unlicensed gambling. Operational Pattern The Vavada setup reflects the typical Curaçao + EU-agent construct used across offshore gambling operations: The Curaçao entity (Vavada B.V.) holds the nominal e-gaming license and customer terms. The EU agent (Magefin Ltd) receives card or SEPA payments under benign descriptors, often through third-party processors. Settlement then routes offshore, insulating the operator from direct EU enforcement. Analyst Assessment This corporate layering enables EU payment reach without EU licensing, a recurring hallmark of high-risk gambling operators. When coupled with the alleged MCC 5977 cosmetics-store routing (Floxydy), it suggests a coordinated transaction-laundering scheme designed to obscure gambling merchant codes from banks and card networks. FinTelegram Review: Vavada Casino Unlicensed EU Access During FinTelegram’s ongoing compliance reviews across multiple EU jurisdictions (Austria, Germany, Italy, and others), test users were able to register and deposit on vavada.com without restriction. No geo-blocking, IP redirection, or license disclosures for the EU or UK were detected. SpinangaCase calls Vavanda “a Russion casino in Western disguise.” Our traffic intelligence analysis confirmed the Russian connection. Evidently, Vavada operates without authorization under national gambling laws and the EU’s regulatory frameworks (notably the MGA, ADM, or Kansspelautoriteit), yet continues to target European consumers. Deposit Channels Observed Vavada accepts an unusually broad mix of fiat and crypto payment methods, indicative of an attempt to maximize accessibility while fragmenting regulatory responsibility: Credit/Debit Cards — processed through both traditional and “alternative” channels; no 3-D Secure enforcement observed. E-wallets — including Piastrix, a Russian-linked payment system commonly used by high-risk gambling brands. Mobile Payments — Google Pay and Apple Pay are integrated, often routed via indirect merchant domains (see below). Cryptocurrencies — Bitcoin, USDT, and Ethereum via Bybit Pay and Binance Pay, both accessed through anonymized subdomains. Alternative Card Processors — notably: Repayfor (repayfor.com), operated by Firelaketech LLC, registered in the Marshall Islands. Pay-Masters (pay-masters.com), likewise Marshall Islands-registered.Both entities appear on multiple AML risk lists and have been observed servicing unlicensed casinos in prior FinTelegram reports. Jetonbank (Belize) — another recurring facilitator in the offshore gambling scene, enabling cross-border e-wallet transfers. Anonymous domain redirecting to G Pay Anonymous Payment Domains FinTelegram’s payment-flow tests confirmed that Vavada uses non-public, operator-concealed domains for payment redirection — a hallmark of “anonymous payment environments.”Example: Selecting Google Pay redirects users to https://checkout.transactes.com, a domain with no public website, legal imprint, or SSL ownership record traceable to Vavada or its payment agent Magefin Ltd. On the G Pay payment page, “fastpayway” is then listed as the recipient. No trace of a deposit to an offline casino. Perfectly hidden from Google. G Pay screen for Vavada deposit Similar shadow domains have been associated with transaction-laundering schemes previously documented in FinTelegram’s investigations into Donbet, Rolletto, and Stake.com. Crypto Payment Layer For crypto deposits, the platform integrates Bybit Pay and Binance Pay through an anonymously operated subdomain of zicrosync.com, likely serving as an API proxy to conceal the receiving wallet. This structure obscures both the merchant beneficiary and the on-chain audit trail, increasing AML risk. Compliance Assessment The cumulative evidence indicates that Vavada B.V.—through Magefin Ltd and various offshore processors—runs a multi-layered payment infrastructure deliberately designed to: Circumvent EU gambling restrictions, Mask true merchant identities and MCC codes, and Enable frictionless cross-border crypto-fiat conversion via opaque intermediaries. Such practices fall squarely within transaction-laundering typologies defined by card schemes and AMLD6 regulators.Banks or payment facilitators servicing these flows could face serious AML and PSD2 perimeter-breach exposure. Regulatory / Compliance Analysis Transaction laundering via MCC: Routing gambling deposits under MCC 5977 conceals true merchant category—historically treated harshly by card schemes and prosecutors (see prior U.S. cases against gambling processors). This creates brand-risk triggers and potential scheme fines up the acquiring chain (Sources: moneylaundering.com, moneylaundering.com). AMLD6 obligations: If the same operator stack mingles high-risk gambling with crypto on-ramping, SoF/SOW controls and license perimeter assessments become pivotal for EU exposure. Spinanga’s evidence points to insufficient transparency on merchant ownership and flows (Source: spinangacase.com). Jurisdictional exposure: EN/RU localization in the processor backoffice plus alleged ruble-adjacent traces (as Spinanga claims) heighten sanctions and KYC risk if any Russia-touching corridors persisted post-2022. (We are seeking direct bank/SWIFT corroboration for this element.) (Source: spinangacase.com). Entity / DomainJurisdictionRegistration No.Role in SchemePrimary ConnectionsNotes / EvidenceVavada B.V. / vavada.com (incl. mirrors)CuraçaoRN 143168Offshore casino operator (license under 8048/JAZ family)Uses Magefin Ltd as payment agent; serviced by PayWRX / NetworxPay per investigationsPublic site T&Cs; Curaçao registry; SpinangaCase & FinTelegram testsMagefin LtdCyprusHE 404179EU-facing payment agent for Vavada B.V.Receives/mediates fiat card/SEPA flows for VavadaDeclared in Vavada T&Cs; Cyprus Registrar filingsConnect Online S.R.O. d/b/aFloxydy / Descriptor: FLOXYBEATYfloxydy.comCzech—Front merchant (alleged transaction laundering via MCC 5977 – Cosmetics)Checkout used to fund Vavada balances; routed via PayWRX → NetworxPaySpinangaCase series; FinTelegram statement reconstructionsPayWRX Connect Ltd d/b/aPayWRX / paywrx.comCanada—Processor front/brand; merchant onboarding & routingLinked to NetworxPay gateway; footer shows “Paywrx Connect Ltd”Public site; NetworxPay backoffice footer; SpinangaCase referencesNetworxPay / networxpay.com; backoffice.networxpay.com; docs.networxpay.com——Payment gateway/backoffice & settlement toolingProcesses PayWRX merchant traffic; EN/RU backoffice; receipt URLs align with API docsPublic API docs; backoffice login; SpinangaCase series; FinTelegram validationcheckout.transactes.com——Anonymous payment domain used for Google Pay redirectionPresented during Vavada GPay checkout flowsFinTelegram test flows; no legal imprint on domainzicrosync.com (anonymous subdomain)——Proxy/relay for Bybit Pay & Binance Pay crypto depositsMasks receiving merchant/wallet; on-ramp to Vavada balancesFinTelegram crypto deposit testsRepayfor / repayfor.comMarshall Islands—Alternative card processor for high-risk merchantsIntegrated on Vavada deposit pageFinTelegram tests; on-site integrationsPay-Masters Ltd d/b/aPay-Masters / pay-masters.comMarshall Islands—Alternative card processor for high-risk merchantsIntegrated on Vavada deposit pageFinTelegram tests; on-site integrationsPiastrix / piastrix.com— (RU-linked)—E-wallet for fiat-in/fiat-out servicing high-risk gamblingAvailable as e-wallet option on VavadaFinTelegram tests; prior industry reportsJetonbankBelize—E-wallet / transfer service used in offshore gamblingOffered on Vavada deposit pageFinTelegram tests; prior FinTelegram coverageBybit Pay / bybit.com——Crypto payment channelAccessed via zicrosync.com proxy to credit VavadaFinTelegram testsBinance Pay / binance.com——Crypto payment channelAccessed via zicrosync.com proxy to credit VavadaFinTelegram tests What we’re asking insiders to provide (evidence pack wishlist) Merchant onboarding files (Floxydy / PayWRX / NetworxPay): MIDs, MCC assignments, acquirer names, risk questionnaires. Gateway logs / receipt URLs linking Vavada deposits to FLOXY* descriptors (screenshots + full URLs). Settlement statements or chargeback reports showing descriptor rotations and routing IDs. Email headers between support@floxydy.com and processors (“we will contact our payment provider”) to establish chain-of-command. (Hash your files, redact PII—we can handle safely.) Editorial Note & Credit This note cross-references SpinangaCase reporting on Floxydy/PayWRX/NetworxPay (Parts I–III). We thank them for surfacing artifacts; FinTelegram independently verified the NetworxPay backoffice branding and public API documentation. Further confirmations welcome. Actionable Insight (for banks/processors) Run a descriptor + BIN-range sweep for FLOXY* under MCC 5977 with abnormal chargeback/velocity into EU/EEA—escalate for enhanced due diligence when downstream merchant names suggest gambling or Curaçao-licensed entities. Combine with networxpay.com referral URLs in transaction metadata to flag laundering patterns. (Use typologies in recent FIU/industry write-ups as control references.) Call for Information Were you onboarded by PayWRX/NetworxPay or processed deposits where FLOXY* appeared on statements? Are you a former employee, acquirer, or integrator with access to MIDs, routing tables, or scheme correspondence? Contact FinTelegram (or submit via Whistle42). Confidentiality guaranteed; Share Information via Whistle42