Offshore casinos are increasingly funneling FIAT and crypto deposits through anonymous, no-site “payment routing” domains that obscure the merchant of record, defeat geo-blocks, and enable transaction laundering. Our tests (incl. CoinCasino) and traffic-intelligence work (incl. Freshbet) show repeat use of the same domains across multiple brands and operators. Introduction: How the scheme works Recent analyses show that offshore casino operators are increasingly leveraging anonymous domains to process FIAT and crypto payments. Unlike traditional payment gateways, these operational-only domains exist without a public presence or corporate transparency. They typically: Mask the true merchant’s identity Bypass payment network rules and regional restrictions Enable consumers in prohibited or high-risk jurisdictions to fund gambling activity Every casino relying on these domains fits a pattern of regulatory evasion—defeating the due diligence safeguards imposed by banks, payment service providers (PSPs), and international card networks. These domains act as operational-only PSP portals (no public website/contacts), masking the true merchant, proxying MCCs, and routing card/wallet payments (incl. Google Pay) to offshore gambling operators. This violates card-network transparency rules, frustrates AML/CFT controls (UBO opacity, weak CDD/SOF), and constitutes transaction laundering—processing for a prohibited/undisclosed merchant via a front domain. Regulators and FIUs have repeatedly flagged such practices in the high-risk gambling vertical. Compliance Risks and Regulatory Violations Anonymous payment routing domains pose an unacceptable risk under financial crime and gambling regulations for the following reasons: Violation of Card Network and Banking Rules:Visa and Mastercard prohibit proxy merchant category representation and require that all payment recipients are transparently identified. These domains enable disguised payments—frequently for merchants banned by acquirers and processors. AML/KYC Evasion:The absence of verifiable beneficial ownership, customer due diligence, source of funds checks, or sanctions screening violates core AML and anti-terrorist financing statutes. Transaction Laundering:Use of these domains constitutes transaction laundering—a process where the payment facilitator hides the true nature of processed transactions, rendering compliance checks ineffective. Regulatory Enforcement:Regulators and FIUs have issued repeated warnings and taken enforcement action against operators and PSPs involved in such payment flows. Market Impact:The widespread presence of these domains—appearing frequently in traffic, payment traces, and outgoing transactional links—reflects how offshore casinos (e.g., CoinCasino, Freshbet, MyStake, GoldenBet) aggressively target consumers in regulated territories, including the EU and US, without local license or controls. Recent corroborations. CoinCasino: deposits routed via pay.channeltopay.com → checkout.agpayer.com → Google Pay in our tests; site promotes cards/wallets alongside crypto (Source: CoinCasino). Freshbet (Ryker B.V.; payment agent RYKER DEVELOPMENT LIMITED, Cyprus): Terms confirm Ryker B.V. operator and Cyprus payment agent; our traffic analysis logs show checkout.agpayer.com as the dominant outbound transactional target (Source: m.freshbet.com). Santeda group casinos (MyStake, GoldenBet): Terms & PDF disclosures confirm Santeda International B.V. (Curaçao) with SANTEDA INTERNATIONAL LIMITED (Cyprus) as payment agent. Table — Discovered Anonymous Payment Routing Domains (v1) DomainRole in FlowLinked Casinos (examples)Operator / Agent (if known)Notes / Jurisdictionsagpayer.comPayment routing / checkout hubCoinCasino; Freshbet; MyStake; GoldenBetFreshbet: Ryker B.V. / RYKER DEVELOPMENT LTD (CY); Santeda group for MyStake/GoldenBet (payment agent in CY)Repeated Google Pay/card flows; front-end at checkout.agpayer.com. m.freshbet.com+2m.freshbet6.me+2checkout.agpayer.comFinal checkout page (incl. Google Pay)Freshbet; MyStake; GoldenBetSame as aboveDominant outbound from Freshbet per FinTelegram traffic logs.pay.channeltopay.comGateway/API hopCoinCasino(Unclear; previously linked to high-risk processors in FinTelegram coverage)Opaque, no public site; used across offshore casinos. fintelegram.comrapidob.comAnonymous routing/backendCoinCasino; MyStake (observed)UnknownOpaque ownership; follow-up requested. FinTelegram will publish and continually update this table on our website as an industry reference for banks, PSPs, card networks, regulators, and investigators. Required actions & evidence requests PSPs/Card acquirers: Treat traffic via these domains as high-risk/prohibited until (i) merchant-of-record letters, (ii) descriptor mappings, (iii) UBO/AML files, and (iv) jurisdictional licensing proofs are supplied and verified. Operators/Agents (e.g., Ryker B.V.; Santeda International B.V.; Cyprus agents): Provide current registry extracts (incl. UBO/PSC), processing contracts, and proof of local gaming authorization where customers are targeted/accepted. Freshbet’s Curaçao/Cyprus structure is acknowledged in its own terms; documentary substantiation is requested. Compliance teams: Add these domains to block/alert lists, enhance geo-blocking and source-of-funds checks, and escalate any Google Pay/card funnels using anonymous routing. Conclusion. The systemic use of anonymous routing domains is a clear financial-crime vector in online gambling. It undermines network rules, AML/CTF controls, and consumer protections across the EU/US. FinTelegram’s living database will drive transparency and coordinated enforcement—and we invite further submissions via Whistle42. Share Information via Whistle42

Executive Summary Many offshore crypto casinos (e.g., Roobet, Gamdom, BC.Game, Rainbet) embed a “Buy Crypto” widget from third-party on-ramps (MoonPay, Transak, Mercuryo, Swapped). Functionally, this serves as a payment option for gambling deposits: the user funds with fiat (card/transfer), the on-ramp converts to crypto, and the assets are auto-delivered to the casino’s wallet and credited to the player. In substance, the on-ramp acts as a de facto PayFac for the casino. How the Flow Works (and Why It’s “Payment” in Substance) Card/fiat entry via on-ramp checkout (MoonPay et al.). On-ramps market themselves as embeddable “on-ramps,” and some act as merchant of record for the fiat sale. Purpose is gambling, not investment. Casinos explicitly instruct users to “Buy Crypto” inside the cashier to fund play; Roobet’s help center confirms an integrated “Buy Crypto” tab. Gamdom advertises MoonPay as a partnered exchange. BC.Game guides note MoonPay availability. Direct delivery to casino custody. Platform guides and partner flows show purchases or swaps completing into the casino deposit address (including via Swapped Connect on Roobet). This defeats any notion that users are “investing” in crypto; it’s a deposit rail. Regulatory Consequences UK: Unlicensed gambling is illegal regardless of operator location. Facilitating payments to such sites risks being seen as facilitating unlawful gambling. The UKGC reiterates that GB consumers must not be serviced without a UK licence; recent enforcement and media reporting highlight continuing payment access to unlicensed sites (Source: Gambling Commission). EU (PSD2 & AML): While crypto purchase itself may sit outside PSD2, card-funded on-ramping embedded in a gambling cashier replicates a regulated payment function (deposit taking for gambling). At minimum, it triggers VASPs’ AML/CFT obligations (licensing/registration, Travel Rule where applicable) and heightens high-risk sector expectations (Source: FATF). Card-scheme policy (MCC 7995): Gambling deposits should be coded under MCC 7995 to enable issuer controls and regulatory blocks. When a casino substitutes a “Buy Crypto” on-ramp to sidestep 7995, it creates scheme-evasion risk for all counterparties (Source CommerceGate). On-ramp policies: On-ramps’ own terms typically restrict or heighten controls for gambling and illegal activity. Embedding an on-ramp directly in a casino cashier for deposit purposes may conflict with those policies. Compliance Position (Assessment) Where an on-ramp is embedded in the cashier and delivers crypto directly to the casino, the on-ramp and the casino together perform a substituted payment service for gambling—i.e., a de facto payment processor arrangement—exposing parties to: UK risk of facilitating unlicensed gambling. EU AML/VASP expectations (licensing/registration; Travel Rule; enhanced due diligence for high-risk merchants). Card-scheme scrutiny for effective MCC 7995 circumvention via a crypto purchase veneer (Source: CommerceGate). Recommendations Regulators: Treat integrated on-ramps that auto-deliver to casino wallets as payment facilitation for gambling; require equivalent controls to MCC 7995 (issuer blocks, affordability, RG/self-exclusion checks) and geo-enforcement. On-ramps: Enforce AUPs—prohibit merchant-controlled auto-delivery to unlicensed casinos; require merchant licensing proof and MCC-equivalent risk flags; implement Travel Rule & counterparty due diligence on destination wallets. Banks/Issuers/Acquirers: Flag patterns where card-to-crypto purchases regularly resolve to known casino wallets; apply enhanced screening and decline logic for flows that replicate gambling deposits without MCC 7995 tagging. Affiliates/Platforms: Disclose clearly that “Buy Crypto” in the cashier funds gambling, not investment; otherwise risk unfair-commercial-practice scrutiny. This analysis is intended to help supervisors, PSPs, and VASPs align controls with the real-world effect of integrated on-ramping in crypto gambling ecosystems. Share Information via Whistle42

Executive Summary CoinCasino is a crypto-first offshore gambling operation marketing aggressively into Western markets while operating under an Anjouan e-gaming license. Our test registrations from multiple EU jurisdictions—including one explicitly listed as “restricted”—succeeded without KYC and allowed deposits via crypto and fiat (cards & Google Pay). The site’s own terms state the service is owned by EOD Code SRL (Costa Rica, Corp. ID 3-101-910497) and claims license ALSI-142311005-FI2 (Anjouan). Card and Google Pay processing appears to be routed through opaque, content-less payment domains (ChanneltoPay and AgPayer), while the on-site “Buy Crypto” flow uses Changelly but completes with MoonPay (KYC by Sumsub), functioning as a de-facto fiat on-ramp. Traffic intelligence suggests the audience is concentrated in Western jurisdictions (incl. the U.S., Germany, Italy, Netherlands). Overall risk: High (unlicensed/unauthorized targeting, KYC evasion vectors, high-risk payment facilitation). Operator, Licensing & Regulatory Posture Operator — conflicting disclosures. CoinCasino’s legal-entity naming is inconsistent across sources and (per your observation) across subdomains. (a) Confirmed facts Operating entities named by CoinCasino: EOD Code SRL (Costa Rica; Corp. ID 3-101-910497) is stated as owner/operator in the Terms on the main domain. Igloo Ventures SRL (Costa Rica) is named as operator on the play.coincasino.com subdomain Terms (per our test capture), creating a conflicting disclosure across CoinCasino properties. This company is also the stated operator for the crypto-first casinos CoinKings and Telbet. License claim: Offshore e-gaming authorization from Anjouan (Union of Comoros), license ALSI-142311005-FI2 (as advertised by the brand). UBO transparency: No public disclosure of ultimate beneficial owners or controlling persons on site or in Terms. Payments footprint observed by FinTelegram tests: Card / Google Pay routed via pay.channeltopay.com → checkout.agpayer.com → Google Pay (recipient “agpayer”). “Buy Crypto” flow embedded via Changelly, completing with MoonPay (KYC by Sumsub), functioning as a de-facto fiat on-ramp into the casino wallet. (b) Unverified OSINT claims (treat as leads, not facts) These items circulate in affiliate forums, review sites, or secondary aggregators. We have no primary documents tying them to CoinCasino. Use for investigative follow-up only. Curaçao network assertions: Links to Entretenimiento Rojo B.V. (152924) under C.I.L. 5536/JAZ master license; overlap with MIBS N.V. (162031) and Simba N.V. operating sister brands. Cyprus payments vehicle: RDL Rojo Digital Media Ltd (HE 396053) purported as a payment/marketing subsidiary in the wider network. Group linkage claim: Igloo Ventures SRL allegedly “connected” to EOD Code SRL, Simba N.V., MIBS N.V., operating overlapping brands/licensing routes. Note: None of the above have been corroborated by registry extracts, regulator listings, operator disclosures, or PSP confirmations that explicitly reference CoinCasino. Compliance note: Until the operator conflict (EOD Code SRL vs. Igloo Ventures SRL) and licensing nexus are evidenced with primary documents, we rate the Corporate Structure control as weak with elevated governance and accountability risk (UBO opacity, merchant-of-record ambiguity, and potential regulatory perimeter breaches in EU/UK). Regulatory Environment — Critical Assessment: The Anjouan licensing regime lacks credibility and enforcement capacity. The Central Bank of the Comoros has repeatedly disavowed the Anjouan Offshore Financial Authority (AOFA), explicitly stating it does not recognize AOFA or similar island entities as legitimate regulators of financial services. While these warnings address offshore banking specifically, the institutional basis for Anjouan’s gambling licensing apparatus rests on the same discredited AOFA framework.​ Anjouan licenses require minimal due diligence, feature no meaningful ongoing supervision, and offer no player dispute resolution mechanisms. The jurisdiction is frequently characterized as a “Curaçao alternative” for operators seeking minimal regulatory oversight.​ Compliances Violations: CoinCasino’s operational model violates: EU Payment Services Directive (PSD2): Strong Customer Authentication (SCA) not implemented 5th Anti-Money Laundering Directive (5AMLD): Crypto service providers must conduct CDD EU Gambling Regulations: Unlicensed gambling services illegal in member states GDPR: Personal data processing without lawful basis National Gambling Acts: Violations in Germany (Interstate Treaty), Italy (ADM monopoly), Netherlands (Kansspelautoriteit), UK (Gambling Act 2005), Australia (Interactive Gambling Act) Beneficial Owners & Key Persons Disclosed principals: None public on the website or Terms; only the Costa Rican corporate holder is named. We did not find verifiable public disclosures of UBOs or executives on official pages. (CoinCasino) Community allegations: External forum commentary references historic Curaçao/Anjouan licensing and a different Costa Rica vehicle; these are allegations and remain unverified by primary sources. (Treat as intelligence leads only.) (Reddit) Product & Market Conduct Source of Coincasino players (Soure: Similarweb Sept 2025) Offering: Casino, live casino, crash games, sports; “No crypto? No problem!” messaging explicitly promotes Visa/Mastercard, Apple Pay, Android Pay for deposits—i.e., card rails are integral, not ancillary. (CoinCasino) KYC stance (as advertised): “Instant sign-ups; streamlined ID” with large monthly withdrawal caps (to $500k), indicating high-velocity player flows. Terms reserve the right to request KYC at withdrawal. (CoinCasino) Geo-targeting: Similarweb comparison pages list United States, Germany, Netherlands among top country sources, consistent with Western targeting and contradicting the “restricted” posture. (Similarweb) Payment Stack & On-Ramp Mechanics Direct fiat acceptance: Card & Google Pay are prominently advertised. (CoinCasino) Observed routing (our test): Google Pay deposits flowed via pay.channeltopay.com to checkout.agpayer.com, then to Google’s checkout identifying “agpayer” as the recipient. The ChanneltoPay domain is referenced in prior FinTelegram high-risk payment investigations; AgPayer presents multiple look-alike domains and portals with minimal transparency. “Buy Crypto” = de-facto fiat on-ramp: The in-cashier Changelly widget ultimately redirects to MoonPay, where KYC is done via Sumsub; net effect: a fiat → crypto → casino funnel completed inside the CoinCasino flow, serving as an additional payment method rather than independent exchange activity. (Changelly publicly states it uses partners incl. MoonPay for fiat.) FinTelegram Test Findings (Oct 2025) Unrestricted access: EU testers from multiple jurisdictions registered and deposited without KYC. Country mismatch: Despite being listed as restricted, Austria was accepted for Google Pay fiat deposit; the payment succeeded through the ChanneltoPay/AgPayer route. (Screens/logs on file.) On-ramp behavior: “Buy Crypto” in-flow (Changelly → MoonPay) functioned as fiat top-up into the player wallet after minimal external friction. Compliance Assessment Primary Risks Illegal remote offering into EU/UK restricted markets; ineffective blocking. (CoinCasino) KYC/AML evasion vector—seamless play & deposit without upfront KYC; KYC triggered only at late stage (withdrawal or MoonPay account creation). (CoinCasino) High-risk payment facilitation leveraging opaque PSP routing domains and embedded on-ramps to simulate card acceptance while avoiding direct merchant-of-record exposure. (FinTelegram) Governance opacity—no public UBOs, minimal corporate footprint beyond a Costa Rican SRL named in Terms. (CoinCasino) Regulatory Implications (EU/UK) CoinCasino represents a paradigmatic case of offshore gambling regulatory arbitrage. The platform deliberately structures its operations to minimize regulatory accountability while maximizing access to prohibited Western markets. The combination of controversial licensing, anonymous corporate ownership, absent KYC controls, opaque payment routing, and systematic jurisdictional restriction bypass creates an unacceptable compliance risk profile. Summary Data Table FieldDetailsBrand / URLCoinCasino (https://www.coincasino.com)Associated casino brandsCoinKings (https://www.coinkings.io), Telbet (https://www.telbet.com)Legal Owners (per Terms)EOD Code SRL, Costa Rica, Corporate ID 3-101-910497. Igloo Ventures SRL, Costa Rica, Corporate ID 3-101-910497MIBS N.V. (Curaçao, Registration 162031)Payment agent (subsidiary)RDL Rojo Digital Media Ltd, CyprusLicense (claimed)Anjouan e-gaming (Union of Comoros), ALSI-142311005-FI2. (CoinCasino)EU/UK Local LicensesNone found (site relies on offshore license). (CoinCasino)ProductsCasino, live casino, crash, sports. (CoinCasino)Registration / KYCInstant sign-up; KYC reserved for withdrawals; high monthly withdrawal cap advertised. (CoinCasino)Fiat AcceptanceCards + Google/Apple/Android Pay listed; fiat deposit confirmed in our test. (CoinCasino)Crypto On-RampChangelly widget redirecting to MoonPay (KYC by Sumsub). (changelly.com)Observed PSP Routingpay.channeltopay.com → checkout.agpayer.com → Google Pay (recipient “agpayer”). ChanneltoPay previously flagged in FinTelegram coverage. (FinTelegram)Geo/Traffic NotesSignificant Western traffic; U.S., Germany, Netherlands appear in top cohorts on Similarweb compare pages. (Similarweb)Restricted Countries (Terms)Includes USA, Lithuania, Malta and others; operator places legality on user. (CoinCasino)Beneficial Owners / ExecutivesNot disclosed publicly; further OSINT/registry checks required. (CoinCasino)Overall RiskHigh — unauthorized targeting, PSP opacity, on-ramp as de-facto fiat payment, KYC arbitrage. Conclusions & Recommendations For regulators/PSPs: Review ChanneltoPay and AgPayer routing into CoinCasino; assess Google Pay and card scheme exposure. Embedded Changelly → MoonPay on-ramp should be scrutinized where it functions as a payment method for gambling rather than an independent crypto purchase. (FinTelegram) For compliance teams: Treat CoinCasino as a high-risk merchant (Gambling MCC) with jurisdictional blocking failures and UBO opacity. Heightened EDD, blacklist/monitoring, and chargeback-risk controls advised. For consumers: Risk of account blocking / withdrawal friction typical of offshore crypto casinos; no EU/UK recourse. Call for Information FinTelegram invites insiders, PSP staff, affiliate partners, or former employees with verified information on CoinCasino’s beneficial owners, PSP arrangements (ChanneltoPay / AgPayer relationships), and operational hubs to contact us confidentially via Whistle42. Share Information via Whistle42.

In July 2024, Stake acquired Baldo Line S.r.l. from Octavian Group to take over its ADM (Agenzia delle Dogane e dei Monopoli) concession and went live on Stake.it. The deal gave Stake immediate regulated access by onboarding the legacy Idealbet.it license (active since 2012) and establishing a Rome office. Stake’s move lands as Italy overhauls its regime: from 2025, the ADM (Customs and Monopolies Agency) sets a €7 million (≈$7.4m) fee for each nine-year online concession—up from €200,000. According to AGIPROnews, Stake has already paid the new fee, signaling a long-term, on-shore commitment to the Italian market. Business & market significance. Stake operates one of the world’s largest crypto-first casinos/sportsbooks (slots, live casino, sportsbook), claiming multi-billion Gross Gaming Revenue (GGR); external coverage places 2024 GGR near $4.7bn, rivaling tier-one incumbents. Its crypto rails and aggressive marketing (e.g., F1/Kick) have driven global scale, which now funds a licensing push (Italy, Brazil). Global regulatory posture (selected issues). United Kingdom: Stake surrendered GB access (white-label via TGP Europe) with shutdown by 11 Mar 2025 amid UKGC scrutiny of social media advertising; TGP had prior £316,250 AML/social responsibility penalty (Source: Gambling Commission) Belgium: Stake.com was blacklisted (Apr 2021); Belgian law allows player fines up to €25,000 for using illegal sites (Source: focusgn.com). Switzerland: Foreign online casinos are blocked; Stake lacks a Swiss licence. The Sauber/Stake sponsor probe underscored advertising risk (ultimately closed with no offence, but confirms sensitivity) (Source: Reuters). United States (sweepstakes): Los Angeles City Attorney sued Stake.us in Aug–Sep 2025 for allegedly operating illegal gambling under a sweepstakes guise; major suppliers (Evolution, Pragmatic Play) pulled content in California (Source: SBC Americas). Regulated-pivot beyond Italy. Stake secured approval in Brazil (Stake Brazil Ltda on SPA’s licence list) and lists local permissions in Peru/Colombia/Mexico, indicating a gradual shift from reliance on Curaçao (historically criticised for light oversight) to mainstream licences (Source: iGB). Beneficial owners & key persons. Stake was co-founded by Ed Craven and Bijan Tehrani (also behind Easygo). Public sources list Mladen Vučković as CEO. Core B2C ops run via Medium Rare N.V. (Curaçao), with payment agents Medium Rare Ltd/MRS Tech Ltd. Wikipedia+1 Entities & people (roles) NameTypeRole/FunctionBaldo Line S.r.l.Italy entityADM concession holder acquired by Stake; legacy Idealbet.it. Octavian GroupSellerSold Baldo Line/ADM path to Stake. Stake.com / Medium Rare N.V.OperatorGlobal B2C casino/sportsbook (Curaçao); parent operating entity. Stake Italy (Stake.it)Brand/siteItalian regulated front under ADM concession.TGP Europe LtdUK white-labelFormer GB partner; prior AML/SR penalty; exit from GB. Stake Brazil LtdaBrazil entitySPA-authorised operator (Stake.bet.br). Ed Craven / Bijan TehraniIndividualsFounders/beneficial owners reported across reputable profiles. Mladen VučkovićIndividualCEO (publicly listed). Compliance view. Italy gives Stake a major on-shore foothold under ADM standards, but legacy exposure (Belgium blacklist, UK exit, Swiss advertising sensitivities, U.S. sweepstakes litigation) creates a pronounced global conduct risk. Monitoring of KYC/AML controls, affiliate/advertising governance, and geo-blocking/VPN circumvention remains essential—especially where Stake historically operated under Curaçao permissibility. Call for information. Are you a current/former Stake partner, affiliate, supplier, or player in Italy or elsewhere? Share documents, screenshots, or compliance artifacts confidentially via Whistle42. Share Information via Whistle42

Our analysis indicates a tight operational link between the high-risk payment gateways BazPay (bazpay.com) and Zinzipay (zinzipay.com). User journeys from casino checkout flows hit app.zinzipay.com and, in cases we observed, hand off to bazpay.com/app.bazpay.com. Traffic intelligence also shows strong cross-referrals between the two domains. We seek insider information on whether both gateways are controlled by the same principals and used for offshore gambling processing. What We Found Checkout pairing & redirects. Both brands expose nearly identical “Checkout / processing your transaction” app endpoints (app.zinzipay.com and app.bazpay.com), consistent with shared or tightly integrated payment flows. Cross-domain signals. Similarweb indicates heavy referral dependence for zinzipay.com and for app.zinzipay.com, consistent with a hub that feeds/receives traffic from closely connected services. (Exact shares vary over time.) Corporate footprint (BazPay). The BazPay site lists NEWERA PAYMENT TECHNOLOGIES LTD (UK, 14154791) and provides policies (Privacy/PCI-DSS pages). Companies House shows Oleh YUNAK (b. 03/2000, Ukrainian) as director and person of significant control (≥75%). Market positioning. A BazPay LinkedIn profile states cooperation with high-risk companies—aligned with gambling merchant processing. Why It Matters If BazPay and Zinzipay are under common control, a single PayFac stack may be routing gambling card payments across brands. Given prior allegations around Zinzipay (fake descriptors/MCC masking), any shared control heightens transaction-laundering risk and potential card-scheme violations (MCC 7995 requirements). This has implications for acquirers, issuers, and AML oversight. Questions for Insiders & Industry Control/Ownership: Do BazPay and Zinzipay share infrastructure, staff, or beneficial owners? Oleh Yunak: Background, prior roles, other companies, and connections to gambling/PayFac operations. Acquiring/BIN sponsors: Which banks/PSPs underwrite these flows? Merchant onboarding/KYC: How are casino merchants vetted? MCC usage: Are gambling deposits consistently coded 7995, or routed via third-party descriptors? Traffic hand-offs: Do merchant checkout URLs systematically redirect app.zinzipay.com bazpay.com? Provide examples. PCI-DSS & compliance: Is the listed PCI program genuine and current? Provide AoC/ROC details. Jurisdictions & licenses: Any PI/EMI authorizations or registrations for BazPay/Zinzipay entities? How to Share FinTelegram invites acquiring-bank staff, PayFac operators, risk teams, casino affiliates, and players to submit artifacts: checkout URLs, redirects/headers, merchant descriptors, MCC logs, contracts, org charts, or screenshots. Information can be shared via our whistleblower hub, Whistle42.com. Share Information via Whistle42 This RFI follows our Zinzipay inquiry and focuses on the apparent BazPay–Zinzipay linkage. If you have information connecting the two gateways—or clarifying that they are independent—please contact us.

FinTelegram has flagged Zinzipay (Zinzipay.com) as a payment facilitator active in high-risk online gambling with extreme opacity and red-flag processing patterns (fake merchant descriptors, MCC miscoding). We are seeking insider information on its ownership, banking, and regulatory posture. What We Can Verify Today Zero transparency, Telegram-only sales. The website gives no information: no company name, address, licenses, policies, or team—only a “connect” CTA to a Telegram bot. This operating model is inconsistent with legitimate PayFac standards. Casino focus & notable traffic. Open web metrics list zinzipay.com in the Casinos category with substantial recent traffic, aligning with gambling processing. (Rankings/metrics vary over time.) playatgila.com+1 Linked operators. Public sources tie Zinzipay-processed deposits to offshore casinos, including Ybets (formerly Inmerion), Snatch, and Anjouan-licensed brands such as Claps and Medinabet. Claps discloses ownership by Redline Solutions Ltd (Anjouan), and Medinabet discloses Medina Entertainment Ltd (Anjouan). Indicators of Transaction Laundering / MCC Misuse Multiple player reports show deposits to casinos via Zinzipay posting on card statements as unrelated merchants (e.g., Zhenjidigitalservice, Bunsonsoftwareltd, software/textile firms; some in Nigeria), a classic laundering pattern that conceals gambling MCC 7995. One Casinomeister post states Ybets payments were handled by a “shady provider called ‘Zinzipay’… each payment through a different company.” Card-network rules require MCC 7995 for betting/gambling; misclassification evades issuer blocks, RG/self-exclusion controls, and geo-restrictions—and breaches network standards (Source: usa.visa.com). Why this matters: Transaction laundering violates acquirer/PayFac agreements and exposes banks and facilitators to regulatory and card-scheme sanctions. Visa explicitly instructs PayFacs to detect/block it. Associated Casino Signals (examples) Ybets / Inmerion. Historic complaints on slow pays/withdrawal issues; forum reports connect Zinzipay and non-gambling descriptors. PAGCOR licensing assertions have been disputed in community threads. Claps. Operated by Redline Solutions Ltd under Anjouan license; reviews note crypto and card on-ramps (e.g., MoonPay; Visa/Mastercard coverage noted by third-party reviews). Medinabet. Discloses Anjouan license (ALSI-202412008-FI1) and broad payment options; evidence suggests card processing via third parties. Traffic Intelligence Traffic intelligence (Similarweb; see adjacent chart) indicates that Zinzipay’s user base is concentrated in the UK and EU—led by the UK, France, and Germany—jurisdictions where the referenced casinos are not locally authorized. Evidence further suggests Zinzipay routes card deposits via anonymized, single-purpose domains (e.g., paycard.click or live.virtpay.net). We also discovered PGPayTech from Belize on Zinzipay‘s list of links, which apparently processes deposits from casino players. The overall pattern of Zinzipay‘s traffic intelligence analysis clearly shows that a structure has been created to conceal payments to illegally operating casinos and website operators, which also and primarily operate in the UK and the EU. Regulatory Context (high-level) Legitimate EU PayFacs require authorization/registration (PSD2/EMI/PI), AML/KYC, PCI-DSS, and visible disclosures. Zinzipay presents none on its site and operates via Telegram—an outlier profile for a compliant processor. Call for Information FinTelegram requests verifiable details on Zinzipay’s: 1) Corporate identity (legal entity/beneficial owners), 2) executives/key personnel, 3) acquiring bank(s) and BIN sponsorship, 4) regulatory licenses/registrations, 5) PSP/PayFac agreements, 6) card-scheme status, 7) merchant onboarding/KYC procedures, 8) PCI-DSS attestations, 9) list of casino clients, 10) examples of merchant descriptors/MCCs used, and 11) any complaints, chargeback spikes, or regulatory inquiries.Submit tips via our secure channels; sources are protected per journalistic standards. Share Information via Whistle42 This RFI supports an ongoing investigation into high-risk payment facilitators serving offshore gambling.

Twinby is a consumer dating app positioned as “science-based” matching via personality tests and behavioral data. The service is operated by NEURALAB TECH SOLUTIONS LLC (Dubai) with a Russian representative entity, TWINBY LLC (Moscow). Twinby is a Russian-operated dating platform that leverages UAE incorporation for international market access. While marketed as psychology-based matchmaking, user experience data suggests inadequate content moderation and customer protection mechanisms.  Key data (at a glance) FieldDetailWebsite / Apptwinby.com; iOS & Android appsOperator (controller)NEURALAB TECH SOLUTIONS LLC (Dubai Dept. of Economic Development lic. 979464), Opus by Omniyat, Tower A, Business Bay, DubaiRU representativeTWINBY LLC (TIN 9703149191; PSRN 1237700441285)Claimed scale“11M+ users” on website; Google Play: 1M+ installs, ~20.9k reviews, 3.5★Business modelPremium subscriptions, Superlikes, in-app ads (“Story Ads”)FoundedJune 2023Beneficial ownersValerii Klimov (CEO), Veronika Yakovleva (Co-founder)Key managementSergey Endutkin (COO), George Galoyan (CBDO), Michail Stepan (CDO)Funding₽500M raised (Dec 2024)Payment processorsApple App Store, Google Play Billing, CloudPayments (site PSP) Twinby+4Twinby+4Twinby+4 Activities & product Twinby positions itself as a psychology-based dating application utilizing Big Five personality testing and machine learning algorithms developed with HSE’s Applied Network Research Laboratory. The platform entered the Russian market strategically following Tinder‘s June 2023 exit, rapidly capturing market share vacated by Western competitors.​ The business model operates on a freemium structure with premium subscriptions (₽600 monthly) offering enhanced features, including unlimited likes, profile visibility, and advanced search filters. Additional revenue derives from consumable “Superlikes” purchases and advertising partnerships with Russian brands, including MTS and Flowwow. Governance, owners & key individuals The Terms name NEURALAB TECH SOLUTIONS LLC as the contracting party; TWINBY LLC is the Russian representative. Public profiles show a venture/ops team including Valeriy Klimov (founder/CEO), Sergey Endutkin (COO/Managing Director), and Veronika Iakovleva (co-founder/CEO Twinby CIS). Ultimate beneficial owners are not disclosed in public filings we reviewed (Sources: ae.linkedin.com) Payments & processors Mobile purchases run through Apple and Google; web card acquiring is handled by CloudPayments (a Russia-based PSP affiliated with Tinkoff Group). This dual-track payment structure facilitates operations across restricted markets while maintaining international payment method accessibility. Compliance note: counterparties relying on CloudPayments should evaluate sanctions/export-control exposure and cross-border data/settlement flows (Source: Twinby). Customer sentiment & risks Google Play reviews are mixed (3.5★): common complaints reference fake/duplicate profiles, weak moderation, and paywall friction; an external review highlights limited action on scam reports. These raise KYC/Trust & Safety considerations (bot mitigation, abuse handling, ad integrity). Compliance Concerns Multiple independent reviews highlight systematic moderation failures. User complaints document persistent fake profiles, scam bots directing users to external platforms, and ineffective reporting mechanisms. Verification processes appear insufficient despite advertised safeguards, with numerous accounts displaying adult content violations. Customer support demonstrates minimal responsiveness to fraud reports and subscription billing disputes.​ The platform’s Russian operational base, combined with Dubai registration, raises questions regarding data protection compliance, beneficial ownership transparency, and regulatory jurisdiction. Russian intelligence services have specifically identified domestic dating platforms, including Twinby as potential intelligence gathering vectors. Analyst Assessment Twinby represents a Russian-operated dating platform leveraging UAE incorporation for international market access. While marketed as psychology-based matchmaking, user experience data suggests inadequate content moderation and customer protection mechanisms. The concentration of Russian management, primary market focus, and CloudPayments integration indicate operational alignment with Russian digital infrastructure despite offshore registration. Potential partners and users should exercise heightened due diligence regarding data handling practices and beneficial ownership structures. Call for Information FinTelegram invites insiders, contractors, or users with documentary evidence (corporate structure, UBOs, PSP agreements, moderation playbooks, or ad-stack details) to contact us confidentially via Whistle42. Share Information via Whistle42

As FinTelegram continues its investigation into sanctioned Russian tech entrepreneur Dmitry Borisovich Volkov and his international dating and payments empire, new evidence has emerged showing the central role played by Russian-born US investor Nick Davidov and his venture capital network in facilitating Volkov’s business operations and potentially enabling cross-border financial flows that warrant regulatory scrutiny. Read our reports on Dmitry Volkov here. Multiple whistleblowers allege that Volkov leverages Davidov and U.S.-based funds as laundering conduits. We cannot prove this today; the source has been reliable in prior tips. We therefore publish the verifiable links and invite insiders to help clarify the money trail. Direct Business Partnership at Gagarin Capital Nick Davidov a/k/a Nikolay Davidov and Dmitry Volkov maintained a direct professional partnership through Gagarin Capital Partners, a venture capital fund co-founded by Davidov and Mikhail Taver in 2014. Public records confirm that Volkov joined the managing board of Gagarin Capital in April 2018, establishing him as a key decision-maker alongside Davidov in the fund’s investment activities. This partnership continued until at least October 2020, when Davidov sold his stake in Gagarin Capital to partner Mikhail Taver. The timing and structure of this relationship are significant for compliance purposes. During Volkov’s tenure on Gagarin Capital‘s managing board, the fund actively invested in AI and technology companies across the United States, Silicon Valley, and CIS countries. Davidov himself has described his role at Gagarin Capital as spanning from January 2015 to October 2020, overlapping substantially with Volkov’s involvement. Davidov has not publicly addressed his historical relationship with Volkov or the 2019 transaction. His LinkedIn profile lists Gagarin Capital as “exited in 2020,” suggesting a clean break from the fund. However, his concurrent advisory role with Dating Group, which began in March 2021, indicates continued business ties to Volkov’s network. What’s verified (and why it matters) Direct professional tie: Public materials state that Volkov joined the managing board of Gagarin Capital in April 2018, the venture fund co-owned by Nick Davidov and Mikhail Taver. This formal link predates a set of 2019 transactions that changed control inside Volkov’s dating empire (Source: Wikipedia). The 2019 “$215M” transaction(s): Press-release version: SDVentures (Volkov) merged assets with SOL Holdings to form Dating.com Group; SDVentures received $215 million in cash plus an equity stake in the new group (Source: PRnewswire.com). Wikipedia/biographical version: In 2019, Volkov “sold part of his intellectual property to the management company” (context: Gagarin Capital) for $215 million and acquired a stake in Dating Group (Source Wikipedia)The two narratives are economically consistent (cash + equity around the dating roll-up) but structurally different (merger cash-out vs. “IP sale” to a manager). This discrepancy is a red flag for deal-structure opacity that merits further documentation. Davidov’s current platform: Davidovs Venture Collective (DVC)—a network-driven VC founded by Nick & Marina Davidov (website)—positions itself as an AI-centric fund; media reports and DVC’s site corroborate their model and recent fund announcements (Source: Davidovs Venture Collective). Ongoing Volkov coverage: FinTelegram has documented Volkov’s Dating Group/SDGroup footprint and the Noda (NaudaPay) payment processor link, noting sanctions-exposure claims and a change of UK beneficial ownership in 2023. These pieces underpin the payments + dating nexus examined here (Source: fintelegram.com). Read a Business Insider report on DVC here. What whistleblowers allege (unproven, but specific) Use of U.S. funds and affiliates to clean proceeds: Insiders allege Volkov channels revenues from his global dating/“romance-on-credit” properties through structures tied to Davidov-managed vehicles and the 2019 $215M cycle, characterizing this as money laundering or layering. Status: We have no bank records or wire trails to prove it. We do have the public partnership history (Gagarin/Volkov), contemporaneous $215M deal flow around Dating.com Group, and ongoing business overlaps. We publish to solicit corroborating artifacts (see “What we need,” below). Network overview: how the pieces fit Volkov’s dating/“social discovery” portfolio consolidated in/around 2019, with cash plus equity outcomes and Malta-centered holdings (Dating.com Group / SDGroup). prnewswire.com+1 Gagarin Capital places Volkov on its managing board (2018), linking him operationally to Davidov before the $215M transactions. Wikipedia Davidov’s later vehicle (DVC) grows an AI-first syndicate; public bios and media highlight deal networks and advisory roles (including materials that list Dating Group advisory involvement—treat secondary sources with caution). Davidovs Venture Collective+2contactout.com+2 Noda/NaudaPay (FCA-regulated) posts a profit surge in 2024 and traffic patterns dominated by dating/adult/gaming, with Dating.com a material referrer—consistent with Volkov-centric merchant volume. (See our Noda report.) fintelegram.com Inference risk note: The temporal alignment (2018 board tie → 2019 $215M → continued overlap with Dating Group and payment rails) creates a reasonable basis to investigate transfer pricing, IP monetization, and potential circular flows across offshore + U.S. fund nodes. That is not proof of laundering; it is probable-cause for scrutiny. The Sanctions Dimension Dmitry Volkov was placed on Ukraine’s National Security and Defense Council (NSDC) sanctions list in 2023 due to his connections to the Russian establishment. According to FinTelegram’s previous reporting, Volkov was removed as the beneficial owner of NaudaPay Limited (operating as Noda and Noda.live) in 2023 following his sanctions designation. Despite these sanctions, Volkov continues to control Dating Group and Social Discovery Group through offshore structures in Malta and Cyprus. NaudaPay/Noda: The Payment Processing Dimension FinTelegram’s recent investigation into NaudaPay Limited (d/b/a Noda), an FCA-regulated payment institution, revealed that Volkov was the registered beneficial owner with more than 75% of shares until June 2023. Noda has been identified as a payment facilitator for unlicensed online casinos and gambling operators, including platforms registered in jurisdictions like Curacao and Costa Rica that lack proper EU regulatory authorization. Read our Noda reports here. Volkov’s control of Noda through his Cyprus-based SOL Holdings Limited created a payment infrastructure capable of processing funds for high-risk, potentially illegal operations. The company was allegedly spun off from SDVentures—Volkov’s main holding company—between Q4 2021 and Q1 2023. This timeline coincides with Davidov’s transition from Gagarin Capital to his new DVC fund, though FinTelegram has found no evidence directly linking Davidov to Noda‘s operations. Open regulatory questions Source of funds & beneficial ownership: Did Volkov, directly or through proxies, retain control/economic rights via fund GP/manager arrangements tied to Davidov’s vehicles after 2019? (Board seats, carried-interest waterfalls, side letters.) Valuation & consideration: Was the “IP sale” consideration properly valued and taxed across jurisdictions? Are there inter-company loans or note-payable trails linking the manager, the dating holdco(s), and payment entities? Payments plumbing: Do Noda/NaudaPay merchant mixes indicate concentration risk in Volkov-controlled customer cohorts, implying de-facto control despite registry changes? (See FinTelegram Noda analysis.) Sanctions exposure: Multiple sources and aggregators reference sanctions listings/flags tied to Volkov (e.g., Ukraine/aggregators). Counterparties should perform independent list screening and review control-by-other-means risk. Key Data Table Entity/Individual NameTypeJurisdictionRole/DescriptionDmitry Borisovich VolkovIndividualRussia / Malta (citizenship)Founder & CEO of Social Discovery Group; Co-owner of Dating Group; Former Managing Board Member of Gagarin Capital (2018-2020); Sanctioned by Ukraine NSDC (2023)Social Discovery Group (SDGroup)Corporate EntityMalta (HQ)Website: SocialDiscoveryGroup.comInternational internet holding company; founded 2014; controls 50+ tech brands and dating platforms; global operationsSDVenturesCorporate EntityMalta (Gzira)International holding company founded by Volkov; merged assets with SOL Holdings in 2019 to form Dating.com Group; received $215M in transactionSOL Holdings LimitedCorporate EntityMalta / CyprusOnline entertainment and communications holding; merged with SDVentures in 2019; controlled NaudaPay until 2023; founder: Alla GubenkoDating.com GroupCorporate EntityMaltaFormed from $215M merger of SDVentures and SOL Holdings (Oct 2019); controls AnastasiaDate, Dating.com, Cupid Media, ChinaLove, AsianDate, AmoLatina, and others; 73M+ registered users; appears in ICIJ offshore leaks databaseSocial Discovery VenturesInvestment FundCyprusVolkov’s family office and captive investment fund; invests in social discovery and AI companies; over $500M in investmentsNaudaPay Limited (d/b/a Noda)Payment InstitutionUnited Kingdom (London)FCA-regulated payment facilitator; Company No. 11741664; Volkov was beneficial owner (75%+ shares) until June 2023 (removed post-sanctions); processes payments for high-risk gambling operators; current directors: Irina Konstantinova, Anastasija TencaReal Estate Discovery Ventures (REDV)Investment FundUnited StatesReal estate fund controlled by Social Discovery Group; focuses on US shopping malls; estimated value $198M (2019)Nick Davidov (Nikolay Davidov)IndividualUnited States (California)LinkedInRussian-born US venture capitalist; Co-founder of Gagarin Capital (2015-2020, exited Oct 2020); Co-founder & Managing Partner of Davidovs Venture Collective (DVC) since 2021; Board Advisor to Dating Group (2021-present)Marina DavidovaIndividualUnited States (California)Co-founder & Managing Partner of Davidovs Venture Collective (DVC); former Gagarin Capital operator; wife of Nick DavidovGagarin Capital PartnersVenture Capital FundUnited States (Silicon Valley)AI-focused VC fund founded 2015 by Nick Davidov and Mikhail Taver; Volkov joined Managing Board April 2018; management company purchased Volkov’s “intellectual property” for $215M (2019); Davidov exited October 2020Davidovs Venture Collective (DVC)Venture Capital FundUnited States (Silicon Valley)Webseite dvc.aiAI-focused rolling fund founded 2021 by Nick and Marina Davidov; 170+ LPs including engineers from OpenAI, Google, Meta; $75M Series A/B fund; invested in 120+ companies including Perplexity AIMikhail TaverIndividualUnited StatesCo-founder of Gagarin Capital with Nick Davidov; acquired Davidov’s stake in Gagarin Capital in October 2020Alla GubenkoIndividualLuxembourg / RussiaFounder of SOL Holdings; co-created Dating.com Group with Volkov (2019); briefly director of NaudaPay Limited (appointed and resigned same day, Dec 27, 2018)Irina KonstantinovaIndividualUnited Kingdom / LatviaDirector of NaudaPay Limited since Dec 2018; Latvian national residing in UKAnastasija TencaIndividualUnited Kingdom / LatviaDirector of NaudaPay Limited since Oct 2023; Latvian national residing in EnglandLasma KuhtarskaIndividualLatviaCurrent Person with Significant Control (PSC) of NaudaPay Limited; Latvian national; replaced Volkov as PSC in May 2023AnastasiaDateDating PlatformMalta (via Dating Group)International dating platform owned by Dating Group; multiple consumer complaints and scam allegations; targets Western men seeking Eastern European womenDating.comDating PlatformMalta (via Dating Group)Flagship dating platform of Dating Group networkAsianDate / ChinaLove / AmoLatina / AfricaBeautiesDating PlatformsMalta (via Dating Group)Regional dating platforms targeting different ethnic/geographic markets; all controlled by Dating GroupCompliance Notes: Multiple entities registered in offshore jurisdictions (Malta, Cyprus, BVI, Seychelles) with complex ownership structures. Volkov sanctioned by Ukraine NSDC (2023) due to Russian establishment ties. Dating Group appears in ICIJ offshore leaks database. NaudaPay facilitated payments for unlicensed gambling operations. The $215M 2019 transaction between Volkov and Gagarin Capital’s management company involved sale of “intellectual property” with unclear valuation basis. What we conclude today Fact pattern: There is a documented partnership line from Gagarin Capital (Davidov) to Volkov (2018 board role), followed by $215M transactions and a lasting overlap in sectors (dating/“social discovery”) and, by extension, payments. Wikipedia+1 Whistleblower allegation: Money-laundering via U.S. funds associated with Davidov remains unproven but specific—and consistent with a network where fund managers, asset managers, and operating companies are closely intertwined. Public-interest threshold: Given the scale, high-risk merchant base, and payments footprint, deeper forensic accounting and cross-border AML review are warranted. What we need (Whistle42 – secure submissions) Deal documents: term sheets, closing binders, side letters, management-company agreements for 2018–2020 (Gagarin/SDVentures/SOL/Dating.com Group). Flow of funds: wire confirmations, inter-company loan schedules, transfer-pricing memos, carry/waterfall distributions. Control evidence: board minutes, advisory agreements, fund-admin statements showing post-2019 influence by Volkov across Davidov-linked entities. Payments data: processor descriptors, merchant IDs, acquirer/PSP correspondence evidencing Dating Group → Noda concentration. Send confidentially via Whistle42. We verify documents, protect sources, and will publish responsibly.

Austria’s first Benko trial has delivered a breakthrough: the Innsbruck Regional Court convicted the former real estate tycoon René Benko on one count of insolvency-related asset transfer and acquitted him on a second count, sentencing him to 24 months in prison. The court found that Benko’s €300,000 transfer to his mother during looming insolvency unlawfully disadvantaged creditors; the panel cleared him over a separate €360,000 rent prepayment connected to a family residence. The ruling is not yet final; defense counsel Norbert Wess signaled appeal (Source: news.ORF) The case is the first criminal conviction linked to the implosion of the Signa Group, one of Europe’s largest property failures. Signa entities unraveled from late 2023, with creditor claims exceeding €15 billion across a sprawling corporate web. Benko has been in U-Haft since January 2025 (Source: ft.com). Why this matters The Innsbruck decision establishes a judicial baseline: courts are prepared to treat selective transfers during crisis as criminal betrügerische Krida when creditor interests are impaired. Prosecutors framed the first case around ~€660,000 in disputed movements, of which the €300,000 “gift” proved decisive (Source: Reuters). What’s next: The Second Indictment Appeal expected: Wess—already known for defending ex-Finance Minister Karl-Heinz Grasser in the BUWOG affair, where the first-instance verdict in 2020 imposed eight years—faces another partial defeat; appellate rounds in Benko will now follow. In March 2025, Austria’s Supreme Court later reduced parts of the BUWOG sentences, but Grasser’s first-instance eight-year verdict remains the benchmark reference (Source: news.ORF). Second indictment: Benko and his wife Nathalie Benko have officially withdrawn their appeal against the second charge of asset transfer, making the conviction immediately and legally binding. In this development, Nathalie Benko has emerged as the principal defendant, with the prosecution focusing on her active role in concealing and relocating high-value assets—including cash and luxury items—during the critical days surrounding the Signa Group’s insolvency. The assets in question, reportedly stashed in a safe at relatives’ residence, amount to at least €370,000 and represent a clear attempt to frustrate creditor claims. This marks a turning point in the ongoing series of legal actions against the Benko family: Nathalie’s direct implication strengthens the public prosecutor’s broader narrative of deliberate, multi-layered asset shielding within the family network, while the irrevocable nature of this conviction may serve as a benchmark for forthcoming proceedings targeting similar asset protection maneuvers.  (Source: justiz.gv.at). Broader probe (14 strands): The WKStA confirms 14 distinct lines of investigation in the Signa complex, including untreue, schwerer Betrug, Gläubigerbegünstigung, and Förderungsmissbrauch, with more than a dozen suspects and two corporate entities in scope. Expect further filings (Source news.ORF). FinTelegram view This “mini-case” shows how single transfers can crystallize into criminal liability—a template prosecutors may replicate across other transactions in the Signa universe. The acquittal on the rent prepayment underscores that fact patterns matter: documentation, timing, and provenance will decide the next trials. Call for Information (Whistle42) Were you involved in payment approvals, foundation instructions, auction disposals, or asset movements connected to Signa (2022–2025)? Do you hold emails, invoices, bank advices, vault logs, or chat threads? Contact FinTelegram/Whistle42 securely. Unschuldsvermutung gilt. Share Information via Whistle42

Executive Summary US and UK authorities have executed the largest cryptocurrency seizure in history, confiscating approximately 127,271 bitcoins valued at nearly $15 billion from the Cambodian conglomerate Prince Group, led by Chen Zhi. The operation unmasked a massive international scheme involving investment fraud—specifically a “pig butchering” model—and human trafficking, underscoring the escalating intersection of crypto assets, organized crime, and geopolitical risk.​ Details of the Seizure The bitcoin cache traces back to 2020, when it was allegedly stolen from LuBian, a mining operation spanning China and Iran. Chen Zhi’s syndicate, leveraging forced labor camps in Cambodia, orchestrated sophisticated online scams that manipulated thousands of victims worldwide. The scam lured victims into fake investment platforms, only to exploit and defraud them of savings and digital assets.​ Authorities coordinated a multi-jurisdictional crackdown, freezing assets, imposing sanctions on Chen Zhi and his network, and rescuing forced labor victims. The US Department of Justice (DOJ) characterized the case as a watershed moment in the enforcement of crypto-related financial crime and human rights violations.​ Context: “Pig Butchering” and Crypto Crime “Pig butchering” is a scam model that focuses on grooming and defrauding individuals over time, and it has proliferated in Southeast Asia’s loosely regulated zones. The Prince Group’s activities extended to several continents, with illicit digital proceeds often funneled through complex chains to launder and obscure their origin. The seizure highlights the capacity for state-level intervention in global crypto flows and the rising trend of sanctions against cyber-enabled crime syndicates.​ Investment Prospects: Bitcoin Reserve Utilization There are no current statements from US authorities suggesting an intent to invest or retain the confiscated bitcoins in the “Bitcoin Reserve” or similar sovereign investment schemes. Standard policy in such large seizures is to hold the assets in custody until legal proceedings are resolved, after which the DOJ typically liquidates them via public auction or transfers proceeds to victim restitution funds. Similar to prior large-scale seizures, expectations are that the seized bitcoins will eventually be sold on the open market once litigation is complete.​ This event serves as a landmark both for crypto law enforcement and international efforts to integrate anti-money laundering with anti-trafficking efforts, putting new pressure on regulators, exchanges, and investors to tighten due diligence on digital asset flows. Share Information via Whistle42

Executive Summary A review of the Wikipedia page of the FCA-regulated payment institution Noda shows material inconsistencies with UK Companies House filings for NaudaPay Limited. Wikipedia states Noda was founded in February 2020 by Lasma Kuhtarska and Igor Loktev; primary records show the UK company was incorporated on 27 Dec 2018 and founded/subscribed by SOL Holdings Limited (Cyprus), an entity historically tied to the Russian Dmitrii (Dmitry) Borisovich Volkov. Volkov was recorded as the Person with Significant Control (PSC) owning ≥75% until 17 May 2023, when Lasma Kuhtarska became PSC. The Wikipedia narrative therefore omits and/or contradicts core corporate facts and the historical beneficial ownership timeline. Key Discrepancies 1) Date of Incorporation Wikipedia: “Founded February 2020 in London, UK.” Companies House: Incorporated 27 December 2018 (NaudaPay Limited). Assessment: Wikipedia’s “founded 2020” is inaccurate for the UK operating company. 2) Founders / Initial Subscriber Wikipedia: Founders Lasma Kuhtarska and Igor Loktev. Companies House – Incorporation (IN01): SOL Holdings Limited (Cyprus) is the subscriber and initial shareholder (125 ordinary shares; EUR 125,000 nominal). Assessment: Primary documents show SOL Holdings Limited as founding shareholder; Wikipedia misattributes founders. 3) Beneficial Ownership (PSC) Timeline Companies House – PSC: Alla Gubenko PSC from 21 Jan 2019 to 15 Jun 2020. Dmitrii Borisovich Volkov PSC 15 Jun 2020 to 17 May 2023 (≥75% ownership). Lasma Kuhtarska PSC from 17 May 2023 (≥75% ownership). Assessment: Wikipedia omits Volkov’s multi-year PSC control and overstates Kuhtarska/Loktev as original founders. 4) Group/Affiliate Disclosure (Cyprus) Noda policy page identifies NODA HOLDING LIMITED (HE 428729) in Cyprus as an EU services entity; external registries list Igor Loktev among officers. Assessment: Confirms an affiliated Cyprus structure. Wikipedia does not reconcile this with the UK corporate history. 5) Sanctions Context (Founder’s History) Public databases indicate Dmitry/Dmitrii Borisovich Volkov is “under sanctions” (aggregators/PEP sources; OpenSanctions profile referenced by investigators). rupep.orgNote: Aggregators compile multiple regimes (e.g., UA NSDC, others). Independent screening against UK/EU/US/CH/UA lists is required. Assessment: If a previously sanctioned/flagged person held ≥75% control until May 2023, regulatory narrative and Wikipedia’s omission merit scrutiny. Evidence Snapshot (Primary Records) Incorporated: 27 Dec 2018 (NaudaPay Limited) (Source: find-and-update.company-information.service.gov.uk). Initial subscriber: SOL Holdings Limited (Cyprus) (Memorandum) (Source: find-and-update.company-information.service.gov.uk). Initial shareholdings: SOL Holdings Limited — 125 ordinary shares (EUR 125,000 nominal) (Source: find-and-update.company-information.service.gov.uk). PSC history: Volkov (15 Jun 2020–17 May 2023), Kuhtarska from 17 May 2023 (Source: find-and-update.company-information.service.gov.uk) Wikipedia claims: “Founded Feb 2020; founders Kuhtarska/Loktev” (Source: Wikipedia). Compliance Assessment Public disclosure risk: The Wikipedia entry misstates key facts (founder, founding date) and omits Volkov’s multi-year PSC control, creating a misleading public record for counterparties conducting light-touch OSINT/KYB. Wikipedia+1 Sanctions/PEP risk: Given Volkov’s PSC history and sanctions-aggregator flags, enhanced due diligence (EDD) is warranted for historic control, influence, and connected parties. find-and-update.company-information.service.gov.uk+1 Governance narrative: The late switch to Kuhtarska as PSC (May 2023) coincides with heightened sanctions exposure post-2022, raising legitimate questions about de-facto control vs. de-jure ownership. find-and-update.company-information.service.gov.uk Group structure: Cyprus affiliate (NODA HOLDING LIMITED) with Loktev involvement underscores cross-border control pathways not reflected on Wikipedia. noda.live+1 Questions for Management and Editors Why does the Wikipedia page state 2020 founding and different founders when the UK company was incorporated in 2018 and subscribed by SOL Holdings Ltd (Cyprus)? find-and-update.company-information.service.gov.uk+1 What explanation is there for omitting Volkov’s PSC period (2020–2023) from the public narrative? find-and-update.company-information.service.gov.uk What governance changes occurred around May–Oct 2023 (PSC change, resolutions), and do they reflect a substantive transfer of control? find-and-update.company-information.service.gov.uk Call for Information (Whistle42) If you are a current or former employee, contractor, director, or service provider of NaudaPay/Noda or its affiliates, we invite confidential submissions regarding: Ownership/control changes around 2022–2023; Role of SOL Holdings Ltd (Cyprus) and any Volkov-linked entities; Internal guidance on sanctions screening and beneficial ownership declarations. Share securely via Whistle42. We verify materials and protect sources. Share Information via Whistle42

Excerpt FinTelegram continues to investigate the FCA-regulated payment institution NaudaPay Limited,d/b/a Noda (www.noda.live). New data and company filings confirm explosive financial growth in 2024 and reinforce suspicions that Russian national Dmitry Borisovich Volkov—a/k/a Dmitrii Borisovich Volkov a/k/a Dmitri Borissowitsch Wolkow—continues to exert de facto control over this high-risk payment processor despite being sanctioned and formally removed from ownership records in 2023. Web analytics, financial disclosures, and insider testimonies all suggest that Noda has become a payment engine for Volkov’s online dating and entertainment empire, including platforms accused of large-scale deception and user exploitation. Key Data Trading namesNodaWLPayBusiness activityPayment InstitutionDomainshttps://noda.livehttps://uk.noda.livehttps://wlpay.ioSocial mediaLinkedInLegal entitiesNaudaPay LimitedNoda Business Services UAB (Lithuania)SOL Holdings Limited (Cyprus)Noda Holding Limited (Cyprus)JurisdictionUnited Kingdom, LithuaniaAuthorizationFCA-regulated payment institutionwith reference no. 832969FounderDmitrii Borisovich VolkovSOL Holdings Limited Related individualsIrina KonstantinovaAnastasija Tenca (LinkedIn)Lasma Kuhtarska (LinkedIn)Jevgenijs GolinejsIgor LoktevKnown clientsNewEra, Santeda International B.V.FGS Software Solutions,N1 Interactive Ltd, Stardust Global CCS LtdSOL Group, SDGroup (Volkov) Corporate Background NaudaPay Limited (registered number 11741664) was incorporated in 2018 in the United Kingdom via SOL Holdings Ltd in Cyprus—a company owned by Dmitry Volkov, as FinTelegram previously documented. Volkov was registered as the beneficial owner of NaudaPay until his removal in 2023, following his inclusion on the international sanctions list after Russia’s invasion of Ukraine (OpenSanctions profile). He was replaced by Latvian national Lasma Kuhtarska, whose sudden appearance as controlling person coincides suspiciously with Volkov’s official “exit.” Yet, multiple insiders claim Volkov continues to influence or direct NaudaPay’s operations, using it as a preferred settlement channel for the Social Discovery Group (SDGroup) and its high-risk dating network, including Dating.com, AnastasiaDate, AmoLatina, and affiliated adult entertainment sites. Financial Statement Analysis (FY 2024) NaudaPay’s 2024 annual financial statements, filed with UK Companies House, reveal explosive growth compared to 2023: Key Metric2024 (€)2023 (€)% ChangeCash at bank and in hand8,196,9831,653,969+396%Debtors due within one year4,826,0852,546,595+89%Total current assets13,703,4444,640,564+195%Profit and loss account5,452,5291,284,908+324%Net assets6,380,5291,649,908+287% The fivefold increase in profitability and nearly €8.2 million in bank balances signal surging transaction volumes. This acceleration coincides with Noda’s expansion in high-risk verticals—notably dating, adult content, and online gaming—as confirmed by web analytics and merchant relationships. Such growth is inconsistent with a typical mid-tier UK payment processor but entirely consistent with aggressive expansion in high-risk merchant acquiring and cross-border payment orchestration. This explosive growth of Noda, founded by Volkov, is particularly interesting in light of the money laundering allegations made against Volkov by the public. He is alleged to have used his dating and romance platforms, such as Dating.com, to scam end users through paid agents and then launder their money through offshore structures. This is according to the claim of a victim published on a website here. In this context, it is reasonable to ask how Noda‘s growth could have exploded within a year. Read our reports on Dmitry Volkov here. Web Traffic and Customer Composition Similarweb analysis of Noda.live (Oct 2025) FinTelegram’s analysis of Similarweb data for noda.live confirms that Noda’s transaction network is tightly interlinked with high-risk consumer platforms: Over 10% of referring traffic to Noda originates from the Romance & Relationships sector. Dating.com alone accounts for nearly 7% of incoming referral traffic. Additional significant referrers include adult entertainment and online gaming sites. Similarweb analysis of Noda.live (Oct 2025) This traffic mix reflects typical high-risk payment facilitation patterns, in which a regulated entity processes for industries that mainstream acquirers refuse to serve due to fraud, chargeback, or reputational risks. The connection between Volkov’s dating businesses and Noda’s traffic patterns implies that Volkov’s companies are major clients—if not controlling beneficiaries—of the payment processor’s volume. Corporate Structure and Cyprus Connection NaudaPay identifies a Cypriot affiliate, Noda Holding Limited, as a technology provider within its annual report. Public records in Cyprus list Igor Loktev as director. This entity, together with SOL Holdings Ltd (Volkov-owned), establishes a clear cross-border structure consistent with Volkov’s corporate network, where Cyprus often serves as the operational and ownership hub for Malta- and UK-based subsidiaries. The FCA license held by NaudaPay, therefore, may function as a gateway to process EU and UK payments for an offshore Russian-origin business empire—a structure that raises serious regulatory and sanctions-compliance questions. Volkov’s Sanctions Status and Ongoing Allegations Volkov was sanctioned for his connections to Russia’s business elite after the invasion of Ukraine. Despite this, his digital business empire continues to expand through European subsidiaries and proxy ownership structures. As previously reported by FinTelegram: Volkov is the dominant figure behind Social Discovery Group / Dating Group, operating a global online dating conglomerate accused of monetizing “romance-on-credit” systems. Victims have publicly accused Volkov of running scam-like platforms that use fake profiles, scripted chat, and emotional manipulation to extract money from Western men seeking relationships with Eastern European women. See detailed victim report: Vida Enigmatica – “Who Owns AnastasiaDate: Billionaire Scammer Dmitry Volkov”. The allegation pattern—deceptive user engagement, offshore structures, and regulatory arbitrage—mirrors what we now observe in Noda’s growth and client base. Critical Questions Is Dmitry Volkov still the de facto beneficial owner of NaudaPay, despite his formal removal from Companies House? Are FCA and UK regulators aware that Noda’s largest client cluster overlaps with the romance and adult-content industries under global consumer-protection scrutiny? Does Noda’s rapid profit surge reflect legitimate fintech expansion—or the scaling of high-risk merchant volumes processed for Volkov-linked dating brands? How effective is Noda’s sanctions compliance program, given its historic ownership and client overlap with a sanctioned individual? Compliance and Reputational Risks Sanctions risk: If Volkov exercises de facto control, Noda may be in breach of UK sanctions and FCA requirements for transparency and fitness of beneficial owners. Consumer protection: By facilitating payments for romance and adult content schemes, Noda risks regulatory backlash under Unfair Commercial Practices and PSD2 conduct rules. AML/KYC: The offshore structure involving Cyprus, Malta, and the UK raises red flags about beneficial ownership disclosure and source-of-funds verification. Conclusion The evidence points to NaudaPay (Noda) as an FCA-regulated payment processor primarily serving high-risk merchants, with a disproportionate dependency on Dmitry Volkov’s global dating network. Despite his sanctions listing and official removal, Volkov appears to retain effective control through proxies, affiliates, and client dependencies. The surging 2024 profits—from €1.3 million to €5.5 million—indicate that Noda has become a core financial infrastructure for a controversial Russian-origin business empire operating at the margins of legality. Call for Information FinTelegram invites insiders, former employees, compliance officers, and payment partners of NaudaPay / Noda to come forward with information regarding: Actual beneficial ownership and control after Volkov’s removal. Client lists and merchant categories processed through Noda. Compliance reports, sanction screening records, and PSP correspondence. Submissions can be made securely and confidentially through Whistle42. Share Information via Whistle42 FinTelegram will continue to monitor NaudaPay and its links to sanctioned Russian entrepreneur Dmitry Volkov.

FinTelegram has tracked the notorious Israeli lawyer Moshe Strugano for years in connection with the fraudulent binary options industry. Strugano was the lawyer-to-go for scammers to set up offshore entities and bank accounts. A new whistleblower tip claims Strugano was arrested in Athens at the end of July and is contesting extradition. We have not verified this. What is verified: parallel SEC (civil) and DOJ/SDNY (criminal) insider-trading actions filed in 2022. Key Points Unconfirmed: Tip claims Strugano was detained in Athens (late July) and is fighting extradition; FinTelegram has no official confirmation yet. On record: SEC charged Strugano and Rinat Gazit (Apr 20, 2022) over trading ahead of Ormat’s acquisition of U.S. Geothermal; complaint alleges ~$1.2m in illicit profit (Source: sec.gov). On record: DOJ/SDNY unsealed a parallel indictment the same week; Strugano is described as a lawyer specializing in offshore companies. (Arrest warrants in such cases issue from courts via DOJ, not the SEC) (Source: justice.gov). Context: FinTelegram’s archive details Strugano’s facilitating role in the Israeli binary-options scene (e.g., Yukom/Tradorax nexus) and earlier UK attention (Source: fintelegram.com) Industry scale: Israel’s binary-options industry defrauded hundreds of thousands of victims globally, prompting Israel’s 2017 legislative ban; U.S. regulators and prosecutors have since brought major cases (SpotOption, Yukom/Lee Elbaz, Cartu brothers) Source: timesofisrael.com). Short Narrative FinTelegram has repeatedly reported on Moshe Strugano as a key enabler in the binary-options era—structuring companies and accounts that helped scammers scale cross-border operations. Our 2020–2025 coverage situates him among the ecosystem of Israeli operators whose brands siphoned billions from retail victims worldwide. In April 2022, the SEC and DOJ/SDNY filed actions against Strugano tied to U.S. Geothermal (HTM) trading ahead of Ormat’s takeover announcement—allegations he has denied in Israeli press. Read our reports on Moshe Strugano here. Extended Analysis The new Athens-arrest claim—late July with a purported extradition fight—is not yet corroborated by Greek police notices, court bulletins, or credible wire reports. That absence doesn’t prove it false; Greek extradition matters can take place on opaque timelines and sometimes surface only when a court rules (compare other high-profile Israel-linked extradition cases in Greece). Until a Greek court record, Interpol notice, or DOJ/SDNY filing reflects a custodial status, the report remains unverified (Source: ft.com). What is clear—and documented—is Strugano’s 2022 exposure in U.S. proceedings: the SEC complaint alleges he bought >740,000 HTM shares and profited about $1.2m, while SDNY accuses him of securities fraud and conspiracy, highlighting his use of offshore structures and a Swiss bank relationship. These filings sit against the backdrop of Israel’s now-banned binary options industry and a steady cadence of U.S./EU enforcement. Actionable Insight Verification targets: Greek appellate prosecutor docket numbers; Athens Police press notes; Ministry of Justice extradition decisions; defense counsel of record in Greece; any Greek court orders regarding travel restrictions or bail. U.S. side: Monitor SDNY docket updates and SEC case activity; any MLAT/extradition references will likely surface there first. Ecosystem mapping: Cross-reference Strugano-linked entities and bank relationships in prior FinTelegram files with Yukom/Cartu/SpotOption cases to trace funds and service providers. Call for Information (Whistle42) Were you in a Greek court or police unit when Strugano was allegedly detained in late July? Do you have a case number, custody record, travel-document data, or counsel names? Share securely via Whistle42. We especially seek Greek docket IDs, custody paperwork, and defense filings. Your evidence can help move this from rumor to fact. Share Information via Whistle42

As the courtroom doors swing open in Innsbruck today, René Benko faces his first criminal trial — but this is just the beginning of what promises to be Europe’s most spectacular financial reckoning. The Austrian property tycoon who once boasted that “only the Pope and the King of England have more beautiful buildings than me” now sits in the dock, charged with insolvency-related fraud that could see him imprisoned for up to 10 years. Yet the €660,000 at the heart of today’s proceedings represents merely a fraction of the estimated €13 billion debt mountain that buried his Signa empire.​ The Global Web of Elite Investors What makes the Signa collapse extraordinary is not just its scale, but the caliber of those caught in its web. This was no penny-stock pump-and-dump — Benko’s empire attracted Europe’s financial elite with the allure of prime real estate and seemingly bulletproof returns.​ Julius Baer, Switzerland’s most prestigious private bank, faces losses of up to $700 million and was forced to fire its CEO. Deutsche Bank, Raiffeisen Bank International (€755 million exposure), and BayernLB each lent hundreds of millions. The Peugeot family, Klaus-Michael Kühne (logistics billionaire), and Hans Peter Haselsteiner (construction mogul) all saw their equity evaporate.​ These weren’t naive retail investors — they were the “smart money” that sophisticated due diligence was supposed to protect. Yet all failed to pierce through Signa’s deliberately opaque structure of over 1,000 interconnected entities.​ The Foundation Shield: Where Billions Vanished At the center of today’s legal proceedings lies a more troubling question: Where did Benko’s billions go? Austrian investigators openly admit they cannot trace the full extent of his assets due to the labyrinthine foundation structures.​ The INGBE Foundation (named after Benko’s mother) and Laura Private Foundation have emerged as the final repositories of Benko’s wealth. In a series of transactions completed just weeks before Signa’s collapse, these entities acquired:​ €45 million in gold stored in Liechtenstein vaults​ Six luxury villas on Lake Garda worth far more than their €46 million book value​ Millions in cash across multiple Swiss and US dollar accounts​ Luxury watches, jewelry, and artworks purchased at auction after Benko’s arrest​ The Shadow Board: Schimanko and Limberger Perhaps most intriguingly, two new foundation board members joined Benko’s structures just weeks before the empire’s collapse: Robert Schimanko and Thomas Limberger. Their role remains deliberately unclear, but their activities suggest sophisticated asset protection operations.​ Schimanko, an Austrian operating from Switzerland, joined the INGBE Foundation board in November 2024. His track record reads like a catalog of European financial scandals — from Manhattan Investment Fund fraud to connections with Madoff feeder networks. Crucially, he was present at a private meeting with Benko the evening before his arrest and actively participated in auctions of Benko’s personal belongings, helping to “buy back” luxury items from the bankruptcy estate.​ Limberger, CEO of SilverArrow Capital and President of the World Economic Council (WEC), brings expertise in corporate restructuring and cross-border asset movements. His simultaneous appointment to the Laura Foundation board suggests a coordinated strategy to shield assets across multiple jurisdictions.​ Both men operate through SilverArrow Capital Group and the World Economic Council — entities that appear designed to provide legitimacy to controversial operations while facilitating reputation management for distressed assets.​ Read more about the SilverArrow Capital Group here. The Gold Trail Most damning is the €30 million gold sale executed by the INGBE Foundation during Benko’s detention. This transaction, involving 360kg of gold, occurred precisely when creditors were attempting to locate assets for recovery. The timing suggests either remarkable coincidence or deliberate asset liquidation to frustrate creditor claims.​ What This Means Today’s trial represents first blood in what will be a protracted legal battle spanning multiple jurisdictions. The charges may seem modest — €660,000 in questionable transfers — but they establish crucial legal precedents for asset concealment and creditor fraud that will echo through subsequent proceedings.​ The Signa collapse has already triggered new EU scrutiny of cross-border foundation abuse and insolvency law loopholes. For the global financial industry, it serves as a stark reminder that regulatory sophistication has not kept pace with financial engineering creativity. Call for Transparency The Benko case demonstrates how ultra-high-net-worth individuals can exploit legal structures to shield assets even in insolvency. Foundation board appointments weeks before collapse, gold sales during detention, and auction “buybacks” of personal items all suggest systematic asset protection strategies designed to frustrate legitimate creditor claims. FinTelegram calls on industry insiders, legal professionals, and regulatory experts with knowledge of these asset protection schemes to come forward. The public interest demands transparency around how billions in investor funds simply “disappeared” into foundation structures. If you have information about Signa, Benko’s foundation network, or similar asset shielding operations, contact us securely through our Whistle42 whistleblower system. Your information could be crucial in ensuring accountability and preventing future financial scandals of this magnitude. The Benko trial begins today, but the real reckoning for Europe’s financial system is just beginning. Share Information via Whistle42

A CryptoTicker report resurfaced concerns about PR-distribution brands Chainwire/FinanceWire/MediaFuse and their CEO/co-founder Nadav Dakner, pointing back to the Gladius Network ICO case and alleged ties that ripple into the Gery Shalon–Vladimir Smirnov–Gal Barak cyber-fraud complex. We review the record, separate allegations from facts, and spell out the compliance red flags. Read our report on the Gladius Network case here. Key Points CryptoTicker post: The article revisits Dakner’s role around Gladius and mentions Chainwire/FinanceWire/MediaFuse (Source: CryptoTicker) Dakner’s positions: Public pages list him as co-founder/CEO of Chainwire and MediaFuse (brands include Chainwire, FinanceWire, CyberNewsWire, GamingWire) (Source: Chainwire). Gladius enforcement: The U.S. SEC charged Gladius Network LLC for an unregistered ICO (no monetary penalty due to self-reporting; promised registration/rescission). Gladius later shut down; investors complained about refunds (Source: sec.gov) Who introduced whom: In Gladius v. Krypton (2018), the complaint says Dakner (InboundJunction) introduced Gladius to Krypton Capital (Ilan Tzorya) (Source: morrisoncohen.com). Smirnov/Oldypak angle: The same filing alleges BTC “advance payments” came via Vladimir Smirnov/Oldypak Capital, not Krypton, and references possible involvement of Gery Shalon. Allegations, not adjudicated in that suit (Source: Gladius lawsuit). Context—proven cases: Gery Shalon was indicted in the U.S. (2015) over the JP Morgan hack scheme; reporting indicates he pleaded guilty and later returned to Israel (Source: FBI) Gal Barak (“Wolf of Sofia”) was convicted in Vienna (Sept 2020) for investment fraud/money laundering; sentence: 4 years (Source: efri.io). Short Narrative CryptoTicker’s new report re-opened scrutiny of Nadav Dakner—now the public face of crypto PR pipes Chainwire/FinanceWire/MediaFuse—by revisiting Gladius Network, one of the SEC’s early ICO actions. The post (with an explicit disclaimer that it doesn’t reflect MEXC’s views) highlights how the no-penalty Gladius settlement relied on cooperation and a 90-day Form 10 commitment—deadlines later missed before the project shut down. Extended Analysis Dakner’s posture and Gladius proximity. Chainwire’s own “About” page lists Dakner as co-founder/CEO; MediaFuse repeats this across its brand family. The Gladius whitepaper listed InboundJunction as a marketing/PR partner, and court records state Dakner introduced Gladius to Krypton Capital (Ilan Tzorya)—facts that place him close to the funding and comms stack around the ICO. Proximity is not culpability; however, for risk teams it’s a relationship risk that warrants enhanced due diligence. The Oldypak/Smirnov track. In Gladius v. Krypton, plaintiffs alleged that BTC advances came not from Krypton but from Vladimir Smirnov (via Oldypak Capital), and referenced Gery Shalon in that context—again, allegations in civil pleadings, not criminal findings in that case. Even so, these filings align with separate law-enforcement narratives that portray Shalon and associates as running sprawling cyber-financial schemes in the 2010s. The Cybercrime Mastermind Shalon Georgian-born Israeli national Gery Shalon has been identified by U.S. prosecutors and investigative reporting as a central figure in major cyber-financial crime cases over the last decade. Beyond the well-publicized intrusions into U.S. financial institutions and financial media, open-source records and court filings link Shalon to extensive money-laundering infrastructures and online-gambling enterprises. For years, Shalon’s close associate was Vladimir Smirnov of Russia. Smirnov’s vehicle Oldypak (often referenced as Oldypak Capital) has been cited in civil pleadings and investigative reports as a conduit for funding and investments, including in matters touching the Gladius Network. Oldypak has also been reported as an investor in Telegram’s ICO. While these references establish proximity and financial flows, several points remain allegations drawn from civil proceedings and media, not criminal judgments. Read our reports on Gery Shalon here. Between 2016 and 2019, Shalon and Smirnov were repeatedly linked in reporting to the large-scale boiler-room operations run through E&G Bulgaria, a company fronted by Gal Barak. The schemes—binary options, CFDs, and later crypto—victimized tens of thousands globally. Barak, the public face of E&G Bulgaria, was convicted in 2020 for investment fraud and money laundering. Some court records and investigative materials characterize Shalon as a driving force behind parts of this ecosystem; however, those characterizations have not been adjudicated as findings of fact against him in that specific context. Shalon was arrested in 2015 in the United States and subsequently placed under house arrest. He later pleaded guilty and cooperated with U.S. authorities pursuant to a plea agreement, a process widely reported to have supported additional arrests and convictions across the network. According to insider accounts and documents referenced in court records, Shalon subsequently resided in Israel without further imprisonment. FinTelegram has chronicled these developments and the broader network repeatedly, including its coverage of Gladius and adjacent actors. Today, the E&G Bulgaria complex is regarded as one of the largest cyber-investment-fraud cases in Europe. Entities such as Krypton Capital and Gladius Network appear in the broader perimeter of this milieu through introductions, funding flows, or service relationships cited in civil filings and investigative reporting. Unless specifically grounded in criminal judgments, references above should be understood as allegations requiring independent corroboration. Call for Information FinTelegram invites insiders, former employees, investors, and service providers with first-hand documents (term sheets, wallet evidence, contracts, PR invoices) regarding Gladius, Krypton/Oldypak, Chainwire/FinanceWire/MediaFuse, Gery Shalon, Vladimir Smirnov, or Gal Barak to submit via Whistle42 (confidential). Share Information via Whistle42

Russian-born tech investor Dmitry Borisovich Volkov is publicly linked to Social Discovery Ventures / SDV Group (SDV/SDGroup) and Dating Group, whose portfolio includes AnastasiaDate, Dating.com, AmoLatina, AsianDate, and other “international romance” platforms. Public records place the corporate center of gravity in Malta, with historic links to Cyprus, BVI, Hong Kong, and the UK. Multiple properties in this ecosystem operate on a credit-based, pay-per-interaction model that critics say monetizes prolonged fantasy and obscures real-world outcomes. While no court has adjudicated wrongdoing by Volkov or SDV, the pattern of consumer complaints, whistleblower testimony, and offshore layering warrants heightened regulatory attention. Key Findings Volkov is described in public profiles as a co-founder of Social Discovery Group and co-owner of Dating Group (HQ in Malta). The group history includes the 2019 SDVentures and SOL Holdings transaction forming Dating.com Group, and the 2021 acquisition of the Swiss app Once. Offshore footprint: corporate names such as Dating.com Group Limited, SOL Networks Limited, and Social Discovery Ventures Ltd appear in public investigative databases that compile offshore company records. Presence in such databases does not imply illegality, but it is relevant to transparency and cross-border oversight. Business model: portfolio brands advertise credit-based pricing for chat, email, photo or video messages, and video calls. This structure economically rewards on-platform engagement. Consumer outcomes: public reviews and narratives report high costs, scripted or inauthentic interactions, and refund frictions across AnastasiaDate and sister brands. Sentiment varies by site; narrative detail trends negative. Macro risk: law-enforcement sources in the EU and US flag romance fraud as a persistent and under-reported harm area, with losses rising and AI-enabled scaling accelerating the threat. Read our reports on Dmitry Volkov here. Profile: Dmitry Volkov Roles: co-founded Social Discovery Group; co-owner of Dating Group. Location context: public materials list Malta as headquarters for SDGroup and Dating Group. Notable deals: 2019 SDVentures and SOL Holdings transaction forming Dating.com Group; 2021 acquisition of Once. Russia and Belarus statement: public profiles claim the group ceased operations and registrations in Russia and Belarus after February 2022. Independent confirmation should be reviewed during fact-checking. Corporate and Offshore Web Public registries and investigative databases show a Malta-centered ecosystem with historic links to other jurisdictions. This offshore layering is not illegal by itself but can complicate transparency, tax oversight, and consumer redress. For editorial fairness, note that many global online companies use similar structures for international scaling and capital raising. How the Model Works: Romance-on-Credit Across the network, users are funneled into prepaid credits to pay per action: chat minutes, emails, photos or videos, video chat, and gifts. Representative official pages describe 1 credit per minute chat, 10 credits per email, and 6 to 12 credits per minute for video, with surcharges for translation or media. This pay-per-interaction architecture incentivizes prolonged on-platform engagement and disincentivizes off-platform contact or real-world meetings because revenue stops when chatting stops. Observed outcomes in public reviews include: scripted responses or copy-paste chats; steep costs for contact details; and refund or chargeback frictions. Depth-of-detail is strongest in long-form user complaints; star ratings alone can be misleading when influenced by marketing or bots. Whistleblower Allegations (as received) A former insider, requesting anonymity, describes impersonation roles, quota-driven chat, arranged tours or meetups with performers, and image editing to enhance model photos. These remain allegations. We publish them due to public-interest value, consistency with user complaints, and the documented corporate structure above. We invite corroborating evidence. Law and Regulation: IMBRA and Consumer Protection In the United States, the International Marriage Broker Regulation Act (IMBRA) sets obligations when a for-profit service mediates introductions between US persons and foreign nationals for marriage, including disclosures, background checks, and consent before releasing contact information. Platforms have cited IMBRA to justify withholding contact details. Misstating IMBRA to keep interactions billable would raise consumer-protection questions. In the EU, unfair commercial practice rules and platform transparency requirements are also relevant. Risk Assessment Model risk: HIGH. Credit-gated, per-minute or per-message pricing with added surcharges economically rewards endless chat over real outcomes. Consumer-harm signals: HIGH. Multi-year negative user narratives describe high spend with little verifiable progress toward real-world contact. Jurisdictional and offshore opacity: ELEVATED. Malta-centered group with historical links to other jurisdictions can complicate enforcement and redress. Governance representation: MIXED. Group PR and press releases emphasize legitimate M&A and scale. This does not negate the consumer-harm pattern and whistleblower claims; it does indicate capital and sophistication. When Romance Turns to Deception: The Thin Line Between Dating Platforms and Scam Operations When does a “social romance” platform become a scam? The bright line is undisclosed deception. If a platform sells “dating” or “romance” while secretly using paid operators or studio staff to impersonate partners, that is a material misrepresentation of identity and intent—meeting classic tests for deceptive trade practices and, in many jurisdictions, fraud. Pay-per-action pricing (credits for letters, chat minutes, video, “gifts,” or even contact info) is not illegal per se, but when combined with fabricated personas, scripted engagement, algorithmic nudges to extend paid chats, and systematic obstruction of off-platform contact, the product crosses from entertainment into extraction through misrepresentation. In effect, the model grooms users, leverages sunk-cost bias, and escalates spend—a behavioral pattern adjacent to “pig-butchering” scams, even if the endgame is credit drain rather than a crypto “investment.” At minimum, any use of operators must be prominently disclosed (e.g., “for entertainment/chat only”), with clear odds of real-life outcomes and non-predatory cancellation/refund terms. Absent those guardrails, describing paid chatters as prospective romantic partners is not merely questionable—it is scam-like by design. Open Questions Are operators or studios paid to sustain billable chats across brands, and what controls exist to prevent inauthentic engagement? How do platforms determine when they act as international marriage brokers under IMBRA versus general dating sites, and what disclosures are provided? Which payment processors are underwriting card processing, and what are chargeback ratios and refund policies in practice? What beneficial ownership and board-level oversight exist over anti-fraud controls and content authenticity? Call for Insiders (Whistle42) If you have worked inside this network or processed payments, content, or compliance for it, we want to hear from you. We are seeking: Contracts and playbooks: chat or operator guidelines, studio agreements, quotas, incentive schemes. Payments: processor descriptors, merchant IDs, acquirer correspondence, chargeback data. Compliance: IMBRA decision memos, KYC and AML policies, studio or vendor onboarding files. Product: pricing change logs, contact-release policies, algorithmic engagement metrics. Share Information via Whistle42 Final Word We are not asserting adjudicated fraud. We are asserting that the risk profile is elevated: an offshore-layered, credit-gated romance ecosystem facing persistent consumer-harm claims and credible whistleblower allegations deserves regulatory scrutiny and PSP due diligence. If you’ve worked inside this network—or processed payments, content, or compliance for it—we want to hear from you. Whistle42 is open.

The cryptocurrency market experienced one of its most significant selloffs in history on October 10, 2025, triggered by President Trump’s announcement of a 100% additional tariff on Chinese imports. Bitcoin plummeted from approximately $122,000 to below $110,000 (a decline of over 10%), while major altcoins experienced even steeper losses of 15-30%. The crash resulted in over $7 billion in liquidations, marking what data tracker Coinglass described as “the largest liquidation event in crypto history.” Bottom Line: While the immediate catalyst was geopolitical, underlying technical vulnerabilities and overleveraged positions amplified the selloff. Short-term volatility is expected to persist, but medium-term fundamentals remain constructive for selective accumulation at current support levels. What just happened: The Perfect Storm Catalyst: The White House threatened/announced steep tariffs (100%+) and new export controls on China, re-igniting trade-war fears and knocking global risk assets. Crypto followed equities lower (Source: Reuters). Price & liquidations: BTC dropped sharply from the week’s record highs; ETH/SOL/XRP underperformed. Multiple outlets report multi-billion USD in liquidations within hours and > $7–10B over 24h—methodologies vary, but the direction is clear: a leverage flush (Source: finance.yahoo.com). Flows & the dollar: Into the pullback, ETF inflows had been strong earlier in the week but narrowed just before the shock; concurrently, the USD strengthened, pressuring the broader “debasement trade” (Source: Reuters). Microstructure check Leverage reset: High open-interest and positive/neutral funding set up a classic “air-pocket” lower when the macro headline hit; the ensuing forced long liquidations amplified the move (Source: coindesk.com). Positioning/ETF tape: After record inflows earlier in Q4, daily ETF net flows have thinned the last two sessions—watch this closely for confirmation of dip-buying demand returning (Sourcew: Reuters+1 Sentiment: Fear gauges flipped from neutral/greed to fear after the break, consistent with near-term risk reduction (Source: feargreedmeter.com). Near-term outlook (1–3 weeks) Base case — Range & Retest (55%) We expect sideways-to-lower chop as markets digest the tariff shock, equity volatility stays elevated, and ETF flows stabilize. Implications: Probability of retests of $110k–$115k for BTC before any durable push higher. Altcoins likely lag with higher beta. What confirms: Day-over-day ETF inflows turning positive and broadening, dollar momentum cooling, funding normalizing near flat (Source: farside.co.uk). Bear case — Deeper Drawdown (25%) Further escalation in trade headlines or a strong USD impulse drives another liquidation wave, targeting prior breakout/liquidity pockets (roughly $100k–$105k on BTC). What confirms: Renewed equities selloff, larger outflows or stall in ETF demand, persistent dollar strength. Bull case — V-shape Recovery (20%) Headline de-escalation + renewed record ETF inflows flip the tape back to trend; BTC reclaims $120k+ with breadth improvement in majors. What confirms: Strong, broad ETF net inflows (multiple issuers), falling DXY, improving equity risk sentiment. “Buy the dip” or wait? Short answer: Scale-in only on confirmation; otherwise patience is warranted. Here’s a disciplined approach: For BTC/ETH core exposure: Add partial if BTC reclaims and holds key reclaim levels on volume (e.g., back above the breakdown area) and U.S. spot-ETF net flows turn positive for at least 2 consecutive days. Invalidation = a close back inside the prior range with accelerating dollar strength (Source: farside.co.uk). For altcoins (higher beta): Historically underperform into liquidation cascades and during macro risk-off. Prefer delay or pair with BTC hedges until ETF flow + USD backdrop improve (Source: coindesk.com). If you’re cautious: Wait for a cleaner retest (e.g., round-number supports) or a higher-low after the first bounce. Use smaller sizing and wider stops than usual—volatility is elevated. (This aligns with how leverage flushes often resolve.) Data the market is watching (daily) U.S. spot-Bitcoin ETF flows (Farside Investors tracker). Ongoing net inflows argue for buy-the-dip durability; shrinking/negative flows suggest chop or further downside. Dollar (DXY) & equities. A stronger USD and equity drawdowns tend to weigh on crypto risk appetite. Derivatives stress: Funding rates and liquidations—signs of leverage rebuilding too quickly would increase downside tail risk. Bottom line Is now the right time to buy? Active traders: Tactical nibble with confirmations (reclaims + ETF inflows), keep risk tight. Long-term allocators: Staggered entries over days/weeks can be reasonable, but be prepared for further 8–15% swings given macro uncertainty. Altcoins: Higher risk; wait for BTC stability + improving flows before adding beta. This is market analysis, not investment advice. Manage sizing, use stops, and anchor decisions to the data above. Share Information via Whistle42

FinTelegram’s ongoing investigations into online gambling operators have placed MineBit—a casino with alleged ownership ties to Ukraine and Portugal—under particular scrutiny. Recent communications reviewed by our editorial team confirm mounting pressure on MineBit (MineBit.com) to respond to player complaints and clarify its ownership structure in the wake of a high-value winnings dispute. Background: Ownership Allegations and Regulatory Concerns MineBit’s cross-border ownership has drawn attention from compliance analysts and regulatory observers. According to an email correspondence obtained by FinTelegram, at least two of MineBit’s owners are reportedly from Portugal, with another originating from Ukraine. In fact, FinTelegram has received the names of individuals who are allegedly the UBOs. Offshore ownership models like this are often a red flag for regulators and financial crime investigators, given the potential for obfuscated beneficial ownership and loopholes in local oversight requirements. Player Winnings of $800,000 Under Dispute The controversy escalated after a player reportedly secured winnings of $800,000, prompting formal inquiries from independent investigators and the press. The email exchange reveals FinTelegram agents repeatedly reached out to MineBit for comment, specifically requesting answers to a series of questions regarding the legitimacy and payment status of this substantial player win. The messages make it clear: failure to respond would lead to public exposure and investigative reporting on the matter. MineBit’s Response – Silence and Deflection In the email thread, MineBit support acknowledges receipt of the inquiries, opting for generic assurances about respectful communication rather than directly addressing the core issues raised. This pattern of non-responsiveness is consistent with previous cases documented in FinTelegram’s coverage of high-risk gaming operations, where silence often serves as an implicit admission of operational or compliance concerns. MineBit Casino’s recent actions—voiding $800,000 in winnings under the pretext of jurisdictional restrictions—raise alarming questions about their regulatory conduct and criminal enforcement practice. MineBit allowed deposits and withdrawals from Malaysian users, offered no geoblocking, and only enforced restrictions when a player’s winnings reached a significant sum. This practice not only undermines trust but suggests selective enforcement and a criminal strategy to avoid large payouts. Selective Enforcement and Regulatory Failure Despite operating for some time without issue, MineBit abruptly voided winnings by shifting between rationales: initially, they questioned the legitimacy of bets (which the game provider confirmed were valid); later, they invoked Singaporean law due to the player’s nationality—despite clear evidence the player was residing in Malaysia. Finally, the casino cited Malaysian law, yet failed to distinguish between the country’s religious-based gambling prohibitions for Muslims and its allowances for non-Muslims. Such shifting arguments signal bad-faith conduct and indicate MineBit is more invested in protecting its own bottom line than in upholding any stable legal or ethical standard. MineBit Support: A Criminal Enforcement Tool Information leaked to FinTelegram by agents indicates that MineBit Support only quotes parts of the terms in its argumentation, thereby distorting the truth with regard to the intended fraud (there is no other way to describe it). MineBit Support is an enforcement instrument of MineBit‘s criminal activities. As evidenced in the provided screenshot (see left), MineBit Support references the company’s terms and conditions to justify the blocking of player accounts from countries where MineBit’s services are deemed illegal. However, the response selectively omits the subsequent clause, which clearly stipulates that in such instances, the player is entitled to a full refund of their original stake. In the case at hand, there appears to be an effort by MineBit to withhold the required refund, raising concerns about compliance with their own stated policies. Moreover, it is noteworthy that, under MineBit’s own terms and conditions, the operator would ostensibly be obligated to refund the stakes of nearly all players. This is due to the fact that MineBit currently operates without the requisite license, rendering its services effectively prohibited across all recognized jurisdictions. Licensing and Consumer Protection Risks There is no public evidence that MineBit Casino holds a reputable international license or adheres to responsible gambling and transparency measures promoted in regulated jurisdictions such as Malta or the UK. Leading authorities like the UK Gambling Commission and Malta Gaming Authority (MGA) require fair treatment of players and robust KYC/AML controls. Selectively voiding large winnings, while honoring smaller payouts to the same player, runs contrary to globally accepted consumer-protection principles and opens the door to regulatory sanctions. Conclusion: Need for Transparency and Accountability At the time of writing, Minebit has not provided substantive answers regarding the ownership accusations or the disputed winnings. As calls for regulatory enforcement and public scrutiny intensify, this case exemplifies persistent risks endemic to offshore gambling operators and highlights the importance of investigative journalism in safeguarding player interests. Call for Whistleblower Input FinTelegram will continue to monitor and investigate the MineBit developments and encourages industry insiders, affected players, and whistleblowers to come forward with additional information. Insiders with knowledge of MineBit’s internal policies, ownership structure, licensing status, names of support agents, or operational strategy are urgently encouraged to submit information via the Whistle42 platform. Details about MineBit’s compliance protocols, payment processing partners, or underlying business motivations for selective enforcement are critical to exposing whether this pattern is isolated or systemic. Share Information via Whistle42

Executive Summary Case Study: Kingdom Casino & UtPay Compliance Circumvention Analysis This report analyzes a sophisticated money laundering and regulatory evasion scheme operated by Utrg UAB d/b/a UtPay (utpay.io), a Lithuanian-regulated crypto payment processor, in partnership with Kingdom Casino (kingdomcasino.io), an offshore casino. Through FinTelegram’s direct investigation, we have documented how UtPay systematically enables illegal gambling operations by disguising casino deposits as “cryptocurrency purchases” via stealth domains, thereby circumventing anti-money laundering controls, consumer protection regulations, and payment network restrictions across multiple jurisdictions. The scheme represents a paradigmatic case of how seemingly legitimate, EU-regulated financial service providers can be weaponized to facilitate systematic violations of gambling laws, consumer protection standards, and financial crime prevention measures. This analysis serves as a reference case for understanding sophisticated payment processing methodologies employed throughout the high-risk offshore gambling sector. Introduction: The UtPay Deception Model UtPay, operating as UAB “Utrg” under Lithuanian cryptocurrency service provider licensing, markets itself as providing “full compliance” and “worldwide coverage” for legitimate Web3 companies. However, FinTelegram’s investigation reveals systematic facilitation of illegal gambling operations through deliberately deceptive payment flows designed to: Circumvent gambling-specific payment restrictions imposed by card networks and banking regulations Eliminate consumer protection mechanisms, including chargeback rights and dispute resolution procedures Obscure transaction traceability for anti-money laundering and regulatory enforcement purposes Enable operations in prohibited jurisdictions without direct regulatory oversight This model exploits the regulatory arbitrage between cryptocurrency licensing (governed by Lithuanian authorities) and gambling regulation (absent for offshore operators), creating a compliance gap that facilitates large-scale financial crime. Case Study: Kingdom Casino Payment Flow Analysis Discovery and Investigation Methodology During FinTelegram’s compliance review of Kingdom Casino (kingdomcasino.io), an unlicensed offshore gambling operator, our investigators documented the complete payment processing flow for EUR deposits via RAPID transfer offered by Skrill. The investigation revealed a multi-layered deception scheme involving: Primary casino domain: kingdomcasino.io (unlicensed offshore operation) Stealth payment domains: greenpayway.com and pay2prom.com (no corporate disclosure) Final processing domain: app.utpay.io (UtPay‘s payment interface) Legal entity: Utrg UAB (Lithuanian-registered crypto service provider) Deceptive Payment Flow Documentation Step 1: Player Initiation Player selects EUR deposit via RAPID on Kingdom Casino System displays standard casino deposit interface with no cryptocurrency disclosure Step 2: Domain Redirection Through Stealth Gateways Player redirected to greenpayway.com (domain with zero corporate transparency) Secondary redirection to pay2prom.com (equally opaque stealth domain) Final redirection to app.utpay.io (UtPay’s actual payment processing interface) Step 3: Undisclosed Cryptocurrency Conversion UtPay interface presents payment form with pre-checked consent box Consent text: “I agree to buy crypto and send it to the specified address” CRITICAL DECEPTION: Player believes they are making casino deposit, not purchasing cryptocurrency No clear disclosure that transaction will be processed as cryptocurrency purchase rather than gambling deposit Step 4: Legal Classification Manipulation Transaction processed as “cryptocurrency purchase” under Lithuanian regulation Funds legally classified as crypto commerce, not gambling deposit Consumer protection mechanisms eliminated through legal reclassification Step 5: Crypto Transfer to Casino Purchased cryptocurrency automatically transferred to Kingdom Casino’s wallet Player account credited with “casino balance” equivalent to crypto purchase amount Payment processor relationship with gambling operation obscured through crypto transfer mechanism Regulatory Evasion Mechanisms Banking Restriction Circumvention: The scheme enables Kingdom Casino to accept traditional banking payments (RAPID, credit cards, e-wallets) despite lacking gambling licenses that would permit direct banking relationships. By processing payments as “cryptocurrency purchases,” UtPay provides access to regulated payment methods that would otherwise be prohibited for unlicensed gambling operations. Consumer Protection Elimination: Players lose fundamental consumer protection rights through legal reclassification: Chargeback Rights: Credit card chargebacks unavailable for “cryptocurrency purchases” Banking Dispute Resolution: Banks cannot reverse “legitimate” crypto transactions Regulatory Recourse: No gambling-specific consumer protection mechanisms apply Refund Rights: Standard gambling refund protections circumvented through crypto purchase classification AML Control Bypassing: The multi-layer structure systematically defeats anti-money laundering controls: Source Identification: Payment appears as legitimate crypto purchase, not gambling deposit Transaction Monitoring: AML systems cannot identify gambling-related transaction patterns Regulatory Reporting: Suspicious transaction reports triggered by different criteria for crypto commerce versus gambling Audit Trail Obscuration: Complex multi-domain structure complicates transaction tracing UtPay Corporate Structure and Regulatory Status Lithuanian Registration and Licensing Primary Entity: Legal Name: UAB “Utrg” Registration Code: 306062887 VAT Number: LT100016489119 Address: Kareivių g. 19-149, LT-09133 Vilnius, Lithuania Manager: Andrius Atkočaitis Founded: April 12, 2022 Regulatory Authorization:UtPay operates under Lithuanian cryptocurrency service provider licensing, authorized for: Virtual currency exchange against fiat currency Virtual currency wallet services Virtual currency exchange against virtual currency Depository virtual currency wallet operations Compliance Certifications: PCI DSS Level 2 certification for payment processing security Partnership with Quicko Sp. z o.o. (Poland) for debit card services Integration with MasterCard SecureCode and Visa Secure authentication systems Financial Performance and Scale Operational Metrics (2023): Revenue: €442,228 Net Profit: €32,680 Employees: 8 insured individuals Average Salary: €1,987.12 (June 2025) Despite relatively modest reported revenues for 2023, UtPay‘s facilitation of high-volume offshore gambling transactions suggests significant unreported or misclassified business activity. Corporate Network and Partnerships Related Entities: UTORG LABS HOLDING LTD: Abu Dhabi-registered entity providing non-custodial wallet services Quicko Sp. z o.o.: Polish partnership for European debit card services Key Personnel: Edgar Fukalov (identified as key figure) Systemic Regulatory Violations Lithuanian Cryptocurrency Regulation Violations AML/KYC Compliance Failures:While UtPay claims “full compliance” with Lithuanian regulations, facilitating disguised gambling deposits violates fundamental anti-money laundering principles: Customer Due Diligence: Processing gambling-related transactions without proper risk assessment Transaction Monitoring: Failure to identify and report suspicious gambling-related transaction patterns Beneficial Ownership: Obscuring the true nature of cryptocurrency purchases for gambling purposes Record Keeping: Inadequate documentation of cryptocurrency end-use and beneficial ownership Service Provider Authorization Violations:UtPay’s cryptocurrency service provider license authorizes legitimate crypto commerce, not facilitation of illegal gambling operations. Using legitimate licensing to enable prohibited activities violates Lithuanian regulatory requirements. EU-Wide Payment Service Violations Payment Services Directive (PSD2) Violations: Transparency Requirements: Concealing the true nature of payment transactions from consumers Consumer Rights: Eliminating dispute resolution and refund mechanisms through transaction misrepresentation Risk Management: Failing to implement appropriate risk controls for high-risk gambling payments Anti-Money Laundering Directive Violations: Enhanced Due Diligence: Inadequate scrutiny of high-risk gambling-related cryptocurrency transactions Suspicious Transaction Reporting: Failure to identify and report patterns consistent with money laundering through gambling operations Record Keeping: Insufficient documentation of transaction purposes and beneficial ownership Gambling Regulation Violations Unlicensed Gambling Facilitation:UtPay systematically enables unlicensed gambling operations across multiple jurisdictions where such activities are prohibited: European Union: Facilitating gambling deposits for operations lacking national licensing United Kingdom: Processing payments for unlicensed operators prohibited under UKGC regulations Additional Jurisdictions: Enabling deposits for casinos operating illegally across global markets Consumer Protection Circumvention:The scheme deliberately circumvents gambling-specific consumer protections including: Deposit limits and cooling-off periods Self-exclusion enforcement mechanisms Responsible gambling interventions Problem gambling identification and support systems Network Analysis: UtPay’s Offshore Casino Ecosystem Documented UtPay Integration Partners FinTelegram’s investigation has identified UtPay payment processing integration across multiple offshore gambling operations beyond Kingdom Casino: Confirmed Integration Partners:Based on technical analysis and transaction flow documentation, UtPay provides payment processing services to numerous offshore gambling operators employing identical deceptive methodologies. Common Operational Patterns: Curaçao or Anjouan gambling licensing (minimal regulatory oversight) Operations in prohibited jurisdictions without local authorization Use of stealth domains to obscure payment processor relationships Identical “crypto purchase” deception schemes to eliminate consumer protections Targeting of European, UK, and regulated markets without proper licensing Scale Assessment:Given UtPay’s reported revenue figures and the high-volume nature of offshore gambling transactions, the company likely processes millions of euros in disguised gambling deposits annually across its casino partner network. Stealth Domain Infrastructure Analysis greenpayway.com and pay2prom.com:These domains serve exclusively as payment gateway redirects with zero corporate transparency: No Corporate Information: No company registration, ownership disclosure, or contact information No Public Website: Domains exist solely for payment processing redirects No Consumer Recourse: Players cannot identify or contact the actual payment processor Regulatory Evasion: Structure designed to obscure payment processing relationships from regulators and consumers This infrastructure represents a sophisticated compliance evasion mechanism enabling offshore casinos to obscure their payment processing relationships while maintaining access to regulated payment methods. UtPay Crypto Payment Scheme – Complete Entity MappingCategoryDetailsPrimary Casino OperatorKingdom Casino (kingdomcasino.io) – Unlicensed offshore gambling operationStealth Payment Domains – greenpayway.com (no corporate disclosure) – pay2prom.com (no corporate disclosure) Purpose: Obscure payment processor identity from players and regulators Crypto Payment Processor UtPay – Website: utpay.io – Payment Interface: app.utpay.io – Terms: utpay.io/terms-of-use – FAQ/KYC Policy: utpay.io/faq Legal EntityUAB “Utrg” (Lithuania)Key Personnel – Andrius Atkočaitis – Registered Manager – Edgar Fukalov – Key operational figure – Associated with UTORG network Regulatory StatusLithuanian Cryptocurrency Service Provider LicenseRelated Corporate NetworkUTORG LABS HOLDING LTD (Abu Dhabi), Quicko Sp. z o.o. (Poland) – European debit card servicesUTORG (utorg.pro) – Related crypto service providerDeception Mechanism – Pre-checked consent: “I agree to buy crypto and send it to specified address” – Hidden conversion: EUR deposit becomes crypto purchase – Consumer protection elimination: No chargeback/refund rights for “crypto purchase” – AML evasion: Gambling deposit disguised as legitimate crypto commerce Regulatory Violations – Lithuanian AML/KYC compliance failures – EU Payment Services Directive (PSD2) violations – Unlicensed gambling facilitation across multiple jurisdictions – Consumer protection circumvention – FATF anti-money laundering standard violations Risk Assessment EXTREMELY HIGH – Systematic money laundering facilitation – Consumer protection elimination – Regulatory evasion across multiple jurisdictions – No consumer recourse mechanisms Investigation Status FinTelegram Active Investigation – Part of Crypto Payment Processor Watch series – Evidence documented from Kingdom Casino review – Screenshots obtained of deceptive payment flow – Whistleblower intelligence sought via Whistle42 This sophisticated scheme exploits the regulatory gap between Lithuanian cryptocurrency licensing and gambling regulation, using Skrill+RAPID as the final payment method while disguising EUR casino deposits as “cryptocurrency purchases” to eliminate consumer protections and enable money laundering for offshore gambling operations. Consumer Harm and Financial Crime Risks Systematic Consumer Protection Elimination Chargeback and Dispute Resolution Denial:The “crypto purchase” deception eliminates fundamental consumer protection mechanisms: Credit Card Chargebacks: Banks refuse chargebacks for “legitimate” cryptocurrency purchases Banking Dispute Resolution: Standard banking dispute procedures inapplicable to crypto commerce Regulatory Complaints: No gambling-specific complaint mechanisms available for “crypto purchases” Legal Recourse: Civil litigation complicated by transaction mischaracterization Vulnerable Player Exploitation:The scheme systematically exploits gambling addiction vulnerabilities: Self-Exclusion Circumvention: Gambling blocks defeated through “crypto purchase” processing Deposit Limit Evasion: Banking-based gambling controls bypassed through crypto conversion Addiction Intervention Prevention: Payment patterns hidden from gambling addiction support systems Money Laundering Facilitation Layering and Integration Services:UtPay’s model provides sophisticated money laundering capabilities: Stage 1 – Placement: Illicit funds deposited as “legitimate” cryptocurrency purchases Transaction appears as standard crypto commerce in banking records Source identification obscured through legal classification manipulation Stage 2 – Layering: Funds converted through multiple cryptocurrency transitions Complex multi-domain payment flows obscure transaction tracing Gambling activity provides legitimate-appearing fund mixing mechanism Stage 3 – Integration: “Winnings” withdrawn as apparently legitimate gambling proceeds Clean cryptocurrency or fiat withdrawals complete money laundering cycle Regulatory oversight defeated through transaction mischaracterization Criminal Organization Applications:The scheme enables systematic money laundering for organized crime, terrorism financing, tax evasion, and corruption proceeds through offshore gambling operations. International Regulatory Implications Lithuanian Regulatory Failures Insufficient Oversight:Lithuania’s cryptocurrency regulation framework lacks adequate controls for preventing gambling-related abuse: Limited Transaction Monitoring: No specific controls for identifying gambling-related cryptocurrency transactions Inadequate Due Diligence: Customer due diligence standards insufficient for high-risk gambling applications Enforcement Gaps: Regulatory enforcement mechanisms inadequate for complex international schemes Cross-Border Coordination: Limited coordination with gambling regulators in destination markets Regulatory Arbitrage Exploitation:UtPay exploits regulatory gaps between cryptocurrency oversight (Lithuanian authorities) and gambling regulation (absent for offshore operators) to facilitate systematic law violations. European Union Regulatory Challenges Cross-Border Enforcement Difficulties:The scheme exposes systematic weaknesses in EU cross-border financial crime enforcement: Jurisdictional Complexity: Multiple EU member states lack coordination for complex cross-border schemes Regulatory Specialization: Cryptocurrency regulators lack gambling industry expertise and vice versa Enforcement Resources: Limited resources for investigating sophisticated multi-jurisdictional schemes Legal Framework Gaps: Existing regulations inadequate for hybrid crypto-gambling operations Payment Network Vulnerability:The scheme demonstrates how legitimate EU payment infrastructure can be weaponized for financial crime through regulatory arbitrage. Global Anti-Money Laundering Implications FATF Standards Violations:UtPay’s operations violate multiple Financial Action Task Force recommendations: Recommendation 1: Risk assessment failures for gambling-related cryptocurrency services Recommendation 8: Non-profit organization abuse through gambling charity schemes Recommendation 15: Virtual asset service provider compliance failures Recommendation 28: Beneficial ownership transparency violations International Cooperation Requirements:The case demonstrates urgent need for enhanced international cooperation between cryptocurrency regulators and gambling authorities to prevent similar schemes. Comparative Analysis: Industry Context Offshore Gambling Payment Processing Evolution Historical Context:The UtPay model represents evolution in offshore gambling payment processing methodologies: Generation 1 (2000-2010): Direct credit card processing through high-risk merchantsGeneration 2 (2010-2020): Third-party payment processors and e-wallet systemsGeneration 3 (2020-Present): Cryptocurrency conversion schemes and regulatory arbitrage Sophistication Advancement:Current schemes demonstrate significantly increased sophistication in regulatory evasion, consumer deception, and law enforcement avoidance compared to historical methods. Payment Processor Compliance Standards Legitimate Industry Standards:Regulated payment processors implement comprehensive compliance controls: Transaction Monitoring: Real-time identification of gambling-related transactions Merchant Due Diligence: Extensive vetting of gambling merchant licensing and regulatory status Consumer Protection: Maintenance of chargeback, dispute resolution, and refund mechanisms Regulatory Cooperation: Active coordination with gambling regulators and law enforcement UtPay Comparative Failures:UtPay’s operations systematically violate industry best practices and regulatory requirements, demonstrating deliberate compliance evasion rather than oversight failures. Conclusion and Industry Impact Systemic Risk Assessment The UtPay-Kingdom Casino scheme represents a significant evolution in offshore gambling regulatory evasion, demonstrating how legitimate EU financial infrastructure can be systematically weaponized for large-scale financial crime. The sophistication of the deception mechanism, combined with the regulatory arbitrage exploitation, poses fundamental challenges to consumer protection, anti-money laundering enforcement, and gambling regulation effectiveness. Critical Risk Factors: Consumer Protection Elimination: Systematic removal of fundamental consumer protection mechanisms through transaction mischaracterization Money Laundering Facilitation: Sophisticated money laundering capabilities through crypto conversion schemes Regulatory Evasion: Successful circumvention of gambling regulations through cryptocurrency licensing arbitrage International Scope: Cross-border operations defeating national regulatory enforcement mechanisms Call for Information FinTelegram urgently seeks additional intelligence from industry insiders, current and former employees, affected consumers, and regulatory personnel regarding: Share Information via Whistle42 This report is part of FinTelegram’s Crypto Payment Processor Watch series, investigating the role of cryptocurrency service providers in facilitating offshore gambling operations and financial crime. For previous reports and ongoing investigations, visit FinTelegram.com.

A law enforcement raid targeting Northern Data AG, a Frankfurt-listed technology firm backed by Tether Holdings SA, occurred in late September 2025. The operation was led by German prosecutors and involved multiple European agencies, with a focus on Northern Data’s offices and related facilities. Here is our report. Purpose and Context Prosecutors are investigating whether Northern Data misrepresented the use of roughly €500 million (about $586 million) worth of NVIDIA AI chips. The alleged issue centers on whether the chips, which the company claimed would be used for artificial intelligence and cloud computing (eligible for tax breaks), were actually employed for cryptocurrency mining at their Swedish site. This type of misrepresentation could constitute tax fraud, since Sweden ended tax incentives for crypto mining but maintained them for data center AI operations starting in 2023. Tether’s Role Tether Holdings SA, issuer of the USDT stablecoin, is the majority shareholder in Northern Data. Although named in reports due to its investment, Tether stated it is not involved in Northern Data’s day-to-day management and was unaware of the investigation prior to the raid. Tether clarified that Northern Data represents only a small part of its diverse investment portfolio, with no direct operational overlap. Historical and Industry Implications Northern Data previously focused on cryptocurrency mining but began shifting toward AI and cloud computing in response to changing energy costs and regulatory pressures. The raid is part of a broader crackdown following accusations about past governance, including fraud and tax evasion allegations from former directors, which were previously withdrawn. The scrutiny reflects heightened regulatory risks at the intersection of digital asset infrastructure and emerging AI tech, especially for companies with crypto origins now seeking to rebrand as AI service providers. Summary Table AspectDetailsTarget CompanyNorthern Data AG (Frankfurt-listed, Tether-backed)Date of RaidLate September 2025JurisdictionGerman and European Prosecutors (site in Sweden), Frankfurt prosecutorsCore AllegationMisuse of €500 million tax incentives — AI chips used for crypto miningImplication for TetherInvestor, not operational manager; not part of investigation’s substanceSector ImpactIncreased scrutiny for crypto/AI infrastructure firms in EuropeOngoing StatusFurther prosecutorial details expected; company’s stock affected This raid underscores both the regulatory and operational risks at the convergence of crypto investment and AI infrastructure in Europe. Share Information via Whistle42