At first glance, Payvision may look like an old scandal from the binary-options era. It is not. A newly reviewed EFRI dossier argues that Payvision did not merely sit in the background as a payment processor, but allegedly helped build, adapt, and preserve the payment rails that kept the Lenhoff/Barak fraud factories running. That matters now because the fallout is still alive: EFRI is pursuing claims in Amsterdam, criminal-file materials continue to be re-evaluated. The wider U.S. and T1/Payvision angle shows that similar allegations about European shell structures and high-risk processing also surfaced in U.S. litigation. Key Findings The dossier supports a “knowing facilitation” theory, not just a “missed red flags” theory. It says Payvision’s role went beyond technical processing and extended to merchant setup, MID migration, settlement continuity, and operational stabilization. Booker’s own reported statements are central. According to the dossier, he acknowledged knowledge of the real beneficial owners, the binary-options/CFD/crypto environment, extreme chargeback levels, and 273 suspicious transaction reports filed between August 2016 and January 2019. The MCC issue is explosive. The dossier says Payvision used MCC 6211 for platforms that allegedly lacked the required MiFID authorization, while also accepting MOTO/CNP flows and shell-merchant structures. The commercial-motive argument is plausible. The dossier ties scam-linked volume to fees, cash flow, and growth, and notes ING’s acquisition of 75% of Payvision at a reported €360 million valuation. There is external reinforcement for the control-failure narrative. ING has publicly stated that the Dutch criminal investigation into Payvision concerned conduct dating from before ING acquired the company, and ING’s disclosures noted the April 2024 Dutch-authorities decision to resolve that criminal investigation. The U.S. angle matters. Public Nevada records show Payvision B.V. was named as a defendant in Ibuumerang v. T1 Payments, alongside T1, Donald Kasdon, Amber Fairchild, and Pixxles. The Payvision Dossier There are processors that miss red flags. And then there are processors that, if the record holds up, look like they helped keep the scam machine humming. The Scam Infrastructure Facilitator That is the core force of the EFRI dossier. It does not describe Payvision as a passive bystander that got fooled by clever merchants. It describes Payvision as an allegedly active infrastructure partner in the Lenhoff/Barak ecosystem: a company that knew what kind of business it was processing, knew who stood behind the front entities, knew the fraud and chargeback metrics were terrible, and still kept the rails open. Read our reports on Payvision here. The dossier starts from a large and ugly factual base. It says German and Austrian criminal investigators identified a fraud complex involving platforms such as optionstars/global, xtraderfx, safemarkets, goldenmarkets, option888, xmarkets, tradovest, tradeinvest90, and zoomtrader/global, harming 59,345 European consumers for roughly €340 million between September 2015 and the January 2019 arrests. It identifies Payvision B.V. and its sister Acapture B.V. as the principal payment-service providers for those systems. FinTech Cowboys and Co-Conspirators Payvision Fintech Cowboys Rudolf Booker and Gijs op de Weegh Then the dossier gets more dangerous for Payvision. It says the company’s role did not stop at taking cards and sending money onward. It says the files document participation in setting up, adjusting, and continuing merchant and settlement structures. That is the difference between “processor” and “operator’s enabler.” If true, Payvision was not just near the fraud. It was allegedly helping preserve its plumbing. The material on the former Payvision CEO Rudolf Booker is especially damaging. According to the dossier, Booker confirmed that Payvision knew the connected platforms were offering binary options, and later CFD/crypto-related products, to retail customers; knew Lenhoff and Barak were the real economic actors behind formally different merchants; saw chargeback rates ranging from 2% up to 20% per month; and filed 273 FIU reports for possible money laundering or terrorist financing. That is not the profile of an ordinary merchant book. It is the profile of a business relationship screaming for shutdown. And yet the dossier says the business continued. The MCC 6211 Issue The MCC 6211 issue matters much in the Payvision scheme. The dossier says Payvision used a code associated with licensed broker or securities activity even though the connected platforms allegedly lacked the necessary MiFID authorization. It also says Payvision accepted MOTO flows and shell-style merchant structures that distorted the true risk and regulatory profile of the underlying activity. If accurate, that is not just sloppy compliance. It is a processing architecture that allegedly made dirty business look cleaner than it was. The dossier also offers a motive. It notes that ING bought 75% of Payvision at a reported €360 million valuation in early 2018 and argues that the high-risk volumes tied to Lenhoff/Barak were commercially meaningful. More volume meant more fees, more growth, and a better valuation story. That inference is commercially plausible even where intent remains contested. The T1 / U.S. Angle The dossier explicitly says similar allegations surfaced in U.S. cases between 2019 and 2022, including allegations that Payvision helped merchants build European company structures to obtain card-processing access. That matters because it shows the EFRI theory is not some one-off Austrian or German complaint. It echoes a broader pattern. Public Nevada records support that broader picture. In Ibuumerang, LLC v. T1 Payments LLC et al., Payvision B.V. was named as a defendant alongside T1 Payments LLC, T1 Payments Limited, TGlobal Services Limited, Donald Kasdon, Amber Fairchild, and Pixxles, Ltd. Public records do not clearly disclose the settlement terms for Payvision or ING in that U.S. case. What it does show is that the case existed, that Payvision was inside the T1 litigation orbit, and that later T1 bankruptcy materials treated the U.S. litigation landscape as part of the wider post-collapse fallout. So it is safe to state: Payvision was sued in the U.S. in the T1 orbit, and the public record supports that this litigation was later resolved or dismissed without publicly visible settlement detail in the materials reviewed. That is enough to make the editorial point: the allegation that Payvision allegedly helped structure European wrappers for high-risk underlying business was not confined to the Lenhoff/Barak files. It also showed up in U.S. litigation connected to T1 Payments. FinTelegram Take The dossier’s real punch is simple. It does not depict Payvision as a processor that merely failed to act fast enough. It depicts Payvision as a company that allegedly helped industrialize the payment rails of fraud — and kept doing so while the warning lights flashed red. If that reading of the files is right, then Payvision’s role was not incidental. It was infrastructural. And that is exactly why this is a hot case again. Whistle42 CTA FinTelegram invites whistleblowers, former Payvision staff, merchants, compliance officers, and victims with information on Payvision, Rudolf Booker, ING, T1 Payments, or related merchant structures to contact us via Whistle42. Confidential submissions help expose the payment architecture behind cyberfinance fraud. Share Information via Whistle42

The Court of Justice of the European Union has delivered a brutal blow to the cross-border online casino model. In Case C-440/23, European Lotto and Betting and Deutsche Lotto- und Sportwetten, the CJEU ruled on 16 April 2026 that EU law does not stop a Member State from banning certain online gambling services even when the operator is licensed in another EU country such as Malta. Worse for the casino industry, the Court also confirmed that those illegal offers may carry civil-law consequences: the gambling contract may be treated as void, and players may sue to recover their losses under national law. For the Malta casino crowd, this is more than a legal setback. It is a crack in the business model. Key Findings The CJEU held that EU law does not preclude a Member State from prohibiting certain online gambling services that are licensed in another Member State. The Court said such prohibitions may legitimately pursue consumer protection, prevention of gambling addiction, protection of social order, and channeling gambling into controlled circuits. The judgment confirms that a later shift to a licensing model, such as Germany’s 1 July 2021 reform, does not retroactively wipe out the earlier prohibition. The Court also held that EU law does not preclude nullity of the gambling contract and civil restitution claims for losses incurred under the prohibited regime. The reference arose from a dispute involving Malta-licensed operators whose services were accessible in Germany, where a player incurred losses between June 2019 and July 2021 and sought recovery. Compliance Analysis The Malta excuse just took a hit For years, the offshore casino pitch was simple: we are licensed in Malta, we are in the EU, therefore we are legitimate. That line has now taken a serious beating. In C-440/23, the CJEU made clear that a gambling licence in one Member State does not act like an EU passport for online casinos targeting consumers in more restrictive jurisdictions. Gambling remains an area without full EU harmonization, and Member States still have broad room to decide how far they want to go in restricting online casino products. That is the core message: Malta licensing does not neutralize German law, or any other national law that validly bans the product. What the case was really about The case involved European Lotto and Betting Ltd and Deutsche Lotto- und Sportwetten Ltd, two companies licensed by the Malta Gaming Authority. Their online services were available in Germany. Between June 2019 and July 2021, a Germany-based player used those services and lost money. During that period, German law still broadly prohibited certain online games of chance, including the products at issue in the case, before the later reform that took effect on 1 July 2021. The player’s claim ended up before a Maltese court, which asked the CJEU whether EU law — especially the freedom to provide services — blocked Germany from maintaining that prohibition and from attaching civil consequences to it. The Court’s answer was effectively: No. It does not. The Court did not blink The judges accepted the standard anti-gambling arguments that regulators love and operators hate: online gambling can create particular risks because it is available continuously, takes place in isolation, reduces social control, may encourage excessive frequency of play, and can be especially dangerous for vulnerable persons and younger users. On that basis, the Court said Member States can try to channel gambling into supervised structures and suppress parallel markets. That matters because it kills the lazy narrative that national restrictions are automatically protectionist or anti-single-market nonsense. The Court did not buy that. The real bomb: players may sue for the money back This is the part that will terrify the illegal-casino ecosystem. The CJEU expressly said EU law does not preclude national rules under which gambling contracts concluded in breach of the prohibition are void, and under which players may bring civil actions to recover lost stakes. The final mechanics still depend on national law, of course. But the big EU-law umbrella defense has been badly damaged. That means operators can no longer wave the EU flag and pretend that player restitution cases are obviously incompatible with the single market. The Court just made clear they are not. The German reform did not save the old conduct One of the casino industry’s favorite talking points has been that Germany moved to a regulated licensing regime on 1 July 2021, so the earlier prohibition must have been defective, obsolete, or incompatible with EU law. The CJEU rejected that shortcut. A later policy change does not automatically invalidate the earlier ban. That is devastating for operators facing claims tied to the pre-July-2021 period. They cannot simply say: Germany later legalized parts of online gambling, therefore our earlier German-facing operations were fine all along. The Court did not give them that escape route. What this means for players at illegal casinos Players should not misunderstand the ruling. This is not an automatic jackpot. The Court did not say every player in every EU country automatically gets every euro back. What it did say is far more useful in practice: where a Member State validly prohibited the gambling offer, and where national law allows nullity and restitution, EU law does not stand in the way. That is a strong pro-player result. It strengthens claims by players who lost money with operators targeting them during periods when the relevant products were prohibited in their home market. It also weakens the industry line that the player’s mere use of a foreign-licensed site is enough to label the claim abusive. The Court indicated that foreign licensing alone is not enough to prove abuse of rights under EU law. In plain English: players at illegal casinos now have a clearer EU-law runway to sue for restitution, if their national law supports it. Why this matters beyond the operators This ruling is bad news not just for the casinos themselves, but for the entire support system around them. If the underlying gambling offer can be treated as unlawful and the contract can be voided, then the legal and compliance heat rises for everyone riding that traffic: payment processors, open-banking providers, affiliate networks, merchant acquirers, payment agents, KYC vendors, and platform intermediaries. That broader implication is an inference rather than an express holding of the Court, but it follows naturally from the Court’s acceptance that illegal online gambling can produce real civil-law fallout. For FinTelegram’s long-running work on illegal casinos and payment rails, this is exactly the point. Once the operator’s legal footing weakens, the payment chain starts to look much more dangerous too. FinTelegram Take This is a serious defeat for the Malta casino defense industry. The CJEU did not abolish cross-border online gambling. But it did demolish the lazy fiction that a Malta licence magically disinfects gambling offers aimed at consumers in restricted markets. It also handed players and claimant lawyers a much stronger weapon: EU law is no longer the easy shield operators hoped it would be when players sue for losses from illegal offers. For years, the offshore gambling crowd sold the same line to PSPs, banks, service providers, and maybe even themselves: licensed in Malta, therefore legitimate in Europe. The Court has now reminded them that Europe does not work that way. National gambling law still bites. And when it bites, it can bite hard. Conclusion The ruling in C-440/23 is one of the most important recent judgments in the EU online gambling fight. It confirms that Member States may ban certain online casino and gambling products despite foreign EU licences, may preserve the civil effects of those bans, and may allow players to pursue recovery of losses under national law. For illegal-casino operators, this is a warning shot. For players, it is an opening. For the payment and compliance ecosystem surrounding offshore gambling, it is a message that the risk perimeter around illegal casino flows has just expanded. If you have internal documents, legal memos, payment-routing files, merchant onboarding records, or compliance reports relating to illegal EU-facing online casinos, send them securely to Whistle42.

A new whistleblower submission reviewed by FinTelegram adds fresh fuel to the Yapily-Klyme case. The material includes a deposit ledger, complaint emails, and a payment-flow screen capture showing Mega.bet using a Klyme-branded “Pay by Bank” rail with Immix Solutions Ltd named as payee. The emerging picture is ugly: a player’s money appears to have moved through a layered structure involving a UK technology intermediary, a Cyprus payment-agent-style entity, and a Lithuanian beneficiary account, while Yapily remains the obvious regulated open-banking name in the background. Yapily openly markets pay-by-bank solutions to the iGaming industry, and the Bank of Lithuania confirms its Lithuanian entity holds a payment institution licence. Key Findings A new whistleblower package reviewed by FinTelegram shows repeated deposits from a Dutch ABN AMRO account to IBAN LT53 5030 1200 0000 0804, indicating a recurring collection account rather than a one-off payment event. A still from the player’s own payment video shows Mega.bet displaying “Pay by Bank” powered by Klyme and naming Immix Solutions Ltd as the payee. In the correspondence provided by the player, Klyme allegedly admits the merchant relationship existed, that transactions ran during the relevant period, and that the merchant was later terminated. Klyme reportedly first gave the player a wrong termination date and later corrected it to 7 April 2025, a discrepancy that raises further questions about merchant oversight and complaint handling. Yapily Connect UAB is listed by the Bank of Lithuania as a licensed payment institution. Yapily openly promotes open-banking products for iGaming operators and PSPs, including pay-by-bank deposit flows. Immix Solutions Ltd publicly presents itself as a Cyprus-based payment-services business offering settlement, escrow, and payment processing. Compliance Analysis The first FinTelegram report on the Yapily leaks exposed a disturbing theme: instead of treating an offshore-casino complaint as a red-flag merchant-risk issue, Yapily’s compliance handling appeared to focus on the complaining user. According to that report, an internal email instructed partner Klyme to blacklist the whistleblower rather than confront the illegal-gambling problem head-on. Read our Yapily reports here. Now comes the follow-up evidence. And it makes the whole thing look worse. The new whistleblower package contains exactly the kind of material that matters in rail investigations: transaction data, complaint correspondence, and front-end payment proof. The player’s deposit ledger shows repeated payments from her Dutch bank account to LT53 5030 1200 0000 0804 across late 2024 and March 2025. That is not what an isolated accidental consumer payment looks like. It looks like a working deposit rail. The payment screenshot is the real grenade. It shows Mega.bet running a “Pay by Bank” screen powered by Klyme, with Immix Solutions Ltd listed as the payee. That single image blows a hole in any attempt to treat Klyme as a distant, irrelevant bystander. If Klyme’s brand appears in the payment journey and a Cyprus payments outfit appears as payee, then this was not some abstract software relationship. This was a visible and operational payment chain. And then there is Immix Solutions Ltd. The whistleblower herself did not even highlight Immix in her email. But the screenshot did. Publicly available material at immix.pro presents Immix Solutions as a Cyprus-based payments business offering settlement, escrow, and payment processing services. In plain English: the kind of entity you would expect to find sitting inside a layered, hard-to-read collection structure. So what do we appear to have here? A player deposits into an offshore-style casino environment. The customer-facing rail is branded Klyme. The payee shown is Immix Solutions Ltd in Cyprus. The beneficiary trail points to a Lithuanian account. And hanging above all of this is Yapily, a regulated open-banking player that openly courts the iGaming sector and promotes pay-by-bank solutions precisely for that market. That does not prove that Yapily personally touched every euro in this exact chain. It does prove something more uncomfortable: the whistleblower’s basic story is commercially and structurally plausible. Yapily cannot pretend that iGaming use of its rails is some bizarre edge case. The company itself says it helps iGaming operators and PSPs “win more operators,” streamline onboarding, support top-ups, and deploy open-banking payment flows in gambling environments. The Lithuanian angle matters too. The Bank of Lithuania publicly lists Yapily Connect UAB as a licensed payment institution. The central bank also previously announced the licensing of Yapily’s Lithuanian vehicle, explaining that the business intended to offer open-banking payment services in Lithuania after Brexit. That is why the regulatory optics here are so bad. When a regulated open-banking player actively markets iGaming solutions, and when whistleblower evidence then points to offshore-casino deposit flows routed through a Klyme-branded widget, a Cyprus payee, and a Lithuanian account, this stops being a whiny player dispute. It becomes a merchant-control and rail-governance problem. Klyme’s reported emails add another ugly wrinkle. In the correspondence provided by the whistleblower, Klyme allegedly said the merchant had been onboarded under its infrastructure, later breached terms, and was terminated. Klyme also reportedly first gave the wrong termination date and later corrected it to 7 April 2025. If that correspondence is authentic, then Klyme has already conceded the critical point: there was a merchant relationship, there was oversight, and there was later intervention. That makes the “we are only a technology provider” line sound less like a defense and more like a shield. To be clear, FinTelegram is not saying Klyme or Yapily automatically owe the player a refund. That is the weakest part of the whistleblower’s legal argument. Payment rails are not automatically refund guarantors. But that is also not the real story. The real story is this: A player complaint appears to have exposed an offshore-gambling deposit rail that ran through branded open-banking plumbing, a Cyprus payee, and a Lithuanian banking endpoint — and the firms in the chain seem far more comfortable disclaiming responsibility than explaining the structure. That is the scandal. Why This Follow-Up Matters This case reinforces the pattern already exposed in the earlier Yapily report: when offshore-gambling complaints hit the payment chain, the response appears to drift toward damage control, distancing, and user management, instead of direct answers about merchant onboarding, downstream controls, geo-risk, and beneficiary routing. The new evidence also introduces a far more explosive angle: Immix Solutions Ltd. If a Cyprus payment-services business is appearing as payee inside a Klyme-powered Mega.bet deposit flow, then investigators need to know exactly what role it played. Collection merchant? Settlement agent? Payment agent? Shadow PSP layer? That is where the next round of scrutiny belongs. Summary Table Entities EntityTypeRole in CaseKey DataStatus / FinTelegram ViewYapily / Yapily Connectwww.yapily.comOpen-banking / payment institution groupAlleged regulated payment rail in the background of casino depositsPlayer says Yapily processed transactions and appears in GDPR dataCommercially plausible in iGaming context; direct role in each payment not yet fully evidenced from current attachments aloneKlyme Ltdhttps://klyme.ioUK technology / payment-flow intermediaryCustomer-facing “Pay by Bank” layer shown in Mega.bet payment flow“Powered by Klyme” visible in uploaded screenshotStrongly implicated in front-end payment journey; exact contractual role still needs clarificationShane Adam WilliamsDirector of KlymeMain named Klyme contact in player correspondenceAllegedly sent/approved responses stating Klyme was only a technology providerRelevant decision-maker in complaint handlingMega.betOffshore-style casino / sportsbookCasino directly evidenced in screenshotAppears in uploaded payment-flow stillStrongly evidenced in current fileLuckytwiceCasino mentioned by playerAdditional casino referenced in complaintMentioned in email chain onlyNeeds independent evidence before strong publication claimImmix Solutions LtdCyprus-based payment-services entityPayee shown in Klyme-powered Mega.bet payment flowVisible as “Payee: Immix Solutions Ltd” in uploaded screenshotImportant new rail entity; likely payment agent / settlement / collection function, exact role still openImmix.proWebsite / operating frontPublic-facing site for Immix SolutionsPresents settlement, escrow, and payment processing servicesSupports plausibility of payments roleLT53 5030 1200 0000 0804Lithuanian beneficiary IBANRepeated beneficiary account in player transaction ledgerAppears across multiple depositsCentral rail endpoint in current evidenceAB Mano bankasLithuanian bankLikely bank of beneficiary IBANBank code 50300 corresponds to Mano bankasUseful rail-mapping anchor; account holder still unknownChillstockName allegedly linked to beneficiary accountPossible merchant / collection / network nameMentioned by playerNot independently verified in current fileKasha Global Holding LTDName allegedly linked to beneficiary accountPossible related entityMentioned by playerNot independently verified in current file Questions That Now Need Answers Questions for Yapily Did Yapily Connect Ltd or Yapily Connect UAB provide payment-initiation or related infrastructure for flows connected to Mega.bet, Luckytwice, or linked merchants? What controls does Yapily apply when its infrastructure is used by PSPs or intermediaries serving offshore-gambling operators? Why did the earlier whistleblower case result in a blacklisting controversy instead of a fully transparent merchant-risk explanation? Questions for Klyme Did Klyme onboard the merchant behind the Mega.bet flow shown in the whistleblower material? Why did Klyme reportedly misstate the merchant termination date before correcting it? What exactly was Klyme’s role in the payment stack: gateway, orchestration layer, merchant-of-record support, or something else? What is Klyme’s relationship, if any, with Immix Solutions Ltd? Questions for Immix Solutions Ltd Why did Immix Solutions Ltd appear as payee in a Klyme-powered Mega.bet payment flow? Was Immix acting as payment agent, settlement intermediary, collection merchant, or another role? Which gambling or high-risk merchants was Immix servicing during the relevant period? Conclusion The new whistleblower submission does not close the case. It opens it wider. The combination of a Klyme-branded Mega.bet pay-by-bank flow, Immix Solutions Ltd as payee, a Lithuanian beneficiary account, and Klyme’s reported admission of a later-terminated merchant relationship turns this from a player grievance into a serious open-banking compliance story. And because Yapily openly promotes iGaming payment solutions while operating through regulated entities, the pressure now shifts to one simple question: Who knew what about this merchant flow, and why was the whistleblower treated like the problem? If you worked at Yapily, Klyme, Immix Solutions, or any PSP or banking partner involved in offshore-gambling flows, FinTelegram and Whistle42 want to hear from you. We are particularly interested in merchant onboarding files, KYB/KYC records, beneficiary-account documentation, internal escalations, geo-fencing decisions, and complaints-handling logs. Share Information via Whistle42

At first glance, T1 Payments may look like an old story from the heyday of binary options, high-risk MLM, and aggressive offshore processing. Its glory days as one of the major high-risk payment processors are long over. But the case is far from dead. Courts in the U.S. and Europe are still dealing with the wider fallout, including the role of its long-time partner Payvision. And now, fresh developments — from renewed U.S. litigation pressure and bankruptcy fallout to overdue accounts and revealing disclosures at Pixxles — are turning this supposedly closed chapter into a hot case once again. That is why Key Findings Pixxles is FCA-authorised as an Authorised EMI, making the quality and transparency of its disclosures especially important. The 2023 accounts identify Amber Fairchild as the ultimate controlling party and disclose material related-party balances and expenses with counterparties left unnamed. Those same accounts disclose £1,276,606 in other debtors paid to a company with a common shareholder and director, £618,765 in intermediary service fees paid to a company with a common shareholder and director, and £59,961 owed to one of the directors on an unsecured, interest-free, on-demand basis. Pixxles reported 2023 turnover of £1,886,496, a loss of £389,165, debtors of £3,359,951, and creditors due within one year of £3,968,629, ending the period with net liabilities rather than positive net assets. The 2023 accounts were filed only on 28 July 2025, and the next accounts for the period to 29 December 2024 are already several months overdue. Pixxles was also hit with a First Gazette notice for compulsory strike-off in March 2025 before that action was discontinued. In Nevada federal litigation, Pixxles Ltd, Pixxles LLC, Amber Fairchild, and Donald Kasdon remain tied to the New U Life case, where amended civil theft and federal RICO claims survived dismissal. As FinTelegram recently reported, the wider T1 Payments saga has entered a post-bankruptcy fallout phase, including renewed merchant-case pressure and a March 30, 2026 default judgment against T1 in related litigation. A Regulated EMI Sitting In The T1 Blast Radius There are routine small-company accounts, and then there are accounts that look like they were filed from inside a live legal minefield. Pixxles’ 2023 financial statements belong in the second category. On paper, Pixxles is a UK company authorised by the FCA as an Authorised Electronic Money Institution. In reality, the company sits inside a much darker story: the collapse of T1 Payments, the personal and corporate links around Donald Kasdon, the role of Amber Fairchild, and U.S. lawsuits that keep naming the same cluster of people and entities. That is what makes these accounts so important. They are not just a filing. They are a glimpse into a regulated payments company operating in the long shadow of a collapsed high-risk processing network. The Explosive Core: Large Related-Party Transactions, But No Real Names The 2023 accounts are revealing because they do not just show a loss-making regulated firm. They show a company with a balance sheet heavily exposed to related-party dynamics, while leaving readers largely in the dark about who those related parties actually are. In Note 20, Pixxles says that other creditors include £59,961 owed to one of the directors, unsecured, interest free, and repayable on demand. It also says that other debtors include £1,276,606 paid to a company with a shareholder and director in common, and that administrative expenses include £618,765 in intermediary service fees paid to a company with a common shareholder and director. The same note begins a further line on commission fees of £110…, but the uploaded XHTML cuts off before the full figure can be read. In Note 21, the accounts state plainly that “The ultimate controlling party is A Fairchild.” That is the heart of the story. The accounts disclose major insider-linked balances and expenses, but do not properly identify the counterparties. In a normal private company, that would already warrant scrutiny. In an FCA-regulated EMI operating under the shadow of U.S. lawsuits and bankruptcy fallout, it becomes a major transparency problem. The Numbers Behind The Red Flags The wider financial picture only sharpens the concern. Pixxles reported: Turnover: £1,886,496 Gross profit: £1,149,751 Administrative expenses: £1,538,916 Loss for the period: £389,165 On the balance sheet, the company reported: Debtors: £3,359,951 Creditors due within one year: £3,968,629 Net position: net liabilities rather than positive net assets This is not the profile of a comfortably ring-fenced regulated institution. It is the profile of a company whose finances appear deeply interwoven with others and whose short-term obligations weigh heavily on the business. That is precisely why the related-party note matters so much. The real issue is not whether such transactions exist. The real issue is who the counterparties were, what they were doing for Pixxles, whether the transactions were arm’s length, and whether the company depended on a wider insider-affiliate network to function. Amber Fairchild, Donald Kasdon, And The Wider Litigation Network Readers should not view the accounts in isolation. As FinTelegram recently reported in its latest T1 case note, the broader T1 Payments story has shifted from operating history to post-bankruptcy fallout. Nevada court records show that T1’s Chapter 7 case was treated as closed by June 10, 2025, that stayed merchant litigation restarted, and that one related action ended in a March 30, 2026 default judgment against T1. Pixxles sits squarely inside that same blast radius. In the New U Life litigation, the Nevada federal court’s September 29, 2024 order states that amended civil theft and federal RICO claims, including against Pixxles LLC and Pixxles LTD, survived dismissal. The order records that Kasdon, Fairchild, King, and the Pixxles entities moved to dismiss and lost at that stage. That does not establish liability, but it does show that the court found the pleadings sufficient for the case to continue. This is where the personal links become more than gossip. Pixxles’ own accounts say A Fairchild is the ultimate controlling party. U.S. litigation places Amber Fairchild in the same defendant and counterclaim-defendant constellation as Donald Kasdon and the Pixxles entities. The concern is therefore not merely that Fairchild and Kasdon were personally connected. The concern is that the company’s own financial disclosures, the corporate-control record, and the live U.S. litigation all point to a business whose true economic perimeter may be much wider than the face of the accounts suggests. Overdue Accounts And Administrative Stress Signals Then there is the timing problem. Companies House shows that the 2023 accounts were filed only on 28 July 2025 after a string of accounting-period changes. The next accounts, made up to 29 December 2024, were due by 24 January 2026 and remain overdue. That alone is a red flag for a regulated payments firm. But there is more. In March 2025, Pixxles was hit with a First Gazette notice for compulsory strike-off, only for that action to be discontinued days later. None of this proves misconduct by itself. But it is exactly the kind of administrative and reporting instability that regulators, claimants, and counterparties notice when they are trying to assess whether a regulated EMI is operating on a solid footing. What The Pixxles Accounts Really Tell Us So what do the 2023 Pixxles accounts actually tell us? They tell us that this is not a neat, self-contained EMI story. They tell us that a regulated payments company controlled by Amber Fairchild reported large balances and expenses linked to unnamed common-control counterparties, while the wider T1/Kasdon litigation machine kept running in the background. They tell us that the balance sheet looked stretched, the reporting cycle became erratic, and the next accounts are already late. And they tell us that anyone trying to understand the big picture — from T1 plaintiffs to regulators — should not read Pixxles as an isolated regulated firm, but as part of a wider, still-contested network. Latest Status Company: Pixxles LtdStatus: Active at Companies House; accounts overdue.Regulatory status: FCA-authorised Authorised Electronic Money Institution.Controlling party per 2023 accounts: A Fairchild2023 filing date: 28 July 2025Next accounts due: 24 January 2026 for the period made up to 29 December 2024; currently overdue.Key concern: large unnamed related-party balances and expenses disclosed in a regulated firm linked to live U.S. litigation around the T1/Kasdon network.Why it matters: readers can see signs of concentrated control, related-party opacity, late reporting, and litigation overlap — all at once. Boxed Explainer: What The Pixxles Related-Party Note Tells Us The most explosive part of the 2023 Pixxles accounts is not the loss figure. It is the related-party note. That note shows that Pixxles had substantial financial dealings with affiliates tied by common ownership or management, but it does not properly identify those counterparties. The company says it had £1.28 million in other debtors paid to a company with a shareholder and director in common and £618,765 in intermediary service fees paid to a company with a common shareholder and director. It also discloses a director-linked balance of £59,961, unsecured, interest-free, and repayable on demand. For FinTelegram, that is the real headline: a regulated EMI disclosing large insider-linked exposures while keeping the names in the shadows. In a litigation-heavy environment involving T1, Kasdon, Fairchild, and Pixxles, that is not a footnote. That is the story. Chronology 30 March 2026 — Related T1 litigation produces a default judgment against T1, reinforcing the post-bankruptcy fallout context around the wider network.FinTelegram is revisiting it now. 4 October 2018 — Pixxles Ltd incorporated in the UK. 15 June 2021 — FCA register shows Pixxles as an Authorised Electronic Money Institution. 29 September 2024 — Nevada federal court denies dismissal motions in T1 Payments v. New U Life and allows amended civil theft and RICO claims, including against Pixxles LLC and Pixxles LTD, to proceed. 25 March 2025 — Companies House issues a First Gazette notice for compulsory strike-off. 29 March 2025 — Strike-off action discontinued. 28 July 2025 — Pixxles files its full accounts made up to 28 October 2023. 24 January 2026 — Deadline for next accounts, made up to 29 December 2024. Accounts now overdue. Entity Map Entity / PersonRole in the StoryWhy It MattersPixxles Ltdwww.pixxles.comUK company and FCA-authorised electronic money institutionThe main subject of this report. Its 2023 accounts disclose large related-party balances and expenses with unnamed common-control counterparties, while its 2024 accounts are overdue.Amber FairchildDirector and ultimate controlling party of PixxlesIdentified in the 2023 accounts as the ultimate controlling party. Also appears in the U.S. litigation orbit alongside Donald Kasdon and the Pixxles entities.Donald KasdonFounder and former CEO of T1 PaymentsCentral figure in the wider T1 Payments story and the U.S. litigation and bankruptcy fallout. His connections to Pixxles and Amber Fairchild are part of the broader network readers need to understand.T1 PaymentsCollapsed U.S. high-risk payment processorThe core legacy entity in the story. Its bankruptcy and renewed litigation exposure provide the wider context for why Pixxles matters today.PayvisionFormer European processing partner of T1 PaymentsImportant because courts in the U.S. and Europe are still dealing with the wider T1/Payvision fallout, keeping the old case alive and relevant again.Pixxles LLC / Pixxles LTDRelated Pixxles entities named in U.S. litigationNamed in the Nevada New U Life litigation as part of the wider dispute constellation around T1 Payments, Kasdon, and related parties.New U LifeU.S. litigation counterpartyOne of the most important public court cases tying together T1 Payments, Donald Kasdon, Amber Fairchild, and the Pixxles entities.Gaia Ethnobotanical / Vida DivinaMerchant plaintiffs in related U.S. litigationTheir cases help show the post-bankruptcy fallout around T1 Payments, including the March 30, 2026 default judgment against T1. Call for Information FinTelegram invites whistleblowers, former employees, merchants, compliance officers, auditors, and counterparties with information on Pixxles, T1 Payments, Amber Fairchild, Donald Kasdon, or related entities to contact us via Whistle42. Confidential submissions help expose the structures, relationships, and payment flows hidden behind the formal corporate record. Share Information via Whistle42

The roughly $280 million Drift Protocol exploit is rapidly turning into a defining compliance test for the stablecoin sector. A proposed class action accuses the US stablecoin issuer Circle of standing by while attackers allegedly moved more than $230 million in stolen USDC through Circle-linked infrastructure instead of freezing the assets. The case strikes at the core of Circle’s regulatory narrative: if USDC is marketed as a controlled, compliance-friendly digital dollar, why was that control not used when it mattered most? Key Findings This is not just a DeFi hack story anymore. The Drift exploit has become a legal and compliance test of whether a centralized stablecoin issuer can escape responsibility when stolen assets move through infrastructure it controls or materially influences (Source: law360.com) Circle is being attacked at its weakest point: the gap between compliance branding and operational conduct. Plaintiffs allege that Circle had the technical ability and contractual discretion to intervene, but failed to do so while stolen USDC was allegedly routed through its Cross-Chain Transfer Protocol. (Source: circle.com) The proposed class action was filed on April 14, 2026. Public docket records identify the case as McCollum v. Circle Internet Group, Inc. et al. in the U.S. District Court for the District of Massachusetts. (Source: pacermonitor.com) Circle’s legal defense is clear, but politically and reputationally dangerous. The company says freezes should occur only under proper legal authority. Critics will read that as a polished way of saying that a “regulated” stablecoin issuer watched a live laundering event and chose not to act. (Source: circle.com) Circle’s own disclosures may undercut its public posture. Circle’s published USDC materials say it may block or freeze addresses in certain circumstances, giving plaintiffs room to argue that Circle was not powerless at all, but selectively passive. The case could reshape expectations for the entire stablecoin sector. Even if Circle defeats the complaint, courts, regulators, and counterparties may increasingly expect stablecoin issuers to maintain documented emergency-response standards for major thefts and tainted-flow events. Compliance Analysis The April 1, 2026 Drift Protocol exploit was one of the most significant DeFi thefts of the year. Public reporting places the loss at around $280 million to $285 million, and security analysis indicates that the attackers did not simply exploit buggy code. The incident appears to have involved privileged-access abuse, governance compromise, and social-engineering tactics. That distinction matters. This was not merely “protocol risk.” It was a failure of operational control and trust architecture. (Source: chainalysis.com) Now Circle has been dragged into the fallout. Not because it caused the exploit, but because it allegedly did nothing meaningful once the stolen assets began moving through USDC rails. According to public reporting and court summaries, the plaintiffs’ theory is that Circle allowed attackers to move more than $230 million in stolen USDC through its Cross-Chain Transfer Protocol instead of freezing or blocking those flows. That is the crucial escalation. The legal spotlight has moved from the hack itself to the conduct of a centralized infrastructure provider in the middle of a live post-theft asset-movement event. (Source: law360.com) That makes this case highly relevant from a FinTelegram compliance perspective. Circle does not position USDC as a censorship-resistant, uncontrollable asset in the pure crypto-anarchist sense. On the contrary, Circle has long marketed itself as the respectable, regulated, institution-ready face of stablecoins. It wants the trust premium that comes with control, compliance, and recoverability. But that branding starts to unravel when a major exploit unfolds in real time and the issuer’s answer is effectively that it could not intervene without the right legal paperwork. Circle’s public response is built on due process. The company argues that freezes must be grounded in lawful authority and not in social-media pressure, market outrage, or improvised demands during an unfolding crisis. That position is legally intelligible. No serious financial institution wants to become an ad hoc private court deciding ownership disputes on the fly. But Circle’s reliance on due process creates a deeper compliance problem: it suggests that the stablecoin issuer is happy to emphasize control when selling trust, yet reluctant to accept responsibility when that control becomes operationally inconvenient. (Source: circle.com) This tension becomes sharper because Circle’s own public documentation appears less absolute than its post-incident messaging. In its USDC risk disclosures, Circle states that it may block certain addresses and freeze USDC in certain circumstances, including where it determines addresses are associated with illegal activity. That is not the language of a helpless bystander. It is the language of a party that reserves meaningful intervention rights. Plaintiffs will almost certainly use that language to argue that Circle had both technical capacity and documented discretion, but simply chose not to use them in a timely way. The architecture of Circle’s Cross-Chain Transfer Protocol adds to that exposure. CCTP is not merely a passive third-party bridge sitting outside Circle’s sphere. It is Circle-linked infrastructure built around burn-and-mint mechanics and attestation processes. That allows plaintiffs to frame Circle not as a distant issuer whose token happened to be used, but as a participant sitting at a critical chokepoint in the movement of allegedly stolen assets from Solana into Ethereum. That may not be enough, on its own, to establish liability. But it is more than enough to make Circle’s “we are not the relevant actor here” position look fragile. (Source: developers.circle.com) From a compliance-policy standpoint, the real issue is no longer whether Circle had a perfect legal duty to freeze. The real issue is whether a stablecoin issuer can continue to claim the benefits of central control while disowning the burdens that inevitably come with it. A company that can freeze, block, attest, and control redemption cannot credibly present itself as both highly governed and operationally neutral at the same time. The market, regulators, and increasingly the courts will force a choice. To be clear, Circle still has serious defenses. It did not execute the theft. The plaintiff will face hurdles on duty, causation, knowledge, and class certification. Courts may be reluctant to create a sweeping obligation for stablecoin issuers to act as universal recovery agents every time stolen assets touch their systems. But even if Circle wins in court, it may still lose the larger argument. The case has already exposed the compliance contradiction that sits at the center of the stablecoin industry’s institutional pitch. Conclusion The proposed class action against Circle is aggressive, but it is not frivolous. It forces an overdue question onto the table: when a “regulated” stablecoin issuer has visibility, discretion, and technical leverage over tainted flows, at what point does inaction stop looking like legal restraint and start looking like compliance failure? The Drift case may not produce an immediate precedent, but it already marks a turning point. The liability perimeter around stablecoin issuers is moving outward. Circle is simply the first major issuer being forced to test it in court. Call for Information FinTelegram is investigating the post-hack conduct of stablecoin issuers, DeFi infrastructure operators, and cross-chain settlement providers. Insiders, compliance staff, law-enforcement contacts, counterparties, and affected users with information about USDC freezing practices, incident-response protocols, or asset-movement decisions are encouraged to submit information securely via Whistle42. Share Information via Whistle42

The latest public record around U.S. high-risk processor T1 Payments and its founder and former CEO Donald Kasdon points not to a comeback, but to a deepening post-collapse aftermath. Court records show that T1’s Chapter 7 bankruptcy was treated as closed by June 10, 2025, that stayed merchant cases began moving again, and that one related action ended in a March 30, 2026 default judgment against T1. At the same time, Kasdon remains tied to the still-active New U Life litigation in Nevada. Key Findings T1’s Chapter 7 bankruptcy was treated as closed by June 10, 2025, removing the automatic-stay protection that had frozen at least some civil litigation. In Gaia Ethnobotanical v. T1 Payments, the court lifted the stay in July 2025 and later directed the plaintiff to move for default judgment after T1 failed to respond. In a related merchant action, default judgment was entered on March 30, 2026 in favor of Vida Divina, LLC and Gaia Ethnobotanical, LLC against T1 Payments, LLC for failure to comply with court orders. In T1 Payments v. New U Life, Donald Kasdon remained exposed as litigation continued into 2026; the court extended summary-judgment reply deadlines to February 24, 2026. A September 29, 2024 Nevada order denied motions to dismiss and allowed amended civil theft and federal RICO claims in the New U Life case to proceed. The UK company T1 Payments Limited was dissolved by compulsory strike-off on June 6, 2023, reinforcing the broader unwind picture. Kasdon still has a visible public profile in payments media; American Banker’s author page currently identifies him as founder of T1 Payments and shows a recent byline dated April 6. The Post-Bankruptcy Report The latest developments around T1 Payments and Donald Kasdon suggest that the real story is now playing out not in processor growth or licensing announcements, but in the slow legal aftershocks of collapse. The key turning point was the end of bankruptcy protection. In July 2025, the Nevada federal court in Gaia Ethnobotanical v. T1 Payments expressly noted that T1’s Chapter 7 case had closed on June 10, 2025 and lifted the automatic stay because the bankruptcy code’s stay no longer applied. That mattered because it reopened a path for merchant plaintiffs. In the Gaia matter, the case moved from procedural suspension to pressure on a now-unshielded defendant. By February 25, 2026, the court noted that T1 had failed to respond to the amended complaint, that default had already been entered, and ordered the plaintiff to move for default judgment by March 11, 2026 or explain why it would not. The most concrete fresh blow came shortly afterward. A court judgment dated March 30, 2026 shows default judgment entered in favor of Vida Divina, LLC and Gaia Ethnobotanical, LLC against T1 Payments, LLC for failure to comply with court orders. That is one of the strongest recent indicators that T1 is not defending itself in a normal operating-company posture. At the same time, Donald Kasdon remains relevant because the long-running T1 Payments v. New U Life Corporation litigation is still alive. A March 27, 2025 discovery order shows litigation continuing with Kasdon and related parties still in the case structure, while a February 11, 2026 order extended reply deadlines on competing summary-judgment motions to February 24, 2026. In other words, the flagship dispute involving Kasdon had not burned out by early 2026. The procedural history of that case is also significant. A Nevada order from September 29, 2024 denied dismissal motions and allowed amended claims, including civil theft and federal RICO, to move forward. That does not establish liability, but it confirms that the court found the amended allegations sufficient to survive that stage of challenge. For a processor group already damaged by bankruptcy, that is a serious litigation signal. There is also a bankruptcy-to-litigation crossover worth noting. The March 27, 2025 New U Life order references an April 4, 2024 Asset Purchase Agreement under which the Chapter 7 trustee and Kasdon agreed to the purchase of certain estate claims for $36,000. That detail suggests the post-bankruptcy landscape is not merely passive liquidation, but active positioning around claims and litigation exposure. Outside the U.S. dockets, the UK company record points in the same direction. T1 Payments Limited shows a Final Gazette dissolved via compulsory strike-off on June 6, 2023. That does not resolve the U.S. litigation picture, but it reinforces the impression of structural disintegration rather than international operating continuity. Kasdon himself remains publicly visible. American Banker’s current author page still identifies him as founder of T1 Payments and lists a byline dated April 6. That indicates ongoing presence in industry commentary, but there is no comparable public evidence in the sources reviewed that T1 itself has re-emerged as a functioning, scaled payment processor. How the Payvision–T1 Structure Allegedly Worked According to investigative reporting and allegations in U.S. complaints, Payvision and T1 Payments allegedly operated a structure that allowed high-risk U.S. merchant transaction flows to be routed through European corporate vehicles linked to Donald Kasdon rather than being presented directly as U.S. high-risk business. The alleged model was straightforward in concept. T1 Payments sourced or managed the underlying high-risk U.S. merchants, while Payvision provided the European processing layer. To bridge that gap, entities such as T1 Payments Limited in the UK and TGlobal Services Limited in the Isle of Man were allegedly inserted into the chain as formal counterparties or merchant-facing entities. On paper, this created the appearance of non-U.S. merchant business. In substance, according to the allegations, the payment flows remained tied to U.S.-related high-risk activity. Read more on the Payvision – T1 Payments partnership. From a compliance perspective, the significance of such an arrangement is obvious. If a processor formally onboards a European entity but the real economic activity, merchant control, or risk exposure sits elsewhere, then the corporate wrapper may serve to obscure the true merchant identity, the actual jurisdictional nexus, and the real risk profile of the business being processed. That, in turn, can weaken onboarding controls, distort due-diligence outcomes, and reduce the visibility of red-flag merchant sectors. FinTelegram’s interest in this alleged structure is therefore not merely historical. It goes directly to a recurring compliance question in cross-border acquiring: whether offshore or European entities were used as processing fronts for merchants that might otherwise have triggered stricter scrutiny, enhanced monitoring, or outright rejection. FinTelegram takeaway:If the allegations are correct, the Payvision–T1 setup was not just a commercial partnership. It was a risk-transformation mechanism: high-risk U.S. merchant activity allegedly entered the acquiring chain under the cover of European entities, making the processing profile appear cleaner than the underlying business reality. Chronology June 6, 2023 — T1 Payments Limited in the UK dissolved via compulsory strike-off. October 5, 2023 — Nevada bankruptcy opinion notes that Donald Kasdon paid debtor’s counsel in the Chapter 7 proceeding. September 29, 2024 — In New U Life, motions to dismiss denied; amended civil theft and RICO claims allowed to proceed. March 27, 2025 — Discovery scheduling order entered in New U Life; order references Kasdon’s purchase of certain estate claims for $36,000. June 10, 2025 — T1 bankruptcy treated as closed in later court filings. July 23, 2025 — Automatic stay lifted in Gaia Ethnobotanical v. T1 Payments. February 11, 2026 — Summary-judgment reply deadline in New U Life extended to February 24, 2026. February 25, 2026 — Court orders Gaia to move for default judgment. March 30, 2026 — Default judgment entered in related Vida Divina / Gaia action against T1. Whistle42 Closing CTA Whistleblowers, former merchants, payment insiders, and compliance professionals with information on T1 Payments, Donald Kasdon, Payvision, related entities, or similar high-risk processor structures are invited to contact FinTelegram via Whistle42. Confidential submissions help expose the rail operators, corporate vehicles, and processing arrangements that continue to shape the cyberfinance risk landscape. Share Information via Whistle42

FinTelegram has received a whistleblower report and a Visa complaint indicating that deposits to the high‑risk online casino Legionbet were routed through Estonian company NovaArcade OÜ under a non‑gambling merchant category code (MCC). We are calling on players, industry insiders, and payment professionals to provide additional documentation and intelligence to determine NovaArcade’s actual role as payment agent or registered merchant in this potentially illegal transaction‑laundering setup. Key findings so far A UK player reported several GBP deposits to legionbet.com that allegedly settled to “NovaArcade” in Tallinn, Estonia. In his Visa complaint, the player states that the transaction used a non‑gambling MCC despite being a casino deposit. NovaArcade OÜ is a small Estonian company (reg. no. 17280191, Narva mnt 7‑557, 10117 Tallinn) registered as an online retail/e‑commerce business, not as a licensed gambling or financial institution. Legionbet is an offshore casino scheme targeting international and UK players, with credit‑card deposits and crypto payments, Trustpilot reviews explicitly allege that Legionbet bypasses UK gambling blocks and uses transaction laundering to take money from credit cards. At this stage, NovaArcade’s role as payment agent, technical merchant, or front merchant for Legionbet is not fully documented, and further evidence is required. Situation and context (Senior Compliance Analyst view) Legionbet – high‑risk casino targeting UK and EU players Multiple third‑party review sites describe Legionbet as a relatively new online casino offering thousands of games, live casino products, and generous bonus structures. These reviews consistently highlight credit‑card and crypto acceptance, aggressive promotions, and a focus on continuous play and retention. There is conflicting and often opaque information regarding Legionbet’s licensing and corporate ownership: some sources reference AMO Global S.R.L. or Fortaprime SRL in offshore jurisdictions, while others claim coverage under non‑transparent licensing frameworks. In parallel, user feedback on platforms like Trustpilot indicates that Legionbet allegedly bypasses UK gambling blocks and uses transaction‑laundering practices to accept credit‑card deposits from vulnerable UK customers. NovaArcade OÜ – small Estonian entity with online‑services profile NovaArcade OÜ (registry code 17280191) is a micro‑company entered into the Estonian register in July 2025 with a share capital of 250 EUR and an e‑commerce/online‑retail business classification. It operates the website Village Network, a gaming/virtual‑world space. In itself, this profile fits the pattern of a “technical provider” or “front merchant” that can be repurposed to acquire payments for third‑party projects while disguising the true nature of the underlying business. This risk is amplified when such entities are integrated into card‑acquiring chains that process cross‑border, high‑risk verticals like online gambling. The whistleblower report and the Visa complaint A whistleblower approached FinTelegram alleging that NovaArcade OÜ is acting as a payment agent for Legionbet and possibly other illegal or high‑risk casinos. This allegation has now been partly supported by a concrete Visa complaint submitted by a UK player. In the Visa “Report a Purchase Issue” form, the cardholder: Identifies the merchant as “PLR NovaArcade” with location details matching NovaArcade’s Estonian address profile. States that he made several GBP-deposits into legionbet.com, which he characterises as an unlicensed UK gambling company. Alleges that the payment “was circumvented to Nova Arcade OU and the MCC code was not gambling-related.” Asserts that this constitutes a breach of Visa merchant terms and conditions. This is a primary‑source document that directly links Legionbet front‑end activity with NovaArcade’s merchant profile on the Visa network, and it raises the specific allegation of MCC misclassification. Compliance analysis – possible MCC and transaction laundering From a compliance and card‑scheme perspective, the alleged setup raises several red flags: Misuse of MCCs: Visa and other card schemes require that the merchant category code truthfully reflects the primary business of the merchant and the underlying transaction type; using a non‑gambling MCC for a gambling deposit is a breach of scheme rules and can be treated as transaction laundering. Circumvention of regulatory safeguards: In the UK, credit‑card gambling restrictions and gambling blocks are designed to protect vulnerable consumers; routing gambling deposits through an e‑commerce MCC or another innocuous category undermines these safeguards. Use of micro‑merchants as fronts: The combination of a small Estonian online‑services company with minimal capital and cross‑border gambling flows fits known typologies, where front merchants or “technical providers” are inserted between the casino and the acquirer to obfuscate the gambling nature of the transaction. Licensing opacity: Public sources either question Legionbet’s licensing or show a lack of cooperation with dispute resolution platforms, reinforcing concerns that the casino may be operating outside a robust regulatory framework while still taking Visa deposits. If these allegations are confirmed, NovaArcade OÜ, its acquirer, and the underlying casino operators could face serious consequences under card‑scheme rules and local AML/gambling regulations. Why we need more evidence While the whistleblower’s statement and the Visa complaint provide a strong initial indication, they are not yet sufficient to fully document NovaArcade’s role and the scope of the transaction‑laundering scheme: We currently have only one player transaction formally documented, without the full card‑statement metadata (MCC, acquirer name, authorisation and clearing details). The merchant descriptor “PLR NovaArcade” needs to be systematically linked with NovaArcade OÜ and any related entities or payment facilitators. The breadth of the scheme is unknown: it is unclear whether NovaArcade processes only specific Legionbet deposits, broader casino traffic, or multiple brands in a network of high‑risk operators. FinTelegram therefore invites all affected players, merchants, payment professionals, and insiders to share additional documents and intelligence that can help clarify the full picture. Key entities and roles (current working view) ItemName / EntityJurisdiction / AddressAlleged Role in SchemeNotes / SourcesCasino brandLegionbet (LegionBet Casino)Online; targets UK/EU playersFront‑end online casino accepting card & cryptoReviews highlight credit‑card deposits, crypto, aggressive bonuses and unresolved complaints. Casino operatorAMO Global S.R.L. / Fortaprime SRLOffshore (e.g. Costa Rica / non‑EU)Nominal owner/operator of the Legionbet platformOwnership and licensing details are opaque and inconsistent across sources. Merchant (card side)“PLR NovaArcade”Tallinn, 10117, EstoniaRegistered merchant on Visa network for the transactionDescriptor and location match NovaArcade OÜ profile. Legal entityNovaArcade OÜNarva mnt 7‑557, 10117 Tallinn, EstoniaAlleged payment agent / technical merchant for LegionbetMicro‑company, EMTAK online retail; no public gambling or payment‑institution licence. Acquirer / PSPUnknown (to be identified)Possibly EU/EEA acquiring bank or payment facilitatorProvides acquiring services to “PLR NovaArcade”Identity and risk controls still to be established from statements and insider information.  Call to action – help us expose the NovaArcade–Legionbet payment chain FinTelegram invites Players who deposited to Legionbet (or related brands) using Visa/Mastercard, Google Pay, or Apple Pay to provide the respective information to FinTelegram. If you hold any of the following, we strongly encourage you to share them with us: Card statements showing deposits to Legionbet where the merchant appears as “PLR NovaArcade” or similar (PAN and personal details can be redacted). Screenshots of deposit pages, payment confirmations, and email receipts linking Legionbet deposits to NovaArcade or other non‑gambling descriptors. Internal documents, contracts, or technical integration materials that describe NovaArcade’s role as payment agent, technical provider, or front merchant for Legionbet or other casinos. Any information on acquiring banks, PSPs, or MCC ranges used in these transactions. Please submit all documents and information through our secure Whistle42 whistleblower system so that your identity and data remain protected. Evidence provided will be analysed by FinTelegram’s compliance team and may be shared with relevant regulators and card schemes where appropriate. Together, we can bring transparency to this opaque payment structure and help stop abusive transaction‑laundering practices that target vulnerable gamblers in the UK and EU. Share Information via Whistle42

Hyperliquid has become one of the most extraordinary revenue engines in crypto. Public analytics suggest that the protocol generated roughly $961.5 million in gross protocol revenue in 2025 and about $873.7 million in gross profit, while current annualized revenue still sits near $675 million. At the same time, the network is processing roughly $193.9 billion in 30-day perpetual volume, carrying around $8.2 billion in open interest, and supporting a token market cap of about $10.6 billion. But behind the growth story sits a harder compliance question: Hyperliquid’s official materials emphasize self-custody, restricted jurisdictions, and sanctions rules, yet FinTelegram could not identify any publicly disclosed exchange, broker-dealer, or derivatives license attached to the front-end or protocol stack reviewed. Key Findings Hyperliquid is operating at exchange-scale economics. DeFiLlama currently shows about $674.6 million annualized revenue, $758.8 million annualized fees, $193.9 billion in 30-day perp volume, and $8.21 billion in open interest, placing Hyperliquid in the top tier of crypto trading venues by economic output. Its 2025 financial performance was exceptional. Based on DeFiLlama’s quarterly income statement, Hyperliquid generated about $961.49 million gross protocol revenue in 2025 and approximately $873.68 million gross profit after cost of revenue. The business model is brutally efficient. Hyperliquid has been widely described in recent coverage as an 11-person organization that produced over $900 million in profit in 2025, making it one of the most profitable crypto startups per employee. Value capture is unusually direct. Hyperliquid’s docs state that fees are directed to the community, deployers, HLP, and especially the Assistance Fund, which automatically converts fees into HYPE and burns the tokens. Commercial traction is now spilling into tradfi-adjacent products. S&P Dow Jones Indices licensed the S&P 500 to Trade[XYZ] for perpetuals on Hyperliquid in March 2026, a milestone showing how seriously the market now takes Hyperliquid’s liquidity layer. The regulatory posture remains the weak flank. Hyperliquid’s official interface terms restrict U.S. and other “Restricted Persons,” but the reviewed official materials do not identify a publicly disclosed broker, exchange, or derivatives license for the trading interface or protocol venue. That gap matters more, not less, as Hyperliquid gets bigger. Hyperliquid has now funded a Washington policy center focused on building legal pathways for DeFi perps in the U.S., a strong signal that the project itself sees regulation as a strategic frontier rather than a solved issue. Why This Matters Hyperliquid is no longer just another crypto protocol with a cult following. It now looks like a serious market infrastructure business masquerading in DeFi clothing: high throughput, deep liquidity, real fee generation, a native L1, an attached EVM environment, and a token that increasingly trades like an equity proxy on future growth. That combination is why many market participants now speak of Hyperliquid not merely as a successful protocol, but as one of the most economically powerful startups to emerge from crypto. For FinTelegram, however, the story is not just the success narrative. The real issue is whether Hyperliquid is becoming too large, too systemically relevant, and too economically sophisticated to continue relying on the familiar DeFi playbook of self-custody plus geofencing plus legal ambiguity. The Financial Performance: A DeFi Venue Printing Exchange-Scale Cash Flow The hard numbers are remarkable. DeFiLlama currently shows Hyperliquid with about $4.99 billion in TVL, $62.2 million revenue over the last 30 days, $55.29 million 30-day protocol revenue, $193.895 billion in 30-day perpetual volume, $7.412 billion in 24-hour perp volume, and $8.21 billion in open interest. On the token side, it shows a $10.626 billion market cap and roughly $42.9 billion fully diluted valuation for HYPE. The 2025 income statement is even more striking. Using DeFiLlama’s quarterly protocol data, Hyperliquid posted $139.67 million gross protocol revenue in Q1 2025, $180.35 million in Q2, $354.94 million in Q3, and $286.53 million in Q4. That adds up to $961.49 million for full-year 2025. Cost of revenue for those four quarters totaled $87.81 million, implying approximately $873.68 million in gross profit. Those figures line up with the broader market narrative that Hyperliquid generated roughly $900 million in 2025 profit with an extremely small core team. Recent long-form coverage and institutional commentary have framed Hyperliquid as a rare case of a crypto startup reaching elite-scale profitability without venture capital and with minimal organizational overhead. This is the core of the Hyperliquid phenomenon: a protocol-native trading venue generating the economics of a major exchange without the cost structure of a traditional financial institution. That is why Hyperliquid is not just outperforming peers; it is forcing the market to rethink what a high-value crypto business looks like. Why Hyperliquid Has Exceeded Expectations Hyperliquid’s commercial success is not accidental. Its official documentation describes a purpose-built layer-1 blockchain optimized from first principles, with fully onchain perpetual and spot order books, one-block finality, and throughput currently supporting around 200,000 orders per second. It also combines that trading engine with the HyperEVM, letting builders tap into the same liquidity base from an EVM-compatible environment. That architecture matters because Hyperliquid has been selling a very specific proposition to the market: CEX-like speed and UX without the conventional exchange stack. The docs explicitly emphasize onchain order books, low fees, transparent execution, and wallet-based onboarding rather than account-heavy intermediated access. The revenue design is equally important. Hyperliquid’s fee documentation says that on most other protocols the team or insiders are the main beneficiaries of fees, whereas on Hyperliquid fees are directed to the community, HLP, deployers, and the Assistance Fund; that fund then converts trading fees into HYPE and burns the tokens. In other words, the protocol couples venue growth to token scarcity in a way that makes the HYPE token a direct beneficiary of trading activity. Hyperliquid has also started to push beyond native crypto markets. In March 2026, S&P Dow Jones Indices licensed the S&P 500 to Trade[XYZ] for perpetual contracts on Hyperliquid, giving the chain a tradfi-branded benchmark product. That does not make Hyperliquid regulated finance, but it does show that serious external counterparties now view its market infrastructure as commercially relevant. The Regulatory Status: Big Platform, Thin License Story Here the picture changes sharply. Hyperliquid’s official terms make clear that the interface is not available to “Restricted Persons,” and the snippet surfaced by search explicitly shows that the platform geofences users in prohibited jurisdictions. Independent summaries of the same official terms consistently identify the United States and Ontario among those restricted jurisdictions. The official onboarding flow also reinforces Hyperliquid’s self-custodial design. Users connect wallets, confirm transactions in their EVM wallet, and are then ready to trade; the official docs focus on wallet connectivity, transfers, staking, API wallets, and developer endpoints rather than centralized customer onboarding or licensed intermediary status. That distinction is commercially powerful, but it does not answer the regulatory question. After reviewing Hyperliquid’s official website, docs, foundation site, and interface terms, FinTelegram could not identify any publicly disclosed broker-dealer, exchange, multilateral trading facility, crypto-asset service provider, futures commission merchant, or comparable derivatives license associated with the trading venue or front-end access reviewed. The official materials reviewed present Hyperliquid as a blockchain ecosystem with a self-custodial interface and a Cayman-based foundation, not as a conventionally licensed trading intermediary. That does not prove that no regulated entity touches any part of the broader ecosystem. It does mean that the public-facing regulatory story remains materially thinner than the commercial story. For a venue already operating at multibillion-dollar scale in open interest, that is not a small detail. It is the central legal vulnerability. The Cayman Foundation Is Not the Same as a Trading License An SEC filing tied to a proposed HYPE investment product states that the Hyper Foundation is a Cayman Islands registered foundation company formed in October 2024 to oversee growth and governance of the Hyperliquid Network. That is useful corporate context, but it is not the same thing as identifying a market-structure license for a trading venue dealing in leveraged products. This point is often blurred in crypto. A foundation structure can support governance, grants, ecosystem development, and token administration. It does not by itself answer whether the core trading functionality would satisfy exchange, brokerage, derivatives, conduct-of-business, AML, or investor-protection rules in key jurisdictions if regulators decide to look through the protocol narrative and focus on function. Hyperliquid Clearly Knows Regulation Is the Next Battlefield One of the strongest signals that Hyperliquid’s legal position is not settled came in February 2026, when the project backed the Hyperliquid Policy Center in Washington, D.C. Fortune reported that the initiative is focused on helping create legal pathways for decentralized perpetual derivatives in the U.S., backed by a donation valued around $28 million. That move is strategically rational. If you are already a dominant offshore or extra-jurisdictional liquidity venue, the next value driver is not merely more volume. It is regulatory survivability. Hyperliquid’s policy spend suggests the project understands that its future valuation may depend as much on legal legibility as on throughput, spreads, or token burns. FinTelegram’s Compliance Take Hyperliquid deserves the praise it is getting on performance. On publicly available data, it has built one of the most profitable and capital-efficient businesses in crypto. It has deep liquidity, large open interest, powerful token value capture, and a technology stack that the market clearly values. In pure business terms, Hyperliquid has already crossed from interesting DeFi experiment into serious financial infrastructure contender. But that is exactly why the compliance question becomes unavoidable. The larger Hyperliquid gets, the less plausible it becomes to treat it simply as an innocuous software layer. A venue that processes hundreds of billions in monthly perpetual volume, offers leveraged exposure, develops tradfi-linked products, and supports a native token with multibillion-dollar market value is no longer operating in a regulatory blind spot by default. It is operating in a regulatory waiting room. The present situation can be summarized in one line: Hyperliquid has already achieved exchange-scale economics without yet presenting exchange-scale licensing disclosure. That mismatch is the key issue for regulators, counterparties, institutional allocators, and serious compliance officers. Conclusion Hyperliquid may well be the most impressive financial startup in crypto today if measured by revenue efficiency, profit generation, and market traction. The numbers support the hype. But the next stage of the story will not be decided only by volume, fees, or token price. It will be decided by whether Hyperliquid can convert extraordinary commercial success into a durable regulatory position before supervisors decide to define the platform for themselves. For now, Hyperliquid looks like a billion-dollar DeFi cash machine with an unresolved license problem. That is both the source of its edge and the source of its risk. Whistle42 Call to Action FinTelegram invites whistleblowers, current and former employees, developers, compliance specialists, counterparties, market makers, and affected users to report information on Hyperliquid, offshore derivatives access, geofencing circumvention, sanctions controls, market-structure risks, hidden control points, or any other regulatory violations in the cyberfinance segment and crypto scene. If you have evidence, report it securely via the Whistle42 whistleblower platform. Share Information via Whistle42

With its April 13, 2026 staff statement, the U.S. SEC’s Division of Trading and Markets has drawn a functional boundary for crypto apps that facilitate transactions in crypto asset securities through self-custodial wallets. The message is clear: a neutral interface may avoid broker-dealer registration, but anything that looks, behaves, or monetizes like an intermediary may still fall into the broker perimeter. For crypto front ends, wallet-linked trading apps, and DeFi-style interfaces, this is not deregulation. It is a conditional warning label. Key Findings The SEC is carving out a narrow non-objection path for certain crypto interfaces. The staff statement applies only to specified “Covered User Interfaces” used by users engaging in self-custodial transactions involving crypto asset securities. Neutral tooling is the decisive concept. The SEC staff draws a hard line between passive transaction-enabling software and broker-like conduct involving solicitation, discretion, routing, execution, or custody. Compensation structure is now a regulatory signal. Revenue models tied to venues, routes, counterparties, or transaction outcomes may push an interface back into broker-dealer risk territory. Disclosure and control expectations are substantial. Even outside registration, app operators are expected to maintain robust disclosures around conflicts, fees, routing logic, cybersecurity, default settings, and use of transaction data. The statement is not law and not permanent. It is a staff position with no independent legal force and is scheduled to lapse five years after April 13, 2026 unless the Commission acts otherwise. This matters far beyond the U.S. retail crypto scene. The statement offers a useful analytical framework for identifying when “decentralized” or “self-custodial” branding masks a regulated intermediary function. Why This Matters The SEC’s latest staff statement is one of the most important recent signals for crypto market structure because it goes directly to the question many platforms have tried to blur: when is an app merely software, and when is it effectively a broker? For years, crypto operators have relied on a familiar narrative. They claim to be “just an interface,” “just a wallet layer,” or “just a front end” while quietly shaping execution, monetizing order flow, steering users toward preferred venues, or embedding commercial conflicts deep inside their product design. The SEC staff’s April 13, 2026 statement targets exactly this grey zone. What the staff is saying, in substance, is simple: self-custody alone does not cleanse an intermediary business model. The SEC’s Core Position The statement addresses certain crypto apps, browser extensions, websites, and similar interfaces that help users prepare transactions in crypto asset securities using self-custodial wallets. These interfaces may allow users to input transaction details, compare routes, view pricing information, estimate gas, and convert those instructions into data that can be signed and transmitted onchain. The SEC staff says it will not recommend enforcement action for failure to register as a broker-dealer if the interface provider remains within a tightly defined operational perimeter. That perimeter is narrow. The interface must operate as a neutral user tool, not as a transaction intermediary. In other words, it may facilitate user-directed interaction with blockchain-based systems, but it must not influence, structure, monetize, or control the securities transaction in a broker-like way. The Real Test: Neutral Interface or Disguised Intermediary? This is where the statement becomes operationally significant. According to the SEC staff, the non-objection position depends on the provider staying away from conduct traditionally associated with brokerage activity. That includes avoiding: soliciting particular transactions, recommending specific crypto asset securities, negotiating or influencing deal terms, routing or taking orders, executing or settling transactions, handling customer assets, arranging financing, or otherwise inserting itself into the transactional chain as more than a neutral software layer. This matters because many crypto businesses do not merely display options. They rank, steer, default, prioritize, and optimize in ways that may materially shape the outcome of the transaction. Once a provider does that with commercial purpose, the “we are just code” defense starts to look weak. The SEC is effectively saying that the label “self-custodial” does not answer the broker question. Function does. Follow the Compensation One of the sharpest points in the staff statement concerns compensation. The SEC staff indicates that qualifying interfaces should be compensated through fixed, user-facing charges based on objective criteria and applied consistently. Compensation must not depend on the venue selected, the route used, the counterparty involved, or the economic outcome of the trade. That is a major compliance marker. Why? Because compensation architecture often reveals what glossy decentralization language hides. If an app earns more when flow goes to a particular venue, liquidity source, or affiliated execution path, then neutrality becomes very hard to defend. The SEC explicitly signals that this framework excludes arrangements akin to payment for order flow. This is a crucial takeaway for compliance teams: in crypto, broker risk is not only about custody or formal order handling. It is increasingly about how the product is monetized and whether that monetization creates transactional bias. Disclosure Is Not Optional Governance Theater The SEC staff also expects significant disclosures from operators seeking to remain outside registration. These include disclosures around: fee structures, conflicts of interest, routing parameters, default settings, the use of trading-related data, cybersecurity measures, integration with venues or distributed ledger systems, and transaction-related risks such as MEV exposure. This is an important signal. Even if the SEC is willing, in limited circumstances, to treat some crypto interfaces as non-brokers, it does not view them as compliance-free software experiments. The staff is demanding governance, transparency, internal discipline, and clearly documented user-facing controls. In practical terms, the SEC is moving the compliance burden upstream into product design and operational architecture. What the Statement Does Not Cover The staff statement is not a blanket pass for crypto apps. It does not protect platforms that, in substance, do more than help a user prepare and transmit a self-custodied transaction. If the operator: exercises discretion, influences execution outcomes, controls assets, manages transaction flow, steers users through hidden incentives, or embeds commercial conflicts inside routing logic, then the non-objection position may no longer apply. This is particularly relevant for hybrid businesses sitting between DeFi and CeFi, including: wallet-integrated execution apps, protocol front ends with commercial routing logic, interfaces connected to affiliated venues, token trading apps that market themselves as neutral while optimizing for internal economics, and “decentralized” systems with highly centralized product governance. The SEC has not abolished broker risk for these businesses. It has merely explained where the line may be drawn. The Bigger Regulatory Context This statement should be read in the context of the SEC’s broader 2026 effort to impose more coherent structure on the treatment of crypto asset securities and tokenized securities. It complements the Commission’s wider message that tokenized securities do not cease to be securities merely because they move on blockchain rails. It also reflects a policy shift away from undifferentiated hostility toward a more functional approach: identify what the tool actually does, identify where the intermediary function begins, and assess registration risk accordingly. That is useful. But it is not safe harbor legislation, not formal rulemaking, and not judicial precedent. The SEC itself states that the document reflects staff views only, has no legal force or effect, and creates no enforceable rights or obligations. It is also expressly temporary and expected to be withdrawn five years after April 13, 2026 unless the Commission extends or replaces it. So the market should read this statement for what it is: a current enforcement and interpretive signal—not a permanent immunity shield. FinTelegram’s Compliance Take For FinTelegram, the real value of this SEC statement lies not just in U.S. securities law, but in its broader forensic usefulness. It gives regulators, investigators, compliance officers, and market observers a practical test for crypto interfaces that claim to be neutral technical wrappers while operating as shadow intermediaries. The key question is no longer whether an app says “non-custodial” on its homepage. The key questions are: Who controls the transactional logic? Who benefits from routing outcomes? Who shapes the user’s execution path? Who monetizes the flow? Who manages the defaults? Who holds the conflict? That is where the real broker analysis begins. In the cyberfinance sector, this matters because the same pattern appears repeatedly: legal risk is disguised as product design, intermediation is disguised as software, and regulated functions are fragmented into technical layers to avoid supervisory classification. The SEC’s statement does not solve that problem. But it does provide a sharper vocabulary for exposing it. Conclusion The SEC has now made one point unmistakably clear: a self-custodial interface may avoid broker-dealer registration only if it remains genuinely neutral. Once an operator solicits, steers, monetizes, controls, or otherwise inserts itself into the transaction chain, the broker question returns with force. For crypto app operators, this means compliance is no longer a matter of labels. It is a matter of architecture, incentives, disclosure, and operational reality. For regulators and investigators, the message is equally clear: the next enforcement frontier is likely to focus not only on custody and issuance, but on the hidden intermediary functions embedded inside supposedly neutral user interfaces. Whistle42 Call to Action FinTelegram invites whistleblowers, compliance insiders, developers, former employees, payment specialists, and affected users to report regulatory violations, hidden conflicts, custody misrepresentations, undisclosed routing arrangements, and broker-like conduct disguised as “self-custodial” crypto infrastructure. If you have evidence of misconduct in the cyberfinance segment or the crypto scene, submit it securely via the Whistle42 whistleblower platform. Share Information via Whistle42

The public rupture between TRON founder Justin Sun and the Trump family’s World Liberty Financial (WLFI) is not just another crypto feud. It is a stress test for one of the most politically charged projects in the digital asset sector. What is now emerging is a deeply uncomfortable picture: a project sold under the banner of DeFi appears to have preserved powerful insider controls, including the ability to freeze or block token holders under certain conditions. That alone would be serious. But in the case of WLFI, the compliance and governance concerns collide with something even bigger: the growing perception that the Trump family is using its presidency-adjacent power to build a fortune in crypto through centralized, insider-favoring structures dressed up as innovation. If Justin Sun, one of crypto’s most aggressive operators, has indeed found himself trapped by the very political machine he sought to support, then this dispute may become more than an internal scandal. It could become a credibility crisis for Trump-linked crypto itself. Key Findings The Justin Sun dispute is a governance stress test. Sun’s allegation that WLFI froze or blocked his position raises direct questions about hidden control mechanisms and insider discretion. Sun publicly accuses WLFI of hiding a blacklist/backdoor function. The token contract allegedly allows the team to freeze investor wallets and seize or control locked allocations without transparent, on‑chain governance. WLFI appears far less decentralized than the branding suggests. The project structure points to administrative control concentrated in selected multisigs and insiders rather than a trustless community-governed system. This is not just a token dispute. It is a credibility event that goes to the heart of what investors were actually buying: governance rights or governance theater. The Trump family dimension makes the case politically explosive. WLFI is not just another crypto project. It sits at the intersection of family power, presidential prestige, and direct private monetization. Justin Sun’s role adds an extraordinary layer of irony. A figure known for navigating regulatory gray zones now appears to be facing a freeze or lockout inside a politically connected crypto vehicle. The broader crypto industry may not turn on Trump, but it may turn on Trump-linked token projects. The dispute could accelerate a distinction between support for pro-crypto policy and skepticism toward Trump-family crypto ventures. Analysis: A DeFi Project With a Presidential Kill Switch Not DeFi. A Trump Family Toll Booth. World Liberty Financial looks less like a DeFi protocol and more like a private toll booth run for the benefit of the First Family. That is the real story. The issue is not innovation. The issue is extraction. WLFI appears structured to channel value, attention, and liquidity into a politically branded insider vehicle. In substance, it looks less like decentralized finance and more like centralized monetization wrapped in crypto marketing. The Justin Sun Clash Is a Stress Test The conflict with Justin Sun is not just another billionaire crypto quarrel. It is a stress test for WLFI’s true nature. Sun’s allegation is explosive: his position was effectively frozen through wallet-control functionality. FinTelegram cannot independently verify every technical claim on the basis of current public reporting alone. But one thing is already obvious from WLFI’s own materials: this was never genuine, trustless, community-controlled DeFi. The paperwork points in a different direction. Administrative control sits with selected multisigs. Insider discretion is built in. Governance can snap back into centrally controlled hands whenever management invokes security or adverse-event logic. That is not decentralization. That is a kill switch with branding. Governance Theater, Real Insider Power WLFI was sold into a market that worships the mythology of decentralization. Community. Governance. Token-holder participation. Open protocol logic. But when the biggest outside backer says the doors can be locked from the inside, the theater falls apart. Then the real question emerges: were investors buying governance, or just the illusion of governance? If insiders can override the system when it matters, then token holders were never really in charge. They were spectators. Useful ones. This is why the Sun dispute is not just personal fallout. It is a credibility event for the project itself. The Presidency as a Crypto Profit Engine The political dimension makes the case even more toxic. The Trump family is not merely cheering on crypto from the sidelines. It appears to be using the presidency-adjacent power environment as a wealth-extraction machine inside the sector. That is the extraordinary inversion here. The family of the sitting U.S. president is not only benefiting politically from a pro-crypto climate. It is also monetizing that climate through a project critics describe as centralized, insider-favoring, and conflict-heavy. This is not just bad optics. It is a case study in how political power, family branding, and crypto speculation can be fused into one single revenue engine. Justin Sun Gets Rugged by the Wrong People There is also a brutal irony in Justin Sun’s position. Sun built his career on surviving gray zones, outmaneuvering regulators, and navigating the global crypto perimeter with extraordinary flexibility. And now? He appears to have collided with an even harder reality: a crypto project linked to presidential power. If the allegations are correct, Sun was not outplayed by the market. He was outplayed by the political machine he chose to back. That is what gives this case its nasty edge. The man long accused of gaming systems now appears to be trapped in one. And this one allegedly comes with a multisig-controlled loyalty test: stay aligned, or watch your liquidity disappear. That would not be DeFi. That would be digital patronage. Could This Hurt Trump with Crypto? Yes, but only up to a point. The broader crypto industry will likely remain aligned with Trump’s general political value proposition: lighter regulation, friendlier rhetoric, and less hostility from Washington. That relationship is bigger than WLFI. But this dispute can still do real damage where it matters most: trust. Not trust in Trump as a pro-crypto political figure. Trust in Trump-linked crypto products as credible investable structures. That distinction matters. Serious investors, institutions, and governance-sensitive market participants may increasingly separate pro-crypto Washington from Trump family token schemes. If that separation widens, WLFI stops looking like a flagship of mainstream crypto acceptance. It starts looking like a warning. Conclusion The Sun-WLFI clash is not just messy. It is revealing. It exposes the contradiction at the heart of Trump-branded crypto: the language of decentralization wrapped around a structure that appears centralized, politically charged, and optimized for insiders. WLFI may still attract speculators. Trump may still retain broad support across parts of the crypto industry because of his political posture. But that does not save Trump-linked crypto ventures from scrutiny. On the contrary, this affair sharpens the divide between political support for crypto and trust in projects tied directly to the Trump family. For anyone looking seriously at governance, compliance, and control risk, the message is dark and simple: this is not crypto liberation. This is crypto court politics. And Justin Sun may just have learned that, in Trump-world finance, access is never the same thing as protection. Whistle42 Call FinTelegram invites whistleblowers, insiders, former employees, developers, token holders, service providers, compliance professionals, and counterparties with direct knowledge of WLFI governance, wallet-control mechanisms, token freezes, treasury structures, investor communications, or Justin Sun’s dealings with the project to submit information securely through the Whistle42 whistleblower system. If you have evidence, internal documents, screenshots, smart-contract details, governance records, or communications relevant to this case, please reach out. Confidential sources can help determine whether this is merely a governance dispute, a deception around decentralization, or something even more serious. Share Information via Whistle42

A whistleblower has approached FinTelegram with serious allegations against Bennupay, a high-risk payment orchestration brand linked to UK entity Bennu Tech Ltd and Cyprus entity SREBARS TRADING LTD. According to the whistleblower, Bennupay collected a €2,500 setup fee, sent a short technical-maintenance notice, and then terminated the merchant relationship almost immediately while declaring the fee non-refundable. At this stage, the available material supports suspicion and further scrutiny, but not yet a definitive fraud finding. Key Findings Upfront setup fee documented: Screenshots provided to FinTelegram show a €2,500 invoice issued by SREBARS TRADING LTD for an “Integration (MID Setup) Fee.” Immediate-payment pressure alleged: A message attributed to Bennupay states that the setup fee could not be deducted from settlements and had to be paid upfront. Short disruption notice before shutdown: The whistleblower provided a follow-up message referring to temporary BSC settlement maintenance. Rapid termination after payment: A later message states that the merchant account and all associated processing services were terminated with immediate effect. Non-refundable fee clause invoked: The termination message explicitly states that onboarding and setup fees are non-refundable. High-risk business profile: Bennupay appears to position itself as a payment orchestration solution for high-risk sectors, including gaming, crypto, and trading. Broader network worth examining: The currently identified Bennupay-linked entities and individuals suggest a wider network around payment setup, high-risk merchant onboarding, and fintech consultancy services. Compliance Assessment From a compliance perspective, this case is interesting enough to warrant publication as a whistleblower alert and information request. The currently available material suggests a plausible pattern of high-risk merchant onboarding followed by rapid adverse action. That alone does not prove wrongdoing or malicious behavior. In the payment sector, especially in high-risk verticals, it is not unusual for merchants to be terminated after further review by an acquirer or processing partner if undeclared business lines, prohibited verticals, or problematic sub-merchant activity are identified. However, several elements make this case noteworthy. The combination of a substantial upfront setup fee, a very short interval between payment and termination, and an intervening technical-maintenance notice creates a fact pattern that is commercially suspicious and deserves scrutiny The apparent Bennupay network raises additional compliance questions. Based on the information currently available, Bennupay appears linked to Bennu Tech Ltd in the UK and SREBARS TRADING LTD in Cyprus, with Jelena Cvetkovic and Snezana Cvetkovic reportedly connected to both entities. These individuals also appear linked to Fincorp Consultants, which may indicate a broader network spanning merchant onboarding, corporate structuring, and high-risk payment support services. As currently presented, the website identifies Bennupay only as a brand, provides generic contact emails, and states that it offers a technical payment-orchestration solution, but it does not visibly name the responsible legal entity, company registration number, or registered address on its homepage, About page, or Contact page. In addition, the footer references to “Terms & Conditions” and “Privacy Policy” appear as plain text rather than accessible linked legal documents. For a business marketing payment-orchestration services to sectors such as trading, gaming, and crypto, this combination of thin legal disclosure and non-functional policy references is a material transparency and compliance red flag. The whistleblower claims that Trans-Voucher is the PSP behind Bennupay. This has not yet been independently verified by FinTelegram and should therefore be treated as an allegation, not an established fact. At present, the evidence supports one clear conclusion: the whistleblower’s allegations are plausible and relevant from a compliance and merchant-protection perspective, but further evidence is needed before stronger conclusions can be drawn. CategoryDataDescriptionBrandBennupayHigh-risk payment processorRelated brandFincorp ConsultantsRelated commercial network around fintech, structuring, and merchant-support servicesDomainsbennupay.io(fincorphub.eu)Site markets services to Trading, Gaming, and Crypto;no disclosure of the legal operator, company number, or registered address. Footer references to Terms & Conditions and Privacy Policy appear as plain text rather than accessible linked legal documents.Legal entities &JurisdictionBenno Tech Ltd (UK)Srebars Trading Ltd (Cyprus)Srebars Trading: issuer of merchant invoices;Benno Tech: dormant company with SIC 62012 – Business and domestic software development.Related individuals Jelena Cvetkovic Snezana CvetkovicBeneficial owners and directors of both legal entitiesBank Revolut Bank UAB Compliance note: Bennupay presents itself publicly as a payment-orchestration platform for sectors including trading, gaming, and crypto, and states that it provides a technical solution while not processing transactions or managing client funds. At the same time, the public website lacks clear operator disclosure and does not provide visibly linked legal-policy documents in the footer. For a business targeting higher-risk merchant categories, that combination of thin legal transparency, high-risk sector focus, and multi-entity structuring signals is a material compliance red flag that warrants further scrutiny, even though it does not by itself establish fraud or regulatory breach. FinTelegram Call for Information Whistleblowers, merchants, former employees, compliance professionals, acquiring partners, and industry insiders: we want to hear from you. If you have information about Bennupay, Bennu Tech Ltd, SREBARS TRADING LTD, Jelena Cvetkovic, Snezana Cvetkovic, Fincorp Consultants, or any related payment partners, submit your information confidentially via the Whistle42 whistleblower platform. We are particularly interested in: onboarding documents and merchant agreements fee schedules and setup-fee disclosures termination notices and internal correspondence acquiring-partner communications refund disputes and reserve issues evidence regarding sub-merchants or prohibited verticals documentation showing Bennupay’s actual processing, routing, or settlement partners any substantiated link between Bennupay and Trans-Voucher If you were onboarded, rejected, terminated, or asked to pay setup fees by Bennupay or related entities, your information could help clarify whether this is a legitimate high-risk compliance dispute or part of a broader abusive pattern. Submit your evidence securely via Whistle42. Share Information via Whistle42

FinTelegram’s review of the SENDS/Smartflow structure has uncovered a new layer that intensifies the compliance questions around the UK EMI. Multiple SENDS pages state that the website is owned by GANGA PAY LTD and merely used by Smartflow Payments Limited under a Software License Agreement dated 01/05/2025. GANGA PAY is an active UK company, but its public Companies House profile presents it as an IT/data-processing/web-portal business, not as an FCA-authorised payment institution. At the same time, Smartflow’s 2024 accounts show explosive growth in acquiring revenue, while whistleblower material continues to link SENDS to a merchant cluster allegedly tied to offshore-casino payment flows. The structure does not prove wrongdoing. But in the context of Alona Shevtsova’s public sanctions/ESBU backdrop and a newly inserted Ukrainian controller at GANGA PAY, it raises a material outsourcing, governance, and AML-risk question. Key Findings SENDS’ public website is not owned by the regulated EMI itself. SENDS pages state that the site is owned by GANGA PAY LTD and used by SMARTFLOW PAYMENTS LIMITED under a software licence dated 01/05/2025. GANGA PAY is publicly presented as a tech/web company, not a regulated EMI. Companies House lists SIC codes for IT consultancy, data processing/hosting, web portals, and advertising agencies. Anna Borodenko now controls GANGA PAY. Companies House shows Anna Borodenko, Ukrainian, country of residence Ukraine, appointed as director on 13 February 2026, and GANGA PAY’s people records show two prior directors resigned in October 2024 and February 2026. Smartflow is now a large acquiring-led business. The 2024 accounts show turnover of €23,969,696, profit after tax of €1,473,734, cash of €7,074,469, and €11,301,172 owed to merchants. Revenue was overwhelmingly from acquiring fees (€23,933,239) rather than e-money operations. The Shevtsova backdrop matters. Companies House shows Alona Shevtsova as the sole active PSC of Smartflow with 75%+ ownership, and ESBU states that suspects, including bank shareholders, organised a UAH 5 billion miscoding scheme for illegal casinos using more than 20 controlled companies and false payment purposes. What the GANGA PAY Licence Arrangement Means The license agreement between SENDS and GANGA PAY separates the regulated payments entity from the digital asset customers actually use. According to SENDS’ own wording, GANGA PAY owns the website, while Smartflow uses it under licence. That is not inherently improper. Regulated firms often license software, onboarding tools, websites, and other infrastructure. But in financial services, the key issue is whether this is ordinary outsourced technology or whether critical customer-facing and onboarding functions have effectively been placed in the hands of an unregulated affiliate or vendor. From a compliance perspective, that distinction is crucial. If the site ownership, codebase, customer journeys, merchant-facing interfaces, or data flows are controlled by a non-regulated licensor, the regulated EMI must still be able to show that it retains full control over onboarding, transaction monitoring, complaints handling, audit rights, resilience, and regulatory accountability. The structure therefore raises an outsourcing-governance question, not just a branding question. The CyberRating platform RatEx42 has classified SENDS as “RED – Critical Risk” due to the apparent involvement of the FCA-regulated EMI in payment clusters associated with illegal casinos, as well as its lack of transparency in corporate governance and questionable compliance processes. Go to the SENDS compliance profile on RatEx42. Who Is Anna Borodenko? The verified public profile on Anna Borodenko is currently thin. Companies House shows only that she is a Ukrainian national, resident in Ukraine, appointed director of GANGA PAY on 13 February 2026, with identity verification completed. I did not find, in the records reviewed, a strong public professional profile linking her to a widely known regulated-payments track record. That absence does not prove anything by itself. But in a structure already attracting scrutiny, it increases the importance of understanding source of funds, business purpose, and why control of the licensor changed hands in February 2026. The governance history around GANGA PAY also deserves attention. Companies House shows earlier control by Aphrodite Kittou and then Irakli Koberidze, before Borodenko took over. That degree of turnover in a company now sitting behind the public-facing SENDS platform is not dispositive, but it is a legitimate governance and integrity signal for counterparties and regulators to examine. Smartflow’s 2024 Growth Changes the Risk Profile The company reports turnover rising from €7.7 million in 2023 to almost €24.0 million in 2024, with profit after tax of €1.47 million and cash at bank of €7.07 million. On page 15 of the accounts, the turnover note shows that almost all revenue came from acquiring fees, while e-money operations contributed only a negligible amount. On page 18, the balance-sheet note shows €11.3 million due to merchants, underscoring that this is now an operationally significant merchant-acquiring business. That matters because the website/licence issue is not sitting behind a tiny dormant firm. It is sitting behind a rapidly scaling acquiring platform whose business model is overwhelmingly dependent on merchant acquisition and settlement flows. In that context, any uncertainty about control of customer-facing infrastructure, merchant funnels, or onboarding tooling becomes much more serious from an AML and prudential perspective. The Shevtsova Context The wider context around Smartflow’s control remains highly relevant. Companies House identifies Alona Shevtsova as Smartflow’s active PSC with 75%+ ownership. The Ukrainian ESBU has publicly described a case in which suspects, including bank shareholders, allegedly organised the legalisation of illegal-casino funds using miscoding, more than 20 controlled companies, and false payment purposes describing non-existent goods and services. That does not prove Smartflow or GANGA PAY repeated such conduct. But it makes the Smartflow/GANGA PAY outsourcing and merchant-acquiring structure far more sensitive than it would be in an ordinary EMI case. Read our report on the Alona Shevtsova case here. One additional point from the accounts is also notable. The directors’ report says that on 31 May 2025 Smartflow moved all money-transfer activities from IFX Payments Limited to PayrNet Limited. The accounts also say part of the company’s intangible assets relate to licensed payment software development. That reinforces the point that Smartflow’s operating model relies materially on external and/or licensed infrastructure relationships. Compliance Assessment The GANGA PAY Path GANGA PAY is not a passive web/IP shell. Its own site presents it as a payment-solutions / payments-technology company, and Companies House shows a business profile consistent with software, hosting, web, and data-processing activities rather than regulated financial services. That makes the structure more nuanced, not less concerning. The key issue is not simply that GANGA PAY lacks an FCA licence. The real issue is where the boundary lies between regulated services carried out by Smartflow and non-regulated payments-technology functions supplied by GANGA PAY. A split structure of this kind can be entirely legitimate. Many EMIs license software, websites, onboarding tools, tokenisation modules, APIs, and merchant-interface technology from specialist vendors or affiliates. But the legitimacy of the structure depends on function and control. If GANGA PAY is merely providing software, hosting, UX, or technical integration, that may be ordinary outsourcing. If it is involved in customer journeys, merchant onboarding, complaint routing, payment orchestration, data processing tied to regulated activity, or decisioning around transactions or merchants, then the arrangement becomes a far more sensitive outsourcing-governance and operational-control issue for the regulated EMI. The Exploding Turnover That distinction matters even more because Smartflow is no longer a small peripheral operator. Its 2024 accounts show turnover rising to €23.97 million, profit after tax of €1.47 million, cash of €7.07 million, and €11.3 million owed to merchants. The turnover note shows that revenue was overwhelmingly generated from acquiring fees (€23.93 million), while e-money operations contributed only a marginal amount. In other words, this is now a materially significant merchant-acquiring business. In that context, uncertainty about who controls the public-facing platform, merchant-interface layer, and related technology becomes a meaningful AML, prudential, and governance question rather than a technicality. The Ownership Question The control picture intensifies that concern. Companies House shows Alona Shevtsova as the sole active PSC of Smartflow with 75%+ ownership, and Anna Borodenko, a Ukrainian national resident in Ukraine, as director of GANGA PAY since 13 February 2026. GANGA PAY’s officer history shows recent controller turnover, while Smartflow’s public-control record is already sensitive because of Shevtsova’s wider background. That does not prove that the SENDS–GANGA PAY structure is improper. It does mean the arrangement should be assessed as a heightened outsourcing, governance, and AML-risk structure requiring close examination of ownership, source of funds, operational dependency, audit rights, resilience, and regulatory oversight. Sanctions & Criminal Investigations The structure is further sensitized by the sanctions-screening context. Smartflow Payments Limited / SENDS and its controlling figure Alona Shevtsova appear in OpenSanctions-linked screening context, while Shevtsova is also publicly tied to official Ukrainian sanctions and the Economic Security Bureau of Ukraine (ESBU)’s illegal-casino miscoding case. OpenSanctions inclusion does not establish liability by itself, but for a regulated EMI it is a material compliance signal that should trigger enhanced due diligence, governance scrutiny, and close review of related-party arrangements, outsourcing dependencies, and merchant-acquiring exposure. The right compliance questions are therefore practical and direct: What exactly does GANGA PAY license to Smartflow? Does it own only the website and software stack, or does it also influence onboarding, merchant acquisition, or data flows tied to regulated activity? Was the FCA informed of the arrangement as a material outsourcing dependency? What due diligence was performed when Anna Borodenko became controller of the licensor in February 2026? And, most importantly, can Smartflow demonstrate that all core regulated decisions — onboarding, MCC classification, transaction monitoring, complaints handling, and suspicious-activity escalation — remain fully inside the control perimeter of the FCA-authorised EMI? Summary Table Entity / PersonJurisdictionVerified public roleWhy it mattersSmartflow Payments Limited / SENDSwww.sends.coUKFCA-authorised EMI; controlled by Alona Shevtsova; acquiring-led 2024 revenue profileRegulated entity at the centre of the structure. Sanctioned entity.GANGA PAY LTDwww.gangapay.comUKActive private company; payment solution provider; site owner/licensor for SENDS website; SIC codes for IT/data/web/advertisingNon-regulated company owning the public-facing SENDS website.Anna BorodenkoUkraine / UK company roleDirector and controlling person of GANGA PAY since 13 Feb 2026; Ukrainian; resident in UkraineNewly inserted control person in the licensor layer.Alona ShevtsovaUkraine / Poland / UK company controlActive PSC of Smartflow with 75%+ ownershipMakes the structure more sensitive given public ESBU allegations. OpenSanctions entry.ESBU miscoding caseUkrainePublic case involving illegal casinos, false payment purposes, and controlled companiesContext that intensifies AML concerns around related structures. Whistleblower Call FinTelegram invites insiders, former employees, counterparties, acquirers, auditors, compliance staff, and technology contractors with information about Smartflow Payments Limited / SENDS, GANGA PAY LTD, Anna Borodenko, Alona Shevtsova, outsourced onboarding systems, merchant-interface tooling, related-party licensing, or casino-adjacent merchant clusters to contact Whistle42 securely. We are especially interested in: the Software License Agreement dated 01/05/2025, documents showing what GANGA PAY actually licenses to Smartflow, merchant onboarding and MCC-classification files, complaint-escalation and transaction-monitoring records, and source-of-funds / governance records around GANGA PAY’s February 2026 control change. Share Information via Whistle42

New whistleblower material reviewed by FinTelegram strengthens the original Holyluck payment-rail story in two ways. First, it shows what appear to be standardized SENDS support responses telling the complainant that SENDS is only a payment-service provider, that the complainant is “not our client,” and that any refund or chargeback route must go through the merchant or issuing bank. Second, the whistleblower has identified a growing cluster of UK-incorporated digital-goods fronts — including ASORTIZ LTD and LIVANTE LTD — whose websites present themselves as gaming or digital-goods stores, while the whistleblower alleges they function as cover merchants for gambling-related payment flows. The public record does not yet prove that SENDS knowingly onboarded sham merchants. But the new evidence materially sharpens the question of whether a regulated UK EMI is sitting at the center of a broader merchant-presentation architecture for offshore casino deposits. Key Findings The “not our client” line is now documented more clearly. New screenshots reviewed by FinTelegram show SENDS support repeating that it cannot process refunds or chargebacks because the complainant is not SENDS’ client and must instead pursue the merchant or the issuing bank. The alleged front-merchant layer appears broader. The whistleblower identifies ASORTIZ LTD and LIVANTE LTD, both recently incorporated in the UK, as companies tied to digital-goods storefronts used in the wider payment environment. Companies House shows both are active. At least two websites openly map to those companies. dota2store.online states in its terms that it is operated by ASORTIZ LTD, while digitplaystore.com states that it is operated by LIVANTE LTD. Both present themselves as digital-goods/game-key sellers. The wider routing narrative remains consistent with the original case. The earlier chain involving PayLink/TAS Link, SENDS / Smartflow Payments Limited, and a Quicko payout reference still stands as the strongest documented framework from the Holyluck dossier. SENDS publicly states that Smartflow Payments Limited is the regulated entity behind the brand and uses FCA registration number 900873. TAS Link publicly states that it has been NovaPay’s processing partner for more than five years. The available evidence suggests that Holyluck was not necessarily the merchant presented to the payment system, but that the presented merchant appears to have been acquired through SENDS. What the New SENDS Screenshots Add The new screenshots do not reveal a “smoking gun” admission. What they do add is behavioral consistency. Across the reviewed exchanges, SENDS support tells the complainant that refund requests must be directed to the merchant, that SENDS merely facilitates the transaction, and that the complainant must turn to the card issuer for dispute or chargeback options. In one exchange, SENDS reportedly states outright that the complainant is “not our client.” That matters because it fits the already documented pattern in the Holyluck case: the consumer-facing gambling activity appears to sit on one side, while the payment-facing response shifts responsibility back to an opaque merchant layer. On its own, this is not proof of complicity. But it is evidence that SENDS was on notice of the complaint and still framed the matter as a merchant-side dispute rather than a potential merchant-misrepresentation or MCC-presentation problem. One small but noteworthy detail also emerges from the screenshots: the SENDS footer still shows Office 39.18, Level39, One Canada Square, London E14 5AB, while Companies House now shows Smartflow Payments Limited’s registered office as 11 Garden Court, Tewin Road, Welwyn Garden City, changed on 1 December 2025. That may be nothing more than legacy branding or an old template, but it is another indicator that the public-facing and registry-facing layers should be checked carefully. The New Merchant Cluster: ASORTIZ, LIVANTE, and the “Digital Goods” Layer The strongest new research lead is the apparent merchant-cluster expansion. ASORTIZ LTD is an active UK company. Companies House shows Inna Rainova, a Ukrainian national, as director and person with significant control since June 2025. The website dota2store.online states in its terms that it is operated by ASORTIZ LTD and presents itself as a seller of digital products. LIVANTE LTD is an active UK company registered in Liverpool, with SIC code 63120 – Web portals. Companies House shows Larysa Panaietova, also Ukrainian, as director. The website digitplaystore.com states that it is operated by LIVANTE LTD and markets digital game keys and related products. That public record does not prove these are sham or “ghost” stores. But it does show that the whistleblower’s named companies are real UK corporates attached to websites that present themselves as low-risk digital-goods businesses — exactly the kind of category that would matter if gambling-related transactions were being presented to payment systems as retail or digital-goods purchases rather than gambling activity. The additional domain sk1nzone.com appears to market CS2 skins and digital items, but in the quick public record check I reviewed, I did not find a clear operator disclosure equivalent to the ASORTIZ and LIVANTE websites. That makes it a lead, not a verified attribution. How the Overall Picture Now Looks The updated picture is more structured than the original Holyluck whistleblower complaint. At the merchant-facing layer, the Holyluck/TrueLuck/Mega.bet cluster appears to sit in the offshore casino environment, with Holyluck widely described online as operated by Gem Limitada in Costa Rica. At the payment-presentation layer, the whistleblower now points to multiple UK “digital goods” fronts, including ASORTIZ and LIVANTE, with storefronts such as dota2store.online and digitplaystore.com. At the processing/routing layer, the earlier case tied the flow to PayLink / TAS Link and then to SENDS / Smartflow Payments Limited as the named acquirer or acquiring-side institution in TAS Link correspondence. TAS Link publicly markets payment-processing capabilities and says it processes for NovaPay. SENDS publicly states that Smartflow Payments Limited is the regulated entity behind the SENDS brand and is FCA-registered under 900873. At the payout side, the earlier Quicko reference remains notable because Quicko itself publicly said it lost the ability to provide payment services after the Polish KNF revoked its authorization in January 2026. Compliance Interpretation The cautious but strong compliance interpretation is this: The new material does not yet prove that SENDS knowingly operated an illegal-gambling laundering system. It does strengthen the case that SENDS sits inside a recurring complaint pattern involving allegedly mispresented merchants, digital-goods storefronts, and offshore gambling brands. The WhatsApp/email screenshots are especially relevant because they show SENDS not as an unknown background rail, but as an entity already receiving direct complaints and continuing to frame the matter purely as a merchant-side refund dispute. That is where the regulatory question sharpens. If a regulated EMI is repeatedly named in complaints involving merchant mismatch, descriptor issues, digital-goods fronts, and offshore gambling brands, the issue is no longer just a consumer grievance. It becomes a merchant onboarding, transaction monitoring, MCC accuracy, and suspicious-activity escalation question. Compliance Award Finalist — While Scrutiny Intensifies In a development that sharpens the contrast around the Holyluck/SENDS case, SENDS has been officially listed as a finalist in the ICA Compliance Awards Europe 2026 under “Small Compliance Team of the Year (<7 Team Members) – Financial Services.” That shortlist status is now verified by the official ICA finalist page screenshot reviewed by FinTelegram. The timing is striking. The same UK EMI that is presenting itself as an award-level compliance performer has also been named in whistleblower-backed complaints and FinTelegram reporting concerning digital-goods storefronts, merchant-presentation issues, offshore gambling-facing payment flows, and standardized refusal responses. That does not prove wrongdoing by SENDS, and FinTelegram is not suggesting that an award nomination invalidates a firm’s compliance controls. It does, however, make the underlying questions harder to ignore. Summary Table LayerEntity / BrandJurisdictionPublicly verified roleInvestigative significanceOffshore casino layerHolyluck / Holyluck2 / Holyluck3Costa Rica / offshoreWidely described online as operated by Gem LimitadaUnderlying gambling-facing activityDigital-goods frontASORTIZ LTD / dota2store.onlineUKActive company; website says ASORTIZ operates DOTA2STORE. The Ukrainian national Inna Rainova is the controlling person.Possible merchant-presentation layerDigital-goods frontLIVANTE LTD / digitplaystore.comUKActive company; website says LIVANTE operates Digitplaystore. Ukrainian national Larysa Panaietova is the controlling person.Possible merchant-presentation layerRouting nodePayLink / TAS LinkUkrainePublic payment-processing infrastructure; NovaPay processing partnerTechnical routing role in earlier Holyluck dossierAcquiring-side EMISENDS / Smartflow Payments LimitedUKActive company; SENDS says Smartflow is regulated entity, FCA 900873Central regulated rail under scrutinyPayout endpointQuicko / QuickowalletPolandQuicko says it lost ability to provide payment services after KNF actionRelevant payout-side context Conclusion The original Holyluck article now looks less like a one-off complaint and more like the first visible slice of a broader merchant-cluster problem. The new evidence does not conclusively establish willful facilitation by SENDS. But it does show a more scalable structure than before: offshore casino brands on one side, UK digital-goods storefronts in the middle, Ukrainian payment infrastructure in the routing layer, and a UK-regulated EMI sitting in the acquiring-side position while responding to complaints with standardized deflections. That is already enough to justify a harder second look by compliance teams, card schemes, regulators, and counterparties. Whistleblower Call FinTelegram invites insiders, former employees, merchants, acquiring partners, scheme-risk teams, and compliance officers with evidence relating to SENDS / Smartflow Payments Limited, TAS Link / PayLink, ASORTIZ LTD, LIVANTE LTD, dota2store.online, digitplaystore.com, sk1nzone.com, Holyluck, TrueLuck, Mega.bet, or similar MCC- or merchant-presentation anomalies to contact Whistle42 securely. We are especially interested in: merchant onboarding files, MCC assignment records, descriptor mapping, SAR/AML escalation files, correspondence about merchant complaints, and evidence linking digital-goods fronts to gambling deposits. Share Information via Whistle42

The RatEx42 cyberfinance rating platform has issued its highest-level warning against the purported cryptocurrency exchange Meteorex (MeteorEx s.r.o.). Operating with zero verifiable blockchain infrastructure and hiding behind a Czech shell entity, the platform has been classified as a “Critical Risk” and downgraded to Tier D on the DAREX Index. European acquiring banks and PSPs are urged to immediately block all associated fiat transactions to prevent potential money laundering and investment fraud. Key Findings Phantom Operations: Despite marketing itself as a digital asset exchange, Meteorex possesses no functional trading engine, decentralized application (dApp), or verifiable Web3 footprint. EU Shell Exploitation: The platform utilizes a newly formed Czech corporate entity (MeteorEx s.r.o.) and a notoriously easily acquired local trade license to falsely project “EU AML compliance” to banking partners. Nominee Directorship: The entity is directed by Andrei Gergeev, a known corporate service provider and professional nominee, deliberately obscuring the platform’s true Ultimate Beneficial Owners (UBOs). Virtual Office Setup: The official corporate headquarters is registered to a well-known mail-drop address in Prague shared by dozens of other shell companies. Severe Regulatory Downgrade: RatEx42 has assigned Meteorex a RED (Critical Risk) signal and placed it in Tier D on the DAREX Index, signaling extreme regulatory risk and a high probability of illicit financial activity. What is Meteorex? Meteorex (meteorex.net) presents itself to the public as a digital asset trading platform compliant with European Anti-Money Laundering (AML) regulations. However, compliance investigations reveal that it is a “burner” platform. It lacks the basic technological infrastructure required to facilitate actual cryptocurrency trading. Instead, it functions primarily as a digital storefront designed to legitimize a recently registered European corporate shell. In the digital asset space, platforms fitting this exact typology are heavily correlated with “pig-butchering” investment scams, existing solely to secure access to the SEPA network to harvest and launder illicit fiat deposits from victims. Reasons for RatEx42’s “Critical Risk” & Tier D Classification RatEx42’s methodology reserves the RED (Critical Risk) classification for entities demonstrating a clear, present danger to the financial ecosystem. Meteorex earned this rating due to its systemic opacity. The use of a professional nominee director and a shared virtual office indicates a deliberate effort to shield its true operators from legal liability. Furthermore, the platform’s reliance on an unqualified Czech trade license—a notorious “license of convenience” in the EU that bypasses rigorous financial audits—is a classic red flag for regulatory arbitrage. Consequently, Meteorex has been placed in Tier D of the DAREX Index. Tier D is reserved for digital asset entities demonstrating the highest levels of regulatory risk, severe compliance deficiencies, and an elevated threat of facilitating unauthorized money transmission. Any payment service provider (PSP) or Electronic Money Institution (EMI) processing transactions for this entity is at extreme risk of compliance contagion. Meteorex Key Data Table Data PointDetailsBrand NameMeteorexPrimary Domainmeteorex.netLegal Entity NameMeteorEx s.r.o.Company ID (IČO) / LEI21270244 / 315700XR50H43IT6V946Business ActivityPurported Virtual Asset Services (Phantom Exchange)Registered AddressRohanské nábřeží 678/23, Karlín, 186 00 Praha 8, Czech Republic (Virtual Office)JurisdictionCzech Republic (EU)Regulatory FrameworkUnregulated (Holds basic Czech Trade License, not authorized by CNB)Registered Director (UBO)Andrei Gergeev (Nominee Director)RatEx42 Risk Signal RED (Critical Risk)DAREX Index RatingTier D (High Regulatory Risk) Export to Sheets Call to Action: Protect the Financial Ecosystem Are you processing payments for MeteorEx s.r.o.? Financial intelligence relies on insider knowledge to map shadow fiat rails. If you work for a European EMI, an acquiring bank, or a payment processor that has interacted with MeteorEx s.r.o. or its director Andrei Gergeev, we need your help. Please submit internal compliance flags, transaction routing data, or banking documentation to our secure whistleblower platform, Whistle42. All submissions can be made entirely anonymously. Help us expose illicit shell networks and protect retail investors. Share Information via Whistle42

A reviewed whistleblower package and supporting public-source record place Curaçao trust-office eMoore N.V., part of the EM Group, at the management and Cyprus-linked payment infrastructure of a network of online casino operators that targeted European players without national authorization. The most serious contradiction is plain: while EM Group publicly marketed compliance and German licensing support, its own subsidiary remained managing director of Bellona N.V. for nearly fifteen years while Bellona brands operated against the German market without GGL authorization. Key Findings eMoore N.V. served as managing director of Bellona N.V. from 28 October 2010 to 7 April 2025, linking the firm to the operator behind 1Bet and a wider Bellona brand cluster for nearly fifteen years. The reviewed record says Bellona targeted German players without GGL authorization, without OASIS linkage, and remained active after a 2022 German warning. EM Group’s own website published a 21 December 2022 warning about German court decisions favorable to players and advised operators to obtain local legal opinions, materially undermining any non-knowledge defense. The materials describe a Cyprus layer involving eMoore Cyprus Ltd and vehicles including Arzella Limited, Maliom Ltd, and Xenith Ltd, presented as payment and corporate infrastructure for parts of the casino network. The documented network spans 35 active brands tied by registry records, website footers, invoices, or verified reporting to eMoore, EMS Management, or the Livestrong Building address in Curaçao. Recent EU case law has materially increased the legal exposure around unlicensed gambling claims, director liability, and freezing EU-based accounts. FinTelegram Investigations FinTelegram had already reported in October 2025, based on earlier whistleblower evidence, on the Bellona–Delasport network, including Bellona N.V., Arzella Ltd, Germany-facing exposure, and the apparent absence of required German controls. The newly submitted eMoore / EM Group dossiers materially extend that picture by adding the trust-office, directorship, and broader Cyprus-management layer. Read the Bellona – Delasport report here. Compliance Analysis A Trust Office at the Center of the Story FinTelegram has reviewed a whistleblower intelligence package concerning eMoore N.V., a Curaçao corporate-services and trust-office entity operating under the EM Group brand. The reviewed record supports a serious and defensible working thesis: a group that publicly markets compliance, licensing, and regulatory support appears, on the same documentary record, inside the management and Cyprus-linked payment structure of a Europe-facing online casino network that lacked national authorization in key EU jurisdictions. The intelligence report submitted to FinTelegram details, in a structured and document-backed manner, how casino and gambling schemes associated with eMoore and EM Group repeatedly operated in regulated European markets without the required national licences and were, in several cases, sanctioned or otherwise targeted by regulators and authorities. Enforcement Actions Against eMoore-Linked Casinos This is what makes the case important. The issue is not simply that offshore casino operators targeted European players. The issue is that a firm presenting itself as a compliance specialist appears, on the reviewed record, to have provided parts of the governance, management, and infrastructure that allowed such activity to continue. The intelligence report submitted to FinTelegram contains a detailed account of compliance violations by casinos affiliated with the eMoore/EM Group network. Enforcement actions against eMoore-related casinos The Bellona Case as the Core Example At the center of the record sits Bellona N.V., the Curaçao-based operator behind a cluster of related casino brands, including ZodiacBet, DachBet, WeltBet, EmirBet, Slotimo, Betonic, and Winolot. According to the intelligence package, Bellona’s brands worked with the Cyprus-based payment agent Arzella Limited. Bellona was incorporated on 28 October 2010. The beneficial ownership is said to be linked to the Israeli Shemesh family, in particular Avi Shemesh and Ilan Shemesh, who are also associated with the iGaming software provider Delasport. The Bellona brands reportedly operated on a largely uniform combined casino-and-sportsbook setup built on Delasport infrastructure, using shared backend subdomains and the shared facade-api.com gateway on the same IP range. According to the intelligence report, eMoore N.V. served as Bellona’s managing director from 28 October 2010 to 7 April 2025. During that period, Bellona’s Germany-facing activity allegedly continued without GGL authorization, without OASIS linkage, and after formal German regulatory warnings had already been issued. That matters because it places eMoore not at the edge of the story, but inside it. On the reviewed record, eMoore was not merely an outside corporate-services provider with distant visibility. It was part of the formal management layer of the operator at the heart of this Germany-facing case study. The Delasport Parallel and the SoftSwiss Pattern We are also familiar with this combination of software providers and concealed operator structures from earlier investigations into SoftSwiss and its long-running role in the offshore casino sector. In those cases, too, FinTelegram identified a recurring pattern: a technology or platform provider publicly positioned as a neutral B2B infrastructure partner, while the actual operator layer behind the brands remained opaque, fragmented across offshore entities, and often closely linked to payment intermediaries and regulatory arbitrage. Read our SoftSwiss reports here. The Delasport-Bellona structure described in the whistleblower dossier appears to follow a comparable logic. The software and frontend layer create the appearance of a standardized, scalable platform business, while the underlying operator, payment, and management entities are distributed across jurisdictions such as Curaçao and Cyprus. This does not, by itself, prove that Delasport and SoftSwiss are the same or acted identically. But the structural similarities are significant enough to justify closer scrutiny. This is what makes the case important. The issue is not simply that offshore casino operators targeted European players. The issue is that a firm presenting itself as a compliance specialist appears, on the reviewed record, to have provided parts of the governance, management, and infrastructure that allowed such activity to continue. The Central Contradiction: Compliance in Public, Exposure in Practice The strongest element of the whistleblower package is the compliance contradiction. EM Group publicly markets compliance solutions, including a Germany-facing “SecurePlay” offering. At the same time, the uploaded record points to EM Group’s own article of 21 December 2022, in which it acknowledged a growing body of German court decisions favorable to players and advised operators to obtain local legal advice on the legality of their activities. (the-emgroup.com) This is the point that materially weakens any simple non-knowledge defense. If the group was publicly commenting on mounting German legal risk in 2022, while one of its own directed operators was reportedly already under German scrutiny, then the contradiction becomes difficult to ignore. In plain terms, EM Group appears to have been discussing the risk publicly while the same risk was already embedded inside its own management orbit. Selective Compliance and the Germany Problem The record becomes even more serious on the question of actual knowledge and selectivity. The dossier cites Follow the Money’s January 2025 reporting for the proposition that eMoore instructed Delasport to geo-block the Netherlands and the United States, but not Germany, which was treated as a key target market. These reportings suggest selective compliance: some jurisdictions were protected once risk became obvious, while Germany, despite its importance and despite regulatory warnings, remained exposed. Beyond Bellona: A Broader Operator Network The whistleblower materials also widen the lens beyond Bellona. The uploaded network documentation ties additional operators and brands to eMoore management, including Mandarin Gaming N.V., Exedra N.V., and Casiworx N.V. Among the brands listed are 1Bet, Betonic, Slotimo, CasinoBet, BangBang Casino, Casino 770, EGB, WinCraft, SlotoRush, Norsewin, and FreakyBillion. The intelligence report presents a structured methodology based on registry extracts, operator disclosures, invoices, and live-site verification. The broader network thesis seems certainly plausible. The Cyprus Layer: Corporate and Payment Infrastructure One of the most important additions in the package is the Cyprus layer. eMoore Cyprus Ltd is listed as director and/or secretary of Cyprus entities including Maliom Ltd, Xenith Ltd, and Arzella Limited. Arzella is presented as Bellona’s payment agent, while Xenith is presented as payment infrastructure for the Casiworx cluster. That does not prove misconduct by every payment counterparty or every entity mentioned in the documents. But it does suggest that the offshore operator layer may have been paired with an EU-based corporate and payment layer. That is a critical point because Cyprus-based vehicles, accounts, and directors are potentially more reachable for courts and regulators than the Curaçao entities standing alone. The Wunner Ruling & Implications The Wunner ruling changes the legal risk map for eMoore’s Bellona involvement. Since the CJEU held that, as a general rule, a player may sue under the law of their own country of residence and that the damage from illegal online gambling is deemed to occur where the player resides, the long-favoured offshore-distance defence looks weaker than before. Just as importantly, the Court confirmed that claims against directors of an unlicensed foreign gambling operator are tort claims under Rome II, not protected company-law issues. Read more about the Wunner Ruling here. In the Bellona context, this means EU players may argue that a statutory managing director such as eMoore sits within the liability chain where Bellona brands targeted their country without the required licence. Their potential claims include recovery of losses or damages under domestic law, director-liability claims where national law recognizes them, and follow-on enforcement against EU-based assets or payment structures. The precise remedy differs from one Member State to another, but the strategic point is now much clearer: where the casino was illegal in the player’s country, the player’s law may follow the case all the way up to the management layer. For Germany specifically, player claims are strengthened not only by Wunner, but also by German national case law and the separate Tipico line. FinTelegram’s Working Conclusion FinTelegram’s conclusion at this stage is narrow, strong, and defensible. The documentary record reviewed by us places eMoore / EM Group at the management, payment-related, and compliance-infrastructure layer of a network of Curaçao-linked operators repeatedly tied to unauthorized Europe-facing gambling activity. The decisive issue is no longer whether EM Group sold compliance services in public. It did. The decisive issue is whether those services were applied consistently when the group’s own directed operators were exposed to escalating warnings, fines, court losses, and cross-border player claims. On the reviewed record, that answer appears deeply unfavorable to the group. Summary Table CategoryNameRole / RelevanceNotesTrust-office / corporate serviceseMoore N.V.Curaçao managing-director entityReported MD of Bellona N.V. from 2010–2025; also tied to other operators in uploaded recordGroup brandEM Group(the-emgroup.com)Public-facing compliance/corporate-services brandMarkets licensing and compliance support, including Germany-facing SecurePlayKey individualGeorge F.J.M. van Zinnicq BergmannCo-founder / public face / directorPublic compliance posture contrasted with uploaded record; quoted by FTM and cited in dossierOperator entityBellona N.V.Core case-study operatorLinked to 1Bet and other brands; eMoore as MD until April 2025Beneficial owner named in dossierIlan ShemeshNamed beneficial owner of Bellona / sister structuresStated in uploaded record; should be framed as dossier-based unless separately re-verifiedCyprus entityArzella LimitedCyprus payment / corporate layerPresented as payment agent for Bellona; Cyprus entityMaliom LtdCyprus payment / corporate layerPresented as payment-agent layer in dossier. eMoore Cyprus Ltd listed as secretary Cyprus entityXenith LtdCyprus payment / processing layerPresented as payment processor for Casiworx brands in dossier. eMoore Cyprus Ltd listed as director/secretaryCyprus entityeMoore Cyprus LtdCyprus management layerDescribed as director/secretary of Arzella, Maliom, Xenith and related vehiclesOther operator entitiesMandarin Gaming N.V.; Exedra N.V.; Casiworx N.V.; Prolific Trade N.V.Additional network entitiesListed in uploaded record as part of broader eMoore-linked networkSample brands1Bet, Betonic, Slotimo, CasinoBet, BangBang Casino, Casino 770, EGB, WinCraft, SlotoRush, Norsewin, FreakyBillionConsumer-facing casino brandsIncluded in uploaded 35-brand network inventoryPublic-source media referenceFollow the MoneyHeise reportingReported on Bellona targeting, warnings, and geo-blocking issues FinTelegram’s Position at This Stage FinTelegram’s position at this stage is careful but clear. Based on the whistleblower package and the corroborating public record, there is a substantial basis to report that eMoore / EM Group appears in the management and Cyprus-linked payment infrastructure of a broader network of unauthorized Europe-facing casino activity. That is a defensible conclusion. It does not require us to claim final legal liability or make criminal findings that only courts and regulators can establish. But it does justify serious scrutiny of the group, its related vehicles, and the payment and corporate-service ecosystem around it. A Call to Insiders and Players If you worked with eMoore, EM Group, Bellona, Arzella, Maliom, Xenith, Delasport, or any of the brands named in this report — as an employee, contractor, affiliate, PSP, platform provider, compliance adviser, or corporate-services provider — we invite you to contact us securely. If you are a player who deposited with or lost money to one of these brands in Germany, Austria, the Netherlands, Sweden, Denmark, Spain, or elsewhere in Europe, we also want to hear from you. Send us documents, payment records, internal emails, KYC material, affiliate invoices, or player correspondence securely via Whistle42.Your information may help regulators, affected players, and the public understand how this network operated — and who enabled it. Share Information via Whistle42

The CJEU’s January 2026 ruling in Wunner (C-77/24) could become a turning point in Europe’s fight against illegal online casinos. The Court held, as a general rule, that a player may rely on the law of their own country of residence when bringing a tort claim against the directors of a foreign gambling operator that lacked the required national licence. For the illegal casino sector, that materially increases director-level exposure. For players, it strengthens the path to pursue claims at home rather than being pushed into offshore or foreign-law battles. Key Findings In Wunner (C-77/24), the CJEU held that a player may, as a general rule, rely on the law of their country of residence when suing the directors of a foreign gambling provider that did not hold the licence required in that country. The Court said the relevant damage is generally deemed to occur in the Member State where the player is habitually resident. The action against directors is treated as a tort or delict claim under the Rome II Regulation, not as a company-law issue excluded from that framework. The underlying facts involved an Austrian player suing the directors of Titanium Brace Marketing Limited, a Maltese gambling provider licensed in Malta but not in Austria. The CJEU did not decide the directors’ ultimate liability; it interpreted EU law, and the national court remains responsible for deciding the case. Why the Wunner Judgment Matters The Wunner judgment is not just another technical conflict-of-laws ruling from Luxembourg. For the illegal online casino sector, it may become one of the most important legal developments in recent years. The reason is simple: it reduces the protective value of offshore or foreign corporate distance when a casino targets players in a country where it lacks the required licence. For years, the sector has relied on structural fragmentation. Operators were incorporated in one jurisdiction, licensed in another, directed from elsewhere, and marketed across Europe into states with stricter national gambling rules. Wunner cuts into that model by stating that, in claims against directors for unlawful gambling offers, the legal center of gravity is generally the player’s country of residence. The Facts Behind the Case The case arose from an Austrian player’s claim against the two directors of Titanium Brace Marketing Limited, a Maltese provider of online games of chance. Titanium held a Maltese gambling licence, but it did not hold the licence required in Austria. The player argued that the gambling contract was null and void and that, under Austrian law, the directors were personally liable for Titanium’s illegal offer of online gambling in Austria. The directors challenged both jurisdiction and applicable law. They argued that the relevant place of damage was Malta and that Maltese law, not Austrian law, should apply. The Austrian Supreme Court referred the issue to the CJEU. What the Court Actually Held The CJEU said that the Rome II Regulation applies to this kind of action because it concerns a non-contractual obligation arising out of tort or delict. The Court also said that this type of director-liability claim is not excluded as a pure matter of company law, because the alleged liability arises from an obligation external to the company’s internal affairs. That is the first key point. The second is even more important: the law that generally applies is the law of the country where the damage occurs, and in this context the damage must be deemed to occur in the Member State where the player is habitually resident. In the actual case, that meant Austria. The Court added one qualification: where all the circumstances show that the tort is manifestly more closely connected with another country, the court seised may depart from the general rule. But the starting point remains the player’s home country. Why This Is Dangerous for Illegal Casino Directors This judgment is especially relevant for directors, nominee managers, trust-office appointees, and governance-layer figures in the illegal gambling sector. It suggests that their exposure cannot automatically be neutralized by the jurisdiction of incorporation or by the operator’s foreign licence. If the operator was targeting players in a country where it lacked the required national licence, national law in the player’s home country may become the governing law for tort claims against the directors. That does not mean every director is automatically liable. The CJEU did not decide liability. But it did make clear that actions against directors are legally viable within the Rome II framework and that the place of damage is generally where the player resides and suffers the loss. That is a serious shift in litigation risk. What It Means for Players For players, Wunner is a significant strategic advantage. It strengthens the argument that they can pursue claims under the law of their own country instead of being forced into the operator’s preferred foreign-law forum. In practical terms, this makes recovery actions more realistic in regulated jurisdictions where the domestic licensing framework is central to the legality analysis. The Court’s reasoning is particularly important for online gambling because digital gambling is hard to locate physically. The CJEU addressed that directly and said that, given the nature of online games of chance, they must be regarded as having taken place where the player is habitually resident. Why It Matters for FinTelegram’s Research This ruling fits directly into FinTelegram’s work on illegal casinos, payment rails, platform providers, and trust-office structures. In many of these cases, the key question is no longer just whether an operator lacked a national licence. The sharper question is who directed the operator, who enabled the offer, and which individuals may now face claims under the law of the player’s country. That is where Wunner becomes highly relevant. This final point is an analytical implication drawn from the judgment’s logic. For networks that rely on layered management structures in Malta, Curaçao, Cyprus, or other hubs, Wunner increases the significance of directors and formal management entities. In that sense, it is not merely a player-rights case. It is also a warning to the governance layer of Europe-facing illegal casino operations. This too is an inference from the ruling’s reasoning rather than an express holding. Summary Box Case: C-77/24, Wunner.Date: 15 January 2026.Core holding: A player may generally rely on the law of their country of residence when suing directors of a foreign gambling provider that lacked the required local licence.Legal basis: Rome II Regulation on non-contractual obligations.Why it matters: It increases exposure for illegal casinos’ directors and strengthens domestic recovery paths for players. Conclusion The Wunner ruling sends a clear signal to the illegal online casino sector. Where a casino targets players without the licence required in their country, the legal consequences do not automatically remain offshore. The player’s home country matters. The player’s law matters. And the directors behind the operator may face personal tort exposure under that law. For players, that is an opening. For illegal casinos and their directors, it is a warning. Request For Information If you worked for an illegal casino, payment processor, platform provider, affiliate network, trust office, or nominee-director structure serving Europe-facing gambling schemes, contact us securely via Whistle42. If you are a player who lost money to a casino that targeted your country without the required national licence, send us your documents, payment records, account correspondence, and legal filings. Your information may help expose the people and structures behind the operator. Share Information via Whistle42

Volt, a KNF-licensed open-banking provider backed by top-tier investors appears in recorded deposit flows for illegal offshore casinos targeting users in Germany. FinTelegram’s review shows Volt’s checkout embedded in payment journeys routed through crypto-linked intermediaries, raising hard questions about merchant due diligence, payment blocking under German gambling law, and the compliance perimeter for regulated PISPs. Key Findings Volt Technologies sp. z o.o. is authorised by the Polish Financial Supervision Authority (KNF) as a National Payment Institution under entity ID 635816. Volt’s current corporate materials identify Steffen Vollert as CEO, while the group’s funding rounds include a $23.5 million Series A in 2021 and a $60 million Series B in 2023. In deposit flows reviewed by FinTelegram, checkout.volt.io appears inside Germany-facing casino deposit journeys, with MeteorEx and Bitcan shown as beneficiaries rather than the casino itself. Volt’s own end-user terms state that, for some merchants, a Volt-initiated payment may be made to a merchant provider rather than directly to the merchant. German gambling law expressly prohibits participation in payments connected with unauthorised gambling, and German courts have upheld payment-blocking measures against payment providers, including a case involving a Zahlungsauslösedienst. The Question How does a deposit to an illegal offshore casino end up as an open-banking payment authorised by a payment institution licensed by the Polish Financial Supervision Authority? That is the central compliance question raised by two deposit flows reviewed by FinTelegram. In both, the user starts on an offshore casino front-end accessible from Germany. In both, the payment path runs through gateway layers before landing on checkout.volt.io, where Volt appears as the payment-initiation layer. And in both, the beneficiary shown on the Volt checkout is not the casino, but a crypto-linked intermediary. Read our reports on Volt here. Why Volt Matters Volt is not some obscure back-office vendor. Public records show that Volt Technologies sp. z o.o. is a KNF-authorised Krajowa Instytucja Płatnicza / National Payment Institution, and Volt’s own regulatory page says the Polish entity is used for its regulated European activity. Companies House also shows the group structure through Volt Technologies Holdings Limited and Volt Technologies Limited, both registered at 42 Berners Street, London. The FCA register shows Volt Technologies Limited as an authorised EMI, and Volt’s own user terms identify FCA firm reference number 982594. Volt’s current “About” page identifies Steffen Vollert as CEO and lists major milestones including the Polish payment-institution licence in August 2023 and the UK EMI licence in February 2024. Volt’s public announcements also confirm a $23.5 million Series A led by EQT Ventures in 2021 and a $60 million Series B led by IVP in 2023, with participation from CommerzVentures and existing backers. That regulated status is not the problem. The problem is the use case. The Regulatory Context In Germany Germany’s Interstate Treaty on Gambling prohibits those involved in payment transactions from participating in payments for unauthorised gambling after prior notification of the unlawful offer. The English translation of the treaty also makes clear that the prohibition explicitly targets parties involved in the payment chain, including credit and financial service institutions. The GGL’s enforcement posture has become more aggressive. Public reporting on the authority’s 2023 activity says it reviewed 1,864 websites and initiated 133 prohibition proceedings. Reporting on its 2024 activity states that it reviewed over 1,700 websites and initiated 231 prohibition proceedings. The courts have also reinforced the payment-blocking model. In October 2023, the OVG Sachsen-Anhalt confirmed the legality of a prohibition relating to payment services for illegal gambling. The GGL itself cites that ruling as judicial confirmation of its approach. In December 2024, the same court issued a decision publicly described as a lawful payment-blocking order against a Swiss-based Zahlungsauslösedienst. In plain terms, payment firms are now squarely inside the illegal-gambling enforcement perimeter in Germany. The Observed Deposit Flows FinTelegram reviewed two deposit recordings involving Germany-facing casino front-ends. Flow A: PalmSlots The first flow begins on a PalmSlots deposit interface, where the user selects an open-banking type payment option. The route then passes through cashier.smartpayz.com and tollgate.smartpayz.com, before reaching gate.wltpay.pro and then checkout.volt.io. On the Volt checkout, Germany is selected as the country and MeteorEx appears as the beneficiary. The user then proceeds toward bank authorisation. Flow B: PureBets The second flow begins on a PureBets deposit interface, where the user selects a “Bank Transfer” option. The route again passes through Smartpayz layers before reaching gatewaycpay.com. There, the user is shown a bank-selection step and a consent screen stating that they agree to buy crypto and send it to a designated address, with Bitcan Sp. z o.o. identified on that layer reviewed by FinTelegram. The user is then redirected to checkout.volt.io, where Bitcan Sp. z o.o. appears as the beneficiary. These observations matter because Volt is not merely an invisible API in the background. In the reviewed flows, Volt’s checkout appears at the decisive payment-initiation stage, and the regulated Polish entity is identified on the authorisation layer reviewed by FinTelegram. The Intermediaries In The Rail Map MeteorEx S.r.o. MeteorEx s.r.o. (ICO 21270244) is a Czech-registered company (registered 26 February 2024, 1-5 employees) operating meteorex.net, a cryptocurrency service provider. The website describes it as a platform for buying cryptocurrency using credit cards, bank transfers, Apple Pay, Google Pay, and other payment methods. MeteorEx positions itself as non-custodial and decentralised. MeteorEx appears as the beneficiary on Volt’s checkout in Flow A. GloboPay UAB, a crypto exchange, publicly lists MeteorEx (meteorex.net) as one of its fiat payment service providers alongside Bitflow and Munzen. This suggests MeteorEx functions as a fiat-to-crypto on-ramp in the broader ecosystem. Bitcan Sp. z o. o. Bitcan Sp. z o.o. (KRS 0000808472, NIP 6292495068) is registered at ul. Jana Henryka Dąbrowskiego 77A, 60-529 Poznań. Board: Piotr Bień (Prezes Zarządu). The company operates bitcan.pl, a cryptocurrency exchange offering buying, selling, and withdrawal services, including at over 100 stationary locations. It uses biometric identity verification and AI-based transaction monitoring. Bitcan is wholly owned by ARI10 Sp. z o.o., a Polish crypto holding whose products include the ARI10 token, a payment gateway (ARI10 Gateway), and crypto POS terminals (Cryptoterminal). ARI10’s co-founders include Mateusz Kara (CEO) and Piotr Bień, who also serves as Prezes Zarządu of Bitcan. FinTelegram has published a separate investigation into the ARI10/Bitcan gateway, documenting how “Bank Transfer” casino deposits are converted into stablecoin on-ramps through ARI10’s infrastructure. Bitcan appears as the beneficiary on Volt’s checkout in Flow B, where the user explicitly consents to buying crypto and sending it to a designated wallet address. On the gatewaycpay.com consent screen, Bitcan Sp. z o.o. is named as the entity processing the data and conducting the crypto sale. Smartpayz Smartpayz (smartpayz.com) operates as a payment cashier and orchestration gateway. It appears in both flows as the first redirect layer after the casino deposit UI. The entity has been rated Black (Critical Risk) by RatEx42 in partnership with FinTelegram (February 2026), which confirmed a “Ghost Entity” status: no verifiable legal existence in UK Companies House or any major financial registry. The investigation found Smartpayz to be deeply integrated into the payment stacks of major offshore gambling groups. wltpay.pro wltpay.pro (gate.wltpay.pro) appears in Flow A as a payment processing/redirect layer between Smartpayz and Volt’s checkout. It displays a generic “We are processing your transaction” screen. The domain appears to be a white-label payment gateway. No public corporate registration has been identified for this entity. gatewaycpay.com gatewaycpay.com appears in Flow B as an additional orchestration layer between Smartpayz and Volt. It displays a bank selection screen and, critically, a consent form that names Bitcan Sp. z o.o. and includes an explicit checkbox: “I agree to buy crypto and send to the designated address.” That is exactly the kind of layered structure regulators tend to examine closely. The Merchant-Due-Diligence Issue Volt’s own EU Merchant Services Agreement states that Volt makes the solution available to merchants for integration into their websites, and that Volt may suspend access if the use may be fraudulent, unlawful, or expose Volt to liability or breach applicable laws. Volt’s own End User Terms go further and state that, for some merchants, a Volt-initiated payment may be made to a merchant provider rather than directly to the merchant. The EBA’s published Q&A 2021_6048 also captures the merchant-facing AML/CDD logic behind the PISP model, stating that PISPs are not expected to conduct CDD on both the payee-customer and the payer at the same time, and referencing the online merchant as the customer in that context. That does not, by itself, prove a due-diligence failure. But it sharpens the real compliance question: Who exactly did Volt onboard in these flows, and what downstream use case was represented at onboarding and during ongoing monitoring? If the onboarded counterparty was an intermediary such as MeteorEx, Bitcan, or another merchant provider rather than the casino itself, then the next question becomes unavoidable: did Volt understand that its regulated payment-initiation rail was being used in practice to fund deposits originating on Germany-facing offshore casino front-ends? Why Flow B Matters Most Flow B is the strongest part of the evidentiary picture reviewed by FinTelegram. The user starts from a casino payment option framed as a fiat transfer. But before reaching Volt’s checkout, the user is shown a consent layer stating that they agree to buy crypto and send it to a designated address. After that, Volt initiates the payment flow with Bitcan shown as the beneficiary. That sequence suggests a functional pattern in which a “bank transfer” deposit on a casino front-end is transformed into a crypto-funding leg routed through an intermediary, while Volt provides the payment-initiation layer that moves the funds. Even without alleging intent, that is the kind of architecture regulators dislike: the gambling operator is not the visible payee on the regulated payment screen, crypto conversion is introduced mid-flow, and the named beneficiary is an intermediary rather than the casino collecting the deposit. The Operator Side For Germany, the core legal issue is not whether an offshore casino front-end points to a Curaçao licence somewhere in its terms. The core issue is whether it is authorised in Germany. German law prohibits payment participation for unauthorised gambling offers, and the GGL’s enforcement record shows that it has treated payment services as a practical enforcement chokepoint. That makes the rail map more important than the marketing language on the casino site. Why This Matters For Volt Volt is a venture-backed, licensed payment institution with a merchant-facing open-banking model. Its infrastructure is designed for regulated real-time payments, not for plausible deniability inside layered illegal-gambling deposit flows. That is why its appearance in these flows matters. The pressure points are threefold. First, merchant onboarding and monitoring. If Volt onboarded an intermediary whose payment flow was being used, in practice, to fund Germany-facing illegal-gambling deposits, regulators will ask what was known, what should have been known, and what controls existed. Second, German gambling enforcement. The legal position has clearly shifted beyond the operator alone. The payment layer is in scope, and recent case law confirms that payment-blocking can reach even foreign payment initiators. Third, home-state supervision. Volt’s Polish entity is supervised by the KNF as a National Payment Institution. Questions about merchant due diligence, transaction monitoring, and the handling of high-risk or deceptive payment use cases therefore sit within a regulated supervisory perimeter, not just at the margins of gambling law. 8. Entities and Domains Observed LayerObserved entity / domainRoleCasino front-endPalmSlotsPurebetspalmslots07.com, purebets436.comCasino deposit interfaces reviewed in the recorded flows. Presented bank-transfer / open-banking style deposit options.Gateway / cashier layerSmartpayzcashier.smartpayz.com, tollgate.smartpayz.comUpstream payment orchestration / redirect layer observed in both flows. Public legal-entity identification remains unclear based on ordinary public-source checks.Additional gateway layergate.wltpay.proIntermediate processing / waiting page observed in Flow A before redirect to Volt checkout. Public corporate attribution remains unclear.Additional gateway / consent layergatewaycpay.comIntermediate orchestration layer observed in Flow B. In the reviewed flow, it displayed bank-selection and a consent step referring to crypto purchase and transfer to a designated address.PISP / checkout layercheckout.volt.ioVolt checkout layer where bank selection and beneficiary display occurred in the reviewed flows. Volt’s Polish regulated entity was identified on the bank-authorisation layer reviewed by FinTelegram.Beneficiary / intermediary #1MeteorEx s.r.o. / meteorex.netCrypto-linked service provider shown as beneficiary on the Volt checkout in Flow A, according to the reviewed recording. MeteorEx’s own site identifies ICO 21270244 and a Prague address.Beneficiary / intermediary #2Bitcan Sp. z o.o. / bitcan.plPolish crypto company shown as beneficiary on the Volt checkout in Flow B, according to the reviewed recording. Public register data supports the Bitcan corporate identity.Regulated payment entityVolt Technologies sp. z o.o.KNF-authorised Krajowa Instytucja Płatnicza / National Payment Institution. Entity ID 635816 in the KNF register. 9. Summary Data: Volt.io CategoryDetailsHolding entityVolt Technologies Holdings Limited (UK)Holding registrationCompanies House 12140559, 42 Berners Street, London, W1T 3ND.Polish operating entityVolt Technologies sp. z o.o., KRS 0000835557, NIP 6751727042, ul. Stefana Rogozińskiego 6, 31-559 Kraków. Public register sources show registration on 23 March 2020.UK operating entityVolt Technologies Limited, Companies House 14234292, 42 Berners Street, London, W1T 3ND. FCA register and Volt’s user terms support authorised EMI status.Current senior leadershipVolt currently identifies Steffen Vollert as CEO.Polish licenceNational Payment Institution / Krajowa Instytucja Płatnicza, authorised by the KNF on 25 August 2023; entity ID 635816.Funding$23.5m Series A (2021) and $60m Series B (2023); investors publicly named by Volt include EQT Ventures, IVP, CommerzVentures, Augmentum Fintech, and Fuel Ventures.Publicly claimed modelVolt markets itself as infrastructure for real-time account-to-account payments and merchant integration.Observed role in reviewed flowsIn FinTelegram-reviewed recordings, Volt’s checkout appeared as the payment-initiation layer in two Germany-facing casino deposit journeys, with MeteorEx and Bitcan shown as beneficiaries rather than the casino itself. Conclusion The issue raised by these deposit flows is not whether Volt is licensed. It is. The issue is whether a licensed open-banking payment initiator can credibly claim distance when its checkout is embedded in deposit journeys that begin on offshore casino front-ends, pass through opaque gateway layers, and end with payments to crypto-linked intermediaries instead of the gambling operator itself. In the materials reviewed by FinTelegram, that is precisely the pattern. And in one of those flows, the user was explicitly told they were buying crypto and sending it to a designated address after selecting a casino bank-transfer option. That is not a minor compliance detail. It is a rail-map problem with regulatory consequences. Whistle42 Call for Information If you have first-hand information, payment screenshots, gateway records, merchant documentation, onboarding materials, compliance correspondence, or internal knowledge about Volt, Smartpayz, gatewaycpay, wltpay, MeteorEx, Bitcan, or the payment rails behind Germany-facing offshore casinos, contact Whistle42 securely. FinTelegram welcomes documents, technical evidence, and insider information relevant to illegal gambling payment infrastructure and compliance failures. Share Information via Whistle42 Footnotes / Sources KNF register entry for Volt Technologies sp. z o.o., entity ID 635816. Volt regulatory page identifying the Polish entity as a KNF-regulated National Payment Institution. Companies House entry for Volt Technologies Holdings Limited. Companies House entry for Volt Technologies Limited. FCA register / Volt legal terms for Volt Technologies Limited and EMI status. Volt “About” page identifying Steffen Vollert as CEO and listing group milestones. Volt funding announcements: $23.5m Series A and $60m Series B. Public Polish register data for Volt Technologies sp. z o.o. showing address and registration date. German State Treaty on Gambling 2021, English translation, payment-participation prohibition. GGL / market reporting on 2023 and 2024 enforcement figures. OVG Sachsen-Anhalt 2023 and 2024 payment-blocking decisions; GGL enforcement page. EBA Q&A 2021_6048 on PISP AML/CDD logic. Volt EU Merchant Services Agreement. MeteorEx site / contact page. Volt End User Terms, including payments to a merchant provider. Bitcan register-backed corporate data and shareholder / management references. ARI10 leadership page.

According to RatEx42, the crypto exchange KuCoin has been classified as DAREX Tier D — Material Regulatory Transition Exposure. The classification follows supervisory action by Austria’s FMA, which prohibited KuCoin’s EU entity from conducting new business. The case highlights how even MiCA-authorized structures can face significant operational continuity risks. Key Findings RatEx42 assigns DAREX Tier D to KuCoin Austrian FMA prohibited KuCoin EU entity from onboarding new business Supervisory action linked to AML/CFT and sanctions control deficiencies Demonstrates structural regulatory exposure despite prior MiCA positioning What Is DAREX? The Digital Asset Regulatory Exposure Index (DAREX) is a structured analytical framework developed by RatEx42. It assesses the regulatory transition exposure and operational continuity sensitivity of digital asset infrastructure providers, including exchanges, custodians, and on/off-ramps. DAREX does not evaluate financial strength or solvency. Instead, it focuses on how regulatory developments may impact the ability of a provider to continue operating across jurisdictions. KuCoin’s EU Strategy Meets Supervisory Reality KuCoin (www.kucoin.com) had positioned itself as a forward-looking player in Europe by announcing that its Austrian entity, KuCoin EU Exchange GmbH, had obtained a MiCA license to operate across the European Economic Area. Read our KuCoin reports here. However, this positioning was materially challenged in February 2026, when Austria’s Financial Market Authority (FMA) issued a supervisory measure prohibiting the entity from conducting new business. The regulator cited deficiencies in internal organization related to AML/CFT and sanctions compliance. This development places KuCoin in a structurally sensitive position within the EU regulatory environment. DAREX Classification Explained According to RatEx42, KuCoin’s DAREX Tier D classification is driven by a decisive supervisory event rather than gradual deterioration. The DAREX framework distinguishes between: Structural regulatory exposure (DAREX) Conduct or compliance risk (RatEx42 risk signals) In KuCoin’s case: The existence of a MiCA license would normally support a lower exposure classification However, the FMA prohibition on new business constitutes a material regulatory event directly affecting operational continuity Under DAREX governance rules, such supervisory actions act as hard triggers, overriding the numerical scoring model and leading to Tier D. Importantly, this classification does not imply insolvency or financial distress. It reflects elevated regulatory exposure and operational sensitivity within the EU market. Implications for Merchants & Counterparties For merchants, institutional traders, and counterparties, the KuCoin case illustrates a key point: Regulatory authorization alone does not eliminate operational risk. Supervisory intervention can: Restrict onboarding of new clients Limit expansion within regulated markets Increase compliance and operational uncertainty In practical terms, counterparties should monitor not only licensing status but also ongoing supervisory relationships and enforcement signals. Conclusion KuCoin’s classification as DAREX Tier D highlights how quickly regulatory exposure can escalate, even for entities that have entered the MiCA authorization layer. The case reinforces the relevance of DAREX as a framework focused on structural regulatory risk, rather than reputational or financial assessments. Whistle42 Call for Information FinTelegram encourages insiders, merchants, and users with information about KuCoin or similar crypto service providers to come forward. You can submit information securely and, if necessary, anonymously via the Whistle42 platform. Share Information via Whistle42

A new whistleblower dossier strengthens FinTelegram’s earlier reporting on GammaG, the Georgian payment processor operating as GammaG. The new material does not prove common ownership with CoinsPaid, CryptoProcessing, or the wider Dream Finance ecosystem. But it does show something operationally important: a merchant relationship that allegedly began through CoinsPaid appears to have been routed into GammaG, then collapsed into a prolonged funds dispute, opaque “bank return” claims, and a notice that the servicing entity would be shut down. In the post-Lithuania environment, that is exactly the kind of pattern compliance professionals should pay attention to. Key Findings A whistleblower says a merchant seeking crypto payouts was onboarded through CoinsPaid but ultimately signed to GammaG. The merchant says it topped up its wallet with $30,000, after which the funds effectively disappeared for months. Uploaded emails show GammaG repeatedly claiming the money had been returned by the bank, while failing to provide documentary proof. In a separate email chain, GammaG informed the same client that the servicing legal entity would be closed and the contract terminated due to “operational and compliance requirements across various jurisdictions.” This sequence strengthens FinTelegram’s working hypothesis that GammaG may have served as a continuity or substitute rail for parts of the CoinsPaid / CryptoProcessing / Dream Finance orbit. The Merchant Trail Is the Real Story According to the whistleblower, the affected business is a YouTube creator payment network that pays partners a revenue share. Some clients wanted to receive their payouts in crypto, so the company used CoinsPaid. But instead of remaining in a clearly branded CoinsPaid relationship, the merchant says it was ultimately contracted through GammaG. It then topped up its wallet with $30,000, and the money allegedly became stuck for almost a year. That matters because this is not just another support complaint. It goes to the compliance core: who actually contracted the merchant, who controlled the wallet, who touched the funds, and which entity carried the AML and conduct obligations. The Emails Add Evidentiary Weight The uploaded correspondence materially supports the whistleblower’s account. In one thread, GammaG told the merchant that the funds had been returned by the bank and asked the client to verify receipt. When the merchant replied that nothing had arrived, GammaG said it had requested formal payment confirmation and would forward it once received. But in the materials provided to FinTelegram, no such proof appears. Instead, the merchant repeatedly escalated, stating: “We’ve received nothing yet,” then demanding proof, and later warning that the matter would become public and criminal complaints would follow. That is a serious red flag. If a processor claims that funds were returned through a banking partner, it should be able to produce a clear documentary trail. The Shutdown Notice Is Even More Telling A second email thread may be even more revealing. There, GammaG told the merchant that the legal entity providing services would be formally closed and would cease operations. As a result, the contractual relationship would need to be terminated. GammaG attributed this to a review of “operational and compliance requirements across various jurisdictions.” That is not routine language. It suggests an entity under stress, whether due to restructuring, banking pressure, jurisdictional risk, or migration into another vehicle. Combined with the unresolved funds issue, the message points to something larger than a single merchant dispute. It suggests an unstable servicing chain at the very moment the legal entity itself appears to have been in flux. The GammaG emails — citing “ongoing review of operational and compliance requirements across various jurisdictions” — mirrors the language used by Dream Finance UAB in its Lithuanian suspension notice and the liquidation notices in El Salvador and Poland. This is a recurring playbook: regulatory pressure triggers entity closure, but client funds are not returned — they are “in transit from the bank” indefinitely, and communications degrade into automated ticket responses with no substance. Why This Fits the Existing FinTelegram Hypothesis FinTelegram has already reported on the apparent proximity between GammaG, CoinsPaid, CryptoProcessing, and the wider Dream Finance / SoftSwiss ecosystem. The new whistleblower material does not prove formal integration, but it does reinforce the functional closeness FinTelegram had already identified. That is especially relevant because Dream Finance’s Lithuanian route came under pressure as the regulatory perimeter tightened. In that context, a Georgian processor assuming a more prominent role would make obvious operational sense. If one structure becomes impaired, another node in the network may pick up the flow. This is why GammaG matters. The issue is not whether the public-facing brands look separate. The issue is whether GammaG functioned as a continuity rail when older structures became less usable. Why GammaG Fits the Existing FinTelegram Hypothesis FinTelegram’s earlier reporting already placed GammaG in the same investigatory field as CoinsPaid, CryptoProcessing, Dream Finance, and the broader SoftSwiss payment orbit. The new whistleblower information does not overturn that reporting. It reinforces it. The critical point is this: the source says it came to GammaG through CoinsPaid. That alone does not prove common ownership. But it does strongly support the view that GammaG was not operating in isolation. Rather, it appears to have been functionally close enough to the CoinsPaid channel to serve as a contracting or operational endpoint for a merchant relationship that originated there. That is precisely the kind of arrangement investigators need to scrutinize. In high-risk sectors, especially those touching crypto, gambling, offshore merchants, and cross-border processing, the real structure often only becomes visible when a merchant relationship breaks down. And when it breaks down, the most important question is usually not what the public-facing brand says. It is which entity actually held the risk, touched the funds, and dealt with the banks. The Dream Finance Context Makes GammaG More Important This case cannot be viewed in isolation from the regulatory backdrop. As FinTelegram has reported, the Dream Finance Group, associated with CoinsPaid and CryptoProcessing, was forced to retreat from Lithuania at the end of 2025 as the regulatory perimeter tightened. That matters because Lithuania had long been a favored jurisdiction for crypto and payment structures serving cross-border business. Once those structures became impaired or politically costly, any ecosystem dependent on them would need alternatives. That is where GammaG becomes strategically interesting. A Georgian company stepping into a more prominent role would make obvious operational sense. Georgia sits outside the tightening EU crypto perimeter, offers geographic and structural distance, and can function as a useful alternative base for higher-risk payment activity if Lithuanian channels become unavailable or commercially toxic. This is why the new whistleblower material matters so much. It adds a concrete merchant-side example to a broader pattern FinTelegram has already been documenting: when one legal route closes, another node in the network appears to pick up the flow. The GammaG–CoinsPaid–SoftSwiss Triangle The wider context is what gives the GammaG material its investigative significance. CoinsPaid and CryptoProcessing sit within the Dream Finance cluster, while SoftSwiss is not just a gaming software name in the background. SoftSwiss publicly said that FinteqHub was developed by its PSP team, and Ivan Montik’s official SoftSwiss biography states that he serves as an adviser and mentor at CoinsPaid. Those are not rumor-level associations; they are public statements from SoftSwiss itself. Read more about the Dream Finance Group here. FinTelegram’s prior investigations establish the structural context: GammaG LLC (Georgia) surfaces behind the “CoinsPaid” deposit button at offshore casinos such as Vegadream (Starscream Group), where the merchant descriptor explicitly reads “STARDUST GLOBAL CCS LTD (Starscream)”. GammaG and CoinsPaid are presented jointly as a combined rail in iGaming support documentation (“Coinspaid / GammaG”), confirming operational integration rather than coincidence. The Dream Finance Group (CoinsPaid / CryptoProcessing) is controlled by beneficial owners Max Krupyshev (CEO, Ukraine) and Alexander Horst Riedinger (Austria), with entities spanning Estonia, Lithuania (now shut), El Salvador (liquidated), Poland (liquidated), Delaware, and Canada. Dream Finance UAB (Lithuania) suspended all crypto services at the end of 2025 following the expiry of MiCA transitional arrangements and the Bank of Lithuania’s enforcement wave. FinTelegram’s hypothesis — confirmed by the whistleblower — is that GammaG serves as a Georgian jurisdictional escape hatch: when EU/Baltic entities face regulatory closure, client funds and processing activity are routed through GammaG, which operates outside MiCA’s reach and with minimal Georgian VASP oversight. The whistleblower’s own reference to maxkrupyshev.com in his March 5 email to GammaG confirms that clients themselves have connected the dots between GammaG and CoinsPaid’s CEO. Conclusion: Another Piece of the Same Puzzle The new whistleblower information is not the whole story. But it is another meaningful piece of the same puzzle. It confirms that GammaG was not just a name surfacing in technical breadcrumbs or side references. It was a real operational and contractual counterparty in a merchant relationship that, according to the whistleblower, originated through CoinsPaid. It also confirms a disturbing pattern: missing funds, unverified claims of a bank return, evasive communication, and a sudden notice that the servicing entity itself would be closed. In FinTelegram’s assessment, this materially strengthens the working hypothesis that GammaG sits closer to the CoinsPaid / CryptoProcessing / Dream Finance ecosystem than public branding alone suggests. In the shadow world of offshore gambling, crypto processing, and high-risk merchant flows, that is exactly how the real payment chokepoints tend to reveal themselves. GammaG now deserves to be treated not as a peripheral Georgian curiosity, but as a priority node in the continuing investigation into the real payment infrastructure behind the CoinsPaid and SoftSwiss orbit. Summary Data CategoryDetails CategoryDetailsEntityGammaG LLC (Georgia)Domaingammag.geContactaccounts@gammag.geRelated BrandsCoinsPaid, CryptoProcessingParent GroupDream Finance Group (CoinsPaid / CryptoProcessing)Beneficial OwnersMax Krupyshev (CEO), Alexander Horst RiedingerKnown Casino ConnectionsVegadream, Rant Casino (Starscream Group); merchant descriptor “STARDUST GLOBAL CCS LTD (Starscream)”Whistleblower Incident$30,000 frozen (Enfinity/enfinity.com); funds not returned; contract terminated March 2, 2026Regulatory ContextDream Finance UAB (Lithuania) shut down Q1 2026 (MiCA); El Salvador and Poland entities liquidated; GammaG (Georgia) appears to serve as offshore continuation vehicleRisk Rating Critical Whistle42 Call If you have contracts, onboarding packs, bank correspondence, wallet screenshots, transaction hashes, settlement records, KYB files, internal chats, or compliance memos involving GammaG, CoinsPaid, CryptoProcessing, Dream Finance, or SoftSwiss-linked payment structures, contact FinTelegram securely via Whistle42. We are particularly interested in material showing: the actual contracting entity behind merchant onboarding, which entity held or controlled merchant funds, banking partners involved in returns or settlements, and any evidence of migration from Lithuanian structures into Georgian or other substitute vehicles. Share Information via Whistle42

A player communication reviewed by FinTelegram raises a serious compliance question for Revolut: did the fintech initially tell a customer that Mastercard chargebacks had been raised and finally decided, only to later admit that no chargebacks had been submitted at all? Against the backdrop of FinTelegram’s long-running investigations into illegal offshore casino payment rails, the case sharpens a broader issue: whether Revolut’s controls are robust enough when gambling payments are routed through open-banking facilitators, masked descriptors, and intermediary payment layers. Key Findings A player exchange reviewed by FinTelegram indicates that Revolut first suggested disputes had gone through Mastercard and reached a final outcome, then later admitted that no chargebacks had been submitted and the cases were closed internally. Revolut publicly says it may block illegal gambling transactions where required by local law and offers an optional “gambling block,” but that control is disabled by default and depends on transactions being identified as gambling. Revolut Business states that “gambling and quasi-cash merchants” are unsupported industries, which makes repeated casino-related payment exposure especially sensitive from a compliance perspective. Revolut’s current UK personal terms do not amount to a blanket retail ban on gambling for all adults; they prohibit illegal use generally, while the specific gambling-establishment block in the published UK terms is expressly stated for 16–17 accounts and is based on MCC classification. The European Banking Authority says payment institutions are commonly associated with elevated ML/TF risk, especially where they serve higher-risk sectors such as gambling and crypto, use cross-border models, platforms/marketplaces, intermediaries, and weak transaction monitoring. Dutch regulator Ksa has explicitly said it can issue binding directives to payment service providers to stop facilitating illegal gambling operators, showing that payment rails are now firmly inside the enforcement perimeter. The Player Evidence: Why This Exchange Matters FinTelegram reviewed screenshots of a player’s communication with Revolut concerning disputed casino-related transactions. In the first phase of the exchange, Revolut support reportedly told the player that the cases had been submitted through Mastercard under the appropriate dispute categories, that intermediary descriptors had been taken into account, and that final decisions had already been reached, leaving no reopening or pre-arbitration rights. The player then pressed for the audit trail that would ordinarily exist if Mastercard chargebacks had really been initiated: chargeback reference numbers, ARNs, dispute reason codes, submission dates, second presentment status, pre-arbitration steps, and confirmation of whether Mastercard or the acquirer had actually reviewed the disputes. That pressure appears to have produced the key admission. In the later exchange, Revolut support allegedly confirmed that no chargebacks were submitted to the acquiring banks, that the disputes were closed internally, and that the Mastercard chargeback process was not initiated. If that reading is correct, the issue is not merely an unfavorable outcome for the player. It is a potentially misleading description of what process was actually used. From a compliance standpoint, this distinction is critical. A customer told that a scheme chargeback was raised and rejected is in a very different position from a customer whose bank simply made an internal decision not to initiate the scheme process at all. Revolut’s Published Position on Gambling Revolut’s public materials show a mixed picture, but not a simple one. Revolut says its optional “gambling block” can block card payments identified as gambling, including bookmakers, online casinos, and sports betting apps, but it is disabled by default when an account is opened. Revolut also says that in some European countries it is required to block transactions to and from illegal gambling providers and that it enforces regulator lists on a legal basis. At the same time, Revolut’s published UK personal terms do not impose a blanket prohibition on adult retail customers using accounts for gambling. The general restriction is on using the account for illegal purposes. The specific published gambling-establishment card restriction appears in the schedule for 16–17 accounts, where Revolut says it relies on the merchant’s MCC code rather than the actual details of the purchase. For business users, the position is stricter. Revolut Business lists “gambling and quasi-cash merchants” among unsupported industries. That means the more accurate compliance framing is this: Revolut clearly recognizes gambling as a special-risk area and claims some control mechanisms, but those controls depend heavily on identification, classification, and legal-trigger lists. That leaves obvious room for failure when gambling payments are laundered through alternative descriptors, intermediaries, or open-banking layers. Why Open Banking Changes the Risk Picture This is where FinTelegram’s broader payment-rails research becomes highly relevant. Revolut Bank UAB is licensed in Lithuania as a bank and is authorized not only for core banking activity but also for payment functions including card-based payment execution, acquiring of payment, money remittance, payment initiation services, and account information services. Meanwhile, open-banking specialists such as Yapily Connect are regulated payment-initiation providers; Yapily’s own site says Yapily Connect UAB is regulated by the Bank of Lithuania and that Yapily offers solutions for iGaming. ACPR’s 2017 annual report states that Perspecteev became the first company licensed in Europe to provide the PSD2 account-information and payment-initiation services. Read our Yapily reports here. This matters because a bank like Revolut does not necessarily “accept” an illegal casino as a formal gambling merchant in the classic acquiring sense for risk to arise. The risk can emerge one layer earlier or later in the chain: the player sees a casino front-end; the payment is routed through an open-banking facilitator or gateway; the bank sees a payment initiation request, a proxy payee, or an intermediary descriptor; the real economic beneficiary or gambling context may be obscured or fragmented across entities and steps. That is precisely the kind of layered structure regulators worry about. The EBA says payment institutions often serve higher-risk sectors including gambling and crypto; that platforms and marketplaces add layers that increase overall ML/TF risk; and that intermediaries, cross-border models, and poor transaction monitoring materially increase exposure. Descriptor Masking, MCC Dependence, and “Transaction Laundering” Risk Revolut’s own published terms for younger users are revealing on one point: when it blocks gambling-establishment purchases, it says it relies on the merchant’s registered business type (MCC code), not the actual details of what is being bought. That is not evidence of wrongdoing by Revolut. But it does show the structural vulnerability. If the effective gambling payment is disguised through: a non-gambling MCC, a gateway or facilitator descriptor, a substitute payee, a marketplace- or platform-like wrapper, or an open-banking payment flow that does not transparently present the underlying gambling merchant, then gambling controls tied to classification, merchant type, or local blocklists may be less effective in practice. This is the heart of the player’s complaint in the screenshots. The player did not argue that intermediaries are prohibited per se. The complaint was that descriptors such as MBM Ramp, BlueOC, Sknvrs, or TransferOp Payment Gateway Ltd may have obscured the true merchant and the real nature of the funded service, which in turn could affect whether Revolut framed the disputes correctly and whether it should have attempted scheme remedies at all. For FinTelegram’s long-running offshore casino investigations, that is a familiar pattern: a regulated payment or open-banking rail at the visible front, with the unlawful gambling context concealed by payment architecture. The Enforcement Angle: Why Regulators Could Take Interest Revolut is already under supervisory pressure elsewhere. The Bank of Lithuania’s public register shows Revolut Bank UAB was fined €3.5 million on 4 April 2025 for AML/CFT-related violations, and it also lists earlier sanctions and warnings, including prior AML/CFT measures and other enforcement actions. The EBA’s 2023 report on payment institutions is directly relevant here. It says the sector is commonly associated with higher ML/TF risk; that gambling companies are proportionately more common among PI customers than in banking; that platforms and marketplaces add layers; that payment institutions often have a higher risk appetite than retail banks; and that common weaknesses include insufficient transaction monitoring, poor suspicious transaction reporting, weak governance, and overreliance on banks to detect suspicious activity. Against that background, a regulator looking at persistent illegal-casino rail exposure through Revolut would likely focus on several questions: Transaction monitoring: Did Revolut identify repeat patterns consistent with illegal gambling or payment laundering? Counterparty due diligence: Did it understand who the real payees and facilitators were behind recurring open-banking and gateway flows? Customer dispute handling: Did it properly classify customer disputes where merchant descriptors may have masked the underlying transaction? Governance and escalation: Were recurring casino-related complaints treated as isolated customer-service incidents or as a broader compliance signal? Country-specific blocking obligations: Where regulators publish blacklists or require payment blocking, were those obligations implemented effectively? That last point is not theoretical. The Dutch gambling regulator Ksa has publicly said that since online gambling legalization it has the power to issue a binding directive to payment service providers to stop facilitating illegal gambling operators. In other words, payment firms are no longer peripheral to gambling enforcement. They are increasingly treated as chokepoints. Could Revolut Face Regulatory Action? Potentially, yes. Whether any specific action is warranted would depend on the underlying facts, but the possible supervisory pathways are clear. For its EU banking operations, the Bank of Lithuania and, depending on context, ECB-linked supervisory structures could examine whether Revolut’s AML/CFT systems, transaction monitoring, governance, and high-risk-sector controls are adequate. In the UK, the FCA and PRA would be interested in governance, systems and controls, customer treatment, and financial-crime risk management where UK-regulated entities are involved. Gambling regulators in relevant jurisdictions may also scrutinize whether payment providers are facilitating payments to blacklisted or unlicensed operators despite national blocking regimes. None of that means Revolut has knowingly accepted illegal casino operators as direct merchants on its own books. In many cases, the more plausible compliance concern is indirect facilitation: allowing payments to pass through regulated-looking open-banking or gateway layers that conceal the true gambling destination. But from a supervisory perspective, that distinction does not eliminate the problem. It sharpens the question of whether the bank’s controls are good enough for the business model and risk environment in which it operates. FinTelegram’s Preliminary Compliance View Based on the player material reviewed and the wider payment-rails context, FinTelegram’s preliminary view is as follows: Revolut’s exposure to the offshore casino ecosystem appears less like an isolated edge case and more like a recurring control problem tied to modern payment architecture. The central risk is not simply “gambling” in the abstract. It is the combination of: illegal offshore operators, open-banking facilitators, intermediary descriptors, fragmented counterparties, cross-border payment chains, and consumer disputes that can be misframed if banks rely too heavily on formal descriptors rather than economic reality. If Revolut support first told the player that Mastercard chargebacks had been submitted and finally decided, then later admitted they had never been initiated, that raises uncomfortable questions not only about customer communications but about whether the underlying payment pattern was truly investigated on its substance. Call for Whistleblowers If you have used Revolut in connection with offshore casinos, open-banking gambling deposits, masked merchant descriptors, failed withdrawals, or refused chargeback requests, FinTelegram would like to hear from you. In particular, we are interested in: screenshots showing how Revolut described disputed gambling payments, transaction records involving open-banking facilitators or generic gateway descriptors, cases where a chargeback was said to be “rejected” but may never have been raised, and examples of repeated deposits to casino-linked payment chains despite Revolut’s published gambling controls. Please share documents, screenshots, and payment records confidentially via Whistle42. Your information may help establish whether this is a customer-service failure, a descriptor problem, or a broader compliance blind spot in one of Europe’s most important fintech payment rails. Share Information via Whistle42