FinTelegram has opened a formal compliance investigation into Softon Ltd (HE 463977), a Cyprus-registered company linked to offshore-licensed online casino brands actively targeting EU consumers. We have received initial whistleblower submissions and documentary evidence. We are now calling on all persons with inside knowledge of this network to come forward. We Are Investigating FinTelegram’s EU iGaming Payments Desk is conducting an active compliance investigation into Softon Ltd, a private Cyprus company incorporated in August 2024, which is publicly identified as the owner and operator of online casino brands operating under an Anjouan/Comoros offshore licence. Our investigation focuses on the role that Cyprus-registered corporate vehicles, legal-service providers, and EU-based payment infrastructure play in enabling offshore-licensed casino operations to reach EU consumers — including consumers in jurisdictions where such operations are prohibited without a local licence. The investigation covers the following areas: The corporate structure and beneficial ownership of Softon Ltd (HE 463977), Nicosia The relationship between Softon Ltd and online casino brands including Betzter.com and KingdomCasino-branded domains The role of EU open-banking infrastructure and intermediary payment gateways in processing deposits from EU consumers into unlicensed offshore casino structures Cross-border network indicators connecting Cyprus and Estonia in the payment architecture The systemic question of whether Cyprus corporate and legal-service ecosystems are functioning as a regulatory arbitrage layer that structurally undermines enforcement by other EU member states, including the Netherlands Thank You to Our Whistleblowers We have already received substantive submissions from multiple whistleblowers, including documentary evidence from official Cyprus and Estonian company registries, website captures, payment-flow material, and first-hand accounts. To those who have already submitted: your contributions are being taken seriously and are actively informing our investigation. We cannot respond individually to anonymous submissions — this is by design, to protect your identity — but every submission is reviewed by our editorial team and treated with full source protection. If you have submitted material and are wondering whether it reached us or whether it was useful: it did, and it was. We Need More Investigations of this kind depend on insider evidence that public registries and website captures alone cannot provide. We are specifically looking for: Internal documents and contracts relating to Softon Ltd, its casino brands, or associated payment entities Payment-flow evidence — settlement reports, account statements, transaction records, or payment-descriptor data linking Softon Ltd or its casino brands to specific banks, gateways, or open-banking providers KYC/KYB files and onboarding correspondence between Softon Ltd or associated casino brands and payment service providers, banks, or open-banking platforms Customer-complaint records and withdrawal-handling procedures — particularly any internal instructions regarding refund denials or jurisdiction-based exclusion clauses Internal legal or compliance memoranda, including any AML red-flag assessments or risk opinions produced in connection with Softon Ltd or its network Licensing representations made to banks, payment providers, or regulators Beneficial ownership information — any documentation identifying the true economic beneficiaries behind Softon Ltd or associated entities Employee or contractor accounts — if you have worked for, with, or alongside any entity in this network in any capacity, your perspective is relevant How to Submit All submissions are handled through Whistle42, FinTelegram’s secure and fully confidential whistleblower channel. Anonymous submissions are accepted and encouraged No identifying metadata is collected or stored Source protection is a non-negotiable editorial principle at FinTelegram Submissions can include documents, screenshots, email correspondence, or written accounts Submit via Whistle42: [whistle42.com] If you have already submitted and wish to add further material, please use the same secure channel. There is no need to identify yourself or reference your earlier submission — our team will connect the information. What Happens Next FinTelegram is preparing a full compliance intelligence report on Softon Ltd and its network. The report will be published following completion of our editorial verification process and the right-of-reply procedure extended to relevant parties. We are committed to accurate, evidence-based reporting. Every factual claim in the final report will be attributed to a verifiable source. Persons and entities named will be given the opportunity to respond before publication, and any substantiated corrections or statements will be published in full. If you have evidence that supports, contradicts, or adds nuance to any aspect of this investigation — we want to hear from you, regardless of which side of the story you are on. Share Information via Whistle42

The UK Financial Conduct Authority (FCA) has placed Hyperliquid on its Warning List. The warning was first published on 21 May 2026 and updated on 7 June 2026. The FCA states that Hyperliquid may be providing or promoting financial services or products without FCA permission, and that the firm is not authorised and may be targeting people in the UK. The warning expressly lists hyperfoundation.org, app.hyperliquid.xyz, and Hyperliquid’s social channels as relevant contact points. This is not merely a consumer warning. From a compliance perspective, it is a regulatory classification signal: the FCA appears to treat Hyperliquid’s activities not as neutral software, but as potentially unauthorised financial services or financial promotions directed at UK users. Executive Summary Hyperliquid has built one of the most successful on-chain perpetual futures venues by positioning itself as a decentralised exchange infrastructure rather than a traditional broker, exchange, or custodian. However, that distinction is becoming less persuasive for regulators. The platform enables leveraged perpetual derivatives, including crypto and real-world-asset-linked markets. These products are economically comparable to regulated derivatives, regardless of whether users maintain self-custody of their wallets. The FCA warning therefore exposes the core regulatory issue: decentralisation does not neutralise financial product regulation. If a platform facilitates leveraged long/short exposure, margining, liquidation, funding payments, order execution, and market access, regulators may look at the economic substance rather than the technological wrapper. The warning is especially sensitive because Hyperliquid has moved beyond crypto-native markets. In March 2026, S&P Dow Jones Indices licensed the S&P 500 to Trade[XYZ] for a perpetual derivative contract on Hyperliquid, described by S&P DJI as the first officially licensed S&P 500 perpetual powered directly by institutional-grade index data. The announcement states that Trade[XYZ] launched the market on Hyperliquid and that eligible non-US investors could gain leveraged exposure to the S&P 500 through the product. That development changes the regulatory optics. Hyperliquid is no longer only a DeFi venue for crypto perps. It is becoming an on-chain infrastructure layer for synthetic exposure to traditional financial benchmarks. Key Compliance Findings IssueFinTelegram AssessmentFCA StatusHyperliquid is now publicly listed by the FCA as an unauthorised firm that may be providing or promoting financial services or products without permission.Product ClassificationHyperliquid perps are economically derivatives: leveraged, cash-settled, no fixed expiry, long/short exposure, margining, liquidation and funding mechanics.Custody ArgumentThe fact that Hyperliquid may be non-custodial does not remove the regulatory character of the traded product or the activity of operating/promoting access to it.UK Retail RiskThe UK has banned the sale of crypto-derivatives and ETNs referencing certain cryptoassets to retail consumers since January 2021. The FCA has stated that firms offering such services to retail consumers are likely to be scams.Financial Promotion RiskUK cryptoasset financial promotion rules apply broadly to firms marketing qualifying cryptoassets to UK consumers, including overseas firms and technology-based delivery models.EU / MiFID RiskIn the EU, crypto-linked derivatives are not simply “MiCA products.” ESMA has clarified that cryptoassets can serve as underlying assets for derivative contracts, and such derivatives may fall under MiFID-style financial instrument analysis.U.S. Regulatory PressureThe CFTC has recently approved regulated perpetual futures paths for U.S. venues such as Kalshi, while CME and ICE have reportedly urged scrutiny of Hyperliquid over market manipulation and sanctions-evasion concerns. Why the FCA Warning Matters The FCA warning is short, but its implications are broad. The regulator states that almost all firms and individuals must be authorised or registered to carry out or promote financial services in the UK, and that Hyperliquid is not authorised. It also warns users that they will not have access to the Financial Ombudsman Service or Financial Services Compensation Scheme if they deal with the firm. For FinTelegram, the important point is not whether Hyperliquid calls itself DeFi. The question is whether the platform enables access to regulated-style financial products for users in regulated jurisdictions. On that test, Hyperliquid’s position is vulnerable. Perpetual futures are not ordinary crypto tokens. They are leveraged derivatives. Their key features include no fixed expiry, synthetic exposure to an underlying asset, margin requirements, funding-rate mechanisms, forced liquidations and long/short trading. S&P DJI’s own announcement describes perpetual derivatives as instruments allowing eligible investors to take leveraged long or short positions without fixed expiry. That is precisely the language of financial derivatives. The DeFi Defence: Weakening Under Regulatory Scrutiny Hyperliquid’s implicit defence has been the familiar DeFi argument: the protocol is decentralised, users connect wallets, and the platform may not take custody of assets in the traditional sense. But this argument is increasingly insufficient. Regulators are likely to focus on the following questions: Who designed and maintains the interface?The FCA warning specifically names the Hyperliquid website, application interface and social channels. Who promotes the product or ecosystem?A DeFi protocol with active marketing, public social channels, branded access points and coordinated ecosystem messaging may be treated differently from passive open-source code. Who controls listing, margin, liquidation and risk architecture?Hyperliquid’s own documentation indicates that builder-deployed perpetual markets involve market definition, oracle definitions, contract specifications, leverage limits and settlement responsibilities. Are users receiving access to a regulated economic exposure?Whether the collateral sits in a non-custodial wallet does not alter the fact that the user is trading a leveraged derivative. In other words: self-custody may reduce custody-regulation exposure, but it does not eliminate derivatives, market infrastructure, financial promotion, AML, sanctions, consumer protection or market abuse issues. The S&P 500 Perpetual: A Strategic Breakthrough — and a Regulatory Trigger The S&P 500 perpetual product is a major credibility signal for Hyperliquid’s ecosystem. But it is also a regulatory trigger. S&P DJI announced that it licensed the S&P 500 to Trade[XYZ], not directly to Hyperliquid, for a perpetual derivative contract on Hyperliquid. The announcement describes Trade[XYZ] as a provider of real-world-asset markets via perpetual derivatives on Hyperliquid and says XYZ markets had exceeded $100 billion in volume since October 2025, with an annualised run rate above $600 billion. This matters because the product links a major traditional finance benchmark to a decentralised derivatives venue. It invites regulators to ask whether global retail or semi-professional users can access leveraged synthetic exposure to major equity indices outside traditional exchange, clearing, conduct and investor-protection frameworks. For FinTelegram, this is the inflection point: Hyperliquid is no longer merely a crypto-native DeFi venue. It is becoming a shadow derivatives infrastructure for traditional market exposure. UK Compliance Situation After the FCA Warning The UK position is now materially adverse for Hyperliquid. First, the FCA warning means that UK consumers, regulated firms, payment partners, service providers, affiliates and media partners are on notice. Any party facilitating access, promotion, payments, referrals or onboarding for Hyperliquid in the UK now faces enhanced compliance risk. Second, the UK already has a restrictive stance on crypto derivatives. The FCA’s ban on the sale of crypto-derivatives and ETNs referencing certain cryptoassets to retail consumers came into effect in January 2021. The FCA stated that any firm offering such services to retail consumers is likely to be a scam. Third, the UK financial promotion regime captures cryptoasset promotions to UK consumers even when the firm is based overseas or uses technology-based delivery. This creates a three-layer UK problem for Hyperliquid: UK Risk LayerCompliance ImpactAuthorisation RiskPossible unauthorised provision or promotion of financial services.Retail Derivatives RiskCrypto-derivative access for UK retail users is especially problematic.Promotion RiskWebsites, apps, social media and referral content may constitute financial promotions. The FCA warning does not itself prove illegality. But it creates a strong regulatory presumption that Hyperliquid is not operating inside the UK perimeter in a way the FCA accepts. Potential Spillover Into Other Regulatory Regimes 1. European Union: MiCA Will Not Save Derivatives Platforms In the EU, many crypto firms try to frame their activities under MiCA. But leveraged perpetual derivatives are unlikely to be neatly contained within MiCA. ESMA has made clear that cryptoassets can serve as underlying assets for derivatives and that authorities must distinguish between cryptoassets under MiCA and financial instruments under MiFID II. This is crucial. If Hyperliquid products are treated as derivatives, the relevant framework may be MiFID II / MiFIR, not merely MiCA. That would raise issues around investment firm authorisation, trading venue operation, appropriateness testing, product governance, leverage limits, transaction reporting, market abuse surveillance and investor categorisation. The likely EU regulatory hypothesis is therefore: Hyperliquid-style perps are not “just cryptoassets”; they are derivative exposures delivered through crypto infrastructure. 2. United States: Offshore DeFi Under Pressure From Regulated Perps The U.S. picture is becoming more complex. The CFTC recently approved KalshiEX, a designated contract market, to list a bitcoin perpetual contract as a futures contract. That is important because it creates a regulated domestic path for perpetual futures. Once regulated U.S. venues can offer approved perpetuals, the tolerance for offshore or decentralised venues serving U.S.-linked users may decline. At the same time, CME and ICE have reportedly urged U.S. regulators to scrutinise Hyperliquid, citing concerns around anonymous round-the-clock perpetual futures trading, manipulation risk and sanctions evasion. The U.S. risk is therefore not only investor protection. It is also market integrity: whether on-chain perpetuals referencing oil, equities, indices or cryptoassets can distort benchmarks or provide a venue for manipulation outside regulated surveillance systems. 3. IOSCO / Global Standards: Cross-Border Coordination Risk The FCA warning may become a reference point for other regulators. Warnings by major regulators often serve as soft signals for national competent authorities, banks, payment processors and compliance teams. Once one Tier-1 regulator publicly identifies a platform as unauthorised, the burden shifts to the platform to demonstrate jurisdictional controls, geo-blocking, user restrictions, legal opinions and regulatory permissions. For Hyperliquid, this could affect: fiat on/off-ramp partners; institutional market makers; index and data partners; wallet and frontend integrations; affiliates and influencers; regulated entities offering copy-trading or structured exposure to Hyperliquid strategies. Regulatory Red Flags for Hyperliquid Red FlagWhy It MattersNo visible UK authorisationFCA says Hyperliquid is not authorised and may be targeting UK users.Leveraged perpetual derivativesThese resemble regulated derivatives, not simple token swaps.No KYC / wallet-based access modelRaises AML, sanctions, investor classification and jurisdictional control concerns.24/7 global accessMakes territorial restrictions harder to enforce.RWA and index-linked productsIncreases traditional finance regulatory exposure.Social media and app promotionMay trigger financial promotion rules.Liquidation and funding mechanicsRaise conduct, fairness, transparency and systemic-risk concerns.Potential UK retail accessHighly sensitive given UK crypto-derivatives restrictions. FinTelegram Compliance Hypothesis The FCA warning marks the beginning of a new regulatory phase for Hyperliquid. The platform’s DeFi architecture may have allowed it to scale rapidly without conventional authorisation, but the product reality is now too visible to ignore. Hyperliquid’s core activity is not simply decentralised token exchange. It is the operation of a high-performance, on-chain derivatives environment offering leveraged perpetual exposure to cryptoassets and increasingly to traditional financial benchmarks. From a compliance standpoint, the decisive question is not: “Is Hyperliquid decentralised?” The decisive question is: “Who is enabling, promoting and monetising access to leveraged financial instruments in regulated jurisdictions?” That question brings Hyperliquid into the perimeter of financial regulation, even if the answer differs across jurisdictions. FinTelegram Conclusion The FCA warning against Hyperliquid should be treated as a serious regulatory escalation. It signals that regulators are increasingly unwilling to accept “DeFi” as a blanket exemption from financial services law. For the UK, Hyperliquid is now an unauthorised-firm risk. For the EU, Hyperliquid-style perpetuals may fall closer to MiFID derivatives regulation than MiCA cryptoasset regulation. For the U.S., the approval of regulated perpetual futures may increase pressure on offshore and decentralised competitors. For global compliance teams, the platform now belongs on enhanced monitoring lists. The broader message is clear: perpetual derivatives do not become unregulated because they are traded through a wallet. A derivative remains a derivative, even when wrapped in DeFi infrastructure. FinTelegram will continue to monitor Hyperliquid, Trade[XYZ], index-linked perpetuals, and the regulatory response from the FCA, ESMA, CFTC and other national authorities. Share Information via Whistle42

FinTelegram’s Rail Atlas maps a remarkable payment and offshore-banking network around The Kingdom Bank, Financial House, La Orange / Jeton, Speedy, Banky and Jeton Bank. The case has become urgent after Financial House, a UK FCA-authorised EMI, was placed under severe FCA supervisory restrictions in April 2026. 2-Minutes Briefing FinTelegram’s Rail Atlas has identified a remarkable cross-border payment and offshore-banking network around The Kingdom Bank, Financial House, La Orange / Jeton, Speedy, Banky, Jeton Bank, and related facilitator layers. The trigger for this review is the severe FCA supervisory restrictions imposed on Financial House Limited, a UK-authorised Electronic Money Institution under Firm Reference Number 902039. The case is important because Financial House is not an isolated UK EMI. Public filings, legal disclosures, financial statements, West Ham sponsorship material, FinTelegram’s own operational review, and open-source records point to a wider payment infrastructure involving: The Kingdom Bank, a Dominica-based offshore / international digital banking platform; Financial House Limited, a UK FCA-authorised EMI currently under supervisory restrictions; Speedy, a Financial House trading name and a Polish payment rail observed in The Kingdom Bank deposit flow; La Orange Limited, trading as Jeton, an e-money services agent and major consumer-facing wallet/payment brand; Jeton Bank Limited, another Dominica offshore bank in the Jeton ecosystem; Banky / JSC CH GmbH, observed as an instant bank-transfer gateway in The Kingdom Bank deposit flow; Plato / GoodFintech / KYXPlatform, observed as the KYC and biometric-verification layer in The Kingdom Bank onboarding process. FinTelegram does not allege that all these entities are part of a single legal group or that all are under common control. However, the evidence supports a strong functional network hypothesis: a multi-jurisdictional payment infrastructure connecting offshore banking, UK EMI services, e-money agency, EU payment rails, white-label IBAN/card ambitions, crypto-friendly deposit flows, and high-risk merchant sectors. The key figure linking parts of this network is Nebil Serkan Zubari, publicly associated with The Kingdom Bank and shown in the 2024 Financial House accounts as a director who signed the report. FinTelegram’s operational review also observed The Kingdom Bank customer deposits being routed via a Speedy AG sp. z o.o. Polish payment rail, with The Kingdom Bank Corporation shown as account owner. This is exactly the type of cross-border rail configuration that FinTelegram’s Rail Atlas was designed to map. 1. The FCA Trigger: Financial House Under Severe Restrictions Financial House Limited is authorised by the UK Financial Conduct Authority (FCA) as an Electronic Money Institution. However, the FCA Register and Financial House’s own public notice show that the firm is currently subject to a First Supervisory Notice issued on 14 April 2026. According to the restriction notice published by Financial House, the firm is temporarily unable to: onboard new customers; accept new funds from existing customers; process payment transactions. The restrictions also concern the handling of safeguarded client funds. In substance, this is not a minor compliance footnote. It is a major operational restriction against a regulated UK EMI that appears to sit at the centre of a wider payment ecosystem. The timing is highly relevant. Financial House’s 2024 financial statements describe the company’s principal activity as enabling digital and mobile payments on behalf of consumers and merchants worldwide. The same report discusses European expansion, white-labelled IBANs, card distribution through Mastercard and Visa, and acquiring services in the UK and Europe. A regulated EMI with this profile being placed under severe FCA restrictions is a material Rail Atlas event. 2. Financial House: The UK EMI Infrastructure Node The 2024 Financial House accounts show that the company was not a dormant or marginal player. It reported turnover of approximately £14.4 million and gross profit of approximately £8.9 million. The business remained sizeable, but profitability deteriorated sharply: operating profit fell from around £1.99 million in 2023 to approximately £60,898 in 2024, resulting in a post-tax loss. Download the Financial House statements here. The accounts are especially important for three reasons. First, the company describes its activity as enabling digital and mobile payments on behalf of consumers and merchants worldwide. This is the language of a payment facilitator / EMI infrastructure provider, not a passive holding entity. Second, the report states that the group planned to expand operations into Europe through subsidiaries in Switzerland and Hungary. It also refers to white-labelled IBANs, card distribution through Mastercard and Visa, and acquiring business services in the UK and Europe. Third, the 2024 accounts were signed by Nebil Serkan Zubari, who was appointed as a Financial House director in October 2024. This is highly relevant because Zubari is also publicly associated with The Kingdom Bank. From a Rail Atlas perspective, Financial House appears to be a central regulated infrastructure node in a broader payment network. 3. The Speedy Signal: Trading Name, Polish Rail, EU Deposit Route Financial House publicly states in its own legal terms that it trades as Speedy and Centrue. The FCA register also shows Speedy as a current trading name of Financial House. Separately, FinTelegram’s operational review of The Kingdom Bank observed ordinary bank-transfer deposit instructions showing Speedy AG sp. z o.o. in Poland as the payment institution / bank rail, with the following details displayed in the The Kingdom Bank portal: FieldObserved DetailBank / Payment InstitutionSpeedy AG sp. z o.o., PolandIBANPL21636000030000000000486992BIC/SWIFTSSOPPLP2XXXAccount OwnerThe Kingdom Bank CorporationReferenceD9187185 This is one of the most important findings in the case. A Dominica offshore banking platform appears to receive customer deposits through a Polish Speedy-branded EU payment rail. The same Speedy name also appears in the UK Financial House context. The question is therefore obvious: how exactly are the Speedy-branded UK and Polish structures connected, and what role do they play in The Kingdom Bank customer-funding flows? This does not prove misconduct. But it creates a direct regulatory question for the FCA, Polish KNF, EU AML authorities and counterparties. 4. The Kingdom Bank: Offshore Bank With EU-Facing Onboarding FinTelegram was able to enter the onboarding funnel of The Kingdom Bank as a resident of Austria and Italy. The onboarding process used an external verification environment under verify.kyxplatform.com, branded as Plato. The deposit portal offered several funding options, including: Binance Pay; Instant Bank Transfer; Bank Transfer; Crypto; Kingdom Cash. For instant bank transfer, the flow redirected to pay.banky.io, a Banky-branded gateway listing numerous UK and fintech banks. In FinTelegram’s review, the instant transfer flow was visible but returned the error message: “Cannot execute payment at this time.” For ordinary bank transfer, the portal generated the Speedy AG Poland deposit instruction described above, with The Kingdom Bank Corporation as account owner. This matters because The Kingdom Bank is not a conventional EU bank. Yet EU residents appeared able to enter the onboarding and funding process, and EU-side payment rails were used in the deposit flow. A consumer may see an EU payment instruction or IBAN and assume EU-style banking protections. The underlying customer relationship, however, appears to remain with a Dominica offshore banking entity. That is a classic regulatory-perimeter issue. 5. The KYC Layer: Plato / GoodFintech / KYXPlatform The KYC process observed by FinTelegram was routed through verify.kyxplatform.com, branded as Plato. The verification screen referred to identity verification and biometric processing. The associated Plato / GoodFintech web presence reviewed by FinTelegram raises a transparency concern: the user-facing legal documents and website presentation did not clearly and prominently identify the legal operator responsible for the KYC platform, the data-controller / processor allocation, or the party responsible for biometric-data processing. This is not a minor point. The platform appears to perform sensitive identity-verification functions in the onboarding flow of an offshore bank accepting EU-facing customers. Users asked to submit identity documents and biometric data should not be forced to conduct external corporate-register research to understand who is processing their data and under what legal responsibility. In the context of The Kingdom Bank, this KYC opacity is a serious compliance and GDPR concern. 6. La Orange / Jeton: The Consumer-Facing Wallet And Agent Layer La Orange Limited, trading as Jeton, is another key node in the network. Public disclosures show that La Orange acts in the e-money / payment-services environment, and Jeton’s own disclosures state that the Jeton Card Account and Card are issued by Financial House Limited. The 2023 La Orange financial statements are also revealing. They describe the company’s principal activity as agents for e-money services. The group reported turnover of approximately £28.6 million in 2023, making it a material payment-services business rather than a small affiliate shell. The accounts also disclose important strategic developments: acquisition of La Orange CY Ltd in January 2024, described as a Cyprus EMI structure; disposal of La Orange GE LLC in December 2024; material working-capital movements typical of payment/e-money activity; a significant but cost-intensive international payment business. This confirms La Orange / Jeton as a substantial consumer-facing and agent/distribution layer in the broader payment ecosystem. The FCA restrictions against Financial House are potentially material for Jeton / La Orange to the extent that Jeton products, card accounts, e-money issuance, safeguarding or payment processing depend on Financial House as the authorised EMI or issuer. 7. Jeton Bank: The Second Dominica Offshore-Banking Node The Jeton ecosystem also includes Jeton Bank Limited, presented publicly as an offshore / international bank in Dominica. This is relevant because The Kingdom Bank is also a Dominica-based offshore / international banking platform. FinTelegram does not currently allege that Jeton Bank and The Kingdom Bank are the same entity or under the same legal control. However, from a network-risk perspective, the overlap is striking: Jeton / La Orange depends on regulated e-money and payment infrastructure; Jeton Bank adds a Dominica offshore-banking layer; The Kingdom Bank is another Dominica offshore-banking platform; Financial House and Speedy appear as payment infrastructure nodes; Zubari links Financial House and The Kingdom Bank; Banky and Speedy appear in The Kingdom Bank’s observed deposit stack. This is not a single linear corporate chart. It is a functional payment ecosystem. 8. The West Ham Trust-Building Signal Both Jeton and The Kingdom Bank appear in West Ham United’s official partner ecosystem. Jeton is presented as a finance app / e-wallet partner, while The Kingdom Bank is presented as a banking partner. This does not prove wrongdoing. Sponsorships are not evidence of payment misconduct. However, in financial intelligence terms, they matter as reputational amplification signals. Payment brands, e-wallets, offshore banks and digital-asset-friendly financial platforms often use sports sponsorships to build consumer trust and global visibility. The overlap is therefore noteworthy: two brands connected to the wider Financial House / Jeton / Dominica offshore-banking / payment-rail environment have used the same Premier League sponsorship platform. 9. Rail Atlas Network Configuration Network NodeJurisdictionRole / FindingEvidence LevelThe Kingdom Bank CorporationDominicaOffshore / international digital banking platform; EU-facing onboarding and deposit flow observedConfirmed / ObservedFinancial House LimitedUnited KingdomFCA-authorised EMI, FRN 902039; currently under FCA supervisory restrictionsConfirmedNebil Serkan ZubariUK / Dominica networkFinancial House director and signer of 2024 accounts; publicly associated with The Kingdom BankConfirmed / CorroboratedSpeedyUK / PolandTrading name of Financial House; Speedy AG Poland observed in The Kingdom Bank deposit flowConfirmed / ObservedSpeedy AG sp. z o.o.PolandPolish payment rail used for The Kingdom Bank bank-transfer depositsObservedLa Orange Limited / JetonUnited KingdomE-money services agent / Jeton trading environment; significant 2023 turnoverConfirmedLa Orange CY LtdCyprusCyprus EMI layer acquired by La Orange group in 2024Confirmed via accountsJeton Bank LimitedDominicaOffshore banking node in Jeton ecosystemCorroboratedBanky / JSC CH GmbHSwitzerland-linkedInstant bank-transfer gateway observed in The Kingdom Bank deposit flowObserved / Under ReviewPlato / GoodFintech / KYXPlatformUK-linked / opaque disclosureKYC and biometric verification layer observed in The Kingdom Bank onboardingObserved / Under ReviewWest Ham United SponsorshipsUnited KingdomBoth Jeton and The Kingdom Bank appear in partner ecosystemConfirmed 10. Confirmed Facts vs Network Hypothesis CategoryFindingConfirmedFinancial House is FCA-authorised and subject to FCA restrictions from April 2026ConfirmedFinancial House publicly trades as Speedy and CentrueConfirmedJeton disclosures identify Financial House as issuer of Jeton Card Account/CardConfirmedLa Orange accounts show substantial turnover and e-money agency activityConfirmedFinancial House accounts show Zubari as director and signerObserved by FinTelegramThe Kingdom Bank onboarding was accessible from Austria and ItalyObserved by FinTelegramThe Kingdom Bank KYC flow used KYXPlatform / PlatoObserved by FinTelegramThe Kingdom Bank instant-transfer flow used BankyObserved by FinTelegramThe Kingdom Bank ordinary bank-transfer route used Speedy AG Poland with The Kingdom Bank as account ownerCorroboratedJeton and The Kingdom Bank both use West Ham sponsorship visibilityUnder ReviewExact legal relationship between Banky and the Financial House / Speedy / Zubari networkUnder ReviewExact legal relationship between Jeton Bank and Financial HouseUnder ReviewWhether the same rails are used for gambling, iGaming, crypto or other high-risk merchantsNot Yet ProvenThat all entities form a single corporate group or are under common ownership 11. Compliance Red Flags Risk AreaObservationWhy It MattersFCA restrictionsFinancial House cannot onboard, accept new funds or process payments without restrictionMajor regulatory triggerSafeguardingRestrictions refer to client safeguarded funds and remediationIndicates serious regulatory concern around client funds / CDD / controlsOffshore-to-EU railThe Kingdom Bank uses EU-facing onboarding and Speedy Poland deposit instructionsPotential regulatory-perimeter arbitrageSpeedy overlapSpeedy is a Financial House trading name and Speedy AG Poland appears in The Kingdom Bank flowRaises network and related-party rail questionsKYC opacityPlato / GoodFintech / KYXPlatform operator disclosure appears insufficient to usersGDPR, biometric data and controller/processor riskCrypto-friendly fundingThe Kingdom Bank deposit menu includes crypto and Binance PayRequires enhanced AML, sanctions and source-of-funds controlsA2A / instant paymentsBanky gateway lists multiple banks for instant transferOpen-banking/A2A rails can bypass card chargeback protectionsE-money agency layerLa Orange / Jeton acts as agent for e-money servicesAgent/principal accountability becomes criticalSponsorship trust signalJeton and The Kingdom Bank both appear as West Ham partnersBrand trust amplification for high-risk payment/offshore actorsMulti-jurisdictional complexityUK, Poland, Cyprus, Switzerland, DominicaDifficult for regulators and consumers to see the full rail 12. Regulatory Questions FinTelegram believes the following questions require urgent clarification: What exactly triggered the FCA restrictions against Financial House? Which Jeton / La Orange products depend on Financial House as issuer, principal, processor or safeguarding institution? Are Jeton customers affected by the Financial House restrictions? What is the exact relationship between Financial House, Speedy, Speedy AG Poland and The Kingdom Bank? Does the Polish KNF know that Speedy AG Poland is used as a deposit rail for The Kingdom Bank Corporation? Are funds received via Speedy AG Poland safeguarded, segregated, pooled or transferred onward? Does The Kingdom Bank onboard EU residents without EU banking authorisation? What regulatory disclosures are provided to Austrian, Italian and other EU customers? Who operates the Plato / KYXPlatform KYC layer and who is the data controller for biometric data? What is the role of Banky / JSC CH GmbH in The Kingdom Bank’s instant-transfer flow? Are gambling, iGaming, crypto or other high-risk merchant funds processed through any of these rails? Are correspondent banks and payment networks fully aware of the underlying offshore and high-risk payment exposure? 13. FinTelegram Assessment The evidence now supports a consolidated Rail Atlas Network Case. The central issue is not whether any single company in the network is automatically unlawful. The central issue is that a restricted UK EMI, a consumer-facing wallet/e-money agent, Speedy-branded payment rails, a Dominica offshore banking platform, an opaque KYC facilitator and an instant-transfer gateway appear in overlapping payment and onboarding structures. The Kingdom Bank is not an isolated offshore bank. Financial House is not an isolated UK EMI. La Orange / Jeton is not merely a consumer wallet brand. Speedy is not merely a name. Together, these nodes point to a multi-jurisdictional payment infrastructure with serious regulatory, AML, safeguarding, consumer-protection and transparency questions. The FCA restrictions against Financial House turn this from a theoretical network map into a live regulatory event. For FinTelegram, the conclusion is clear: this network deserves immediate scrutiny by the FCA, Polish KNF, Dominica FSU, Central Bank of Cyprus, data-protection authorities, correspondent banks, payment schemes and affected customers. Call For Information FinTelegram invites whistleblowers, former employees, customers, compliance officers, PSP insiders, banking partners, payment agents, merchants, regulators and sports-sponsorship insiders to provide information about: Financial House Limited and the FCA restrictions; The Kingdom Bank onboarding and deposit flows; Speedy, Speedy AG Poland and Speedy-branded payment rails; La Orange Limited, Jeton and Jeton Card / Wallet products; Jeton Bank Limited in Dominica; Banky / JSC CH GmbH and instant bank-transfer infrastructure; Plato / GoodFintech / KYXPlatform KYC and biometric verification; merchant onboarding involving gambling, iGaming, crypto or forex; safeguarded funds, frozen balances, blocked withdrawals or unresolved payments; internal AML, CDD, EDD, sanctions or transaction-monitoring concerns; contracts, agent agreements, processor agreements, issuer agreements or referral arrangements. Whistleblowers may contact FinTelegram via Whistle42. FinTelegram protects sources and distinguishes between documented facts, open-source intelligence, source-provided material and editorial assessment. Share Information via Whistle42

2-Minutes Briefing FinTelegram’s Rail Atlas has conducted an extended compliance review of The Kingdom Bank Corporation, a Dominica-based offshore/international banking and fintech institution publicly positioning itself toward global payments, digital assets, Forex, Gambling and iGaming. In an operational review, FinTelegram was able to register with The Kingdom Bank as a resident of Austria and Italy. The onboarding flow used an external KYC verification domain, verify.kyxplatform.com, branded as Plato. The deposit area inside The Kingdom Bank portal offered several funding methods, including Binance Pay, Instant Bank Transfer, Bank Transfer, Crypto and Kingdom Cash. For Instant Bank Transfer, the flow redirected to pay.banky.io, a Banky-branded account-to-account payment gateway listing numerous UK and fintech banks, including Lloyds Bank, Barclays, Santander, RBS, NatWest, Revolut, HSBC, Monzo, Nationwide, Starling Bank, TSB, Wise and others. In FinTelegram’s test, the instant bank transfer could not be executed and returned the error message: “Cannot execute payment at this time.” For ordinary bank transfer, The Kingdom Bank generated Polish account details showing Speedy AG sp. z o.o. as the bank / payment institution and The Kingdom Bank Corporation as account owner. The IBAN shown in the test flow was: PL21636000030000000000486992BIC/SWIFT: SSOPPLP2XXXAccount Owner: The Kingdom Bank CorporationReference: D9187185 This finding is significant. The Kingdom Bank is not an EU-licensed bank. Yet its customer-funding flow appears to rely on an EU-based Polish payment institution account infrastructure through Speedy AG sp. z o.o. Public Polish and business-register data indicate that Speedy is connected to Nebil Serkan Zubari, the founder / key person behind The Kingdom Bank. This creates a relevant intra-network payment-rail question: an offshore Dominica “bank” appears to access EU payment infrastructure through a Polish payment institution linked to the same principal. Rail Atlas Snapshot FieldFindingEntityThe Kingdom Bank CorporationDomainhttps://www.thekingdombank.comJurisdictionDominicaEU Licence StatusNo EU banking licence identifiedEU Access FindingOnboarding possible from Austria and ItalyKYC Layerverify.kyxplatform.com / PlatoDeposit GatewayBanky (pay.banky.io) for instant bank transferEU Payment RailSpeedy AG sp. z o.o., Poland (Speedy.io)Observed IBANPL21636000030000000000486992Observed BICSSOPPLP2XXXAccount OwnerThe Kingdom Bank CorporationRisk VerticalsForex, Gambling, iGaming, cryptoKey RiskOffshore bank using EU payment rails for customer depositsConfidence GradeConfirmed / Corroborated / IndicatedStatusActive Rail Atlas Monitoring Case Why This Case Matters The Kingdom Bank should not be analysed as a conventional EU or UK commercial bank. It presents itself as a licensed international bank in the Commonwealth of Dominica and markets digital banking, global payments, digital assets, crypto-friendly services, FX and payment solutions to international clients. From a Rail Atlas perspective, the case matters because The Kingdom Bank combines several compliance-sensitive layers: offshore/international banking framework; digital-asset-friendly positioning; public service offering to Forex, Gambling and iGaming; customer onboarding from EU residents; outsourced KYC / identity verification; instant account-to-account payment gateway flow; crypto and Binance Pay funding options; bank-transfer funding via an EU payment institution; apparent linkage between the offshore bank principal and the EU payment institution used for deposits. This combination creates a high-risk compliance profile requiring enhanced scrutiny by regulators, correspondent banks, payment networks, AML teams and consumer-protection authorities. Public iGaming And Gambling Positioning The Kingdom Bank publicly markets Global Payment Solutions for sectors including Forex and Gambling and lists iGaming as an industry served. This is not merely third-party speculation. It is The Kingdom Bank’s own public-facing positioning. FinTelegram has not yet identified a confirmed casino merchant list or a public casino-domain disclosure stating that a specific casino brand uses The Kingdom Bank as banking, settlement or payment partner. However, the bank’s own market positioning makes iGaming and gambling a legitimate compliance focus. In high-risk gambling payments, the banking and settlement layer often remains behind the visible cashier, payment gateway, affiliate, crypto or payment-intermediary interface. The absence of public merchant names therefore does not eliminate risk. It only means that transaction-level evidence is required before naming specific operators. FinTelegram Test: Registration From Austria And Italy FinTelegram was able to register with The Kingdom Bank as a resident of Austria, Germany and Italy. This is important because The Kingdom Bank is not an EU-licensed bank in the conventional sense. It appears to operate globally on the basis of its offshore/international banking licence from Dominica while allowing EU residents to enter the onboarding process. The compliance issue is not whether offshore financial institutions may ever serve international clients. The issue is whether EU residents are being onboarded into a banking/payment ecosystem without the customer receiving a clear, prominent explanation of the regulatory perimeter: Dominica supervision, no EU deposit protection, no EU banking licence, and the involvement of EU payment institutions as operational rails. KYC Flow: verify.kyxplatform.com / Plato The KYC process observed by FinTelegram was conducted through verify.kyxplatform.com, branded as Plato. By clicking the verification button, the user consents to Plato, described as a vendor, collecting and using third-party service providers to process biometric information for identity verification, fraud detection and platform improvement. The screen also states that biometric information will be stored for no more than three years. Open-source research indicates that the KYXPlatform domain is connected to Plato-branded KYC verification. Plato / Goodfintech publicly describes its services as KYC, KYB, KYT, ID verification, liveness checks, facial expression analysis, sanctions and AML checks, risk scoring and automated KYC flows. Good Fintech Limited appears in UK Companies House as an active private limited company. A further red flag concerns the user-facing legal disclosure of the KYC provider. The Kingdom Bank onboarding flow redirects users to verify.kyxplatform.com, branded as Plato. Plato is presented under the GoodFintech ecosystem and offers KYC, KYB, KYT, ID verification, liveness checks, facial-expression analysis, sanctions and AML checks. However, FinTelegram’s review of the GoodFintech and Plato web presence found that the reviewed user-facing pages do not clearly and prominently identify the legal entity operating the platform or accepting responsibility for the processing of identity and biometric data. Open-source corporate records indicate the existence of Good Fintech Limited, a UK company incorporated in October 2023, with the Turkish national Nuri Ozlu listed as director and controlling person. In the context of EU residents onboarding with an offshore Dominica banking platform, this lack of prominent legal-entity, controller/processor and data-protection disclosure is a material compliance concern. Users asked to submit identity documents and biometric information should not have to conduct external corporate-register research to determine who operates the verification platform and who is responsible for their sensitive personal data. This raises several compliance questions: Who is the contractual KYC processor for The Kingdom Bank: Plato, Goodfintech or another operator behind KYXPlatform? Where exactly are biometric data and identity documents stored? Which entity is the data controller and which entity is the processor? Are EU residents provided with GDPR-compliant disclosures before biometric data collection? Are customers clearly told that they are onboarding with an offshore Dominica bank rather than an EU bank? How are PEP, sanctions, adverse media and source-of-funds checks calibrated for high-risk sectors such as crypto, Forex and gambling? The use of external KYC vendors is not unusual. However, in this case, the combination of offshore banking, EU customers, biometric processing, crypto funding and high-risk merchant positioning requires a much higher standard of transparency. Deposit Options: Binance Pay, Bank Transfer, Instant Bank Transfer, Crypto And Kingdom Cash Inside the portal, FinTelegram observed the following deposit methods: Binance Pay; Instant Bank Transfer; Bank Transfer; Crypto; Kingdom Cash. This funding menu is revealing. It indicates that The Kingdom Bank is not merely presenting itself as a traditional offshore bank account provider. It operates more like a digital banking/payment platform integrating crypto, account-to-account payments and alternative deposit methods. From an AML perspective, the coexistence of fiat bank transfers, instant payments, crypto and Binance Pay increases the importance of transaction monitoring, source-of-funds review, sanctions screening, wallet risk analytics and real-time fraud controls. Banky Instant Bank Transfer Flow For the Instant Bank Transfer option, The Kingdom Bank redirected to pay.banky.io, a Banky-branded gateway. The Banky screen showed a payment amount of EUR 101.50 and allowed the customer to choose from a list of banks. The list included major UK and fintech banks such as Lloyds Bank, Barclays, Santander, RBS, NatWest, Revolut, HSBC, Monzo, Nationwide, Starling Bank, TSB, Bank of Scotland, Ulster Bank, First Direct, Halifax, Danske Bank, Wise, Allied Irish Banks and Bank of Ireland. In FinTelegram’s review, the instant bank transfer could not be completed and returned the error message: “Cannot execute payment at this time.” The failed transaction does not by itself prove misconduct. However, the flow is relevant because it shows that The Kingdom Bank’s deposit infrastructure appears to connect to open-banking-style account-to-account payment rails. This is the type of infrastructure frequently observed in modern high-risk payment ecosystems because it can bypass card-chargeback rails and move customer funds directly from bank accounts. For Rail Atlas purposes, Banky should be treated as a relevant payment gateway layer in The Kingdom Bank deposit stack. Ordinary Bank Transfer: Polish Speedy AG Rail The most important operational finding is the ordinary bank-transfer deposit instruction. The Kingdom Bank portal instructed the user to make a transfer to bank details showing: Bank Name: Speedy AG spółka z ograniczoną odpowiedzialnościąDomain: Banky.ioIBAN: PL21636000030000000000486992BIC/SWIFT: SSOPPLP2XXXBank Number: 636Account Number: 636000030000000000486992Account Owner: The Kingdom Bank CorporationReference: D9187185 This means that, in the tested deposit flow, the EU-side funding account was not shown as a direct The Kingdom Bank account at a traditional EU bank. Instead, it was a Polish Speedy AG payment-institution rail where the account owner was The Kingdom Bank Corporation. Speedy AG sp. z o.o. is a Polish payment institution. Polish regulator KNF granted Speedy AG a national payment institution licence in August 2024. Public sources identify its BIC/SWIFT as SSOPPLP2XXX. This finding gives The Kingdom Bank an EU payment-rail footprint. It also creates a clear regulatory question: how is a Dominica offshore bank using a Polish payment institution account to receive customer deposits from EU residents? The Speedy / Zubari Connection The Speedy finding is particularly sensitive because public Polish register and business data indicate that Nebil Serkan Zubari (LinkedIn) is connected to Speedy AG sp. z o.o. as a board / representative figure and beneficial owner through Speedy Group Holding Limited. Zubari is also the key person behind The Kingdom Bank. Public sources identify Zubari as the founder and CEO of The Kingdom Bank. The bank’s own blog states that Zubari is the founder and current CEO, while an English court decision in The Kingdom Bank Corporation v Moorwand Ltd identifies Zubari as a director of The Kingdom Bank. West Ham United’s official partnership communication also refers to him as founder of The Kingdom Bank. This creates an important network-level compliance issue. The flow observed by FinTelegram suggests that The Kingdom Bank customer funds may be routed through a Polish payment institution connected to the same principal behind the offshore bank. This does not automatically mean the structure is illegal. It may be presented as an internal group or partner infrastructure. But from a compliance perspective, it requires transparency: Is Speedy acting as payment institution, account provider, correspondent partner or technical payment rail for The Kingdom Bank? Does KNF know that Speedy accounts are used for The Kingdom Bank customer deposits? Are The Kingdom Bank customers informed that their funds are received through a Polish payment institution? Is Speedy conducting independent AML monitoring on the underlying The Kingdom Bank customer and transaction risk? Does Speedy classify The Kingdom Bank as a high-risk offshore banking client? Are gambling, crypto or iGaming-related funds processed through the same infrastructure? Are EU customers protected by any EU safeguards, or are they merely sending money to an offshore bank via an EU payment institution? These are central Rail Atlas questions. The Kingdom Bank is not an isolated Dominica offshore bank. It appears to sit within a broader Zubari-linked financial infrastructure that also includes Speedy-branded EU/UK payment entities. One of these nodes, Financial House Limited, is FCA-authorised but currently subject to FCA supervisory restrictions. That significantly strengthens the Rail Atlas risk profile. Regulatory Perimeter Issue The Kingdom Bank appears to offer onboarding and deposit functionality to EU residents while operating under a Dominica offshore/international banking licence. FinTelegram has not identified evidence that The Kingdom Bank itself holds an EU banking licence. The observed Polish deposit rail through Speedy AG does not transform The Kingdom Bank into an EU bank. It may only show that The Kingdom Bank has access to EU payment infrastructure through a regulated Polish payment institution. This distinction is critical. A consumer in Austria, Italy or another EU country may see an EU IBAN and assume a familiar EU banking environment. However, the account owner remains The Kingdom Bank Corporation, a Dominica offshore entity. The regulatory protection, complaints route and prudential supervision may therefore be very different from those of a conventional EU bank. Pooled Accounts And Merchant Payment Opacity The Kingdom Bank publicly promotes pooled-account functionality. In legitimate financial operations, pooled or omnibus accounts may be used to manage client funds efficiently. In high-risk environments, however, they can create transparency problems. If an offshore bank or payment platform serves gambling, crypto, Forex or high-risk merchant clients through pooled or omnibus-style structures, the visible payee may not clearly reveal the underlying merchant, casino operator, affiliate, crypto broker or beneficiary. This is one of the central Rail Atlas concerns: in modern payment ecosystems, the entity visible to the customer or the sending bank may be a processor, pooled account, payment institution or banking wrapper rather than the true commercial counterparty. Compliance Red Flags Risk AreaFinTelegram FindingCompliance RelevanceOffshore bankingThe Kingdom Bank operates from Dominica under an international/offshore banking profileNo conventional EU banking licence identifiedEU onboardingRegistration possible from Austria and ItalyEU residents appear able to enter the customer funnelKYC / Plato / GoodFintechVerification through verify.kyxplatform.com / Plato. User-facing pages reviewed by FinTelegram do not clearly disclose the legal operator; external records point to Good Fintech Limited in the UKBiometric-data, GDPR and data-controller transparency questions. GDPR, biometric-data, controller/processor and contractual transparency concernCrypto fundingDeposit menu includes Crypto and Binance PayRequires wallet-risk, sanctions, source-of-funds and Travel Rule controlsInstant bank transferDeposit flow redirects to pay.banky.ioOpen-banking/account-to-account rail relevant for card-chargeback bypass riskFailed test paymentInstant transfer returned “Cannot execute payment at this time”Operational reliability and gateway availability questionEU bank-transfer railDeposit instruction uses Speedy AG sp. z o.o. in PolandOffshore bank appears to receive EU deposits through Polish payment institutionAccount ownerAccount owner shown as The Kingdom Bank CorporationEU payment rail used for offshore bank fundingNebil Serkan ZubariActive director of Speedy, Financial House Limited, and The Kingdom BankLinks The Kingdom Bank principal to UK EMI infrastructureSpeedy connectionPublic data links Speedy to Nebil Serkan ZubariNetwork-level conflict / related-party rail questioniGaming positioningThe Kingdom Bank publicly targets Forex, Gambling and iGamingHigh-risk merchant vertical explicitly part of target marketPooled accountsThe Kingdom Bank promotes pooled-account structuresUnderlying merchant / beneficiary transparency riskReferral / merchant acquisitionWhistleblower material indicates external client-introduction structuresIncentives to source higher-risk merchants require enhanced controls Rail Map A simplified Rail Atlas model based on the review findings is: EU Resident / Customer→ The Kingdom Bank Online Portal→ KYC via KYXPlatform / Plato→ Deposit Method Selection→ Banky Instant Bank Transfer / Crypto / Binance Pay / Ordinary Bank Transfer→ Speedy AG Polish Payment Rail→ Account Owner: The Kingdom Bank Corporation→ Offshore Dominica Banking / Payment Platform For merchant flows, the potential model is: High-Risk Merchant / iGaming / Forex / Crypto Client→ External introducer or referral partner→ The Kingdom Bank onboarding and payment stack→ Pooled account / IBAN / SWIFT / Crypto / A2A payment layer→ Customer deposits, merchant settlement or cross-border payouts The second model remains a working Rail Atlas hypothesis requiring transaction-level confirmation for specific merchants. FinTelegram Assessment The extended review significantly strengthens the Rail Atlas case on The Kingdom Bank. The issue is no longer only that The Kingdom Bank publicly positions itself toward Forex, Gambling and iGaming. The operational review shows that EU residents can enter the onboarding funnel, pass into a KYC process handled through an external KYXPlatform / Plato domain, and receive deposit instructions involving a Polish payment institution. The Speedy AG connection is the most important new element. A Dominica offshore bank appears to use an EU payment institution rail in Poland for customer deposits, while public register data indicates that the same key person behind The Kingdom Bank is also connected to Speedy. This does not prove unlawful conduct. But it creates a high-risk related-party payment infrastructure that deserves regulatory and journalistic scrutiny. For consumers, the risk is transparency. The presence of a Polish IBAN or EU payment institution does not mean the customer is banking with an EU bank. The customer relationship remains with The Kingdom Bank Corporation, a Dominica offshore entity. For regulators, the risk is perimeter arbitrage. Offshore banking, EU payment institutions, crypto funding, open-banking gateways, pooled accounts and high-risk merchant sectors may combine into a payment architecture that is technically distributed and difficult to supervise end-to-end. Call For Information FinTelegram invites whistleblowers, former employees, compliance officers, payment agents, PSP insiders, casino operators, affiliates, customers, regulators and banking partners to provide information about The Kingdom Bank, Speedy AG, Banky, KYXPlatform / Plato, and related payment flows. We are particularly interested in: The Kingdom Bank onboarding documents for EU residents; deposit screenshots showing Speedy AG, Banky, Binance Pay, crypto or other payment methods; account statements showing transfers to or from The Kingdom Bank via Speedy AG; contracts or service agreements between The Kingdom Bank and Speedy AG; information about the operator and data-controller structure behind KYXPlatform / Plato; complaints about frozen deposits, failed withdrawals, blocked accounts or unresolved refunds; merchant onboarding files involving gambling, iGaming, Forex or crypto clients; payment screenshots linking casino or betting platforms to The Kingdom Bank, Speedy, Banky or related infrastructure; internal AML, sanctions, KYC, KYB, PEP, adverse-media or transaction-monitoring concerns; evidence concerning pooled accounts or omnibus structures used for high-risk merchants. Whistleblowers may contact FinTelegram via Whistle42. FinTelegram protects sources and distinguishes clearly between documented facts, open-source intelligence, third-party allegations and editorial assessment. Share Information via Whistle42

A June 2026 promotional article on openPR explains how users can transfer USDT into Payeer through BoomChange, even though Payeer has been linked to EU sanctions measures, Lithuanian sanctions and AML enforcement, and persistent customer complaints over blocked withdrawals. Evidence from a detailed Bitcointalk scam thread materially escalates the risk profile of BoomChange, which is presented not merely as an opaque crypto intermediary but as a suspected fake exchange operation tied to static deposit addresses, phishing-style behavior, and wallet flows allegedly ending at Binance. Key Findings The openPR press release explicitly promotes a 2026 workflow for sending USDT into Payeer via BoomChange and presents that path as a normal convenience service for online users and remote workers. Specialist sanctions and compliance sources report that Payeer was targeted under the EU’s 19th sanctions package, with a transaction ban or equivalent transaction prohibition taking effect in November 2025 after a short wind-down period. Lithuanian FCIS/FNTT enforcement reportedly imposed roughly €9.3 million in penalties on Payeer for sanctions breaches and AML failures, including dealings involving sanctioned Russian banks. FinTelegram has documented repeated complaints from Payeer users about frozen balances, blocked accounts, and failed withdrawals during the sanctions-driven shutdown phase. Payeer no longer appears reachable on the legacy domain payeer.com, which now returns an NXDOMAIN error in live retrieval, while the currently active public-facing site is payeer.online. The current payeer.online site presents itself as a global payment gateway based around merchant acquiring, cards, PayPal, crypto, WeChat Pay, and Alipay rather than the older wallet-centered interface historically associated with payeer.com. The Bitcointalk thread on BoomChange alleges that boomchange.com, boomchange.io, and boomchange.net operate as fake exchanges using static deposit addresses that route victim funds into operator-controlled wallets. The same Bitcointalk report links BoomChange to an Armenia footprint, identifies multiple email addresses, phone numbers, IP addresses, social-media accounts, and hosting or registrar changes, but none of this amounts to transparent corporate disclosure or verified beneficial ownership. No verifiable legal operator or beneficial owner for BoomChange was identified on its public website, which remains a severe compliance red flag for a platform routing crypto into payment environments such as Payeer. In risk terms, the BoomChange-Payeer pathway combines sanctions exposure, AML deficiencies, consumer harm, and scam indicators in a single transaction chain. Press Release Analysis The openPR article titled “How to Transfer USDT into Payeer in 2026” is framed as a simple user guide for moving stablecoins into a payment account. It positions BoomChange as the transfer mechanism and Payeer as the destination platform, while naming additional payment brands such as Skrill, Wise, Payoneer, PayPal, and Cash App to normalize the route. The article is problematic because it is not merely descriptive. It is operational marketing that guides users from USDT into Payeer without mentioning the sanctions, enforcement, withdrawal, or consumer-risk issues now associated with the Payeer ecosystem. After incorporating the Bitcointalk material, the omission becomes even more serious. The release does not just promote access to a sanctioned or restricted payment rail; it appears to direct users through a platform that has been publicly accused of functioning as a fake exchange scam using static wallet infrastructure and phishing-style collection mechanisms. Payeer: Sanctions, Enforcement, and Domain Shift EU sanctions and shutdown context Specialist sanctions and crypto-compliance reporting states that Payeer was included in the EU’s 19th sanctions package against Russia, with the measures taking effect in November 2025 after a limited wind-down period. These reports characterize the measure as a ban on transactions involving Payeer and highlight the significance of the case because it directly touches the crypto and payment-services perimeter. That matters for any intermediary touching the flow. If a third-party exchanger, wallet service, PSP, acquirer, or banking partner enables funds to be routed into Payeer after the prohibition became effective, the risk shifts from abstract association to possible direct or indirect facilitation. Lithuanian enforcement and complaint pattern Lithuanian FCIS/FNTT reporting described major sanctions and AML failures at Payeer and imposed penalties totaling approximately EUR 9.3 million. Public reports say the findings included transactions involving sanctioned Russian banks, weaknesses in customer due diligence, and failures connected to suspicious transaction monitoring and reporting. FinTelegram’s reporting adds the practical consumer dimension. It documents complaints from users whose withdrawals were blocked or delayed and whose balances became trapped as the sanctions-driven exit period unfolded. From payeer.com to payeer.online A live retrieval of payeer.com now returns a DNS error, indicating that the legacy domain is no longer reachable at the time of review. In contrast, payeer.online is active and currently markets itself as an all-in-one international payment gateway offering cards, PayPal, crypto, WeChat Pay, Alipay, API integration, and merchant services in more than 180 countries. This domain change is analytically important. It indicates that Payeer’s current web presence has shifted away from the older payeer.com brand entry point and toward a new domain with a different public presentation, one that emphasizes merchant acquiring, global coverage, and broad payment-method support rather than the historic wallet image widely associated with Payeer. That does not reduce the underlying compliance concern. If anything, a post-enforcement rebranding or domain migration can make customer screening, adverse-media detection, and sanctions controls harder unless institutions actively map historical domains, trade names, and legacy references to the currently active infrastructure. BoomChange: Scam Indicators and Ownership Clues Public website and transparency failures BoomChange’s public website presents the service as an instant crypto exchange with fast execution, no-registration usage, and multiple conversion paths involving crypto and payment destinations. It does not clearly identify a legal operator, jurisdiction of incorporation, licensing authority, directors, or beneficial owners in a way expected from a regulated CASP or payment intermediary. That alone already justified a high-risk classification. After reviewing the Bitcointalk evidence, however, the risk assessment must be strengthened from opaque intermediary to suspected fake-exchange scam operation. Bitcointalk scam evidence The Bitcointalk thread titled “SCAM – Boomchange.com / Boomchange.io / Boomchange.net – Fake Crypto Exchanges” contains a detailed allegation set backed by wallet addresses, archived pages, social-media references, and transaction links. The core allegation is that BoomChange uses static order pages and repeatedly shows the same deposit addresses to different visitors, which is inconsistent with how legitimate instant-exchange order management normally works. The thread lists numerous crypto addresses across Bitcoin, Ethereum, Litecoin, Solana, Tron, BNB, Perfect Money, and other networks, and alleges that victim funds were consolidated and then moved onward, in many cited cases to Binance-linked destinations. It also notes that MetaMask’s phishing-warning list and several scam-reporting services had already flagged BoomChange-related domains or addresses. As a matter of editorial caution, the Bitcointalk material is community-sourced and accusatory in tone. Even so, the density of technical indicators, the consistency of the allegations, and the overlap with BoomChange’s missing ownership transparency make the thread highly relevant adverse-media evidence that cannot be ignored in a compliance analysis. Operators and beneficial ownership The Bitcointalk post attributes BoomChange to an operator in Yerevan, Armenia and identifies a cluster of contact points including email addresses such as boomchange222@gmail.com, boomchange6@gmail.com, register2022.2023@gmail.com, edgarhakobyan2012@gmail.com, boomchangeplay@gmail.com, and info@boomchange.com, as well as the phone number +1 850 280 0803 used on social and messaging channels. It also references Armenian IP addresses, Ucom and Telecom AM connectivity, hosting via Koddos/Amarutu Technology, and registrar changes from Namecheap to Nicenic and later Internet Domain Service BS Corp. Those indicators point to an operational footprint, but they do not establish verified beneficial ownership in a corporate-law sense. At present, the evidence supports describing BoomChange as a suspected Armenia-linked scam operation with identified digital traces, not as a transparently owned or lawfully disclosed business. The thread also mentions a possible link to Smartweb.am and to another project, iptvleopard.com, through overlapping promotion patterns and archived content. Those links are investigatively relevant and may justify further OSINT work, but they should be presented as leads rather than settled findings unless confirmed through company records, domain control evidence, payment data, or insider documentation. Compliance Analysis Sanctions risk The sanctions issue is straightforward. Any service route that enables users to move value into Payeer after the EU prohibition took effect creates a direct or indirect sanctions exposure for the user and for any intermediary facilitating the chain. This is precisely why the BoomChange link is so troubling. A suspected scam exchange with weak or absent transparency is being used in promotional content as the bridge into a payment environment already burdened by sanctions and enforcement findings. AML and fraud risk The AML risk profile is compounded rather than additive. Payeer carries a documented history of sanctions and AML enforcement, while BoomChange now shows significant public scam indicators including static deposit addresses, alleged phishing behavior, and address-level abuse reporting. For compliance teams, this combination should trigger enhanced due diligence, counterparty restrictions, wallet screening, transaction monitoring, and partner review at the highest risk level. Institutions that continue to process related flows without tracing destination logic, domain relationships, and adverse-media indicators would be exposed not only to financial crime risk but also to serious supervisory criticism. Consumer protection and market integrity The consumer-harm narrative is no longer limited to frozen Payeer withdrawals. If users are directed first into BoomChange and then onward into Payeer, they face the risk of losing funds at two separate points in the chain: first to a suspected scam exchanger, and second to a sanctioned or shutdown-affected payment platform with documented withdrawal complaints. That makes the openPR article especially problematic from a market-integrity perspective. It presents a high-risk transaction route as a routine financial convenience while suppressing material facts that would likely alter user behavior and partner risk assessments. Key Data Table FieldPayeerBoomChangeCurrent public domainpayeer.online is currently active; payeer.com returned NXDOMAIN in live retrieval boomchange.com remains publicly accessible and is promoted as an instant exchange Public rolePayment gateway and merchant-acquiring style platform on current website Instant crypto exchange / transfer intermediary on public website Sanctions positionIncluded in EU 19th Russia sanctions reporting; transaction prohibition described by compliance sources Not identified as sanctioned in the reviewed source set Enforcement / adverse findingsLithuania reportedly imposed about EUR 9.3 million in sanctions and AML penalties Bitcointalk scam thread alleges fake-exchange conduct, static deposit addresses, phishing behavior, and Binance offloadsConsumer-risk indicatorsFinTelegram reports blocked withdrawals, frozen balances, and trapped funds Community reports describe irreversible loss after sending crypto to operator-controlled addressesOwnership transparencyHistorical structure linked by FinTelegram to Russian control, Lithuania, and offshore entities No verified beneficial owner found; thread points to Armenia-linked digital traces but not formal ownership proof Link between entitiesDestination platform promoted in the openPR guide Transfer route promoted for sending USDT into Payeer Core compliance concernSanctions exposure, AML failings, frozen funds, partner risk Scam risk, lack of ownership disclosure, possible sanctions-evasion facilitation  Whistleblower Call Whistleblowers, former staff, banking and PSP partners, vendors, hosting providers, domain registrars, exchange compliance officers, and affected customers with information on Payeer or BoomChange should submit evidence to Whistle42 and FinTelegram. Especially valuable are internal communications, KYC and sanctions procedures, merchant or affiliate contracts, wallet-cluster data, registrar and hosting records, beneficial ownership documents, and evidence showing how customer or victim funds were routed. Submissions are particularly important where they help identify the real operators behind BoomChange, explain the shift from payeer.com to payeer.online, document any continuing service relationships after sanctions took effect, or prove the use of third-party exchanges and payment rails to keep restricted flows alive. Share Information via Whistle42

FinTelegram has received a copy of what appears to be a Turkish law-enforcement / Interpol-Europol document concerning Ozan Özerk, OpenPayd’s founder and controlling shareholder. The document, provided by a previously reliable source, refers to serious allegations and possible international police-cooperation steps. This lands at a critical moment: OpenPayd is seeking a Nasdaq listing through Titan Acquisition Corp. at a proposed unicorn valuation, while FinTelegram victim files show OpenPayd vIBAN infrastructure in scam payment paths involving Klickl Europe. 2-Minute Briefing OpenPayd wants U.S. public-market investors to buy a unicorn fintech story. FinTelegram is now looking at a much darker disclosure issue: the law-enforcement risk surrounding Ozan Özerk, OpenPayd’s founder, economic owner, and controlling shareholder. FinTelegram has received from a previously reliable source a screenshot of what appears to be a Turkish law-enforcement / Interpol-Europol document concerning Özerk personally. The document identifies Özerk by Turkish ID number, date and place of birth, lists addresses in London and Northern Cyprus, and states that he is actively sought in Turkish UYAP records in relation to serious allegations, including forming an organization to commit crimes, transferring assets derived from money laundering abroad, and fraud through the use of banks, insurance companies, credit institutions or information systems. The document further states that Özerk left Turkey for London on 20 September 2025 and that Turkish authorities had information suggesting that he may still be in the United Kingdom. It also refers to possible Red Notice / Diffusion procedures through the Ministry of Justice and Interpol-Europol channels. FinTelegram has not yet independently authenticated the screenshot through official Turkish court or police records. However, the source has previously provided information that proved reliable. The content is also consistent with OCCRP’s reporting on Turkish money-laundering investigations involving companies owned by Özerk. This matters because OpenPayd is pursuing a public listing through Titan Acquisition Corp. The transaction is designed to bring OpenPayd to Nasdaq under a Cayman PubCo structure, with a proposed pro-forma equity valuation of $1.145 billion. SEC materials identify Özerk as the key company shareholder, directly holding approximately 82.72% of OpenPayd Holdings Limited before the transaction. The risk file does not stop there. FinTelegram has also reported extensively on OpenPayd’s appearance as vIBAN infrastructure provider in alleged investment-scam payment paths involving Klickl Europe Sp. z o.o. Victim files and OpenPayd GDPR/DSAR material indicate that victims paid into OpenPayd named vIBANs / OpenPayd Malta IBANs using CFTEMTM1, with funds swept to Klickl Europe under references such as “Sweep to Primary Account.” That creates a direct Nasdaq disclosure question: how will OpenPayd, Titan, their advisers, auditors, and SEC-facing counsel describe founder-risk, Turkish law-enforcement exposure, vIBAN scam-rail exposure, and the Klickl Europe victim-flow files? Key Findings The copy puts Özerk personally in focus. The apparent Turkish document refers to Ozan Özerk personally, not merely to corporate entities in his network. The allegations described are serious. The document refers to organized-crime, money-laundering-asset transfer, and fraud-related allegations involving banks, credit institutions, insurance companies or information systems. The document refers to international police-cooperation steps. It mentions possible Red Notice / Diffusion procedures through Turkish justice and Interpol-Europol channels. The source is considered credible by FinTelegram. The screenshot was provided by a source previously known to FinTelegram and considered reliable. Formal authentication through Turkish official records remains pending. The content aligns with OCCRP’s reporting. OCCRP reported Turkish money-laundering investigations involving companies owned by Özerk and linked the wider context to its Scam Empire investigation. Özerk is central to the OpenPayd transaction. SEC transaction materials identify him as the key company shareholder and controlling figure behind OpenPayd Holdings. OpenPayd already faces a payment-rail disclosure issue. FinTelegram victim files show OpenPayd infrastructure inside alleged investment-fraud payment paths involving Klickl Europe. Why This Matters For The Nasdaq Transaction The planned OpenPayd–Titan transaction is not a simple growth financing. It is a public-market trust event. OpenPayd wants Nasdaq investors to value the group as a high-growth financial infrastructure platform operating across fiat rails, vIBANs, digital assets, stablecoins and crypto on/off ramps. That story now faces three overlapping disclosure layers: Disclosure LayerCore IssueWhy It MattersFounder / control riskApparent Turkish law-enforcement document concerning Ozan ÖzerkÖzerk is the controlling shareholder and key company shareholderOCCRP / Turkey riskTurkish investigations involving Özerk-owned companiesMatches broader money-laundering and illegal-betting risk contextOpenPayd–Klickl rail riskVictim files show OpenPayd vIBAN infrastructure feeding Klickl EuropeGoes directly to OpenPayd’s core product risk: vIBANs, payment rails, crypto exposure If OpenPayd wants public-market investors to accept a unicorn valuation, these are not footnotes. They belong in the risk-factor discussion. The OpenPayd–Klickl Context FinTelegram has recently documented a pattern involving OpenPayd and Klickl Europe. Victims of multiple fake investment schemes allegedly received OpenPayd-generated named vIBANs. Funds entered OpenPayd infrastructure and were then swept to Klickl Europe Sp. z o.o., a Polish virtual-asset service provider, with references such as “Transfer to Klickl Europe – EUR/Sepa” and “Sweep to Primary Account.” Victim-organized material also points to a broad app-front layer: fake investment apps and scam platforms used to lure victims through WhatsApp, Telegram and social-media grooming before deposits were routed through OpenPayd and Klickl Europe. This is precisely the type of rail exposure that should concern public-market investors. OpenPayd’s business model is built around payment infrastructure, virtual IBANs, regulated accounts, digital-asset rails and cross-border settlement. When that infrastructure appears in victim-fund flows, the issue becomes material. Read our Klickl Europe reports here. Questions For OpenPayd, Titan And Advisers Are OpenPayd and Titan aware of the apparent Turkish law-enforcement / Interpol-Europol document concerning Ozan Özerk? Have Titan, its counsel, auditors and SEC-facing advisers reviewed the underlying Turkish proceedings? Will the Form F-4 / proxy materials disclose the Turkish investigation and founder-risk context? Did OpenPayd disclose the OpenPayd–Klickl Europe victim files to Titan? How many OpenPayd vIBANs were issued in relation to Klickl Europe? How many scam complaints involve OpenPayd Malta / CFTEMTM1? Were SARs or STRs filed in relation to Klickl Europe or the related investment-scam flows? Has OpenPayd terminated or restricted Klickl Europe? Will Nasdaq investors receive the full risk file — or only the unicorn growth narrative? FinTelegram Assessment OpenPayd’s Nasdaq transaction is now a disclosure test. The apparent Turkish law-enforcement document, OCCRP’s reporting, the SEC transaction structure, Özerk’s control position, and the OpenPayd–Klickl victim files all point to the same problem: the public-market story is incomplete without the risk story. FinTelegram does not state that Özerk has been convicted of any offence. The Turkish document reviewed by FinTelegram remains a screenshot and requires formal authentication. But given the credibility of the source, the seriousness of the allegations, and the consistency with the broader OCCRP context, this material is plainly relevant. The question is no longer whether OpenPayd has a growth story. The question is whether OpenPayd and Titan will disclose the full risk story before asking Nasdaq investors to buy it. Read our reports on OpenPayd here. Summary Table — Ozan Özerk / OpenPayd / Titan / Klickl Risk File ElementKey DataFinTelegram RelevanceOzan ÖzerkFounder, economic owner and controlling shareholder behind the OpenPayd group. SEC transaction materials identify him as the key company shareholder with approx. 82.72% direct ownership of OpenPayd Holdings Limited before the Titan transaction.The Nasdaq story is founder-controlled. Any serious law-enforcement, reputational or AML issue around Özerk is directly relevant to the OpenPayd public-market risk profile.Apparent Turkish law-enforcement documentFinTelegram received from a previously reliable source a screenshot of what appears to be a Turkish law-enforcement / Interpol-Europol document concerning Özerk personally. It refers to serious allegations, including organized-crime, money-laundering-asset transfer, and fraud-related allegations involving banks, credit institutions, insurance companies or information systems.If authentic, this materially escalates founder-risk. The document should be reviewed by OpenPayd, Titan, advisers, auditors and SEC-facing counsel.Red Notice / Diffusion referenceThe screenshot refers to possible international Red Notice / Diffusion procedures through Turkish justice and Interpol-Europol channels.This is potentially public-market material. If any international police-cooperation step exists or is being considered, it should be assessed for disclosure.OCCRP contextOCCRP reported Turkish money-laundering investigations involving companies owned by Özerk and linked the wider context to its Scam Empire investigation. OCCRP also noted limits on what was proven regarding knowledge of fraud-derived payments.The screenshot is not isolated. It aligns with a broader investigative and law-enforcement context around Özerk-linked entities.OpenPaydGlobal payments / Banking-as-a-Service group offering vIBANs, pooled accounts, fiat rails, FX, digital-asset infrastructure, stablecoins and crypto on/off ramps.The products are high-risk when abused. OpenPayd’s own infrastructure is central to the FinTelegram scam-rail investigation.Titan Acquisition Corp. transactionProposed SPAC transaction designed to bring OpenPayd to Nasdaq under ticker OP, with a proposed pro-forma equity valuation of $1.145 billion.The transaction creates a disclosure test. Investors should receive the full risk story, not only the unicorn-growth narrative.OpenPayd Global Holdings LimitedCayman Islands PubCo structure planned for the post-transaction listed group.The transaction would place the Özerk-controlled OpenPayd group into a U.S. public-market wrapper.Klickl Europe Sp. z o.o.Polish virtual-asset service provider identified by FinTelegram victim files as recipient of funds swept from OpenPayd vIBAN infrastructure.Klickl is a core node in the OpenPayd scam-rail files. Its role should be disclosed if material to OpenPayd’s risk profile.OpenPayd vIBAN / CFTEMTM1 railVictim files reviewed by FinTelegram show deposits into OpenPayd named vIBANs / OpenPayd Malta IBANs using CFTEMTM1, followed by transfers to Klickl Europe.This is the payment-rail evidence. It goes directly to OpenPayd’s controls around vIBANs, high-risk merchants and crypto/on-ramp customers.“Sweep to Primary Account” referencesOpenPayd payment summaries reviewed by FinTelegram show transfers to Klickl Europe with references such as “Sweep to Primary Account.”This suggests structured routing, not random payment noise. OpenPayd and Klickl should explain the full flow and downstream recipients.Fake investment appsVictim material indicates multiple scam frontends, including KXTRA, fake Peel Hunt / Peelhuntaicore, PHFINCORE, FinTechX, BMEBEX, MirrorTrd, SSGM Pro, YHT and others.The app layer suggests scale. The frontends changed; the payment rail appears to have remained stable.Core disclosure issueFounder-risk, Turkish law-enforcement context, OCCRP reporting, OpenPayd vIBAN exposure, Klickl Europe flows and fake investment-app rails.The Form F-4 / proxy materials should address these risks clearly. Nasdaq investors should not receive a sanitized unicorn brochure while victims hold payment files. Conclusion OpenPayd wants Nasdaq to see a unicorn. FinTelegram sees a control-risk file, a Turkish law-enforcement shadow, OCCRP’s Scam Empire context, and victim evidence showing OpenPayd infrastructure in scam payment paths. If the controlling shareholder of a Nasdaq-bound fintech is referenced in apparent Turkish law-enforcement material involving organized-crime, money-laundering and fraud allegations, investors deserve to know. If OpenPayd’s vIBAN infrastructure appeared in Klickl Europe scam rails, investors deserve to know. This is not a reputational footnote. It is a disclosure issue. Whistleblower Call: Help Us Complete The OpenPayd Risk File FinTelegram calls on victims, insiders, former employees, compliance officers, payment specialists, law-enforcement sources, regulators, Titan advisers, auditors, lawyers, and OpenPayd counterparties to come forward. We are especially looking for information and documents relating to: Ozan Özerk and any Turkish law-enforcement, court, police, Interpol, Red Notice or Diffusion-related proceedings; OpenPayd’s planned Titan / Nasdaq transaction and related due-diligence material; internal OpenPayd risk assessments, board papers, investor presentations, legal memoranda or SEC disclosure drafts; OpenPayd vIBANs, especially OpenPayd Malta / CFTEMTM1; customer, merchant or counterparty files involving Klickl Europe Sp. z o.o.; OpenPayd GDPR / DSAR responses and “Summary of payments” files; transaction references such as “Sweep to Primary Account” or “Transfer to Klickl Europe – EUR/Sepa”; fake investment apps, WhatsApp / Telegram groups, adviser scripts and victim onboarding instructions; SAR / STR filings, internal AML alerts, account freezes, account terminations or remediation measures; communications with Titan Acquisition Corp., advisers, auditors, law firms, regulators, or SEC-facing counsel; information on Ozan Özerk-linked entities, including OpenPayd, Ozan, Ozan Elektronik Para, SuperApp, European Merchant Bank, Akce-related structures, and other connected payment or fintech companies. The questions are simple: What did OpenPayd know?What did Titan review?What will Nasdaq investors be told?Where did the victims’ money go? Victims and insiders can submit documents securely via Whistle42. FinTelegram will protect sources, verify material where possible, and redact personal data before publication. Share Information via Whistle42

The U.S. Supreme Court has unanimously upheld the SEC’s authority to seek disgorgement of illegal profits even where the agency cannot prove a concrete financial loss for specific investors. The ruling preserves a core enforcement remedy and materially increases litigation and settlement exposure for securities violators, including high-risk brokers, microcap operators, and crypto-related issuers touching the U.S. market. 1-Minute Briefing The U.S. Supreme Court has handed the Securities and Exchange Commission (SEC) a significant enforcement victory. In Sripetch v. SEC, the Court unanimously held that the SEC does not have to prove that investors suffered a measurable financial loss before seeking disgorgement of illegal profits from securities-law violators. The decision preserves one of the SEC’s most important financial remedies: forcing wrongdoers to surrender gains obtained through fraud or unlawful securities activity. For regulated firms, promoters, crypto operators, and capital-market intermediaries, the ruling confirms a simple enforcement principle: illegal profits remain recoverable even where victim losses are difficult to quantify. The Case The case involved Ongkaruck Sripetch, who was accused of participating in fraudulent schemes involving multiple penny-stock companies. The SEC obtained a disgorgement order requiring him to repay illegal gains and prejudgment interest. Sripetch challenged the order, arguing that under earlier Supreme Court precedent — especially Liu v. SEC — disgorgement should be available only where the SEC can prove that investors suffered actual financial harm. The Supreme Court rejected that argument. Writing for a unanimous Court, Justice Neil Gorsuch explained that disgorgement is a gain-based remedy. Its core purpose is not to compensate investors for a precisely measured loss, but to prevent wrongdoers from retaining profits generated through unlawful conduct. Context: The SEC’s Disgorgement Power Disgorgement has long been a central SEC enforcement tool. It allows courts to require defendants to give up profits obtained through securities-law violations. However, the remedy has been under pressure for years. In Kokesh v. SEC in 2017, the Supreme Court held that SEC disgorgement can operate as a penalty for statute-of-limitations purposes. In Liu v. SEC in 2020, the Court allowed disgorgement as equitable relief but imposed limits: it generally must be tied to net profits and awarded for the benefit of victims. In SEC v. Jarkesy in 2024, the Court restricted the SEC’s use of in-house administrative proceedings for civil penalties by emphasizing the right to a jury trial. Against this background, Sripetch was closely watched as another potential limitation on the SEC. Instead, the Court clarified that Liu does not impose a separate requirement to prove pecuniary loss. Compliance Consequences For compliance professionals, the decision is important because it strengthens the SEC’s leverage in both investigations and settlement negotiations. Defendants can no longer rely as easily on the argument that the absence of demonstrable investor losses should block disgorgement altogether. The ruling is especially relevant for offerings and distribution models where harm is diffuse, delayed, or structurally opaque, including microcap promotions, token sales, yield products, and offshore-led structures marketed into the United States. In those cases, unlawful revenue extraction, hidden compensation, manipulative trading gains, or proceeds from unregistered activity may remain fully exposed to recovery claims even where victim-level accounting is incomplete. FinTelegram Analysis From a FinTelegram perspective, the judgment is a net win for market integrity and investor protection because it prevents fraud actors from exploiting evidentiary complexity as a shield against repayment. It should also be read as a warning to crypto and fintech operators that formalistic defenses around investor-loss quantification will not neutralize U.S. enforcement risk when unlawful profits can still be shown. For European and offshore operators, the ruling matters beyond traditional securities issuers. Any business model with U.S. nexus, U.S. investors, U.S. dollar rails, or securities-like marketing representations now faces a stronger SEC remedy framework, making pre-launch legal structuring, distribution controls, and revenue-tracing documentation more important than ever. Share Information via Whistle42

The U.S. Supreme Court has unanimously upheld the SEC’s authority to seek disgorgement of illegal profits even where the agency cannot prove a concrete financial loss for specific investors. The ruling preserves a core enforcement remedy and materially increases litigation and settlement exposure for securities violators, including high-risk brokers, microcap operators, and crypto-related issuers touching the U.S. market. 1-Minute Briefing The U.S. Supreme Court has handed the Securities and Exchange Commission (SEC) a significant enforcement victory. In Sripetch v. SEC, the Court unanimously held that the SEC does not have to prove that investors suffered a measurable financial loss before seeking disgorgement of illegal profits from securities-law violators. The decision preserves one of the SEC’s most important financial remedies: forcing wrongdoers to surrender gains obtained through fraud or unlawful securities activity. For regulated firms, promoters, crypto operators, and capital-market intermediaries, the ruling confirms a simple enforcement principle: illegal profits remain recoverable even where victim losses are difficult to quantify. The Case The case involved Ongkaruck Sripetch, who was accused of participating in fraudulent schemes involving multiple penny-stock companies. The SEC obtained a disgorgement order requiring him to repay illegal gains and prejudgment interest. Sripetch challenged the order, arguing that under earlier Supreme Court precedent — especially Liu v. SEC — disgorgement should be available only where the SEC can prove that investors suffered actual financial harm. The Supreme Court rejected that argument. Writing for a unanimous Court, Justice Neil Gorsuch explained that disgorgement is a gain-based remedy. Its core purpose is not to compensate investors for a precisely measured loss, but to prevent wrongdoers from retaining profits generated through unlawful conduct. Context: The SEC’s Disgorgement Power Disgorgement has long been a central SEC enforcement tool. It allows courts to require defendants to give up profits obtained through securities-law violations. However, the remedy has been under pressure for years. In Kokesh v. SEC in 2017, the Supreme Court held that SEC disgorgement can operate as a penalty for statute-of-limitations purposes. In Liu v. SEC in 2020, the Court allowed disgorgement as equitable relief but imposed limits: it generally must be tied to net profits and awarded for the benefit of victims. In SEC v. Jarkesy in 2024, the Court restricted the SEC’s use of in-house administrative proceedings for civil penalties by emphasizing the right to a jury trial. Against this background, Sripetch was closely watched as another potential limitation on the SEC. Instead, the Court clarified that Liu does not impose a separate requirement to prove pecuniary loss. Compliance Consequences For compliance professionals, the decision is important because it strengthens the SEC’s leverage in both investigations and settlement negotiations. Defendants can no longer rely as easily on the argument that the absence of demonstrable investor losses should block disgorgement altogether. The ruling is especially relevant for offerings and distribution models where harm is diffuse, delayed, or structurally opaque, including microcap promotions, token sales, yield products, and offshore-led structures marketed into the United States. In those cases, unlawful revenue extraction, hidden compensation, manipulative trading gains, or proceeds from unregistered activity may remain fully exposed to recovery claims even where victim-level accounting is incomplete. FinTelegram Analysis From a FinTelegram perspective, the judgment is a net win for market integrity and investor protection because it prevents fraud actors from exploiting evidentiary complexity as a shield against repayment. It should also be read as a warning to crypto and fintech operators that formalistic defenses around investor-loss quantification will not neutralize U.S. enforcement risk when unlawful profits can still be shown. For European and offshore operators, the ruling matters beyond traditional securities issuers. Any business model with U.S. nexus, U.S. investors, U.S. dollar rails, or securities-like marketing representations now faces a stronger SEC remedy framework, making pre-launch legal structuring, distribution controls, and revenue-tracing documentation more important than ever. Share Information via Whistle42

Michael Saylor built Strategy — formerly MicroStrategy — into the world’s most aggressive corporate Bitcoin vehicle on one core narrative: buy Bitcoin, hold Bitcoin, never sell Bitcoin. The first net Bitcoin sale since 2022 – a seemingly trivial 32 BTC – has detonated the “never sell” myth around Michael Saylor’s Strategy, raising uncomfortable questions about liquidity, leverage, and the true resilience of the world’s largest corporate Bitcoin treasury. That narrative has now been cracked. 2-Minutes Briefing According to Strategy’s latest SEC filing, the company sold 32 BTC between May 26 and May 31, 2026 at an average price of around 77,135 USD per coin, generating approximately $2.5 million at an average net sale price of $77,135 per Bitcoin. The stated purpose: to fund distributions on preferred stock. Economically, the sale is tiny. Symbolically, it is enormous. Strategy still holds 843,706 BTC, acquired at an aggregate purchase price of approximately $63.87 billion, or $75,699 per BTC. But the sale came just as Bitcoin entered another sharp weakness phase, with BTC falling materially over recent trading sessions and Strategy’s own stock under renewed pressure. On Reddit and other social channels, the community immediately framed the move as both trivial and deeply symbolic: users highlighted that Strategy sold more MSTR stock than BTC to fund obligations, but fixated on the simple fact that “Saylor with diamond hands” had finally sold some coins. Several commenters explicitly tied the sale to dividend and preferred‑share obligations, noting that Strategy recently used cash to retire a chunk of convertible debt and now must find new cash sources for the rich STRC preferred dividends. For a company whose chairman became the high priest of corporate HODL culture, selling even 32 BTC is not just a balance-sheet event. It is a psychological rupture. Key Facts ItemDetailCompanyStrategy Inc., formerly MicroStrategyExecutive ChairmanMichael SaylorBTC sold32 BTCSale periodMay 26–31, 2026Aggregate proceedsApprox. $2.5 millionAverage sale price$77,135 per BTCStated use of proceedsPreferred stock distributionsBTC holdings after sale843,706 BTCAggregate BTC purchase price$63.87 billionAverage purchase price$75,699 per BTCUSD Reserve as of May 31, 2026$900 millionConvertible notes outstanding after recent repurchase$6.7 billionPreferred stock notional outstanding after recent transactions$15.5 billion The Narrative Break: From “Never Sell” To “Dividend Funding” The most explosive aspect of the transaction is not the amount sold. It is the contradiction between the transaction and the public mythology around Strategy. For years, Saylor has framed Bitcoin as the ultimate treasury asset — not something to be traded, trimmed, monetized, or liquidated, but something to be accumulated indefinitely. His public message to Bitcoin investors was simple: hold. Strategy’s sale therefore raises a dangerous question: if the most prominent corporate Bitcoin accumulator can sell to fund obligations, what exactly remains of the “never sell” doctrine? The official explanation is straightforward. Strategy sold the BTC to help fund distributions on preferred stock. That makes corporate-finance sense. But it also exposes the tension at the heart of the Strategy model: the company has built a capital structure around Bitcoin accumulation, but that structure now includes recurring cash obligations. Bitcoin does not pay interest. Bitcoin does not pay dividends. Strategy’s preferred securities do. That mismatch matters. Market Reaction: Tiny Sale, Big Shock The crypto community immediately understood the symbolic risk. On LinkedIn, X, Reddit and other platforms, the debate quickly split into two camps. The first camp calls the sale a “nothing burger.” Their argument: 32 BTC is an immaterial fraction of Strategy’s holdings — roughly 0.004% of the total BTC position. In this view, the sale is an accounting and liquidity-management detail, not a strategic reversal. The second camp sees the sale as the first crack in the vault. Their argument: Strategy did not need to sell much to trigger concern. The issue is precedent. Once the sacred rule is broken, investors must ask how often it may be broken again. This is why the market reacted so strongly. The sale did not matter arithmetically. It mattered narratively. Why Would Strategy Sell Such A Small Amount? From a FinTelegram perspective, the 32‑BTC transaction looks less like a liquidity emergency and more like a calibrated signal to rating agencies, preferred holders and hedge funds that Strategy can and will tap its Bitcoin stack when its capital structure demands it – without abandoning the broader “long forever” narrative. Based on the filings and community reconstructions, a coherent w 1. Calibrated “proof of concept” for BTC‑as‑collateralBy selling an almost comically small 0.004% of its holdings above its average acquisition cost, Strategy demonstrates to credit analysts that its Bitcoin reserve is not just an accounting abstraction but a monetizable buffer for preferred‑share distributions if and when needed. 2. Signaling discipline to preferred holders (STRC et al.)The 8‑K and subsequent commentary emphasize that proceeds are earmarked to facilitate STRC dividends, implicitly telling preferred holders that they will be protected even if that means occasionally dipping into the Bitcoin hoard instead of endlessly issuing new equity. 3. Managing dilution vs. narrative riskStrategy has aggressively relied on ATM equity offerings, selling hundreds of thousands of new MSTR shares to fund Bitcoin purchases and service obligations. With MSTR underperforming Bitcoin over the past 12–14 months and trading below the effective value of its BTC holdings at times, the marginal cost of further equity dilution has risen, making a tiny BTC sale comparatively attractive despite its symbolic cost. 4. Front‑running the next downturn in a controlled fashionSaylor and CEO Phong Le had already telegraphed in recent earnings calls and Q&A sessions that some BTC sales might be on the table, meaning they were preparing the market psychologically for exactly this kind of move. Executing a minuscule sale in a still‑elevated price zone around 77,000 USD allows Strategy to stress‑test price impact and investor reaction before any larger‑scale adjustments in a more severe drawdown. 5. Tactical poker with hedge fundsLevered‑beta players and crypto hedge funds actively trade the MSTR/BTC relationship, and research desks have floated trades shorting MSTR while going long BTC to exploit the company’s rich NAV premium and structural leverage. A token sale may be part of Strategy’s game with this crowd: reminding the market that it can adjust its BTC‑per‑share metric and capital stack opportunistically, potentially destabilizing one‑sided “MSTR is unliquidatable” trades. In short, this sale looks deliberately small because the symbolic damage is the real instrument: Strategy is sacrificing a few basis points of its myth to buy optionality in how it finances its preferred and debt stack going forward. Can MicroStrategy Run Into Liquidity Trouble If BTC Weakness Persists? The core risk question is whether prolonged Bitcoin weakness could push Strategy into a genuine liquidity crisis, forcing larger BTC disposals and potentially triggering a negative feedback loop for both MSTR and BTC. Public analyses of Strategy’s balance sheet and capital structure highlight a multi‑layered risk profile: Strategy has financed a significant portion of its >800,000 BTC war chest with debt, including convertible notes, senior secured loans and, increasingly, high‑coupon perpetual preferred shares with double‑digit dividend rates. Its legacy software business does not generate enough free cash flow to independently service these layers while also supporting continued Bitcoin accumulation. Over the last year, Strategy has retired some debt by using both cash and equity issuance, but at the cost of thinning its cash buffer and diluting existing shareholders. A concise risk map: DimensionCurrent situationRisk in prolonged BTC weaknessBTC holdings~843k–844k BTC, largest corporate treasury worldwideMark‑to‑market value falls; collateral cushion for debt and prefs shrinksAverage BTC cost~75.7k USD per coinExtended trading below cost basis pressures narrative and solvency opticsFunding mixDebt, convertibles, high‑yield perpetual prefs (STRC etc.)Fixed coupons and dividends must be paid regardless of BTC priceOperating businessSoftware & services, insufficient to carry all obligations aloneMakes Strategy structurally dependent on equity and/or BTC salesEquity strategyHeavy use of ATM offerings of MSTRIf MSTR underperforms BTC, equity becomes an expensive funding sourceRecent 32 BTC sale2.5m USD proceeds; 0.004% of holdingsSymbolically shows BTC is on the table as a liquidity backstop In the near term, media analyses and community breakdowns converge on the view that Strategy is not yet in acute distress: the company still has substantial BTC collateral and, after recent equity sales, access to capital markets, even if on less favorable terms. However, r/CryptoCurrency discussions and derivatives‑desk research warn that Strategy’s leverage is a double‑edged sword – amplifying not just Bitcoin’s upside but also its downside, with the potential for margin‑like dynamics if BTC were to trade decisively and persistently below the company’s blended cost basis and key loan covenants.bligations, markets will start pricing the treasury not only as an asset, but also as collateral for an increasingly complex liability stack. FinTelegram Assessment: The Day The Saylor Myth Died For years, Michael Saylor’s Strategy has functioned as a leveraged Bitcoin ETF with a built‑in megaphone: buy BTC, issue more stock, repeat, and never sell – while telling the world to follow. The 32‑BTC disposal does not change the balance sheet; it changes the story. Our working hypothesis is therefore: The sale is a controlled narrative reset, not a panic liquidation. Strategy is deliberately trading a sliver of its “never sell” mystique in exchange for signaling optionality to creditors and preferred holders. If Bitcoin weakness deepens and persists, the company’s capital structure virtually guarantees more of these episodes – potentially larger, more frequent and far less symbolic. This is the moment when institutional allocators, regulators and sophisticated retail investors must stop treating MicroStrategy as a one‑directional Bitcoin proxy and start analyzing it as what it really is: a complex, leveraged, dividend‑bearing Bitcoin structured product wrapped in a Nasdaq‑listed equity shell. Share Information via Whistle42

OpenPayd wants to enter Nasdaq through Titan Acquisition Corp. at a proposed unicorn valuation. The 2025 financial statements of OpenPayd Holdings show real growth, rising profitability, and sharply expanding payment volumes. But they also show a group whose valuation case depends on future scale, not current earnings. FinTelegram’s view: the financial growth story is visible — but so is the disclosure problem around vIBANs, crypto rails, high-risk merchants, and the OpenPayd–Klickl scam-rail files. 2-Minute Briefing OpenPayd Holdings Limited reported a strong financial year to 30 April 2025. Consolidated revenue increased to €47.53 million, up from €32.58 million in 2024. Operating profit rose to €5.63 million, and profit after tax increased to €3.95 million. Processed volume almost doubled to €83.7 billion, while transaction numbers increased to 22.8 million. Client balances also rose sharply to €497.29 million. Download the financial statements here. This is the financial foundation for OpenPayd’s planned Nasdaq transaction with Titan Acquisition Corp. OpenPayd wants investors to value it as a global Banking-as-a-Service and payment-infrastructure platform operating across fiat rails, virtual IBANs, pooled accounts, FX, digital wallets, stablecoins, crypto on/off ramps, and digital-asset services. The growth is real. The valuation is aggressive. The announced transaction targets a pro-forma equity valuation of $1.145 billion. Against FY2025 consolidated revenue of €47.53 million, that implies a revenue multiple of roughly 22–24x, depending on FX assumptions. Against operating profit of €5.63 million, the implied multiple is well above 180x. Even if OpenPayd’s claimed March 2026 ARR of more than $85 million is used, the valuation still sits around 13x ARR. That may be defendable for a high-growth fintech infrastructure company if investors believe in durable expansion, strong margins, low credit risk, clean compliance, and scalable public-market governance. But OpenPayd is not a clean software-only story. Its own financial statements identify regulatory risk, liquidity risk, operational risk, technology risk, and conduct / anti-money-laundering risk as principal risk areas. The group openly states that criminals may target it and its clients to process illicit proceeds. That is the issue. OpenPayd’s valuation pitch and FinTelegram’s risk file collide in the same place: vIBANs, payment rails, crypto on/off ramps, and high-risk merchant flows. Key Findings Revenue growth is strong: OpenPayd Holdings grew consolidated revenue by roughly 46% to €47.53 million. Profitability improved: Operating profit increased to €5.63 million, and profit after tax rose to €3.95 million. Volume growth is the main scale signal: Processed volume rose to €83.7 billion, almost doubling year-on-year. The regulated core is split between UK and Malta: The FCA-regulated UK EMI, SettleGo Solutions Limited dba OpenPayd, generated €34.85 million revenue. The MFSA-regulated Malta payment institution generated €13.29 million revenue. The business model is rail-heavy, not software-light: OpenPayd’s own strategic report describes IBANs, virtual IBANs, payment accounts, SEPA, open banking, FX, stablecoins, wallets, digital assets, and fiat/crypto conversion as core infrastructure. The unicorn valuation is demanding: A $1.145 billion valuation implies a high revenue multiple and an extremely high earnings multiple on FY2025 actuals. Risk disclosure is central: The financial statements themselves identify conduct and AML risk. That makes the OpenPayd–Klickl victim-flow files material to any serious Nasdaq risk analysis. Read our Klickl Europe reports here. Financial Snapshot MetricFY2025FY2024FinTelegram ReadRevenue€47.53m€32.58mStrong growth, but still small versus unicorn valuationOperating profit€5.63m€2.62mProfitability improvingProfit after tax€3.95m€1.59mPositive but modest absolute earningsProcessed volume€83.7bn€44.1bnHigh scale signal; also high AML burdenTransactions processed22.8m14.3mNetwork usage expandingClient balances€497.29m€334.15mMaterial safeguarded / client-fund exposureUK regulated revenue€34.85m€21.14mMain revenue engineMalta regulated revenue€13.29m€11.93mStrategically important cross-border railProposed valuation$1.145bn—Aggressive public-market price tag Is The Unicorn Valuation Plausible? The short answer: financially possible, but not obvious from FY2025 actuals alone. On FY2025 revenue of €47.53 million, the proposed $1.145 billion valuation implies a revenue multiple above 20x. That is a premium fintech-infrastructure multiple. It assumes investors will value OpenPayd not as a regulated payments group with compliance-heavy rails, but as a high-growth embedded-finance and digital-asset infrastructure platform. On earnings, the valuation looks much more stretched. With operating profit of €5.63 million, the implied valuation-to-operating-profit multiple is extremely high. OpenPayd would need to convince investors that FY2025 is only the beginning of a much larger earnings ramp. OpenPayd’s public-market argument therefore depends on four assumptions: revenue growth continues at high speed; ARR and transaction volume convert into durable profit; regulatory and AML controls scale with the business; high-risk payment, crypto and vIBAN exposure does not trigger major regulatory or reputational cost. The first two assumptions are commercial. The last two are the FinTelegram problem. Regulated Entity Breakdown OpenPayd Holdings is not merely a marketing platform. It is a regulated payments group built around licensed entities. SettleGo Solutions Limited, trading as OpenPayd, is the FCA-regulated UK electronic-money institution and the largest revenue contributor. Its FY2025 standalone accounts show revenue of €34.85 million and profit after tax of €4.25 million. OpenPayd Financial Services Malta Limited is the MFSA-regulated Malta payment institution. It generated €13.29 million in revenue and gives the group a strategically important EU payment-rail footprint. The group also refers to OP Digital Services Limited in Malta, approved by the MFSA as a virtual asset service provider, with trading operations commencing in April 2025. This is important because it confirms OpenPayd’s shift deeper into digital-asset infrastructure, including custody, exchange, on/off ramp and stablecoin-related services. FinTelegram Assessment The OpenPayd financials show a real business with growth, licensing, volume, revenue and profit. This is not an empty fintech shell. But the proposed unicorn valuation requires more than growth. It requires trust. That trust is precisely where the risk file sits. The group’s own accounts admit that criminals may target the company and its clients to process illicit proceeds. FinTelegram’s OpenPayd–Klickl reporting shows the practical version of that risk: victim funds allegedly entering OpenPayd vIBAN infrastructure and being swept to Klickl Europe, with fake investment apps feeding the payment rail. The financial statements confirm that vIBANs, payment accounts, digital assets and on/off ramps are central to the business. Therefore, the OpenPayd–Klickl issue is not external noise. It concerns core infrastructure. Conclusion OpenPayd’s 2025 financials support the growth story. They do not automatically support the unicorn story. A $1.145 billion valuation requires investors to believe that OpenPayd can scale revenue, protect margins, control AML risk, manage high-risk merchants, and avoid regulatory damage from scam-rail exposure. That is the disclosure test. OpenPayd has numbers. It also has risk files. Nasdaq investors deserve both. Share Information via Whistle42

OpenPayd wants Nasdaq to buy the unicorn story. FinTelegram sees the scam-rail problem. The Ozan Özerk-founded fintech plans to go public through Titan Acquisition Corp. at a proposed $1.145 billion valuation while victim files reviewed by FinTelegram show OpenPayd infrastructure inside alleged investment-fraud payment paths involving Klickl Europe, fake trading apps, and vIBAN-based victim-fund flows. 2-Minute Briefing OpenPayd wants Nasdaq to buy the unicorn story. FinTelegram sees the scam-rail problem. The Ozan Özerk-founded fintech has announced a business combination with Titan Acquisition Corp., a Nasdaq-listed SPAC. If completed, OpenPayd says it will list on Nasdaq under the ticker OP at a proposed pro-forma equity value of $1.145 billion. The company markets the transaction as a milestone for programmable money, stablecoins, fiat rails, blockchain networks and global payment orchestration. That is the pitch. The risk story is harder. FinTelegram victim files show OpenPayd infrastructure inside alleged scam payment paths in Europe. In the OpenPayd–Klickl Europe cases, victim deposits entered OpenPayd Malta vIBAN / CFTEMTM1 infrastructure and were swept to Klickl Europe Sp. z o.o., a Polish VASP controlled by Chinese interests, with recurring references such as “Sweep to Primary Account.” FinTelegram has also reviewed victim-organized material showing multiple fake investment app frontends feeding the same OpenPayd–Klickl rail. That is not a theoretical compliance issue. It is the core public-market question. OpenPayd sells the exact infrastructure that becomes dangerous when abused: virtual IBANs, pooled accounts, open banking, fiat-to-crypto on/off ramps, stablecoin rails, digital-asset payments and iGaming payment infrastructure. A company seeking a Nasdaq listing at unicorn valuation must explain not only its growth metrics, but also how its rails were used in scam contexts. There is also the founder risk. OCCRP and other media have reported Turkish investigations involving companies owned by Ozan Özerk in connection with alleged money laundering and illegal betting proceeds. OpenPayd is now asking U.S. public-market investors to trust the Özerk fintech ecosystem at scale. The filing question is blunt: will OpenPayd and Titan disclose the scam-rail reality — or will investors receive only the unicorn brochure? Key Findings OpenPayd is selling a Nasdaq growth story.The company says the Titan transaction would bring OpenPayd to Nasdaq under ticker OP at a proposed $1.145 billion pro-forma equity valuation. The business model is high-risk by design.OpenPayd markets virtual IBANs, pooled accounts, open banking, digital-asset infrastructure, on/off ramps, stablecoins, forex and iGaming payments. These products require hard AML controls. FinTelegram files place OpenPayd infrastructure inside scam rails.The OpenPayd–Klickl Europe evidence shows victim funds entering OpenPayd vIBAN infrastructure and being swept to Klickl Europe. Klickl Europe is not a harmless payment detail.It appears repeatedly in victim files as the recipient of funds swept from OpenPayd vIBANs. FinTelegram has flagged Klickl as a Chinese-controlled Polish crypto gateway with DAREX D / Red risk treatment. The fake app layer shows scale.Victim material identifies dozens of victim-app entries and numerous fake investment apps, including Peelhuntaicore, KXTRA, PHFINCORE, FinTechX, BMEBEX, MirrorTrd, SSGM Pro and YHT. Ozan Özerk’s wider ecosystem is a material disclosure issue.Turkish investigations involving Özerk-linked companies and alleged illegal betting proceeds belong in any serious investor-risk review. The SEC filings will test OpenPayd’s transparency.The filings should explain the fraud complaints, high-risk customers, vIBAN controls, Klickl exposure, SAR/STR handling, regulatory inquiries and remediation steps. The SEC Filing: Titan, PubCo, Shareholders — And Ozan Özerk At The Center The SEC filing confirms that the OpenPayd–Titan transaction is not a simple IPO. It is a SPAC-driven restructuring built around a new Cayman Islands public holding company: OpenPayd Global Holdings Limited (“PubCo”). Under the Business Combination Agreement dated 1 June 2026, Titan Acquisition Corp. will merge into PubCo. Titan will cease to exist as a separate company, and its shareholders and warrantholders will receive substantially equivalent PubCo securities. PubCo will then acquire all shares of OpenPayd Holdings Limited, the English company operating the OpenPayd business, in exchange for PubCo ordinary shares issued to OpenPayd’s beneficial owners. After the transaction, OpenPayd Holdings Limited will become a direct wholly owned subsidiary of PubCo. This structure matters. OpenPayd is not simply “listing.” The transaction moves the group into a Cayman-listed public-company wrapper, with the operating OpenPayd business held below it. Transaction Structure ElementSEC Filing DescriptionFinTelegram InterpretationPurchaser / SPACTitan Acquisition Corp., Cayman Islands SPACNasdaq vehicle used to bring OpenPayd to marketPublic company after closingOpenPayd Global Holdings Limited, Cayman IslandsNew PubCo wrapper for the listed groupOperating companyOpenPayd Holdings Limited, England & WalesExisting OpenPayd operating holding companyTransaction mechanicsTitan merges into PubCo; PubCo acquires OpenPayd Holdings LimitedDe-SPAC plus share acquisitionCompany considerationPubCo shares with aggregate value of $800 million, less advisor transaction-fee sharesCore equity consideration for OpenPayd shareholdersMinimum proceeds conditionAggregate transaction proceeds must be at least $130 million, subject to adjustmentsClosing depends on available financing / non-redemptions / PIPE supportSEC processPubCo must file a Form F-4 registration statement including Titan proxy/prospectusThe real risk-factor disclosure will come in the F-4Nasdaq conditionPubCo ordinary shares and warrants must be approved for Nasdaq listingListing approval is a closing conditionLong-stop dateTransaction may be terminated if conditions are not satisfied or waived by 31 December 2026Timeline pressure for Titan, OpenPayd and advisers Shareholder Structure: Ozan Özerk Is The Dominant Shareholder The filing identifies Ozan Özerk, a Cypriot citizen, as the Key Company Shareholder. He directly owns 1,000,000 OpenPayd Holdings Limited shares, representing approximately 82.72% of the company. The remaining 208,953 shares, or approximately 17.28%, are legally held by Zedra Trust Company (Guernsey) Limited as nominee for the relevant beneficial owners. That means the pre-transaction shareholder structure is not dispersed. It is founder-dominated. Shareholder / HolderSharesPercentageRoleOzan Özerk1,000,00082.72%Direct owner; Key Company ShareholderZedra Trust Company (Guernsey) Limited208,95317.28%Nominee legal holder for relevant beneficial ownersTotal1,208,953100%OpenPayd Holdings Limited pre-transaction equity The SEC filing also states that PubCo was newly incorporated and, as of signing, was owned entirely by Özerk. That is important: before the SPAC mechanics take effect, the future listed Cayman holding company is initially an Özerk-controlled vehicle. Ozan Özerk’s Role: More Than Founder Branding The filing does not treat Özerk as a passive founder. It places him at the center of the transaction. Özerk appears in multiple roles: Founder of OpenPayd, presented in the investor materials; Key Company Shareholder, holding approximately 82.72% of OpenPayd Holdings Limited directly; Company Shareholders Representative, empowered to act for OpenPayd shareholders and beneficial owners in transaction matters; sole shareholder of PubCo prior to the transaction mechanics; party to a Key Company Shareholder Support Agreement, under which he agrees to support and vote in favor of the transaction; party to a Non-Competition Agreement effective at closing; recipient of additional SPAC sponsor economics: 1,035,000 PubCo ordinary shares and 1,216,508 PubCo private warrants transferred from the Sponsor in connection with the termination of the Company Shareholders’ Agreement. This is the core governance point: Özerk is not just the face of OpenPayd. He is the controlling shareholder and transaction control figure. Why This Matters For The Risk Story The filing describes OpenPayd’s business as a global, rail-agnostic banking-as-a-service and payments platform enabling fiat and crypto interoperability. It specifically references named virtual IBANs, multi-currency fiat and crypto payment accounts, international and domestic payments, real-time settlements, fiat-to-fiat and crypto-to-fiat-to-crypto conversions, digital wallets, stablecoin minting and burning, on-chain payments, digital-asset trading and blockchain access through a single API infrastructure. That description is critical for FinTelegram’s analysis. It confirms that the very products at the center of OpenPayd’s growth story — named vIBANs, fiat-to-crypto infrastructure, stablecoin rails, digital wallets and crypto conversion capabilities — are not peripheral services. They are the business model. This is also why the OpenPayd–Klickl Europe files are material. FinTelegram victim files show OpenPayd vIBAN infrastructure inside alleged scam payment paths, including funds swept to Klickl Europe with references such as “Sweep to Primary Account.” If OpenPayd wants Nasdaq investors to buy a unicorn infrastructure story, the SEC filings must disclose the fraud-rail exposure clearly. FinTelegram Takeaway The SEC filing confirms the structure: Titan SPAC → Cayman PubCo → OpenPayd Holdings Limited → Ozan Özerk-dominated shareholder base → Nasdaq listing attempt. It also confirms the disclosure battleground. The Form F-4 proxy/prospectus will be the real test. OpenPayd and Titan must decide whether to disclose the difficult facts: OpenPayd vIBAN abuse allegations, Klickl Europe victim flows, fake investment-app rail exposure, high-risk merchant sectors, SAR/STR handling, Turkish investigations involving Özerk-linked firms, and the governance risk of a founder-controlled fintech entering U.S. public markets. OpenPayd wants to sell Nasdaq the infrastructure story. The SEC filing shows who controls that story. FinTelegram will watch what they disclose. The OpenPayd–Klickl Europe vIBAN Scam Files The most sensitive issue for OpenPayd’s Nasdaq ambitions is not the marketing story around programmable money, stablecoins, or global payment infrastructure. It is the hard evidence from Europe: victim files reviewed by FinTelegram show OpenPayd infrastructure inside alleged investment-fraud payment rails, with funds repeatedly routed to Klickl Europe Sp. z o.o., a Polish virtual-asset service provider. Klickl Europe is part of a Chinese-controlled crypto scheme around Michael (Xu) Zhao. SEC filings for Crypto 1 Acquisition Corp identify Zhao as founder, CEO and director. The filing states that he began investing in crypto in 2016, served as founder/executive chairman of International Digital Currency Markets (IDCM), and founded/led VGPay, a crypto-payment business serving crypto exchanges and their clients. Read our report on “Who is behind Klickl” here. The pattern is no longer anecdotal. FinTelegram has reviewed GDPR/DSAR responses and OpenPayd “Summary of payments” files received by victims. These files show a recurring structure: victims made deposits into OpenPayd named vIBANs / OpenPayd Malta IBANs using BIC CFTEMTM1. The funds were then transferred onward to Klickl Europe with references such as “Transfer to Klickl Europe – EUR/Sepa” and “Sweep to Primary Account.” This is the rail map: Victim bank account → OpenPayd named vIBAN / CFTEMTM1 → Payin → immediate Transfer → “Sweep to Primary Account” → Klickl Europe Sp. z o.o. → crypto/on-ramp or settlement layer → unknown operators OpenPayd’s own GDPR response in one victim case confirmed the core architecture. The victim was not OpenPayd’s client. OpenPayd’s corporate client was Klickl Europe. The IBAN assigned to the victim was not a normal personal bank account, but a named virtual IBAN linked to Klickl Europe’s payment account. OpenPayd further stated that funds credited through that vIBAN became the property of Klickl Europe. That point is critical. It means the victim-facing IBAN created the appearance of a personalized payment route, while the economic recipient was Klickl Europe. The victims did not hold real OpenPayd accounts. They were given OpenPayd-generated deposit identifiers that routed money into Klickl Europe’s corporate payment structure. Read our reports on Klickl Europe-facilited scams here. FinTelegram has also reviewed victim-organized material showing that the fraud was not limited to one fake investment platform. KXTRA and fake Peel Hunt / Peelhuntaicore appear to be only two frontends in a much wider app layer. Victim material identifies dozens of app-front entries and numerous fake investment apps allegedly feeding the same OpenPayd–Klickl rail, including Peelhuntaicore, KXTRA, PHFINCORE, FinTechX, BMEBEX, MirrorTrd, SSGM Pro, YHT, KKRDE, KzipPro, FD MIN, Quantanils, Phantom, Voya and others. This points to a repeatable fraud architecture: Disposable investment apps → WhatsApp / Telegram grooming → OpenPayd vIBAN infrastructure → Klickl Europe recipient account → crypto conversion / settlement → hidden operators For OpenPayd, the issue is direct. OpenPayd was not a random bank name appearing once in a victim transfer. Its vIBAN infrastructure appears as the fiat-entry rail in multiple victim files. If OpenPayd issued or serviced named vIBANs for Klickl Europe, it should have records showing how many vIBANs were created, how many retail investors paid into them, how many complaints were received, when transaction monitoring triggered alerts, whether SARs or STRs were filed, and when the relationship with Klickl Europe was reviewed, restricted, or terminated. For Klickl Europe, the issue is even sharper. If the funds were swept into its account, Klickl must know what happened next. It should have customer data, merchant files, transaction records, wallet addresses, conversion records, settlement partners, ledger entries, and compliance alerts. If Klickl was merely used as an on-ramp by fraud operators, it should identify those operators. If it cannot or will not, the suspicion deepens. The public-market question is therefore unavoidable: how will OpenPayd disclose this in its SEC filings? OpenPayd’s business model is built around precisely the type of infrastructure that requires hard controls: virtual IBANs, pooled accounts, fiat rails, digital-asset infrastructure, crypto on/off ramps, stablecoin payments and high-risk merchant sectors. The OpenPayd–Klickl files show why those controls matter. Named vIBANs can become powerful tools for fraud operators when they create a personal-account illusion while routing victim money into a corporate crypto/on-ramp account. This is not a soft compliance footnote. It is a material disclosure issue. Titan, its advisers, OpenPayd’s lawyers, auditors and ultimately the SEC should ask the obvious questions: How many OpenPayd vIBANs were issued for Klickl Europe? How much money flowed through the OpenPayd–Klickl rail? How many victims complained? How many fake investment apps were connected to the rail? Were suspicious activity reports filed? Was Klickl Europe terminated or restricted? Did OpenPayd disclose these facts to Titan and its transaction advisers? Will the Form F-4 / proxy materials include a specific risk factor on vIBAN abuse, fraud-rail exposure and high-risk crypto intermediaries? OpenPayd wants investors to see scalable global payment infrastructure. FinTelegram’s victim files show the other side of that scale: when vIBAN infrastructure is used by fraud networks, the same technology can become a victim-fund collection machine. That is why the OpenPayd–Klickl Europe files belong in the Nasdaq disclosure discussion. The OCCRP Findings OpenPayd founder and beneficial owner Ozan Özerk The Organized Crime and Corruption Reporting Project (OCCRP) reported that Turkish authorities launched a money-laundering investigation targeting companies in the corporate network of Cypriot-Norwegian fintech entrepreneur Ozan Özerk, OpenPayd’s founder and controlling figure. According to OCCRP, the Turkish probe concerns Ozan Elektronik Para A.Ş., an electronic-money institution allegedly used to introduce criminal assets — primarily from illegal betting — into the financial system, and Aveon Global Sigorta A.Ş., another Özerk-majority-owned company allegedly used to inject criminal proceeds disguised as insurance premiums. OCCRP further noted that its earlier Scam Empire investigation found fraud payments running through dozens of companies, including OpenPayd and European Merchant Bank, both owned by Özerk; OCCRP stressed that there was no evidence those companies knew the funds were fraud-derived. For FinTelegram’s OpenPayd–Titan analysis, the point is clear: OpenPayd’s Nasdaq ambitions sit against a wider Özerk ecosystem already linked by investigative reporting and Turkish authorities to money-laundering, illegal-betting and scam-payment questions. Conclusion OpenPayd wants the market to see a unicorn. FinTelegram sees the rail map. Victims paid into OpenPayd infrastructure. Funds were swept to high-risk crypto intermediaries. Fake app frontends multiplied. Turkish investigations around Özerk-linked companies remain part of the risk landscape. Nasdaq investors should not receive a unicorn brochure while victims hold the payment files. OpenPayd’s listing is a disclosure test. If the company wants public-market trust, it must disclose the fraud-rail reality. Summary Table — OpenPayd Nasdaq Pitch vs. Scam-Rail Reality The following table contrasts OpenPayd’s Nasdaq pitch with the FinTelegram risk file. The transaction is not only a capital-markets event; it is a disclosure test for OpenPayd, Titan, their advisers, and ultimately the SEC. CategoryKey Data / EntityWhat OpenPayd / Titan PresentFinTelegram Risk ContextTransactionOpenPayd business combination with Titan Acquisition Corp.OpenPayd plans to go public through a SPAC merger with Titan. Upon closing, OpenPayd expects to list on Nasdaq under ticker OP.The transaction turns OpenPayd’s risk profile into a public-market disclosure issue.Proposed valuation$1.145 billion pro-forma equity valueOpenPayd markets the transaction as a unicorn-valuation milestone.The valuation must be tested against unresolved AML, fraud-rail, high-risk merchant and founder-risk exposure.Potential proceedsUp to $276 million from Titan’s trust account, assuming no redemptionsOpenPayd presents this as growth capital for its next phase.Investor redemptions and SEC scrutiny may increase if risk disclosures are weak or incomplete.Titan Acquisition Corp.Nasdaq SPAC, ticker TACHU / Class A shares TACH / warrants TACHWTitan raised $276 million in its April 2025 IPO and is positioned as a SPAC seeking a business combination.Titan’s due diligence must address OpenPayd’s high-risk payment exposure, not only growth metrics.Titan leadershipChairman & CEO Frank MastrangeloTitan publicly praises OpenPayd as a high-growth financial infrastructure platform.Titan and its advisers become gatekeepers for SEC disclosure of OpenPayd’s risk profile.OpenPayd positioningGlobal financial infrastructure for fiat rails, blockchain networks and stablecoinsOpenPayd claims to operate at the intersection of traditional finance and digital assets.This is precisely the risk zone where scam operators exploit fiat-to-crypto rails.OpenPayd metricsMore than 1,100 customers, over $240 billion annualized transaction volume, over $85 million ARR as of March 2026OpenPayd uses these figures to support the unicorn narrative.Large volume increases AML burden. Scale makes scam-rail exposure more material, not less.Core OpenPayd infrastructurevIBANs, pooled accounts, fiat payments, stablecoin/on-off ramps, digital-asset infrastructureMarketed as programmable money movement and embedded financial infrastructure.FinTelegram files show OpenPayd vIBAN infrastructure appearing in alleged investment-fraud payment paths.OpenPayd Malta railOpenPayd Malta IBAN / CFTEMTM1Not part of the investor pitch.FinTelegram victim files identify OpenPayd Malta / CFTEMTM1 as the fiat-entry infrastructure in multiple scam contexts.Klickl EuropeKlickl Europe Sp. z o.o., Polish VASP, RD WWW-930Not addressed in OpenPayd’s Nasdaq announcement.FinTelegram victim files show funds routed through OpenPayd vIBANs and swept to Klickl Europe with references such as “Sweep to Primary Account.”Klickl risk profileChinese-controlled Polish crypto/on-ramp structureNot part of OpenPayd’s public SPAC pitch.Klickl Europe appears as the EU-facing recipient node in the OpenPayd scam-rail files. RatEx42 flagged Klickl Red / DAREX D.App-front layerKXTRA, fake Peel Hunt / Peelhuntaicore, PHFINCORE, FinTechX, BMEBEX, MirrorTrd, SSGM Pro, YHT and othersNot addressed in OpenPayd’s Nasdaq narrative.Victim material indicates numerous fake investment apps fed funds into the OpenPayd–Klickl rail.Founder / ecosystem riskOpenPayd founder Ozan ÖzerkOpenPayd presents a fintech growth story.OCCRP and other media reported Turkish investigations involving Özerk-linked companies and allegations concerning money laundering and illegal betting proceeds.Regulatory issueSEC filings / Form 8-K / proxy or registration documentsOpenPayd says additional transaction documents will be filed with the SEC.The filings should disclose scam complaints, Klickl exposure, vIBAN abuse, high-risk merchants, SAR/STR handling, and Özerk-linked investigation risk.Core FinTelegram questionDisclosure testOpenPayd wants Nasdaq investors to buy the unicorn story.Will investors receive the full scam-rail risk picture — or a polished fintech growth brochure? The issue is not whether OpenPayd has scale. The issue is whether a company built on vIBANs, pooled accounts, fiat-to-crypto rails and high-risk payment infrastructure will fully disclose how often its rails appeared in scam payment paths. Whistleblower Call FinTelegram calls on victims, insiders, former employees, compliance officers, payment specialists, OpenPayd clients, Titan advisers, auditors, lawyers, regulators, and law-enforcement contacts to come forward. We are looking for documents and information relating to: OpenPayd vIBANs / named IBANs, especially OpenPayd Malta / CFTEMTM1; scam complaints involving OpenPayd infrastructure; OpenPayd–Klickl Europe payment flows; GDPR / DSAR responses from OpenPayd; “Summary of payments” files showing Payin / Transfer patterns; references such as “Sweep to Primary Account”; Klickl Europe account statements, wallet data, merchant records, or onboarding files; fake investment apps connected to OpenPayd rails; internal OpenPayd risk alerts, SAR/STR filings, account freezes, customer exits, or remediation steps; communications with Titan Acquisition Corp., auditors, legal advisers, investment banks, or SEC-facing counsel; any due-diligence material prepared for the planned Nasdaq transaction; information on Ozan Özerk-linked entities, Turkish investigations, illegal gambling exposure, or high-risk merchant relationships. If OpenPayd wants a Nasdaq listing at unicorn valuation, investors deserve the full risk picture. Victims should not be left with payment files while public-market investors receive a sanitized fintech growth story. Documents can be submitted securely via Whistle42. FinTelegram will protect sources and redact personal data where necessary. Share Information via Whistle42

A new technical analysis shared with FinTelegram points to NALMI LIMITED (AS213846) as the infrastructure envelope behind a large rotating casino-domain ecosystem. The findings do not prove that NALMI owns or operates the underlying casino brands. But they do suggest that a substantial cluster of outwardly separate gambling domains — including brands already relevant in the broader Zentoria context — appears to converge within the same hosting and routing environment. That makes NALMI a serious enhanced-due-diligence target. The NALMI Ecosphere in Stealth Mode Illustrative infrastructure map based on technical material reviewed by FinTelegram. The chart visualizes the observed NALMI-associated hosting envelope (AS213846 / 185.207.196.0/22), Cloudflare shielding, and overlaps with domains and brand families already relevant to FinTelegram’s broader Zentoria inquiry. It supports a shared infrastructure hypothesis, but not yet a final ownership or control conclusion. This chart is published as an investigative working model based on technical material and open-source checks reviewed by FinTelegram. It is intended to illustrate observed infrastructure patterns, routing signals, and domain clustering. It should not be read as conclusive proof of final legal ownership, beneficial ownership, or unified operational control of all brands shown. FinTelegram’s investigation into the apparent NALMI ecosystem remains ongoing. A new network-engineering analysis received by FinTelegram suggests that NALMI LIMITED (AS213846) may sit at the center of a much larger technical casino ecosystem than previously understood. According to the material reviewed, the issue is not one casino, one domain, or one payment anomaly. The issue is an apparent infrastructure envelope spanning a large number of gambling-related domain families, combined with Cloudflare shielding, repeated CRM/mail patterns, and visible links to brands already associated with the broader Zentoria-facing environment. NALMI LIMITED is not entirely invisible, but it is remarkably opaque. Public ASN and registry records point to a Marshall Islands entity with an associated domain, nalmiltd.com, yet there is no meaningful transparent corporate web presence comparable to that of an openly operating infrastructure provider. Instead, NALMI presents as a technically traceable but publicly low-profile entity — a pattern made even more noteworthy by the Cyprus-linked contact signal embedded in the same records. The most important point at this stage is methodological: the evidence does not prove that NALMI is the beneficial owner or legal operator of the casino brands observed in the cluster. It does, however, support a narrower and more defensible conclusion: NALMI appears to be the hosting or infrastructure layer behind a rotating farm of casino-facing domains. That alone would make it highly relevant from a compliance and due-diligence perspective. A hosting envelope, not a random collection of sites The technical material reviewed by FinTelegram describes AS213846 / NALMI LIMITED as a hosting ASN with a 185.207.196.0/22 envelope comprising 1,024 IPv4 addresses, and links this range to a large observed casino-facing domain set. The report frames this not as one isolated gambling site, but as a domain-farm system with repeated brand families, numbered variants, mirror domains, and repeated IP reuse across the same NALMI-associated range. That matters because it changes the character of the finding. This is no longer just a question of one rogue domain or one suspicious merchant. It looks, at minimum, like an industrialized infrastructure cluster capable of supporting multiple outward-facing casino skins. NALMI in the Zentoria story The NALMI findings become particularly interesting because they intersect with the Zentoria line of research already under review by FinTelegram. Read our Zentoria reports here. In the report, SPINSOPOTAMIA.COM is treated as the key public-facing anchor into ZENTORIA LIMITED, and the same domain is then mapped into the NALMI-associated IP environment. The report explicitly presents SPINSOPOTAMIA not as a decorative casino logo, but as the visible legal/public wrapper that connects the Zentoria-facing layer into the wider technical ecosystem. That is important. If a domain already relevant to the Zentoria structure resolves into the same NALMI environment as other rotating casino brands, then the NALMI question is not separate from the Zentoria question. It becomes part of the same broader operational picture. Cyprus-linked signals, but not yet proof of control The report also emphasizes several Cyprus-linked signals, including a +357 phone signal in RIPE-related records, routing observations, and latency arguments suggesting Cyprus-local relevance behind the infrastructure. It further argues that Cloudflare acts as a choke point or shielding layer, making direct origin attribution more difficult while leaving certain Cyprus-linked network observations unusually clear. These are serious EDD signals. But they should be treated with caution. What they support is a Cyprus-linked operational footprint. What they do not yet prove is that the entire domain farm is directly controlled from Cyprus, or that the economic or legal controllers of the ecosystem have been conclusively identified. That is the difference between a strong technical red flag and a finished ownership case. Shared infrastructure is easier to show than shared control One of the strongest parts of the report is not the rhetoric, but the cluster logic. The analysis points to repeated DNS, CRM, mail, and infrastructure patterns across brands such as Spinsy, Spinsopotamia, Green Luck, SpinRollz, and Kingmaker. The report describes common mail and customer-communication elements — including Google verification, Mailjet, Zendesk, and Carmamail-style patterns — as evidence of shared operational machinery rather than isolated standalone websites. That is a meaningful distinction. Shared infrastructure and shared tooling do not automatically prove common legal ownership. But they do support the theory of a shared operational ecosystem — and that is often exactly where a serious compliance investigation begins. Where Payabl fits into the wider picture The NALMI analysis does not replace FinTelegram’s earlier work on Payabl, NovaForge, and Zentoria. It complements it. In the broader body of material under review, Payabl appears as a recurring gateway / PSP / payment-rail layer, while Zentoria appears as a cleaner public-facing or legal-facing wrapper and NovaForge as an older, riskier offshore-facing merchant layer. The NALMI report adds a different layer to that picture: infrastructure. In other words: NALMI appears relevant to the hosting / technical environment, Zentoria to the legal / public-facing wrapper, and Payabl to the payment / gateway layer. That multi-layer reading is far more plausible — and more defensible — than any simplistic one-company theory. The right conclusion At this stage, FinTelegram would not state that NALMI “runs” the entire casino network. That would go too far. But it is increasingly plausible that NALMI LIMITED functions as the infrastructure envelope behind a large rotating casino-domain ecosystem, and that this technical ecosystem overlaps with domains, brands, and public-facing wrappers already relevant to the broader Zentoria story. That alone is enough to justify further scrutiny. If confirmed through additional DNS, passive-DNS, routing, and registrar material, the NALMI findings could become a significant part of the wider compliance picture: not as proof of final ownership, but as evidence that many outwardly separate gambling brands may sit inside the same concentrated technical habitat. FinTelegram will continue to review the evidence. NALMI Key Findings CategoryKey InformationInfrastructure Anchor NALMI LIMITED / AS213846 appears as the central hosting / ASN envelope of the observed cluster. Sources: RIPEstat AS213846 | BGP HE AS213846 | RIPE Database Query IP Environment The main observed infrastructure range is 185.207.196.0/22, comprising 1,024 IPv4 addresses, which points to a concentrated infrastructure environment rather than a handful of isolated sites. Sources: RIPE Prefix Query | BGP HE Prefix Overview | RIPEstat Cluster Character The reviewed material indicates a rotating system of mirror domains, numbered variants, brand extensions, and repeated IP reuse, supporting the hypothesis of an industrialized casino-domain farm. Source: Source material reviewed by FinTelegram. Scale The reviewed dataset refers to 994 unique domains, 1,663 domain-to-IP mappings, 138 distinct IPs, and 138 repeated domain families, indicating a network of substantial operational scale. Source: Source material reviewed by FinTelegram. Zentoria Anchor SPINSOPOTAMIA.COM, already relevant in the broader Zentoria inquiry, appears as a key public-facing entry point into ZENTORIA LIMITED. Sources: Revenue Ireland register page | Revenue Ireland PDF register Observed Brand Families Observed casino-facing brands and skins include Spinsy, Spinsopotamia, Green Luck, SpinRollz, and Kingmaker, suggesting a shared operational environment rather than isolated standalone brands. Source: Source material reviewed by FinTelegram. DNS / Mail / CRM Patterns The reviewed material points to recurring backend indicators such as Google site verification, Mailjet, Google SPF, Zendesk mail, and Carmamail, supporting the view of a shared CRM and communications backend. Source: Source material reviewed by FinTelegram. Cloudflare Shielding The observed setup is consistent with a Cloudflare-shielded edge layer in front of the NALMI environment, making direct origin attribution more difficult. Sources: Cloudflare network overview | Cloudflare Anycast overview | plus source material reviewed by FinTelegram Cyprus-Linked Signals The reviewed material highlights Cyprus-linked routing and registry signals, including a +357 phone number and visibility patterns consistent with a Cyprus-facing operational footprint. These are important EDD indicators, but not final proof of control. Sources: RIPEstat AS213846 | RIPE Database Query | plus source material reviewed by FinTelegram RIPE / Registry Profile NALMI appears with a Marshall Islands profile while also showing Cyprus-linked contact signals in RIPE-related data. This is a jurisdictionally unusual combination and a significant due-diligence red flag. Sources: RIPE Database Query | RIPEstat | BGP HE NALMI’s Role At this stage, the most defensible reading is that NALMI functions as an infrastructure or hosting layer, not as the proven merchant, operator, or beneficial owner of the observed casino brands. Sources: RIPEstat | BGP HE | plus source material reviewed by FinTelegram Zentoria’s Role Zentoria appears as the cleaner legal and public-facing wrapper within the broader ecosystem, consistent with earlier FinTelegram findings. Sources: Revenue Ireland register page | Revenue Ireland PDF register Payabl’s Role In the broader investigation, Payabl appears more relevant to the PSP / gateway / payment layer than to the infrastructure envelope itself. This supports a layered model: NALMI = infrastructure, Payabl = payment rail. Sources: Source material reviewed by FinTelegram and earlier payment-path evidence under review. NovaForge’s Role NovaForge remains the likely older, riskier offshore-facing merchant or operator layer in the broader ecosystem, complementing the later and cleaner Zentoria-facing layer. Sources: Source material reviewed by FinTelegram and earlier merchant / wallet comparisons under review. Ownership / Control The current evidence does not conclusively establish that NALMI or the Cyprus-linked signals prove final legal ownership, beneficial ownership, or unified operational control of the full ecosystem. Sources: RIPEstat | RIPE Database Query | plus source material reviewed by FinTelegram Editorial Takeaway The strongest current publication angle is that of a NALMI-linked technical ecosystem behind a rotating casino-domain farm, with visible overlap into the broader Zentoria-facing structure. This supports a shared infrastructure hypothesis, but not yet a final ownership conclusion. Sources: Revenue Ireland PDF register | RIPEstat | plus source material reviewed by FinTelegram NALMI LIMITED (AS213846) appears as a concentrated hosting/infrastructure envelope for a large number of casino-facing domains. The observed environment includes SPINSOPOTAMIA.COM, a domain already relevant to the broader Zentoria line of inquiry. The findings support a shared infrastructure ecosystem, not yet a proven single ownership structure. Cyprus-linked registry and routing signals are notable, but should currently be treated as EDD indicators, not definitive proof of control. The NALMI findings are best read together with the existing Zentoria / NovaForge / Payabl evidence as part of a layered casino-and-payments ecosystem. The NALMI story matters because infrastructure is often the one layer that changes more slowly than brands, domains, or merchant names. If the brands rotate but the technical habitat remains stable, the habitat itself becomes evidence. Share Information via Whistle42

The Bureau of Investigative Journalism (TBIJ) has reported that Belgian prosecutors are investigating Wise, the London-headquartered money transfer and payments giant, over concerns that Wise accounts may have been used in connection with approximately €500 million in suspicious transactions. The investigation reportedly focuses on Wise’s European operations and potential indications of non-compliance with anti-money laundering (AML) legislation. Wise has not been accused of criminal wrongdoing in court. The investigation is ongoing. However, the case adds another regulatory pressure point to a company that has grown into one of the most important cross-border payment infrastructures for retail users, freelancers, SMEs, and increasingly business customers. Key Points Belgian prosecutors reportedly opened the investigation after Wise accounts appeared in hundreds of judicial assistance requests from more than 30 European countries. The suspicious transaction exposure reportedly amounts to approximately €500 million. The investigation concerns Wise’s European operations, handled through Wise Europe SA in Belgium. Wise told TBIJ that its Belgian office manages law-enforcement requests across the EEA and that it is cooperating with the Brussels prosecutor. This is not an isolated compliance issue: Wise has previously faced AML-related scrutiny in Europe and the United States. The case highlights a broader structural issue: electronic money institutions and payment institutions are becoming critical nodes in cross-border financial crime risk. The TBIJ Findings According to TBIJ, Belgian prosecutors are examining whether Wise may have failed to comply with AML obligations after its accounts appeared repeatedly in criminal-proceeding assistance requests across Europe. These requests reportedly involved fraud, corruption, drug trafficking, and other suspected criminal proceeds. The core issue is not whether Wise intentionally enabled money laundering. The relevant compliance question is whether its transaction monitoring, customer due diligence, suspicious activity detection, and law-enforcement response framework were sufficiently robust for the scale and risk profile of its business. This distinction matters. A payment institution can be fully legitimate and still become systemically attractive to criminal networks if its onboarding, account controls, transaction monitoring, and escalation procedures do not scale as fast as its customer base and transaction volume. Wise’s Regulatory Position Wise Europe SA is authorised in Belgium and passported across the EEA. This makes Belgium a central regulatory jurisdiction for Wise’s European operations. TBIJ reports that Wise’s Belgian office handles law-enforcement requests across the EEA, which helps explain why the Belgian prosecutor’s office is a central node in the current investigation. Wise reportedly said it is working with the Brussels prosecutor and routinely cooperates with regulators and law-enforcement authorities. The company also stated that around one third of its staff is dedicated to fighting financial crime. That statement is important, but it also raises a sharper compliance question: if a company has such a large financial crime function, why did hundreds of judicial requests across Europe still accumulate into a reported €500 million suspicious exposure pattern? Prior AML Pressure The new Belgian investigation follows earlier AML-related issues. In 2024, the Financial Times reported that the National Bank of Belgium had required Wise to implement a remediation plan after identifying weaknesses in customer address documentation. In 2025, Wise US entered into a $4.2 million multistate settlement with US regulators over alleged inadequacies in its AML/CFT programme. Those earlier matters do not prove wrongdoing in the Belgian criminal investigation. However, they indicate a recurring theme: Wise’s compliance architecture has been under regulatory pressure in multiple jurisdictions. Compliance Analysis From a compliance perspective, the Wise case is a classic scale-versus-controls problem. Wise built its market position by making cross-border payments cheaper, faster, and easier than traditional correspondent banking. That is precisely what made the company successful. But the same speed, reach, and convenience also make such platforms attractive to fraud networks, mule-account operators, sanctions evaders, and money-laundering structures. For payment institutions, the key risks are: Mule Account NetworksFraud proceeds can be rapidly moved through seemingly ordinary retail or business accounts. Cross-Border FragmentationCriminal flows often touch multiple jurisdictions, making law-enforcement coordination slow and incomplete. High-Velocity Transaction PatternsFast transfers reduce the time available for intervention before funds leave the platform. CDD GapsWeak or outdated customer documentation can undermine risk scoring and transaction monitoring. Business Account MisuseSME and freelancer-style accounts can be abused as payment collection layers for scams or unlicensed activity. Why This Matters Wise is no longer a niche fintech. It is a major global payment infrastructure provider. In Q4 FY2026, Wise reported £49.4 billion in quarterly cross-border volume and 11.3 million active customers. It has also shifted its primary listing to Nasdaq while maintaining a London presence. This makes the Belgian investigation strategically significant. It is not merely a local enforcement matter. It is a test case for how regulators and prosecutors assess the AML responsibilities of global payment platforms that operate between traditional banking, e-money infrastructure, and fintech convenience. FinTelegram Assessment FinTelegram’s preliminary assessment is that the Wise case should be viewed as part of a broader regulatory trend: electronic money institutions and payment institutions are moving from “fintech innovation” status into “systemic compliance infrastructure” status. The core question is no longer whether such firms are cheaper or faster than banks. The question is whether they can detect, stop, report, and explain suspicious flows at the same speed at which they process legitimate transactions. Wise may ultimately demonstrate that it acted appropriately and cooperated fully with authorities. But the reported €500 million suspicious transaction exposure, combined with prior AML remediation and US enforcement history, creates a material reputational and regulatory issue. Call For Information FinTelegram invites former Wise employees, compliance officers, law-enforcement sources, affected customers, and payment industry insiders to provide information about: Wise account closures and fund freezes; suspicious transaction reporting processes; mule account patterns; law-enforcement request handling; Wise Europe SA compliance operations; onboarding and proof-of-address remediation; fraud complaints involving Wise accounts; business account misuse and high-risk merchant flows. Information can be submitted confidentially through Whistle42. Share Information via Whistle42

Executive Summary The global stablecoin market has moved from a crypto-trading utility into a strategic layer of digital financial infrastructure. Stablecoins are now used for exchange settlement, cross-border payments, dollar access, DeFi liquidity, remittances, and increasingly institutional payment flows. The regulatory divide between the United States and the European Union is becoming structural. The U.S. GENIUS Act is designed to domesticate and scale dollar-backed payment stablecoins under a federal framework. The EU’s MiCA regime is designed to contain stablecoin risks, protect monetary sovereignty, and prevent reserve-run contagion into the banking sector. The result is an emerging asymmetry: the U.S. is turning stablecoins into a dollar-export and Treasury-demand mechanism, while Europe is regulating stablecoins primarily as a financial-stability risk. Background: The UniCredit Warning Elena Carletti, Deputy Vice Chair of UniCredit and head of the bank’s risk committee, warned that Europe may be less able than the U.S. to contain shocks arising from the connection between stablecoins and banks. The reference point is the 2023 Silicon Valley Bank (SVB) crisis. SVB held deposits linked to crypto firms, and its collapse destabilized a major stablecoin before U.S. authorities invoked a systemic-risk exception and guaranteed all deposits. That intervention helped stabilize both the banking system and the affected stablecoin market. Carletti’s concern is that Europe cannot easily replicate such a response. Under MiCA, stablecoin issuers must hold reserves in bank deposits and low-risk liquid assets. This creates a forced link between stablecoin issuers and banks. In a stress scenario, Europe may face a double weakness: stablecoins become dependent on banks, while banks may be exposed to volatile stablecoin reserve flows — without a U.S.-style emergency backstop. Global Importance of Stablecoins Stablecoins are no longer a niche crypto instrument. Their market capitalization has grown from a few billion dollars in 2019 to roughly USD 300 billion. The market remains overwhelmingly dollar-based and concentrated in the largest issuers, particularly USDT and USDC. Their strategic importance rests on four functions: Crypto settlement layer: Stablecoins remain the dominant cash-equivalent inside crypto markets. Cross-border payments: They offer fast, 24/7 settlement outside traditional correspondent banking rails. Dollar access: In emerging markets, dollar stablecoins function as synthetic offshore dollars. Treasury demand: Large fiat-backed stablecoin issuers hold substantial reserves in cash and short-term government securities, especially U.S. Treasuries. This explains why the stablecoin debate is no longer merely about crypto regulation. It is about monetary power, banking liquidity, payment sovereignty, sanctions control, and the future role of the dollar and euro in digital finance. U.S. Approach: GENIUS Act The GENIUS Act creates the first comprehensive U.S. federal framework for payment stablecoins. Its core policy logic is pro-growth but prudentially framed. Key features include: 100% reserve backing with liquid assets such as U.S. dollars and short-term Treasuries. Monthly public disclosure of reserve composition. Prohibition on misleading claims that stablecoins are government-backed, federally insured, or legal tender. Priority protection for stablecoin holders in issuer insolvency. Bank Secrecy Act application, including AML and sanctions compliance. Technical capability to freeze, seize, or burn stablecoins when legally required. A pathway for U.S.-regulated banks and non-bank issuers to issue payment stablecoins. Conditional market access for foreign issuers subject to comparable supervision and U.S. registration requirements. The strategic purpose is visible: regulate the sector, protect users, and scale dollar-backed stablecoins as part of U.S. digital-asset leadership. EU Approach: MiCA MiCA takes a more restrictive and risk-control-oriented approach. Stablecoins are mainly regulated as either: E-money tokens (EMTs): tokens referencing one official currency; or Asset-referenced tokens (ARTs): tokens referencing multiple assets, currencies, commodities, or a basket. Issuers require authorization and must comply with reserve, governance, disclosure, own-funds, liquidity, redemption, and supervisory requirements. The EBA has a central role in technical standards and supervision of significant ARTs and EMTs, while ESMA coordinates broader crypto-market rules. MiCA’s objective is not to create a global euro-stablecoin industry at all costs. Its logic is defensive: market integrity, consumer protection, financial stability, and monetary sovereignty. The ECB remains skeptical of a large private stablecoin market in Europe. It fears that stablecoins could make bank deposits more volatile, reduce bank lending capacity, complicate monetary policy, and create new run dynamics. GENIUS vs. MiCA: Key Differences TopicU.S. GENIUS ActEU MiCAStrategic policy directionPromote regulated dollar stablecoins and U.S. digital-asset leadershipContain stablecoin risk and protect financial stabilityCore philosophyInnovation with prudential guardrailsPrudential containment and consumer protectionMain stablecoin categoryPayment stablecoinsEMTs and ARTsReserve model100% backing with liquid assets, especially cash and short-term TreasuriesReserve assets, bank deposits, low-risk liquid assets, liquidity and own-funds requirementsMonetary policy angleSupports dollar dominance and Treasury demandProtects euro sovereignty but restricts rapid stablecoin scalingIssuer opportunityStrong pathway for banks, non-bank issuers, and fintechsMore complex authorization and supervisory burdenForeign issuer accessPossible, but subject to U.S. comparability, OCC registration, U.S. reserve requirements, sanctions complianceNon-EU issuers face MiCA compliance burden for EU accessAML/sanctions focusExplicit Bank Secrecy Act, sanctions compliance, freeze/seize/burn capabilityAML obligations mainly through broader EU AML/CASP framework plus MiCA governance and supervisionBank linkageStablecoins become regulated payment instruments with Treasury/cash reserve baseStablecoin reserves create strong links to EU banks and deposit marketsCompetitive effectLikely accelerates U.S. dollar stablecoin dominanceMay protect the EU system but weaken EU stablecoin competitivenessRegulatory toneIndustrial-policy tool for dollar-based digital financeRisk-management framework for crypto-assetsMarket outcomeEncourages institutional adoptionEncourages compliance but may slow scale and innovation Compliance Analysis The UniCredit warning identifies the key European vulnerability: MiCA reduces issuer risk at the micro level but may create systemic linkage at the macro level. If stablecoin issuers must hold substantial reserves in bank deposits and liquid instruments, their risk becomes bank-system risk. In a crisis, redemptions could pressure both the issuer and the banks holding reserves. In the U.S., the policy architecture is different. The GENIUS Act channels stablecoin reserves toward cash and short-term Treasuries, while the 2023 SVB precedent demonstrated that U.S. authorities may act aggressively to contain systemic spillovers. This does not remove risk, but it creates a more credible expectation of crisis intervention. Europe has stricter rules but potentially weaker crisis elasticity. The U.S. has a more growth-oriented regime with stronger systemic backstop expectations. Market Implications The immediate winner is the U.S. dollar stablecoin sector. Dollar-backed tokens already dominate global supply, liquidity, exchange settlement, DeFi activity, and cross-border crypto payments. GENIUS may reinforce that dominance by giving institutional issuers, banks, fintechs, and payment platforms a clearer legal route. Europe faces a different problem. MiCA provides legal certainty, but legal certainty alone does not create market depth. Euro stablecoins remain marginal globally. Even if MiCA-compliant euro stablecoins emerge, they must compete against the network effects, liquidity, exchange integration, and global demand for dollar tokens. This is why the European debate increasingly frames stablecoins as a strategic-autonomy issue. If Europe regulates too tightly, it may protect banks but leave digital money markets to the dollar. If it relaxes too much, it may import bank-liquidity and monetary-policy risks into the EU financial system. Hypothesis: Europe’s Stablecoin Dilemma Europe is likely to produce compliant but structurally smaller stablecoin issuers, while the U.S. is likely to produce globally scalable dollar stablecoin champions. Under MiCA, European issuers will have regulatory legitimacy but face higher compliance costs, stricter reserve constraints, fragmented banking relationships, and a more skeptical central-bank environment. In contrast, U.S. issuers benefit from a large domestic capital market, deep Treasury liquidity, stronger dollar demand, and a law explicitly designed to promote stablecoin growth. The likely outcome is a two-speed stablecoin market: U.S. stablecoins become global payment and settlement infrastructure. EU stablecoins remain regulated, safer, but comparatively niche instruments. Unless Europe creates a more positive stablecoin strategy — or successfully launches a digital euro and tokenized commercial-bank deposit ecosystem — MiCA may unintentionally reinforce digital dollarisation. The EU may win the regulatory-risk argument while losing the market-scale argument. Conclusion Stablecoins are becoming a strategic financial infrastructure layer. The U.S. has chosen to regulate and scale them. Europe has chosen to regulate and contain them. The UniCredit warning captures the core risk: MiCA links stablecoin issuers to banks without giving Europe a clearly equivalent crisis backstop. That may make the EU framework safer in normal times but more fragile in stress scenarios. From a compliance perspective, MiCA is stronger on containment. From a market-structure perspective, GENIUS is stronger on competitiveness. The decisive question is whether Europe can develop a stablecoin and digital-money strategy that protects financial stability without surrendering the future of programmable money to the dollar. Share Information via Whistle42

The UK has designated Huobi Global S.A., operating as HTX, under the Russia sanctions regime. The designation imposes an asset freeze, internet services restrictions, and correspondent banking / payment processing prohibitions. UK authorities allege there are reasonable grounds to suspect that Huobi Global S.A. provided financial services or made available funds, economic resources, goods or technology to A7 LLC and Garantex Europe OU — both described as operating in sectors of strategic significance to the Government of Russia. Key Findings Designated entity: HUOBI GLOBAL S.A., also listed as HTX (formerly Huobi), HTX Exchange, and Huobi Global Limited. Unique UK sanctions ID: RUS3619. Jurisdictional marker: Panama-registered entity, with the UK sanctions notice listing a Panama City address and the HTX website. Sanctions imposed: Asset freeze, trust services sanctions, director disqualification sanction, internet services sanctions, and correspondent banking / payment processing prohibitions. UK allegation: The UK Secretary of State states there are reasonable grounds to suspect that Huobi Global S.A. supported or obtained a benefit for the Government of Russia by providing financial services or making available funds, economic resources, goods or technology to A7 LLC and Garantex Europe OU. Compliance significance: The designation moves HTX from a high-risk crypto compliance case into a sanctions-screening and transaction-blocking case for UK persons, UK financial institutions, UK VASPs, platforms, app stores, and related intermediaries. Prior UK regulatory context: HTX was already under FCA scrutiny for allegedly illegal cryptoasset financial promotions to UK consumers. UK Sanctions Huobi Global S.A. d/b/a HTX Over Alleged Russia-Linked Crypto Rails The UK has escalated its campaign against Russia-linked crypto and shadow-finance infrastructure by designating HUOBI GLOBAL S.A., operating as HTX, under the Russia sanctions regime. The designation is highly significant. HTX is not a small fringe exchange but one of the best-known global crypto trading brands, formerly operating under the Huobi name. The UK sanctions notice identifies the designated entity as HUOBI GLOBAL S.A., with name variations including HTX (formerly Huobi), HTX Exchange, and Huobi Global Limited. The designation carries a broad sanctions package: asset freeze, trust services restrictions, director disqualification, internet services sanctions, and correspondent banking / payment processing restrictions. For UK-regulated firms, UK VASPs, payment providers, app stores, banks, compliance teams, and counterparties, the message is clear: HTX is now a sanctions-relevant counterparty. The UK’s Allegation: A7 and Garantex Exposure According to the UK designation, the Secretary of State considers that there are reasonable grounds to suspect that Huobi Global S.A. is or has been involved in obtaining a benefit from or supporting the Government of Russia. The alleged basis is specific: the UK says Huobi Global S.A. provided financial services or made available funds, economic resources, goods or technology to A7 Limited Liability Company and Garantex Europe OU. Both are described in the sanctions notice as carrying on business in a sector of strategic significance to the Government of Russia. This wording matters. The UK is not merely alleging weak or incidental exposure. It is framing the case as support to entities within Russia’s strategic financial infrastructure. That makes the designation particularly relevant for sanctions compliance, crypto-asset tracing, counterparty due diligence, and platform-access controls. A7 Network: The Crypto-Financial Bypass Architecture The UK government has described the latest sanctions package as a crackdown on crypto and illicit-finance networks used by Russia to circumvent sanctions and channel funds into its war economy. The A7 network is presented by UK authorities as a Kremlin-backed structure designed to bypass Western sanctions, finance procurement, and process funds linked to Russia’s war economy. For compliance teams, A7 should now be treated as more than a named entity. It represents a network risk model: a sanctions-evasion infrastructure potentially involving exchanges, payment processors, stablecoin issuers, offshore companies, banks, intermediaries, and correspondent/payment relationships. The relevance for HTX is that the UK designation places the exchange within this alleged network exposure. This is precisely the type of risk that cannot be managed by simple name screening alone. It requires transaction-chain analysis, wallet attribution, indirect exposure controls, and enhanced review of flows touching Russia-linked crypto infrastructure. Garantex: The Persistent Sanctions-Evasion Reference Point The inclusion of Garantex Europe OU in the UK statement of reasons is equally important. Garantex has long been one of the most relevant names in the Russia-linked crypto compliance space. The UK’s reference to Garantex in the HTX designation indicates that the regulator is looking not only at direct customer relationships but also at exchange-to-exchange flows, liquidity channels, settlement routes, and facilitation of access to sanctioned crypto infrastructure. For VASPs, this is a warning shot. Exposure to a sanctioned exchange may no longer be assessed only at the direct counterparty level. Where a designated exchange appears upstream, downstream, or as an intermediary in the flow of funds, compliance teams may need to treat the transaction as sanctions-relevant. The Regulation 17A Shift: Crypto Exchanges Treated Like Financial Plumbing The most important compliance development is the application of correspondent banking and payment processing restrictions to crypto exchange infrastructure. In traditional sanctions enforcement, correspondent banking restrictions attack the plumbing of the financial system. Applying similar logic to cryptoasset exchanges means regulators are now treating major exchanges as functional financial infrastructure, not merely as websites or trading venues. This changes the compliance burden. UK credit institutions and financial institutions must not process payments to, from, or via a designated person where the prohibition applies. For digital-asset firms, the practical implication is that blockchain flows need to be assessed for indirect exposure to designated exchanges and related entities. This is a major operational challenge. A simple sanctions-screening check against the immediate customer name is not sufficient. Firms need wallet screening, transaction monitoring, historical exposure analysis, and escalation procedures for funds previously processed by or intended for a designated exchange. Internet Services Sanctions: Platform Access Becomes a Compliance Issue The designation also includes internet services sanctions. Under the UK notice, social media services, internet access services, and application stores must take reasonable steps to prevent users in the UK from accessing content, sites, or applications provided by designated persons. This adds a second enforcement perimeter around HTX. The issue is no longer limited to banks or crypto counterparties. App stores, social platforms, internet access services, and potentially online distribution channels may have to assess whether HTX-related apps, content, accounts, links, and promotional materials remain accessible to UK users. That overlaps with the FCA’s earlier concerns about HTX promotions to UK consumers. In February 2026, the FCA stated that it had begun legal proceedings against HTX for allegedly illegal financial promotions and referred to continued promotions across websites and social media platforms. The sanctions designation now adds a national-security and foreign-policy layer to what was already a UK conduct and financial-promotion enforcement case. Compliance Conclusion The UK’s designation of Huobi Global S.A. / HTX is a landmark crypto sanctions event. It shows that regulators are now willing to treat large offshore exchanges as systemic nodes in sanctions-evasion infrastructure where they allegedly provide services to designated or Russia-linked financial networks. For compliance teams, the response should be immediate: freeze where required, stop prohibited processing, screen name variations, review wallet exposure, identify indirect flows, block UK access where applicable, and document escalation decisions. For the crypto industry, the message is broader: global scale does not neutralize sanctions risk. Offshore structure does not remove UK exposure. And in the post-Garantex, post-A7 enforcement environment, exchange infrastructure is now sanctions infrastructure. Call for Information FinTelegram invites former HTX / Huobi employees, compliance officers, payment partners, liquidity providers, blockchain investigators, victims, and insiders to share information about HTX-related Russia flows, A7 exposure, Garantex-linked transactions, UK user access, wallet clusters, intermediary exchanges, payment processors, and related compliance failures. Information can be submitted confidentially via Whistle42. Please include transaction hashes, screenshots, payment confirmations, account notices, compliance correspondence, wallet addresses, exchange account identifiers, and any evidence of HTX-linked Russia or Garantex exposure. Share Information via Whistle42

Nexo markets itself as a premier digital-asset wealth platform, but its licensing posture in Europe appears materially narrower than its branding suggests. A review of Nexo’s public positioning, entity footprint, product stack, and prior regulatory actions indicates a business model that sits at the intersection of crypto-asset services, lending, and investment-like products, with MiCA likely to force sharper legal boundaries in the EU. Nexo operates a broad crypto platform spanning exchange, custody, crypto-backed lending, OTC, and interest-bearing products, while publicly presenting itself as a “wealth platform” for digital assets. The group appears to rely on a mix of offshore and European entities, including Nexo Capital Inc. in the Cayman Islands, while using EU VASP registrations as the visible regulatory basis for parts of its European activity. Italy’s VASP registration regime supports AML-supervised crypto services, but it does not by itself authorize traditional wealth management, portfolio management, or broad banking-style activity. Nexo’s interest and yield products represent the clearest compliance pressure point, as past enforcement in the United States shows that such products can be treated as unregistered securities or analogous regulated products. Nexo’s MiCA messaging suggests strategic adaptation to the new EU framework, but available public materials do not show that the group already holds a full MiCA CASP authorization. Corporate onboarding practices may rely on aggressive, OSINT-influenced risk assumptions, raising questions around proportionality, relevance, and data minimization in KYB/KYC reviews. The Nexo Narrative and the Regulatory Reality Nexo’s public-facing narrative is straightforward: the company presents itself as a one-stop digital wealth platform where clients can buy, trade, borrow, and earn on crypto assets. That framing is commercially effective, but from a compliance perspective it blurs a critical distinction between regulated crypto-asset services and classical financial services such as portfolio management, investment advice, or deposit-taking. This distinction matters because the legal foundation visible in Europe is not a conventional investment-firm or banking licence. Instead, Nexo points to VASP registrations in several EU jurisdictions and to its ongoing MiCA alignment, which is a materially narrower basis than the expression “wealth platform” may imply to retail and corporate clients. Nexo at a Glance CategoryInformationBrandNexo, marketed as a digital-assets or crypto-wealth platform.Primary domainnexo.com, including localized variants such as /en-us.Other domain/siteNexo Markets https://nexo-markets.com/Core visible legal entitiesNexo Capital Inc.; Nexo Inc.; Nexo Financial LLC; additional Nexo group entities organized primarily in European jurisdictions according to enforcement records.Publicly visible offshore anchorNexo Capital Inc., Cayman Islands, appears repeatedly in app-store disclosures and enforcement materials.Nexo Markets Ltd, Seychelles (Securities Dealer license)Key jurisdictionsCayman Islands, Seychelles, Switzerland, Italy, Poland, and other European jurisdictions; U.S. footprint appears in enforcement and licensing-related disclosures.Product scopeSpot trading, swaps, custody, crypto-backed credit lines, Earn/yield products, OTC services, corporate accounts, and payment-card-related offerings.Founders / key figuresAntoni Trenchev, Kosta Kantchev/Kanchev, Kalin Metodiev; Georgi Shulev appears in historical founder-related reporting and litigation context.Ownership / controlPrivately held group with no fully transparent public UBO picture on the website; public materials point to concentrated founder influence.EU regulatory framingVASP registrations in multiple member states and MiCA transition messaging.Key regulatory pressure pointsEarn products, lending representations, cross-border marketing, entity transparency, and MiCA transition readiness. Entity Structure, Key Persons, and Beneficial Ownership Questions Nexo is a privately held group and does not provide a transparent, consolidated UBO map on its public-facing website. What is visible through public records and enforcement materials is a recurring set of core entities and individuals, above all Nexo Capital Inc. and the founding circle around Antoni Trenchev, Kosta Kantchev, and Kalin Metodiev. This matters from a compliance standpoint for two reasons. First, a fragmented multi-jurisdiction structure can complicate customer understanding of the actual contracting entity, client-asset exposure, and recourse options. Second, concentrated founder control combined with cross-border structuring raises recurring questions around governance, transparency, and intra-group risk allocation that should be central to any institutional due-diligence review. Key Persons and Apparent Control Cluster PersonApparent RoleCompliance RelevanceAntoni Trenchev (LinkedIn)Co-founder and public-facing senior executive; frequently associated with Nexo in public reporting.Central control person, reputational anchor, and likely key individual for governance review.Kosta Kantchev / Kanchev (LinkedIn)Co-founder, Executive Chairman, and core control figure in founder-related reporting.Likely central to beneficial ownership and strategic control assessment.Kalin Metodiev (LinkedIn)Co-founder and recurring key executive figure in reporting and proceedings.Material for governance mapping and historic decision-making review.Georgi Shulev (LinkednIn)Historical co-founder figure referenced in reporting and litigation context. Managing Partner until 2019Relevant to early ownership history and internal disputes over assets/control.​Trayan Nikolov (LinkedIn)Named in reporting around Bulgarian proceedings involving Nexo-linked individuals.​Relevant to expanded key-person screening and contextual risk review.​Peter Serdev (LinkedIn)Contact person Nexo MarketsNexo Markets is registered as a security dealer in the Seychelles Europe: VASP Registrations vs. Actual Licensing Reality Nexo’s European licensing narrative is difficult to verify from its own public materials. The group has publicly claimed since 2022 that it secured VASP registration in Italy and later stated that it holds VASP registrations in several EU member states as part of its preparation for MiCA. Yet the latest available OAM list in Italy does not show any Nexo-branded or obviously Nexo-controlled entity among the registered virtual asset operators.​ This discrepancy alone would warrant caution. Taken together with the group’s own website disclosures, it raises a broader transparency problem around Nexo’s actual regulatory footing in the EEA.​​ First, Nexo’s public-facing website does not provide a clear, consolidated, and current overview of which legal entities are licensed or registered in which jurisdictions, and for which products. The site relies heavily on broad trust and safety messaging, including references to “proven regulatory compliance”, technology partners, audits, and security infrastructure, while omitting the kind of entity-by-entity licensing map that customers would normally expect from a serious cross-border financial services provider. Even on the US-facing site, the footer points to Bakkt disclosures without clearly explaining which Nexo products or entities are covered by which regulated framework.​ Second, Nexo’s EEA Terms of Service do not identify a specific contracting entity. Instead of naming a particular legal person with its registered office, registration number, and competent supervisor, the terms define “Nexo” in broad group language as any holding company, subsidiary, or entity belonging to the Nexo group of companies.​ From a compliance perspective, that is highly problematic. It leaves EEA clients without clear visibility on who the actual counterparty is, which entity bears liability, and which supervisory framework, if any, governs the relevant service relationship.​ Third, the licensing picture only becomes marginally clearer through a separate Security page that is not the obvious first stop for clients seeking legal or regulatory transparency.​ There, Nexo lists selected licences and registrations in California, Australia, Hong Kong, Poland, and Seychelles, including a Polish registration for activities in the field of virtual currencies. Notably absent are any current references to an Italian OAM VASP registration, any other clearly identified EEA registrations, or any MiCA/CASP authorisation.​ In other words, Nexo’s own dedicated licensing page appears to confirm a fragmented and selective regulatory footprint rather than a transparent EEA licensing framework.​ Against that background, the regulatory significance of a VASP registration should not be overstated even where one can be verified. National VASP regimes such as Italy’s OAM framework are primarily AML-centered registration systems for defined crypto-asset services such as exchange, transfer, and custody-wallet activity. They are not equivalent to authorisation as a traditional asset manager, discretionary portfolio manager, investment adviser, or bank, all of which sit under separate legal regimes depending on product design and distribution model. In Nexo’s case, however, the more immediate issue is even more basic: the company’s public narrative suggests a wider European regulatory foundation than can currently be verified from official registers, contractual documentation, and its own licensing disclosures.​ Product-Level Compliance Analysis The compliance risk around Nexo becomes clearest at product level. Some parts of the business fit relatively comfortably within the evolving CASP/VASP perimeter, while others move toward securities, investment-management, or banking-like territory depending on how they are structured, marketed, and distributed. Product / ServiceTypical Nexo FunctionMain Regulatory FrameCompliance AssessmentSpot crypto–fiat exchangeBuying and selling crypto against fiat on platform.VASP regime; MiCA CASP for exchange and execution.Broadly compatible with VASP/CASP logic, provided the serving entity is properly authorized for the EU market.Crypto–crypto swapsIn-app token swaps and conversions.VASP; MiCA CASP.Core CASP-type activity, but token classification remains relevant where instruments may fall outside standard crypto categories.Custody / wallet servicesHolding and administering client crypto assets.VASP; MiCA CASP custody rules.Permissible in principle under the crypto-services regime, but safeguarding, segregation, and insolvency-remoteness are critical control questions.Crypto-backed credit linesLoans against pledged crypto collateral.Hybrid area; VASP-adjacent, but potentially subject to national lending rules.Not automatically prohibited, but structurally sensitive where lending, collateral liquidation, and retail marketing intersect.Retail Earn / interest productsYield-bearing accounts with daily or flexible interest features.​Potential securities / deposit-like / investment-product treatment depending on structure.Highest-risk area; past enforcement strongly suggests VASP registration is not an adequate standalone basis for these products.Corporate yield productsFixed-term yield products for businesses and treasury clients.​Same core concerns as retail Earn, with additional suitability and disclosure expectations.Marketing language such as “high interest yields” and “no downside risk” should be viewed critically from a conduct and product-governance perspective.OTC servicesLarge-volume execution for institutional or corporate clients.​CASP / execution-related perimeter under MiCA.Lower legal novelty than yield products, but requires strong market-conduct, best-execution, and AML controls.Stablecoin-facing servicesUse of stablecoins and fiat-linked token rails within platform services.MiCA for EMT/ART-related services plus CASP obligations.Increasingly sensitive under MiCA, particularly where stablecoin reporting and issuer-related obligations apply.“Wealth platform” positioningUmbrella branding across custody, exchange, yield, and credit.Marketing and conduct risk across multiple regimes.Branding outpaces the visible licensing base and may create a misleading impression of regulated wealth-management status.Corporate accountsBusiness onboarding, custody, OTC, and treasury-style services.​KYB/KYC, AML, sanctions, and underlying product-specific licensing rules.Legitimate in principle, but onboarding and risk assessment must remain proportionate, relevant, and legally grounded. Enforcement History and Why It Matters Nexo’s regulatory history matters because it shows how supervisors interpret the group’s product set when legal classifications become contested. In the United States, Nexo and related entities entered settlements with the SEC and multiple state regulators over the Earn Interest Product, while other proceedings and public notices raised issues around unregistered securities activity and lending-related licensing. Securities Commission of South Carolina: Cease and Desist (2023) New York State Attorney General: $24 million settlement over illegal offerings (2023) NEXO blog on the US settlement: Nexo reaches landmark solutions with U.S. regulators These cases do not automatically determine Nexo’s status in the EU, but they are highly relevant compliance signals. When multiple regulators across jurisdictions converge on the view that interest-bearing crypto products may fall outside a platform’s claimed licensing perimeter, European supervisors and compliance officers have little reason to treat similar marketing claims as low-risk. Corporate Onboarding and the Risk of Compliance Drift Nexo’s corporate-account page targets businesses and family offices and emphasizes relationship management, OTC execution, custody, and yield opportunities. That positioning is consistent with an attempt to move beyond pure retail crypto intermediation and into treasury-style client relationships. The risk emerges when onboarding controls expand beyond relevant KYB/KYC into speculative or OSINT-driven assumptions. Available evidence and user reports suggest that Nexo may, in some cases, request documents tied to third-party media platforms or inferred affiliations that are not obviously connected to the applicant entity. If accurate, that would reflect a problematic drift from risk-based due diligence into compliance overreach, with implications for fairness, data minimization, and procedural integrity. Formula 1 Branding and the Credibility Narrative Nexo has also moved into high-visibility sports marketing through a multi-year partnership with the Audi Revolut F1 Team, where it is presented as the official digital-asset partner. The Formula 1 car already appears prominently on Nexo’s own website and serves a clear reputational purpose: to project scale, permanence, and mainstream legitimacy at a moment when the group’s EU-facing licensing narrative remains in transition from VASP-era registrations toward MiCA.  From a compliance perspective, that distinction matters. Premium sports sponsorship may strengthen brand trust, but it does not answer the underlying questions around entity transparency, product classification, and the legal basis for marketing yield-bearing and wealth-style crypto services in Europe. MiCA: The Pressure Test Ahead MiCA is likely to become the decisive pressure test for Nexo’s EU-facing model. The regulation introduces a more harmonized authorization regime for crypto-asset service providers, clearer conduct and safeguarding obligations, and more explicit treatment of services involving crypto-asset advice and stablecoin-related activity. For Nexo, this means the room for regulatory ambiguity is narrowing. Exchange, custody, and certain execution services may transition into a cleaner CASP framework, but yield products, lending constructs, and wealth-style marketing will face closer scrutiny where substance begins to resemble investment, deposit, or advisory business rather than pure crypto intermediation. Compliance Takeaway Nexo should not be viewed as a conventional regulated wealth manager in Europe. Based on the currently visible public record, it is more accurately described as a crypto-asset platform with a broad product perimeter, supported by VASP-era registrations and in transition toward MiCA, but carrying material licensing, product-governance, and transparency risk in areas such as Earn, corporate yield, lending, and marketing claims. That distinction is not semantic. It goes directly to client protection, legal classification, contracting-entity clarity, and the question of whether customers and counterparties are dealing with a regulated crypto intermediary, a shadow banking-style yield platform, or a business model that has long relied on the grey space between the two. Whistleblower Call FinTelegram invites current and former employees, counterparties, service providers, onboarding clients, and other informed sources with additional information about Nexo’s internal compliance processes, legal entities, beneficial ownership, product governance, and regulatory interactions to come forward. Confidential submissions can be made through the whistleblower platform Whistle42, which is publicly presented as a secure reporting channel for whistleblower intelligence and forensic compliance analysis.​ Share Information via Whistle42

Editorial Note: This report distinguishes between documented facts, public self-positioning, third-party allegations, whistleblower claims and FinTelegram’s compliance-risk assessment. Allegations are reported as allegations and do not constitute final judicial findings. FinTelegram remains open to factual corrections and right-of-reply statements from the entities and persons mentioned. Dream Finance, UAB, through Lithuanian law firm Glimstedt, has demanded the removal and refutation of seven FinTelegram reports concerning Dream Finance, CoinsPaid, CryptoProcessing, SOFTSWISS and FinteqHub. FinTelegram rejects the blanket takedown demands. This forensic explainer sets out the public-interest basis and evidence chain behind our reporting: audited financial statements, registry records, brand disclosures, court materials, prosecution documents, screenshots, whistleblower information and adverse-media reporting. Key Findings Seven legal notices: Dream Finance, UAB, through Glimstedt, demanded the removal and refutation of seven FinTelegram reports concerning Dream Finance, CoinsPaid, CryptoProcessing, SOFTSWISS and FinteqHub. Audited accounts confirm the core structure: Dream Finance OÜ’s audited 2024 annual report confirms that CryptoProcessing and CoinsPaid are its main brands and that its business includes crypto-payment processing, virtual wallets, crypto/fiat exchange, SaaS and OTC services. Curaçao concentration: The 2024 report shows significant revenue from Curaçao — a key jurisdiction in offshore iGaming — giving relevant context to FinTelegram’s reporting on iGaming and casino-payment exposure. Customer-asset sensitivity: Dream Finance OÜ reports significant customer deposits and customer-held virtual currencies, highlighting the public-interest relevance of customer-asset safeguarding, AML/CFT controls and operational risk. Hacking and security risk: The audited report confirms hacking-related losses and states that 2025 revenues were affected by MiCA-related USDT delisting and client-contract terminations under a stricter risk-management strategy. Insider material: FinTelegram reviewed materials provided by a former Dream Finance group executive. An Estonian prosecution notice records internal Dream Finance Venture OÜ / Dream Finance OÜ structures, Wise-account access, and the role of a CoinsPaid finance employee with admin rights. SOFTSWISS / FinteqHub nexus: SOFTSWISS has publicly presented FinteqHub as a payment gateway built by SOFTSWISS for online casinos and sportsbook projects; FinTelegram has also reviewed material connecting Dream Transaction, Lda. to the FINTEQHUB trademark and to SOFTSWISS-linked shareholder references. Ownership questions: Public Estonian company-data information reviewed by FinTelegram identifies Alexander Horst Riedinger as 100% shareholder and ultimate beneficial owner of Dream Finance OÜ, while public founder-level materials connect Ivan Montik to SOFTSWISS, CoinsPaid/CryptoProcessing and Merkeleon. These overlapping narratives make ownership and control transparency a legitimate public-interest issue. Allegations vs. facts: FinTelegram distinguishes between documented facts, public self-positioning, third-party adverse-media allegations, insider claims and FinTelegram’s own compliance-risk assessment. Article Draft Dream Finance, CoinsPaid, CryptoProcessing & SOFTSWISS: The Evidence Chain Behind FinTelegram’s Public-Interest Reporting Dream Finance, UAB, through Lithuanian law firm Glimstedt Bernotas & Partners, has demanded that FinTelegram remove and refute seven reports concerning Dream Finance, CoinsPaid, CryptoProcessing, SOFTSWISS and FinteqHub. FinTelegram rejects these blanket takedown demands. The matter is not a private commercial disagreement. It concerns a large cross-border crypto-payment and iGaming-related ecosystem involving customer assets, crypto-processing, casino-related payment infrastructure, AML/CFT exposure, MiCA transition, hacking incidents, ownership transparency, offshore structures and regulatory-risk indicators. This forensic explainer sets out why FinTelegram considers its reporting to be firmly within the public interest — and why the reporting was not based on invented allegations, but on a substantial evidence chain. That evidence chain includes audited financial statements, corporate and registry information, public brand disclosures, screenshots, whistleblower information, adverse-media sources, court documents, prosecution materials and FinTelegram’s own payment-rail and compliance-risk analysis. The Trigger: Seven Legal Notices From Glimstedt On behalf of Dream Finance, UAB, Glimstedt submitted seven separate notices demanding removal and refutation of FinTelegram publications concerning Dream Finance, CoinsPaid, CryptoProcessing, SOFTSWISS and FinteqHub. The notices broadly object to FinTelegram’s reporting on alleged money laundering, regulatory evasion, sanctions exposure, shadow ownership, iGaming payment flows, corporate structuring, hacking incidents and compliance-risk indicators. FinTelegram reviewed the notices and responded that it does not accept: blanket removal of the publications; a general cease-and-desist undertaking; publication of the proposed refutations; the characterisation of its reporting as defamatory or commercially disparaging. FinTelegram remains willing to correct demonstrably inaccurate factual statements. But broad denials of entire reporting categories do not justify the deletion of investigative publications concerning matters of public interest. Why This Is a Public-Interest Case CoinsPaid and CryptoProcessing are not obscure private actors. They publicly market crypto-payment infrastructure for iGaming, online-casino, crypto-gambling and high-risk business segments. SOFTSWISS publicly presents itself as a major online casino and sports-betting software provider. SOFTSWISS has also publicly described FinteqHub as a payment gateway built by SOFTSWISS for online casinos and sportsbook projects. In that same public context, iGaming has been described as a high-risk industry. That context matters. Crypto-payment processors operating in or around iGaming and casino-payment flows handle sensitive transaction infrastructure. They interact with merchants, wallets, exchanges, liquidity providers, payment intermediaries, gambling operators, offshore jurisdictions and customer assets. This makes them relevant not only for commercial reporting, but also for AML/CFT, regulatory and counterparty-risk analysis. The public-interest basis is further reinforced by the well-publicised CoinsPaid hacking incident. A major crypto-payment processor that publicly reports a significant hacking event and operates in the customer-asset, crypto-payment and iGaming environment is plainly a legitimate subject of investigative reporting and compliance scrutiny. Dream Finance OÜ’s Own 2024 Accounts: CoinsPaid and CryptoProcessing Confirmed Dream Finance OÜ’s audited 2024 annual report is one of the most important evidence anchors. The report confirms that Dream Finance OÜ began operations in 2019 and provides crypto-payment processing services based on internally developed software. It identifies the main brands as CryptoProcessing for B2B services and CoinsPaid for B2C services. The service package includes virtual wallets, crypto/fiat top-ups, custody, withdrawals, crypto exchange, SaaS solutions, cross-chain deposit recovery and OTC transactions. This matters because it directly confirms the Dream Finance–CoinsPaid–CryptoProcessing operating link from Dream Finance OÜ’s own audited reporting. The report also shows substantial scale. Dream Finance OÜ reported 2024 revenue of approximately €32.37 million, up from approximately €25.18 million in 2023. It also reported a profit of approximately €23.1 million after a significant loss in 2023. The recovery was notable. But the report also shows that the business remains highly sensitive to crypto-market, security, regulatory and customer-asset risks. Curaçao Revenue Concentration: The Offshore iGaming Context One of the most striking items in the 2024 annual report is the geographic revenue split. Dream Finance OÜ reported approximately €21.99 million of its 2024 revenue from Curaçao, out of total revenue of approximately €32.37 million. Curaçao is a well-known jurisdiction in offshore iGaming. The audited accounts do not state that Curaçao revenue is casino revenue. However, the Curaçao concentration becomes highly relevant when read together with the public positioning of CryptoProcessing and CoinsPaid in iGaming, casino payments and high-risk payment segments. For FinTelegram, this is not a speculative allegation. It is a risk-relevant fact pattern: audited revenue concentration in Curaçao; public iGaming/casino-payment positioning; crypto-payment processing; high-risk business marketing; customer-asset exposure; cross-border operating entities. This combination clearly justifies public-interest reporting. Customer Assets, Deposits and Operational Risk The 2024 annual report also confirms significant customer-asset exposure. Dream Finance OÜ reported substantial customer deposits and customer-held virtual currencies. The balance sheet shows very large current assets and liabilities, with customer deposits forming a major part of the liability side. This is central to the public-interest analysis. A crypto-payment processor holding or processing large amounts of customer assets requires robust safeguarding, transaction monitoring, wallet controls, AML/CFT systems, liquidity management and incident-response processes. These are not private matters. They are key issues for customers, counterparties, financial institutions, regulators and enforcement bodies. Hacking Incidents and Security Losses Dream Finance OÜ’s 2024 report also confirms a hacking incident on 5 January 2024, with losses of approximately €4.075 million. It states that the stolen funds were marked and reported to the Estonian Police, and that a tracked amount was later returned to company accounts in February 2025. The accounts also report incident-related losses in 2024 and refer to the earlier 2023 hacking event. This confirms another key public-interest factor: the security, resilience and AML/CFT controls of a large crypto-payment processor are legitimate subjects of scrutiny, especially when hacking events and recovery efforts are publicly acknowledged by the company itself. MiCA, USDT Delisting and Risk-Management Tightening The 2024 annual report also contains a significant post-balance-sheet disclosure. Dream Finance OÜ states that 2025 revenues declined due to a combination of factors, including: removal of USDT from the listing in order to comply with MiCA requirements; termination of client contracts due to the company’s stricter risk-management strategy. This is highly relevant to FinTelegram’s reporting on MiCA transition, regulatory exposure and de-risking. It shows that MiCA and risk-management tightening had real operational consequences for the business. That is not a FinTelegram invention. It is disclosed in Dream Finance OÜ’s own audited reporting. Dream Finance UAB, Lithuania, and the Shift Toward Estonia Glimstedt’s client is Dream Finance, UAB in Lithuania. However, CryptoProcessing’s own legal disclosures identify Dream Finance OÜ, Estonia as a key operating entity under the CoinsPaid / CryptoProcessing brand framework. At the same time, Dream Finance UAB, Lithuania, has been publicly presented as having temporarily suspended crypto-asset-related services. This includes onboarding, transaction execution and new agreements. FinTelegram’s reporting on the shift from the Lithuanian UAB structure toward the Estonian OÜ operating framework is therefore plainly relevant. It sits within the broader MiCA transition and the regulatory clean-up of crypto-asset service providers in Lithuania. Ownership and Control: Why Transparency Matters Ownership and control transparency is another public-interest issue. Public Estonian company-data information reviewed by FinTelegram identifies Alexander Horst Riedinger as the 100% shareholder and ultimate beneficial owner of Dream Finance OÜ. The same company-data record links Dream Finance OÜ to the CoinsPaid ecosystem through contact details and website information and identifies Maksym Krupyshev as a management board member. FinTelegram does not assert, without qualification, that any one individual is the beneficial owner of every entity using the CoinsPaid or CryptoProcessing brands. However, given the scale of customer assets, the Curaçao revenue concentration, the iGaming exposure, the hacking history and the shift in operating entities, questions concerning beneficial ownership, control and regulatory accountability are plainly legitimate. This is especially important because public founder-level narratives also connect the broader ecosystem to Ivan Montik, SOFTSWISS, CoinsPaid/CryptoProcessing and Merkeleon. Such overlapping public ownership and control narratives are precisely why investigative scrutiny is required. SOFTSWISS, FinteqHub, Merkeleon and Founder-Level Links FinTelegram’s reporting on the connection between SOFTSWISS, FinteqHub, CoinsPaid/CryptoProcessing and Merkeleon is not arbitrary. It is supported by public communications, trademark and registry information, and founder-level materials. SOFTSWISS has publicly described FinteqHub as a payment gateway built by SOFTSWISS and created by its iGaming-experienced payments team. Public information concerning Ivan Montik and related entities links SOFTSWISS, CoinsPaid/CryptoProcessing and Merkeleon through founder-level and ecosystem roles. FinTelegram has also reviewed information concerning Dream Transaction, Lda., the Portuguese / Madeira entity associated with the FINTEQHUB trademark, and public registry references indicating shareholder links to Pavel Kashuba, PrimeFuture Ltd and Bitcapital Ltd. This supports the relevance of analysing FinteqHub as part of the broader SOFTSWISS-linked iGaming payment ecosystem. International Media Reporting on SOFTSWISS FinTelegram’s public-interest assessment is further supported by independent reporting by major international media. A BR / Tagesschau investigation into illegal online casinos in Germany reported that SOFTSWISS and its founder may be linked to dozens of online-casino websites targeting German players without a German licence. The investigation described a complex network involving Malta, Cyprus and Curaçao and referred to court documents, corporate registers and domain records as relevant evidence. FinTelegram has also reviewed international media reporting concerning disputes around SOFTSWISS-related iGaming assets, including reporting by Radio-Canada and Israeli Calcalist concerning the BeFree / SOFTSWISS investment dispute involving Ofer Baazov, Ivan Montik, Dzmitry Yaikau, Pavel Kashuba and Roland Isaev. These reports describe serious allegations, hacking claims, smear-campaign allegations, offshore investment structures and litigation concerning SOFTSWISS-related iGaming assets. FinTelegram does not rely on such reporting as a final judicial finding of criminal wrongdoing. However, it confirms that the SOFTSWISS-linked iGaming ecosystem has been the subject of substantial international media and litigation scrutiny. That reinforces the public-interest basis for reporting on ownership, control, AML/CFT exposure, adverse-media risk and regulatory transparency. Insider Material and Whistleblower Information FinTelegram has received and reviewed information from insider sources, including a former executive of a Dream Finance group entity. These materials were not treated uncritically. They were assessed together with public documents, registry information, screenshots, payment-rail indicators, corporate records and other supporting material. With respect to the article “FinteqHub’s Hidden Rails: How SoftSwiss’s Gateway Allegedly Funnels Casino Payments Through Spoynt, Decta, Rapyd and Rastpay”, FinTelegram reviewed whistleblower-provided material, including screenshots evidencing payment-method identifiers and payment-rail references relevant to the reporting. This is important: FinTelegram’s reporting was not based on abstract speculation. It was supported by documents and technical indicators provided by sources with relevant knowledge. Estonian Prosecution Notice: What It Shows — And What It Does Not FinTelegram has also reviewed an Estonian prosecution notice concerning an internal Dream Finance Venture OÜ dispute. That document records, among other things, that Dream Finance Venture OÜ was wholly owned by Dream Finance OÜ, that Dream Finance OÜ provided online-wallet and crypto-processing services, and that a CoinsPaid finance employee held admin rights to the Dream Finance Venture OÜ Wise account. The prosecution notice also documents elements of the Dream Finance group structure and internal governance environment. FinTelegram does not rely on this document as proof of criminal wrongdoing by Dream Finance. The prosecution declined to open a criminal investigation against the former executive concerned. Rather, the document is relevant because it demonstrates that FinTelegram reviewed materials concerning internal structures, account access, governance roles, Wise-account controls and group-level operational links. Facts, Allegations and Risk Assessment: FinTelegram’s Editorial Distinction FinTelegram distinguishes between different categories of information. Established facts include audited financial statements, corporate records, registry information, public brand disclosures, legal disclosures and documented company structures. Public self-positioning includes the way SOFTSWISS, CoinsPaid, CryptoProcessing and related brands describe their own services and target sectors. Third-party allegations and adverse-media claims include external reporting and public allegations concerning money laundering, sanctions exposure, regulatory evasion, shadow ownership and related concerns. Whistleblower claims include insider-provided material and screenshots that FinTelegram reviews and assesses. FinTelegram risk assessment is FinTelegram’s editorial evaluation of these materials from a compliance, AML/CFT, payment-rail and regulatory-risk perspective. This distinction matters. FinTelegram does not present allegations, adverse-media claims or risk assessments as final judicial findings. Dream Finance’s Takedown Demand Rejected FinTelegram rejects the characterisation that its reporting is defamatory or commercially disparaging. The fact that Dream Finance, UAB, Dream Finance OÜ, CoinsPaid, CryptoProcessing or affiliated entities disagree with FinTelegram’s reporting or risk assessment does not make fact-supported investigative journalism defamatory. FinTelegram has conducted an editorial review of the publications concerned. Where appropriate, certain formulations were refined to reinforce the distinction between established facts, third-party allegations, whistleblower claims, adverse-media allegations and FinTelegram’s compliance-risk assessment. These clarifications were made voluntarily, in the interest of editorial precision, and without any admission of liability, inaccuracy or wrongdoing. FinTelegram will not remove the publications based on blanket demands. Nor will it publish pre-formulated refutations that do not reflect the underlying evidence record. Right of Reply FinTelegram again invites Dream Finance, UAB, Dream Finance OÜ, CoinsPaid, CryptoProcessing, SOFTSWISS, FinteqHub, Dream Transaction, Lda., and any relevant affiliated entity or representative to provide a concise factual statement responding to the matters raised. FinTelegram remains prepared to review and publish such statement, provided that it is factual, non-defamatory and directly responsive to the issues reported. We also invite insiders, former employees, customers, payment providers, regulators, law enforcement officers and affected merchants to provide information through Whistle42. Compliance Takeaway The Dream Finance / CoinsPaid / CryptoProcessing / SOFTSWISS / FinteqHub case is not simply about one disputed article or one legal notice. It is about the transparency of a crypto-payment and iGaming infrastructure ecosystem operating across multiple jurisdictions, handling significant customer assets, reporting hacking-related losses, undergoing MiCA-driven transition, serving high-risk market segments and attracting international media, regulatory and adverse-media scrutiny. That is exactly the type of ecosystem FinTelegram was created to investigate. Evidence Box Document / SourceWhat It ShowsEvidentiary RelevanceDream Finance OÜ audited annual report 2024Confirms that Dream Finance OÜ’s main brands are CryptoProcessing and CoinsPaid; confirms crypto-payment processing, virtual wallets, crypto/fiat exchange, SaaS and OTC services; shows significant customer deposits, customer-held virtual currencies, hacking-related losses, Curaçao revenue concentration, and MiCA-related 2025 revenue impact.Core documentary evidence that Dream Finance OÜ is a substantial crypto-payment processor operating under the CoinsPaid / CryptoProcessing brands, with customer-asset exposure, offshore revenue concentration, security incidents and regulatory-transition sensitivity.Seven Glimstedt notices on behalf of Dream Finance, UABDemand removal and refutation of seven FinTelegram reports concerning Dream Finance, CoinsPaid, CryptoProcessing, SOFTSWISS and FinteqHub; object to references to money laundering, regulatory evasion, sanctions exposure, shadow ownership, iGaming rails and compliance-risk indicators.Establishes the legal-pressure context and shows that the dispute concerns a broad attempt to challenge FinTelegram’s reporting across an entire ecosystem, not one isolated factual correction.Estonian prosecution notice concerning Dream Finance Venture OÜRecords that Dream Finance Venture OÜ was wholly owned by Dream Finance OÜ; describes Dream Finance OÜ as providing online-wallet and crypto-processing services; records that a CoinsPaid finance employee held admin rights to a Dream Finance Venture OÜ Wise account; documents an internal governance dispute.Demonstrates that FinTelegram reviewed official material concerning internal Dream Finance structures, account access, roles, controls and governance. It is not used as proof of criminal wrongdoing by Dream Finance.CryptoProcessing / CoinsPaid public legal and brand disclosuresPresent Dream Finance OÜ, Estonia, as a key operating entity under the CoinsPaid / CryptoProcessing framework; disclose that Dream Finance UAB, Lithuania, temporarily suspended crypto-asset-related services; publicly market services to iGaming, online-casino and high-risk business sectors.Supports FinTelegram’s reporting on the operational shift from Lithuania to Estonia, the iGaming/high-risk payment context, and the public relevance of MiCA-related regulatory transition.Public Estonian company-data records for Dream Finance OÜIdentify Alexander Horst Riedinger as 100% shareholder and ultimate beneficial owner of Dream Finance OÜ; list company links to CoinsPaid contact details and website information; identify Maksym Krupyshev as management board member.Supports FinTelegram’s public-interest scrutiny of ownership, beneficial control, management and regulatory accountability within the Dream Finance / CoinsPaid / CryptoProcessing structure.SOFTSWISS public statements on FinteqHubSOFTSWISS publicly described FinteqHub as a payment gateway built by SOFTSWISS and created by its iGaming-experienced payments team for online casinos and sportsbook projects; iGaming was described in that context as high risk.Supports FinTelegram’s reporting that FinteqHub is not an unrelated payment gateway, but part of a SOFTSWISS-linked iGaming payment infrastructure context.Dream Transaction, Lda. / FINTEQHUB trademark and registry referencesInformation reviewed by FinTelegram links Dream Transaction, Lda. to the FINTEQHUB trademark and indicates shareholder references to Pavel Kashuba, PrimeFuture Ltd and Bitcapital Ltd.Supports analysis of FinteqHub as part of a broader SOFTSWISS-linked founder, shareholder and iGaming-payment ecosystem.BVI court materials concerning SOFTSWISS-related iGaming assetsDocument investor and shareholder disputes involving SOFTSWISS-related iGaming assets, offshore holding structures and Russian-linked investors.Supports the public-interest basis for scrutinising ownership, control, offshore structuring and transparency in the SOFTSWISS / CoinsPaid / CryptoProcessing ecosystem.BR / Tagesschau investigation into illegal online casinosMajor German public-broadcaster reporting described alleged links between SOFTSWISS / its founder and online-casino websites targeting German players without a German licence; referenced Malta, Cyprus and Curaçao structures, court documents, registers and domain records.Confirms that SOFTSWISS-linked iGaming structures are already the subject of major public-interest media scrutiny, not merely FinTelegram reporting.Radio-Canada and Calcalist reporting on BeFree / SOFTSWISS disputesInternational media reporting concerning disputes involving Ofer Baazov, Ivan Montik, Dzmitry Yaikau, Pavel Kashuba, Roland Isaev, Rivos Megrelashvili, and SOFTSWISS-related iGaming assets; includes allegations of hacking claims, smear campaigns, offshore structures and litigation.Used as adverse-media and public-interest context, not as a final judicial finding of criminal wrongdoing. Supports the relevance of AML/CFT, ownership, governance and reputational-risk scrutiny.CoinsPaid public reporting on its hacking incidentCoinsPaid publicly reported and discussed a major hacking incident affecting the company.Reinforces the public-interest basis for reporting on security, AML/CFT, transaction monitoring, asset safeguarding and operational-risk controls at a large crypto-payment processor.Whistleblower / insider materials reviewed by FinTelegramFinTelegram reviewed materials provided by insider sources, including a former executive of a Dream Finance group entity; materials included screenshots, payment-method identifiers, payment-rail references and internal-structure information.Supports the fact that FinTelegram’s reporting was not based on abstract speculation, but on insider-provided material reviewed alongside public records and other evidence.Screenshots and payment-rail indicators concerning FinteqHub / LuckyDreamsScreenshots reviewed by FinTelegram show payment-method identifiers and payment-rail references relevant to the FinteqHub / SOFTSWISS / casino-payment reporting.Supports article-specific reporting on the alleged FinteqHub payment-rail structure and explains why the reporting was framed as whistleblower-based and evidence-supported.Public adverse-media sources concerning SOFTSWISS, CoinsPaid and CryptoProcessingThird-party sources have publicly raised allegations concerning money laundering, sanctions exposure, regulatory evasion, shadow ownership and related misconduct.FinTelegram reports these as third-party allegations, adverse-media claims and risk indicators — not as final judicial findings. They form part of the compliance-risk context. Editorial Note: This evidence table distinguishes between audited records, official or registry material, public brand disclosures, court and prosecution documents, media reporting, adverse-media allegations, whistleblower material and FinTelegram’s own compliance-risk assessment. Allegations are reported as allegations and do not constitute final judicial findings. Call for Information FinTelegram is continuing its investigation into the Dream Finance / CoinsPaid / CryptoProcessing / SOFTSWISS / FinteqHub ecosystem and invites insiders, former employees, payment providers, compliance officers, regulators, law-enforcement sources, affected merchants, customers, and industry participants to come forward. We are particularly interested in information concerning: AreaInformation SoughtPayment RailsEvidence of payment flows involving CoinsPaid, CryptoProcessing, FinteqHub, Dream Transaction, SOFTSWISS-linked casinos, PSPs, EMIs, crypto exchanges, liquidity providers, or offshore casino operators.iGaming / Casino ClientsInformation on casino operators, gambling platforms, white-label providers, brands, domains, cashier systems, payment descriptors, or merchant accounts connected to the ecosystem.AML / CFT ControlsInternal policies, transaction-monitoring alerts, SAR/STR handling, KYC practices, high-risk-client onboarding, risk overrides, compliance exceptions, or regulatory communications.Ownership & ControlDocuments or insider knowledge concerning beneficial ownership, nominee structures, shareholder arrangements, founder-level control, offshore holding entities, or related-party arrangements.MiCA / Regulatory TransitionInformation on Dream Finance UAB’s Lithuanian suspension, Dream Finance OÜ’s role as operating entity, client migration, USDT delisting, contract terminations, de-risking, or regulatory correspondence.Security Incidents & HacksInternal reports, wallet-flow evidence, incident-response materials, recovery efforts, law-enforcement contacts, liquidity-provider involvement, or blockchain-tracing material.FinteqHub / SOFTSWISS LinksEvidence concerning FinteqHub’s development, ownership, payment-routing role, Dream Transaction Lda, PrimeFuture, Bitcapital, Pavel Kashuba, Ivan Montik, or related SOFTSWISS entities. Secure Contact:If you have relevant information, documents, screenshots, payment receipts, blockchain data, internal communications, compliance reports, or regulatory correspondence, please contact FinTelegram through Whistle42. Share Information via Whistle42

FinTelegram has received a whistleblower dossier concerning Mega.bet, Global Nexus Ltd, IMMIX Solutions Ltd, P.Z.T. Services Ltd, Potens Corporate Services Ltd, PAYTECH LTD, and Panagiotis Toulouras. Cyprus filings show that IMMIX Solutions Ltd was initially linked to SoleFocus Solutions N.V. in Curaçao before 100% of its shares were transferred to Global Nexus Ltd in Belize. The dossier also introduces PAYTECH LTD as a potential payment-technology node requiring further scrutiny. 2-Minutes Briefing FinTelegram has received a new whistleblower dossier concerning the offshore casino brand Mega.bet, illegally operating in Europe, and a network of entities allegedly supporting its corporate, licensing, fiduciary, and payment infrastructure. The entities and individuals named in the material include Global Nexus Ltd in Belize, IMMIX Solutions Ltd in Cyprus, SoleFocus Solutions N.V. in Curaçao, P.Z.T. Services Ltd, Potens Corporate Services Ltd, PAYTECH LTD, and Panagiotis / Panayiotis Toulouras. This is Part 1 of a multi-part investigation. It focuses on the corporate stack and Cyprus fiduciary/payment-tech environment behind the Mega.bet structure. A separate follow-up will address the alleged payment rails, including Sends.co/Taslink, Yapily, retail-style card descriptors, and reported reversals. The available documents reviewed by FinTelegram already support one key conclusion: Mega.bet does not appear to be a simple offshore casino brand operating from a single jurisdiction. The dossier points to a layered setup involving Curaçao, Cyprus, Belize, Anjouan, and Costa Rica-facing operator language. Key Findings Cyprus filings show that IMMIX Solutions Ltd, company number HE 462990, is a Cyprus company registered on 19 July 2024. The Cyprus registry data lists Global Nexus Ltd, Belize, as the shareholder of IMMIX Solutions Ltd, holding 1,000 ordinary shares. A Cyprus HE57 share-transfer filing shows that SoleFocus Solutions N.V. in Curaçao transferred 1,000 ordinary shares of IMMIX Solutions Ltd to Global Nexus Ltd on 23 October 2024. The same Cyprus documents list Potens Corporate Services Ltd as the correspondence address for filings and P.Z.T. Services Ltd as secretary of IMMIX Solutions Ltd. A March 2026 HE4 filing shows that Georgia Nikoletti was appointed director of IMMIX Solutions Ltd on 9 March 2026. Her occupation is listed as ΥΠΑΛΛΗΛΟΣ, meaning employee or clerk. The same filing shows that Despoina Mavroudi resigned as director on 9 March 2026. The whistleblower identifies PAYTECH LTD as a potential technical infrastructure node. PAYTECH markets white-label payment gateway, payment orchestration, PSP integration, smart routing, cascading, cards, open banking, crypto, e-wallets, and gambling/betting-capable payment infrastructure. FinTelegram has not yet independently verified that PAYTECH processed Mega.bet transactions. However, the overlap between the Cyprus fiduciary environment, payment-tech offering, and offshore casino structure makes PAYTECH a key lead for further scrutiny. The Corporate Stack: Curaçao To Cyprus To Belize The Cyprus filings reviewed by FinTelegram show a clear corporate sequence. IMMIX Solutions Ltd was incorporated in Cyprus in July 2024. Its registry profile lists it as an active private limited company with registration number HE 462990 and registered office at Archiepiskopou Makariou III, 84, Office 1, 6017 Larnaka, Cyprus. A subsequent HE57 share-transfer filing shows that the shares of IMMIX Solutions Ltd were originally held by SoleFocus Solutions N.V., a Curaçao entity listed at Zulkertuintjeweg Z/N, Curaçao. On 23 October 2024, SoleFocus Solutions N.V. transferred 1,000 ordinary shares to Global Nexus Ltd, listed at Barrack Road 9, Belize City, Belize. This is not a random corporate footnote. It is the core of the structure. The documents describe a pipeline: Curaçao origin, Cyprus vehicle, Belize shareholder. According to the whistleblower, Global Nexus Ltd is the offshore casino parent and Anjouan license holder used for the Mega.bet brand. FinTelegram is separately seeking confirmation from the relevant parties and licensing bodies. IMMIX Solutions Ltd: The Cyprus Processing Vehicle The role of IMMIX Solutions Ltd is central to the dossier. The Cyprus registry data shows IMMIX as a Cyprus company owned by the digital marketing provider Global Nexus Ltd in Belize (website). Its secretary is listed as P.Z.T. Services Ltd, while Potens Corporate Services appears in the filing documentation as correspondence/contact layer. The whistleblower alleges that IMMIX acted as a European-facing processing or settlement vehicle for the Mega.bet network. That allegation requires further transaction-level verification. However, the corporate documents already show that IMMIX is the Cyprus link between the offshore shareholder in Belize and the Cyprus fiduciary layer. For regulators, banks, card issuers, and open-banking providers, this matters. A Cyprus company with EU-facing banking or payment relationships may provide a much more acceptable appearance than a direct offshore casino operator in Belize or an Anjouan-licensed gambling entity. The Fiduciary Layer: P.Z.T., Potens And Director Rotation The Cyprus filings raise serious governance questions. IMMIX’s secretary is listed as P.Z.T. Services Ltd, while Potens Corporate Services Ltd appears in the filings as the correspondence address. The documentation therefore places IMMIX within a Cyprus corporate-service environment connected to Larnaka-based fiduciary and legal-service infrastructure. The director history is particularly notable. The HE4 filing reviewed by FinTelegram shows that Georgia Nikoletti was appointed director of IMMIX Solutions Ltd on 9 March 2026. Her official occupation is listed in Greek as ΥΠΑΛΛΗΛΟΣ, meaning employee or office clerk. The same filing shows that Despoina Mavroudi resigned as director on the same date, 9 March 2026. FinTelegram does not claim that this director rotation is unlawful. However, the timing and nature of the replacement raise obvious accountability questions. A Cyprus lawyer resigns, and a person listed as an employee or clerk becomes the director of a company owned by a Belize entity and allegedly linked to offshore casino operations. That is a legitimate subject for regulatory and journalistic scrutiny. The PAYTECH Lead A new whistleblower submission introduces PAYTECH LTD as a potential technical infrastructure node in the Mega.bet / Global Nexus / IMMIX setup. PAYTECH markets itself as a provider of white-label payment gateway, payment orchestration, and financial management technologies. Its website describes capabilities including payment widgets, cards, e-wallets, crypto, open banking, local payment methods, PSP integrations, smart routing, cascading, fraud monitoring, PCI-DSS-related security features, merchant management, reconciliation, reporting, and analytics. Particularly relevant is PAYTECH’s own positioning for online merchants, payment service providers, betting, and gambling use cases. Its materials describe hundreds of integrations and the ability to connect multiple PSPs and payment technologies through a unified infrastructure. FinTelegram has not yet independently verified that PAYTECH processed Mega.bet transactions or powered the Mega.bet cashier. However, the whistleblower’s PAYTECH lead is highly relevant because the alleged Mega.bet structure requires exactly the type of payment orchestration, provider switching, routing, and checkout integration that PAYTECH markets. PAYTECH therefore emerges as a key entity for further questions: Did PAYTECH provide technology, gateway, cashier, API, PSP-integration, routing, onboarding, monitoring, or payment-orchestration services to Mega.bet, Global Nexus Ltd, IMMIX Solutions Ltd, or related merchants? Read our Rail Atlas Cases reports here. Licensing Optics: Anjouan, Belize And Costa Rica The whistleblower claims that Mega.bet presents different corporate and licensing narratives depending on access route and user geography. According to the dossier, ordinary users may see Costa Rica-facing operator language, while other access routes expose an Anjouan / Global Nexus / IMMIX-related structure. FinTelegram’s review corroborates the whistleblower’s core claim. The Mega.bet setup fits a broader pattern now common across illegal offshore casino operations: geo-targeted, multi-layer architectures built around rotating domains, interchangeable legal entities, offshore licensing wrappers, and fragmented payment rails. The purpose is obvious — to obscure the real gambling beneficiary, dilute the payment purpose, and present different regulatory realities to players, banks, payment processors, and enforcement authorities. With AI-driven profiling and real-time routing, these structures will likely become even more individualized, tailoring legal disclosures, cashier pages, payment methods, and risk controls to each player’s location, device, behaviour, and payment instrument. FinTelegram is seeking further technical captures, HTML evidence, and screenshots to document this alleged dynamic presentation. If confirmed, this would be a significant regulatory red flag. Dynamic corporate presentation can make it harder for players, banks, payment processors, issuers, and regulators to identify the actual merchant, operator, licensing basis, and legal counterparty behind gambling transactions. The Payment-Rail Allegations Will Be Addressed Separately The whistleblower also alleges split payment rails involving Yapily Connect UAB for open-banking deposits and Sends.co/Taslink for card payments. The material further alleges retail-style or digital-goods card descriptors, including names such as Shtsy, xchlab, sk1nzone.com, QUANAICAE, and DENOVE. FinTelegram has previously observed Sends.co/Taslink-linked structures in other offshore casino payment-rail contexts. However, for the Mega.bet case, FinTelegram is still reviewing transaction-level evidence, including card statements, checkout screenshots, descriptors, PSP metadata, refund records, and open-banking traces. Read our Taslink reports here. This payment-rail layer will be the subject of Part 2 of this investigation. Compliance Questions This case raises several immediate compliance questions: Who is the actual merchant of record for Mega.bet player deposits? What is the relationship between Mega.bet, Global Nexus Ltd, and IMMIX Solutions Ltd? Why was IMMIX Solutions Ltd initially linked to SoleFocus Solutions N.V. in Curaçao before its shares were transferred to Global Nexus Ltd in Belize? What role do P.Z.T. Services Ltd and Potens Corporate Services Ltd play in the IMMIX structure? Why did Despoina Mavroudi resign as director on 9 March 2026, and why was Georgia Nikoletti appointed on the same date? Does PAYTECH LTD provide any technology, gateway, cashier, orchestration, routing, API, PSP-integration, or payment-management services to Mega.bet, IMMIX Solutions Ltd, Global Nexus Ltd, or related entities? Did Sends.co/Taslink process card payments for Mega.bet or associated merchant descriptors? Did Yapily or any connected open-banking provider process deposits or reversals linked to IMMIX or Mega.bet? Which entity is responsible for AML, KYC, gambling compliance, chargebacks, refunds, and player complaints? Structural Overview Für den Artikel selbst würde ich zusätzlich diese kurze Box verwenden: LayerEntities / BrandsFunctionCasino FrontMega.bet, mega.betPlayer-facing offshore casino brandOffshore Parent / License LayerGlobal Nexus Ltd, Anjouan/Comoros license opticsAlleged casino parent and licensing wrapperCyprus Processing VehicleIMMIX Solutions Ltd, immix.proCyprus company allegedly used as EU-facing processing/settlement layerCuraçao Setup LayerSoleFocus Solutions N.V., Agnese MuiznieceInitial shareholder / founding setup before transfer to BelizeFiduciary LayerP.Z.T. Services Ltd, Potens Corporate Services Ltd, Panayiotis Toulouras, toulouraslaw.comCyprus secretarial, legal and corporate-services environmentDirector LayerDespoina Mavroudi, Georgia NikolettiDirector change in March 2026; governance/accountability questionPayment-Tech LeadPAYTECH LTD, pay.techPotential gateway/orchestration infrastructure lead; direct Mega.bet role still under reviewAlleged Payment RailsYapily, Sends.co, TaslinkOpen-banking and card-processing allegations for Part 2Alleged Card DescriptorsShtsy, xchlab, sk1nzone.com, QUANAICAE, DENOVEAlleged retail/digital-goods masking descriptors requiring transaction-level proof Preliminary Assessment The available material supports a preliminary but serious investigative finding: Mega.bet appears to sit on a layered offshore casino infrastructure involving a Curaçao-originated corporate setup, a Cyprus vehicle, a Belize shareholder, Anjouan licensing optics, and alleged EU-facing payment rails. The strongest evidence currently relates to the corporate structure of IMMIX Solutions Ltd and its transfer from SoleFocus Solutions N.V. to Global Nexus Ltd. The director rotation and Cyprus fiduciary layer raise additional accountability questions. The PAYTECH lead is highly relevant but still requires transaction-level confirmation before stronger conclusions can be drawn. FinTelegram will continue to review the evidence and invites insiders, payment professionals, affected players, former employees, compliance officers, and service providers to submit further information. Whistle42 Call For Information If you have information about Mega.bet, Global Nexus Ltd, IMMIX Solutions Ltd, PAYTECH LTD, P.Z.T. Services Ltd, Potens Corporate Services Ltd, Sends.co/Taslink, Yapily, or related casino payment rails, please contact FinTelegram via Whistle42. We are particularly interested in: Payment screenshots and card statements; Merchant descriptors; Open-banking screenshots; Refund or reversal notices; PSP dashboards or transaction logs; Mega.bet cashier screenshots; Anjouan license documents; Communications with support, payment processors, or legal representatives; Internal emails, API logs, or routing configurations. FinTelegram protects whistleblowers and treats all submissions confidentially. Share Information via Whistle42

FinTelegram has received a new player complaint pointing to a suspected Open-Banking casino funding rail involving Yapily Connect UAB, Pellopay Finance LTD, UAB Travel Union, Paysolo/Contiant, and the offshore casino brand Immerion. The case shows a familiar pattern: regulated payment infrastructure appears to have been used to fund offshore casino accounts while the visible SEPA payee was not the casino, but a payment intermediary. The complainant, whose identity is known to FinTelegram but withheld for privacy reasons, compiled a comprehensive dossier documenting his open banking deposits in February 2026. According to the submitted dossier, the payment flow was initiated via Yapily Connect UAB and routed through a Paysolo/Contiant interface, while the visible receiving party was Pellopay Finance LTD, holding an account at UAB Travel Union in Lithuania. The dossier is supported by screenshots over the deposit processes. The casino allegedly funded through this structure: Immerion Casino. The Alleged Rail The submitted evidence suggests the following payment chain: And I would update the rail table accordingly: LayerEntity / EvidenceFunction in the alleged railPlayer BankRevolut EUSource account used by the playerCasino LayerImmerion CasinoCasino account allegedly credited with depositsCheckout / Orchestration LayerPaysolo / king.paysolo.netVisible payment page routing the player into bank authenticationGateway / Hosted Page LayerContiant / th.contiant.comAdditional payment-page / routing infrastructure visible in screenshotsOpen-Banking LayerYapily Connect UAB / https://www.yapily.com/PISP / payment-initiation infrastructureVisible SEPA PayeePellopay Finance LTD / https://pellopay.comNamed recipient of the transfersAccount InfrastructureUAB Travel Union / https://mytu.coBank/account infrastructure for PellopayResultImmerion Casino DepositCasino deposit allegedly credited after the payment flow This is the red flag: the player says he funded a casino account, but the visible SEPA beneficiary was Pellopay Finance LTD — not Immerion Casino. The Payment Evidence: Casino Deposit, Paysolo Checkout, Yapily Initiation, Pellopay Payee The submitted evidence does not merely show a player claiming to have lost funds at an offshore casino. It shows a sequence of payment screenshots that appear to connect the casino deposit process with an Open-Banking payment rail. The evidence package includes: Evidence LayerWhat The Documents ShowRelevanceCasino layerScreenshots from immerion4.com showing casino deposits in different amounts Indicates that the player’s casino account was credited with matching deposit amounts.Checkout layerA Paysolo-branded checkout page at openbanking.paysolo.net, showing a payment order, Revolut EU as selected bank, and an instruction to authenticate the paymentPlaces Paysolo as the visible cashier / payment-orchestration layer between the casino and the Open-Banking flow.PISP layerPayment confirmation screens naming Yapily Connect UAB as the Open-Banking payment initiation providerShows that the payment was initiated through regulated Open-Banking infrastructure.Visible SEPA payeeRevolut receipts showing Pellopay Finance LTD as recipient of the paymentsShows that the visible beneficiary was not the casino, but Pellopay.Bank/account infrastructureRevolut receipts naming UAB Travel Union as bank/account infrastructure, with BIC UATULT22XXX and an IBAN beginning LT68 3480…Identifies the Lithuanian account layer used for the Pellopay recipient account.Technical logsGDPR/Open-Banking records containing payment references, consent IDs and idempotency IDsProvides API-level metadata linking the payment-initiation flow to the same transactions. The submitted screenshots place Paysolo at the open-banking checkout layer. This is consistent with FinTelegram’s earlier Rail Atlas findings around openbanking.paysolo.net, where Paysolo appears as a user-facing open-banking gateway between casino-facing cashier layers and regulated Open-Banking infrastructure. The Paysolo-branded payment interface with the selected bank Revolut EU asks the player to press Authenticate to continue with the bank website. The Paysolo page points into a Pellopay/Yapily payment-initiation flow in the Revolut rail, with Pellopay Finance LTD appearing as the visible SEPA payee. The Revolut screenshots then show completed transfers to Pellopay Finance LTD, including amounts of €100, €130, €200 and €400, while the casino screenshots from immerion4.com show corresponding deposit credits in the same amount range. This creates the core forensic red flag: The player appears to have funded a casino account, but the Open-Banking payment journey exposed Paysolo as the checkout layer and Pellopay Finance LTD as the visible SEPA payee — not Immerion Casino. The Paysolo Problem. The screenshots place Paysolo at the visible Open-Banking checkout layer. This is significant because paysolo.net does not present the transparency one would expect from a payment layer embedded in regulated Open-Banking flows. FinTelegram has previously identified openbanking.paysolo.net in casino-facing payment corridors involving Pagagate, Urbenics and Revolut. In the present complaint, Paysolo again appears as the bridge between the casino cashier and the Yapily/Pellopay payment-initiation flow. That raises the core question: who operates the Paysolo gateway, who contracted with it, and what merchant information was passed downstream to Yapily, Pellopay and the player’s bank? FinTelegram has not yet established whether Paysolo contracted directly with Immerion, Pellopay, Yapily, Contiant, or another intermediary. But the screenshots make Paysolo a critical node in the payment chain. Any serious inquiry must therefore include Paysolo, not just Yapily, Pellopay and UAB Travel Union. Yapily’s Response: “We Are Only PIS/AIS Infrastructure” The complainant provided a response from Yapily’s compliance team. Yapily stated that it had acted in line with its regulatory role as a PIS/AIS provider. It said it does not open or control bank accounts, does not hold or control customer funds, does not intervene in payment transactions, and cannot return payments because it is neither the sending nor the receiving bank. That may be technically correct. But it is not the end of the compliance question. If Open-Banking payment initiation infrastructure is repeatedly used to route funds into offshore casino accounts through payment intermediaries, the relevant questions are obvious: Who was Yapily’s direct client in this flow? What due diligence was conducted on the use case? Did Yapily know that the payment flow was funding an offshore casino account? Were gambling-risk filters applied? Why did the visible payee not clearly identify the casino end-use? FinTelegram is not accusing Yapily of holding player funds. The question is different: Was Yapily’s regulated Open-Banking infrastructure used as a casino funding rail? Pellopay: The Visible Payee Pellopay Finance LTD, a FINTRAC-registered Canadian money service provider, is a critical node in this complaint. According to the submitted evidence, Pellopay appears as the direct recipient of the SEPA transfers, while the player alleges that the funds were credited to his Immerion Casino account. A Paysolo-branded checkout page was prompted to the player to authenticate a Revolut payment. The page referred to Pellopay Finance LTD and Yapily Connect, suggesting that Paysolo acted as a front-end checkout or routing layer between the casino cashier and the regulated Open-Banking payment initiation flow. FinTelegram has not yet established whether Paysolo contracted directly with the casino, Pellopay, Yapily, or another intermediary. The complainant also provided a Pellopay response stating that the matter was outside Pellopay’s scope of responsibility, that the payment had been processed and received by the merchant, and that refunds must be initiated directly by the merchant. The Gmail Support Red Flag. Pellopay appears as the visible SEPA payee in the player’s Revolut receipts. Yet the support communication provided to FinTelegram appears to involve a Gmail address rather than a corporate Pellopay domain. That is highly unusual for a payment intermediary sitting inside a regulated Open-Banking rail. Who exactly was communicating with the player — Pellopay itself, an outsourced support desk, a merchant operator, a cashier provider, or another intermediary? That answer raises the central question: If Pellopay was the visible payee, who was the merchant behind Pellopay’s collection flow? “Contact the merchant” is not enough. In opaque casino payment rails, the payment intermediary is often the only entity visible to the player and the bank. Pellopay should explain whether it acted for Immerion, an affiliate, a payment gateway, a cashier provider, or another merchant-of-record. UAB Travel Union: Infrastructure Layer The Revolut payment screenshots identify UAB Travel Union as the bank/account infrastructure connected to the Pellopay recipient account. FinTelegram does not allege that UAB Travel Union knowingly processed illegal casino payments. But where a regulated Lithuanian institution appears as the account infrastructure for a payment intermediary allegedly collecting funds for an offshore casino, the compliance question is unavoidable: What did UAB Travel Union know about Pellopay’s underlying merchants and payment purposes? The complainant alleges that UAB Travel Union initially indicated it would investigate but later stopped responding. FinTelegram will ask UAB Travel Union to comment. Parallel Lead: Techoptions / Hellspin TechOptions is the smoking parallel lead. The evidence package does not only point to Pellopay and Immerion. It also shows a separate Yapily-powered payment screen naming Techoptions (CY) Group Ltd as merchant, followed by Revolut evidence via ISX Financial. TechOptions’ website says the group is “home to” Hellspin and Ivibet, describes itself as an online casino management company, and lists Techoptions (CY) Group Ltd, Nicosia, as billing agent. That makes the TechOptions leg highly relevant: it places the Yapily/Open-Banking flow directly next to a declared iGaming operator, not some generic e-commerce merchant. This matters because it suggests the issue may not be limited to Pellopay and Immerion. It may point to a broader pattern: Open-Banking rails being used by or around offshore iGaming operators to move player deposits through regulated payment infrastructure. KYC Pressure And Possible Data-Sharing Red Flag The complainant also submitted screenshots of KYC demands from Immerion and Ybets. Both request copies of ID documents and a selfie with the ID document. The complainant alleges that these requests appeared after he raised disputes and that he had not interacted with Ybets. FinTelegram treats this as a data-sharing red flag, not yet as proof of a GDPR breach. Possible explanations include common casino ownership, shared affiliate infrastructure, shared KYC providers, shared CRM systems, or unauthorized data circulation. The point requires further investigation. But the timing and similarity of the KYC requests are noteworthy. FinTelegram Assessment This case is not a classic insider leak. It is a player-side payment complaint. But it is backed by more than screenshots of a casino loss. The file contains: Open-Banking payment confirmation screens; Revolut payment receipts; Pellopay recipient details; UAB Travel Union account infrastructure references; Yapily compliance correspondence; Pellopay correspondence; Casino deposit screenshots; GDPR/Open-Banking transaction references; a parallel Techoptions / Hellspin-related lead. The emerging pattern is clear: Regulated Open-Banking infrastructure appears to have been used to fund offshore casino accounts while the visible SEPA payee was not the casino but a payment intermediary. That is a regulatory issue. It is not merely a private player-refund dispute. Questions For Yapily, Pellopay, UAB Travel Union And Immerion FinTelegram will ask the involved parties to answer the following questions: Did Yapily Connect UAB initiate payment flows that ultimately funded Immerion Casino accounts? Who was Yapily’s direct client in the Pellopay / Immerion flow? Did Yapily know that the payment purpose was online gambling or casino funding? Why was Pellopay Finance LTD the visible SEPA payee instead of the casino operator? Who was the legal merchant-of-record behind the Pellopay collection flow? What due diligence did Pellopay perform on the underlying merchant or casino cashier provider? What role did UAB Travel Union play in providing account infrastructure to Pellopay? Did UAB Travel Union classify or monitor these flows as gambling-related? Were any suspicious activity reports or internal AML escalations filed? Are Immerion and Ybets connected through ownership, affiliate infrastructure, KYC providers, CRM systems, or payment providers? Call For Information FinTelegram is seeking information from: players who deposited into Immerion Casino via Open Banking, Revolut, Yapily, Paysolo, Contiant, Pellopay or UAB Travel Union; players who saw Pellopay Finance LTD as payee after funding casino accounts; insiders at Yapily, Pellopay, UAB Travel Union, Paysolo, Contiant, ISX Financial, Techoptions, Immerion or related casino cashier providers; compliance officers with knowledge of Open-Banking casino funding flows. Information can be submitted confidentially via the FinTelegram whistleblower platform. Open Banking was designed to make payments faster and safer. It was not designed to become a shadow cashier layer for offshore casinos. Share Information via Whistle42

FinTelegram’s latest casino payment-rail reviews indicate a coordinated migration from the Polish crypto on-ramp ChainValley to the Georgian payment gateway Nylo. The pattern looks disturbingly familiar: the same offshore casinos, the same fake-FIAT crypto-buy flow, the same Skrill/Neteller/Rapid Transfer/Paysafecard wrappers — and the same opacity around the true gambling beneficiary. 2-Minutes Briefing Over the last days, FinTelegram reviewed the payment rails of several offshore casinos, including SpinBoss, DudeSpin, Betify, Malina Casino, Betalice, and Oro.gg. The reviews produced a striking pattern: where FinTelegram previously observed the Polish crypto on-ramp ChainValley, the reviewed casino cashiers now increasingly route players through Nylo, a Georgian payment gateway operating through app.nylo.pro. The reviewed screenshots show a familiar two-step structure: the player believes they are making a normal casino deposit via Skrill, Neteller, Rapid Transfer, Paysafecard or similar payment methods. In reality, the checkout screen frames the transaction as an “Exchange order” and asks the player to agree to buy crypto and send it to a specified address. That wording is not incidental. It is the core legal and compliance wrapper of the rail. Nylo’s public website presents the company as a payment gateway supporting cards, bank transfers, local payments, deposits, payouts and settlements. It discloses Nylo LLC, identification number 412790154, registered on 18 February 2025 in Kutaisi, Georgia. FinTelegram’s working hypothesis is clear: utPay, ChainValley and Nylo may represent successive operating layers of the same or closely connected casino-payment network. We have not yet found a public corporate filing proving common ownership between Nylo and the UTORG/ChainValley network. But the operational evidence is too strong to ignore. Key Findings 1. Same casino ecosystem, new on-ramp label FinTelegram’s current screenshots show Nylo appearing in payment flows connected to offshore casino brands previously reviewed with ChainValley-style rails. The observed Nylo screens include: Casino / Review ContextObserved RailPlayer-Facing MethodUnderlying StructureBetifyNyloSkrill / Neteller-style wallet flow“Exchange order” / buy crypto and send onwardMalina CasinoNyloNeteller-style flowCrypto-purchase wrapperBetaliceNyloNeteller-style flowCrypto-purchase wrapperOro.ggNyloNeteller-style flowCrypto-purchase wrapperDudeSpinNyloSkrill / Paysafecard / Rapid Transfer / Neteller variantsCrypto-purchase wrapperDudeSpinMiFinityMiFinity cashier overlaySeparate wallet rail with opaque recipient label “CME” in screenshotDudeSpinPerspecteev / RevolutOpen-banking authorizationRevolut authorization shown for PERSPECTEEV SAS FinTelegram recognized Nylo order pages at app.nylo.pro, with order IDs, EUR amounts, payment-brand logos, and the consent statement: “I agree to buy crypto and send it to the specified address.” That is not a normal casino deposit flow. It is a casino funding rail disguised as a crypto purchase. 2. The utPay → ChainValley → Nylo sequence is not random FinTelegram previously documented utPay’s role in offshore casino payment rails. UAB Utrg, operating as utPay, later announced that it had suspended all crypto-asset services from 1 January 2026 pending MiCA authorization. Its terms state that crypto-related services have been suspended and will not be provided unless and until UAB Utrg obtains the necessary MiCA authorisations. UTORG’s own licensing page identifies UAB “Utrg” at the Vilnius address and discloses UTORG LABS HOLDING LTD in Abu Dhabi as owner of the website. The same page also contains a “Buy Crypto” link pointing to app.chainvalley.pro, creating a visible operational bridge from the UTORG web stack to ChainValley. Chain Valley Sp. z o.o. is a Polish company with KRS 0001036419, NIP 7252331409, based in Warsaw, registered on 16 May 2023. Polish corporate data shows Ilie Cernisev as representative and shareholder, with Cernisev holding 100% of the shares in the most recent ownership period shown. The UTORG link is reinforced by an earlier Massachusetts regulatory opinion addressed to Ilie Cernisev, CEO of Utorg OÜ, confirming his role in the Utorg ecosystem. The ChainValley link to the UTORG ecosystem is therefore much stronger than merely circumstantial. The Nylo link is not yet proven at corporate level — but the rail behavior now looks like a third migration step. Entity & Rail Intelligence Table Entity / BrandJurisdictionPublic Corporate / Regulatory DataObserved / Reported RoleUTORG LABS HOLDING LTDhttps://utorg.comAbu Dhabi, UAEDisclosed by UTORG as owner of the UTORG website; registration no. 000008060, Abu Dhabi address.Holding / brand layer for UTORG web stackUAB Utrg / utPayhttps://utpay.ioLithuaniaLegal name UAB Utrg; Vilnius address; utPay terms say crypto services suspended pending MiCA authorization.Earlier casino crypto-payment railUtorg OÜhttps://utpay.ioEstoniaIlie Cernisev was addressed by Massachusetts regulator as CEO of Utorg OÜ.Historic / related UTORG operating layerChain Valley Sp. z o.o. / ChainValleyhttps://chainvalley.proPolandKRS 0001036419; Warsaw; website chainvalley.pro; Cernisev shown as shareholder/representative.Successor rail after utPay in casino crypto-purchase flowsNylo LLC / Nylohttps://nylo.proGeorgiaIdentification no. 412790154; registered 18 Feb 2025; Kutaisi, Georgia; markets itself as payment gateway.Newly observed casino crypto-purchase rail via app.nylo.pro Core Finding 1: The Nylo Flow Is a Fake-FIAT Crypto Rail The reviewed Nylo payment processes are not ambiguous. They show: Player → Casino Cashier → Skrill/Neteller/Rapid Transfer/Paysafecard selection → Nylo exchange order → crypto purchase consent → onward transfer to specified address → casino balance credit The player-facing reality is “deposit €20 or €50 into a casino.”The legal/technical reality appears to be “buy crypto and send it elsewhere.” This is the same architecture FinTelegram previously flagged with utPay and ChainValley: a fake-FIAT rail where fiat-branded payment methods are used as funding instruments for an automated crypto conversion and transfer to an undisclosed destination wallet. That structure raises obvious compliance questions: Risk AreaConcernConsumer disclosureDoes the player understand they are not making a casino deposit but purchasing crypto?Chargeback / refund rightsA crypto purchase may weaken the player’s refund expectations compared with a card/wallet casino depositMerchant-of-record transparencyThe visible payee is the on-ramp, not the casino operatorAML/CFT monitoringThe true gambling beneficiary may be obscured behind a crypto-transfer wrapperGambling complianceLicensed payment providers may not see the transaction as gambling fundingMiCA / VASP perimeterThe rail may move the transaction from PSD2-style payment processing into crypto-asset service territory Core Finding 2: Nylo Is a Fresh Georgian Entity With a Broad Payment-Gateway Pitch Nylo’s website does not present it as a small experimental tool. It presents a mature “payment gateway” promising easy integration, fraud prevention, 24/7 support, cards, bank transfers, local payments, deposits, payouts, settlements and multi-currency processing through “own infrastructure and trusted partners.” This matters because the reviewed casino flows do not show Nylo as a simple technology widget. They show Nylo as the conversion node in a player-facing transaction. Georgia’s National Bank defines VASP activities to include exchange between convertible virtual assets and fiat currencies, transfer of convertible virtual assets, safekeeping/administration, trading-platform administration, lending and ICO-related services. The National Bank of Georgia has also warned that only registered VASPs or authorized financial-sector entities may provide virtual-asset services, and urged citizens to verify the activity status of providers. FinTelegram should therefore ask Nylo directly: Is Nylo LLC registered with the National Bank of Georgia as a Virtual Asset Service Provider? If yes, where is the registration certificate displayed for users, including on app.nylo.pro? This question is particularly important because the reviewed Nylo checkout is not a passive payment page. It appears to execute or intermediate a crypto-purchase-and-transfer transaction. Core Finding 3: The Domain Pattern Looks Like a Rail Migration Signature The domain pattern is almost too clean: BrandMain DomainCheckout / App DomainObserved RoleutPayutpay.ioapp.utpay.ioEarlier casino crypto railChainValleychainvalley.proapp.chainvalley.proSuccessor casino crypto railNylonylo.proapp.nylo.proNewly observed casino crypto rail By itself, an app. subdomain proves nothing. Many payment providers use this pattern. But in this context, the pattern becomes relevant because it appears in the same casino vertical, with the same fake-FIAT checkout logic, the same wallet/voucher funding methods, and a clean temporal handoff from one brand to the next. FinTelegram’s conclusion: this is not merely a domain similarity. It is a behavioral and operational similarity. Core Finding 4: ChainValley Already Had a Visible UTORG Link The ChainValley chapter was not speculative. UTORG’s own website displayed a “Buy Crypto” product link to app.chainvalley.pro, while disclosing UAB Utrg as the legal name and UTORG LABS HOLDING LTD as the website owner. In parallel, Polish corporate data identifies Chain Valley Sp. z o.o. and shows Ilie Cernisev as its representative and 100% shareholder in the latest ownership period. The Massachusetts Division of Banks addressed Cernisev as CEO of Utorg OÜ in a 2022 opinion concerning virtual-currency purchase and sale activity. That combination gave FinTelegram a credible basis to describe ChainValley as part of, or at minimum closely connected to, the UTORG operational universe. The open question now is whether Nylo is the next shell, partner, successor, or white-label instance of the same payment network. FinTelegram Hypothesis FinTelegram’s working hypothesis is: The offshore casino ecosystem that previously used UAB Utrg/utPay and then ChainValley may now have migrated to Nylo LLC in Georgia. The migration appears to preserve the same payment logic: familiar fiat-branded methods are used to trigger crypto purchase orders, with the purchased crypto sent to undisclosed wallet addresses linked to casino funding. The shift may be designed to preserve high-risk casino payment capacity after regulatory pressure and negative media exposure affected earlier rails. This is a hypothesis, not yet a final ownership finding. But it is supported by: The same casino vertical and overlapping brands. The same fake-FIAT crypto-purchase architecture. The same user consent wording: buy crypto and send to a specified address. The same wallet/voucher rails: Skrill, Neteller, Rapid Transfer, Paysafecard. The same app.[brand].pro checkout architecture. The timing: utPay suspension, ChainValley exposure, then Nylo emergence. The lack of transparent disclosure of the ultimate casino beneficiary or destination wallet. Compliance Questions For Nylo, ChainValley, UTORG, and Casino Operators FinTelegram invites the involved parties to answer the following questions: Is Nylo LLC registered as a VASP with the National Bank of Georgia? Does Nylo process deposits for offshore casinos, directly or indirectly? Does Nylo share management, ownership, technology, code, processing partners, wallet infrastructure, merchant contracts, employees or beneficial owners with ChainValley, UAB Utrg, Utorg OÜ or UTORG LABS HOLDING LTD? Why do Nylo’s casino flows mirror the earlier ChainValley and utPay flows? Who controls the destination crypto addresses in the Nylo exchange orders? Are players told, before payment, that they are purchasing crypto rather than making a direct casino deposit? Do Skrill, Neteller, Rapid Transfer and Paysafecard approve the use of their payment methods for these offshore casino crypto-purchase flows? Which casino operator, payment agent or merchant-of-record receives the economic benefit of the player’s funds? FinTelegram Assessment This is a classic regulatory whack-a-mole pattern. First came utPay.Then came ChainValley.Now comes Nylo. Each layer appears to preserve the essential function: allow offshore casinos to accept European players’ money through familiar payment brands while reframing the transaction as a crypto purchase. The true casino beneficiary disappears behind a conversion layer. The player sees Skrill, Neteller, Rapid Transfer or Paysafecard. The processor sees an exchange order. The bank or wallet provider may see a crypto on-ramp. The casino receives funded player balance. That is the magic trick. And this is precisely why FinTelegram believes regulators, payment providers, wallet operators and open-banking firms should examine the Nylo flows immediately. Whistleblower Call To Action FinTelegram is seeking further information about Nylo, ChainValley, utPay, UTORG, and the casino payment rails used by SpinBoss, DudeSpin, Betify, Malina Casino, Betalice, Oro.gg, and related brands. We are particularly interested in: merchant contracts; wallet destination addresses; internal settlement records; Slack/Telegram communications; screenshots of casino cashier flows; payment-provider onboarding documents; KYC files; links between Nylo, ChainValley, UAB Utrg, Utorg OÜ and UTORG LABS HOLDING LTD. Insiders, players and compliance officers can submit information confidentially via Whistle42. Share Information via Whistle42