Germany’s BaFin has imposed a fresh package of supervisory measures on neobank N26 after a 2024 special audit and the 2024 annual-accounts review flagged “serious deficiencies” in governance, risk/complaints handling, and the organisation of its lending business. The most striking element: BaFin is now curbing N26’s mortgage expansion in the Netherlands—an unusually explicit cross-border intervention. Key Facts New measures (Dec 2025): BaFin ordered additional own-funds/capital requirements, appointed a special representative/monitor, and restricted N26’s lending business (Source: Reuters). Dutch dimension: N26 is prohibited from originating new mortgage loans in the Netherlands and is also barred from securitising mortgage receivables linked to that Dutch business (Source: DIE WELT). Regulatory history: This is the second time since 2021 that BaFin has deployed an external monitor-like mechanism around N26. Prior sanctions: BaFin previously fined N26 €4.25m (2021) and later €9.2m (2024) for late suspicious activity reporting related to 2022 cases (Source: BaFin). Short Analysis BaFin’s message is that N26’s “bank-as-an-app” growth story still breaks on classic control failures: risk governance, complaints management, and credit-process organisation. This time, BaFin didn’t just re-tighten Germany-centric remediation—it also attacked a specific cross-border product line (Dutch mortgages) and related balance-sheet engineering (securitisation). The “Dutch dimension” matters because it underscores how a home supervisor (BaFin) can effectively throttle EU-passporting/branch activity when it concludes the institution’s organisation is not “orderly” enough to safely run higher-risk lending at scale. In plain terms: if the control framework is weak, cross-border growth is the first privilege to be suspended. Actionable Insight If you are a partner, broker, warehouse/servicer, or funding counterparty to N26’s Dutch mortgage channel, reassess: (i) pipeline continuity, (ii) complaint/forbearance handling, (iii) governance evidence trails, and (iv) any securitisation-adjacent representations. Expect intensified supervisory scrutiny of “fast-growth” control environments across EU neobanks (Source: Banking Dive). Call for Information Are you an N26 customer, former employee, vendor, or compliance/audit insider with documents on control failures, SAR backlogs, complaints handling, or cross-border lending operations (incl. the Netherlands)? Submit securely via Whistle42. Share Information via Whistle42

Compliance Analysis Date: December 16, 2025 This report profiles Contiant Ltd, a Bulgaria-based payment processor that has emerged as a critical financial gateway for illegal offshore gambling operators. Our investigation confirms that Contiant acts as a “Technical Service Provider” (TSP), effectively piggybacking on the regulated open banking infrastructure of Yapily Connect UAB to process high-risk transaction volumes from prohibited jurisdictions like the Netherlands. 1. Corporate Profile & Business Model Contiant Ltd markets itself as an “Open Banking Services Provider” specializing in high-risk verticals, including iGaming, Forex, and Crypto.​ Legal Entity: Contiant Ltd. Registration: Registered in Bulgaria (UIC/Tax Number: 207006641).​ Headquarters: Sofia, Bulgaria.​ Regulatory Status: Contiant appears to operate without its own financial license. Its Terms of Use explicitly state that it provides “technical services and implementation” for Open Banking. It relies entirely on the license of third-party regulated entities (primarily Yapily) to touch the actual funds.​ 2. The Yapily Connection: A “Borrowed” License The most critical compliance finding is Contiant’s structural reliance on Yapily, a major UK/Lithuanian open banking infrastructure provider. The Mechanism: When a player deposits at an offshore casino like Winning.io via Contiant, the actual Payment Initiation Service (PIS) is executed by Yapily Connect UAB (authorized by the Bank of Lithuania). The user interface explicitly states “Powered by Yapily” and redirects players to “Authorize Yapily Connect UAB” via their banking app. The Regulatory Gap: By acting as a “technical” layer, Contiant effectively insulates Yapily from direct exposure to the casino. However, the result is that Yapily’s regulated rails are being used to settle illegal gambling debts. The volume of traffic suggests that Yapily is either failing to monitor its agent/partner activity or is knowingly accepting this high-risk flow via the Contiant proxy. 3. Traffic Intelligence & High-Risk Focus Our analysis confirms that Contiant is almost exclusively dedicated to high-risk and offshore gambling traffic. Referral Sources: 100% of referral traffic to the payment subdomain paywith.contiant.com originates from unregulated offshore casinos, including Skyhills, Epicbet, Shakebet, WBetz, and Winning.io. Geographic Targeting: Over 95% of traffic originates from the Netherlands, a jurisdiction with strict gambling regulations (KSA). This indicates that Contiant is the primary gateway for Dutch players to access illegal casinos. Banking Connections: The top outgoing links from Contiant are to major Dutch and European banks (ING, Rabobank, Revolut, KBC), confirming its role in facilitating prohibited bank-to-casino transfers. 4. Leadership Public records identify the following individuals behind Contiant:​ Ivo Dimitrov: Co-Founder & CEO. Dimitar Kostov: Co-Founder & CTO. George Matev: Co-Founder & Partner. Revolut and the “Open Banking Game” The transaction cascade visualized in the “Open Banking Game” graphic reflects a layered structure in which Revolut’s open‑banking infrastructure is ultimately used to fund deposits at illegal offshore casinos such as Winning.io and LuckyWins, without Revolut having a direct contractual relationship with these operators. In this model, offshore casinos integrate Contiant as their front‑end payment gateway; Contiant in turn relies on Yapily Connect UAB as the licensed PSD2/Open Banking provider, which finally connects to Revolut via the oba.revolut.com API to initiate account‑to‑account payments from EU players’ Revolut accounts.​ Read our report on Winning.io and its shadow banking approach. Player journeys observed during the Winning.io test clearly show this cascade: after selecting “instant banking” or Revolut as the funding option, users are redirected to paywith.contiant.com, then to a Yapily consent screen (“Sign in to Revolut to authorize Yapily Connect UAB”), and finally into the Revolut environment to approve the payment. Similar flows have been documented for LuckyWins and other offshore brands that use Contiant, with traffic intelligence (Similarweb, November 2025) indicating that nearly all referral traffic to paywith.contiant.com originates from unlicensed casinos, and more than 95% of users come from the Netherlands—a jurisdiction where these operators are explicitly illegal.​ From a compliance standpoint, this layered structure creates a situation in which Revolut economically benefits from payment flows that in substance represent gambling deposits to unlicensed operators, while being able to point to Yapily (as PISP) and Contiant (as “technical gateway”) as intermediaries. Nonetheless, Revolut remains responsible for robust AML/CTF and transaction‑monitoring controls over outgoing payments and for risk‑based oversight of third‑party providers accessing its open‑banking APIs. Sustained high‑volume flows via Yapily to Contiant, combined with the clear casino‑only traffic profile of paywith.contiant.com and the concentration in a high‑risk market like the Netherlands, constitute a pattern of elevated risk that should reasonably trigger enhanced due diligence, restriction of specific counterparties, or termination of high‑risk partners. Summary Data: Contiant CategoryDetailsLegal EntityContiant Ltd (Bulgaria)RegistrationUIC 207006641 (Sofia, Bulgaria)​ActivityTechnical Service Provider (TSP) for Open BankingKey Executives– Ivo Dimitrov (CEO) – LinkedIn– Dimitar Kostov (CTO) – LinkedIn– George Matev (Co-Founder)​ – LinkedInRegulated PartnerYapily Connect UAB (Lithuania / UK)– License: Electronic Money Institution / PIS​Target VerticalsiGaming, Forex, Crypto (High-Risk)​Known ClientsWinning.io, LuckyWins, Skyhills, Epicbet, WBetzPrimary MarketNetherlands (>95% of traffic)Primary Domainwww.contiant.comPayment Subdomainpaywith.contiant.com Call to Whistleblowers Are you an employee at Yapily or Contiant? Do you have information regarding the due diligence (or lack thereof) performed on these offshore casino clients? Help us expose the facilitators of illegal gambling.We treat all information with strict confidentiality. Submit your documents and insights via our secure platform: Share Information via Whistle42

Compliance Analysis Date: December 15, 2025 This report provides a compliance analysis of DEPASIFY S.L., a “Crypto-as-a-Service” provider registered in Spain. Our investigation reveals that despite its status as a regulated Virtual Asset Service Provider (VASP), Depasify’s infrastructure serves as a critical backend for anonymous payment gateways that facilitate illegal online gambling transactions across the European Union. 1. Corporate and Regulatory Profile DEPASIFY S.L. operates as a financial technology company offering fiat-to-crypto exchange, custody, and payment gateway infrastructure via a single API. Legal Entity: DEPASIFY S.L.​ Registration: Registered in the Mercantile Registry of Valencia, Spain (NIF: B-67823831).​ Regulatory Status: Registered as a Virtual Asset Service Provider (VASP) with the Bank of Spain under code D705. This registration obligates the company to adhere to stringent Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) regulations as mandated by the EU’s 5th Anti-Money Laundering Directive (AMLD5).​ 2. Leadership and Management Public records and professional networking sites identify the following key individuals associated with the company: Alberto Martín Mazaira: Listed as a Founder of Depasify.​ Daniel Terrasa: Listed as an experienced FinTech Leader at the company.​ Manuel Roche del Fraile: Holds the position of Compliance Officer & MLRO, and is ICA certified.​ 3. The High-Risk Payment Network Our investigation into the offshore casino Winning.io first flagged Depasify’s connection to high-risk payment processing. Further traffic intelligence analysis (Similarweb, November 2025) of the subdomain backoffice.depasify.com—which appears to be a merchant backend portal—confirms a symbiotic relationship with “notorious” anonymous payment gateways. gate.commercebooth.io: Used by Winning.io to process Google Pay deposits via the UK shell company OPEN WAY LTD. api-payrequest.com: A generic payment link creator that facilitates transactions for various online services.​ pay.paidpays.com: Another anonymous gateway identified in the payment flow for Winning.io’s Apple Pay deposits. Key Traffic Data (Nov. 2025): Referral Traffic: Over 81% of traffic to backoffice.depasify.com originated from gate.commercebooth.io and api-payrequest.com. Outgoing Traffic: 100% of outgoing traffic from backoffice.depasify.com was directed back to these two gateways. This data establishes a clear and undeniable link: these high-risk payment gateways are key clients of Depasify’s “Crypto-as-a-Service” infrastructure. Depasify provides the rails that allow these gateways to convert fiat from sources like Google Pay into crypto, which is then used to fund offshore gambling accounts. 4. Compliance Risk Assessment The evidence presents a severe compliance paradox. While DEPASIFY S.L. is a regulated entity under the Bank of Spain, its primary business activity, based on traffic analysis, appears to be the provision of critical payment infrastructure to high-risk, anonymous gateways processing transactions for illegal online casinos. This raises critical questions about Depasify’s client due diligence and Know-Your-Business (KYB) processes. A regulated VASP is expected to understand the nature of its clients’ business and monitor for illicit activity. The high-volume traffic from gateways with no transparent ownership and a clear connection to the illegal gambling sector strongly suggests that Depasify is either willfully blind to its clients’ activities or is actively complicit in facilitating them.​ The presence of a certified Compliance Officer & MLRO makes this situation even more concerning, as the company cannot plausibly claim ignorance of its AML obligations. 5. The Initial Funding Alberto Martin Mazeira raises E22m for Depasify to build a digital assets banking platform In January 2024, Depasify successfully raised €2.2 million in a seed funding round. The round was led by prominent venture capital firms JME Ventures and GoHub Ventures (a corporate venture fund based in Valencia), with additional participation from Wayra (Telefónica’s innovation hub), Actyus, and Lanai Partners. This substantial capital injection was earmarked for “massive international expansion” and team growth, signaling strong institutional backing for the company’s “Crypto-as-a-Service” vision.​ 6. Corporate Structure & The “Depa” Transition Rebranding & Legal Complexity: Recent corporate communications and LinkedIn activity indicate that Depasify is actively transitioning to, or operating under, the abbreviated brand “Depa” (or “Depa Finance“). Alberto Martín Mazaira, the founder and CEO of Depasify, now lists his role on LinkedIn under the “Depa” brand, explicitly linking the two entities.​ Strategic Shift to Stablecoins: While Depasify was originally marketed as a broad digital asset infrastructure for banks, the Depa brand appears to focus heavily on stablecoin payment rails for B2B cross-border transactions. Marketing materials for “Depa Finance” emphasize replacing “costly correspondent banking with stablecoin rails” and enabling compliant fiat-to-crypto flows for fintechs and Web3 companies.​ The New Legal Entities Depasify is currently undergoing a significant corporate restructuring and rebranding to “Depa” (or Depa Finance). While the regulated Spanish entity DEPASIFY S.L. remains the core VASP for European operations, the new brand structure introduces a complex web of legal entities across multiple jurisdictions, including Canada and the United States. Hodl the Lab Holding S.L.: This Spanish holding company (Tax ID: B21844014) is now listed as the copyright owner of the Depa Finance website and the parent entity for the group.​ Plenifi Payments Ltd (Canada): Services for non-US and potentially non-EEA clients are now contracted through this Canadian entity, which is registered as a Money Services Business (MSB) with FINTRAC. This off-shoring of liability to Canada is a common tactic used by high-risk payment processors to arbitrage regulatory oversight.​ Depa US, Inc.: A US-based entity designated for American residents.​ Compliance Implication: The rebranding to “Depa” and the specific pivot toward stablecoin settlements for B2B clients aligns with the observed traffic patterns. High-risk payment gateways often use stablecoins (like USDT or USDC) to settle funds to offshore merchants (casinos) to avoid the scrutiny of traditional SWIFT networks. The fact that a VASP backed by major Spanish investors is potentially providing the “stablecoin rails” for anonymous gateways adds a significant layer of reputational risk to its shareholders. Summary Data: Depasify & Depa Ecosystem CategoryDetailsPrimary BrandDepasify (transitioning to Depa / Depa Finance)Key Domainsdepasify.com, depa.finance, backoffice.depasify.comSpanish VASP EntityDEPASIFY S.L.– Reg. No: B-67823831 (Valencia)– VASP Code: D705 (Bank of Spain)​Holding CompanyHodl the Lab Holding S.L.– Tax ID: B21844014 (Valencia)– Role: IP Owner & Parent Entity​Intl. Operating EntityPlenifi Payments Ltd– Jurisdiction: Canada– Role: MSB for non-US/non-EEA clients​US EntityDepa US, Inc. (United States)​Key Executives– Alberto Martín Mazaira (Founder & CEO)– Daniel Terrasa (FinTech Leader)– Manuel Roche del Fraile (Compliance Officer & MLRO)​Investors– JME Ventures (Lead)– GoHub Ventures (Lead)– Wayra (Telefónica)– Actyus / Lanai Partners​High-Risk Connections– gate.commercebooth.io (Anonymous Gateway)– api-payrequest.com (Payment Link Generator)– Winning.io (Illegal Offshore Casino) Whistleblower Call to Action Do you have information regarding the relationship between Depasify S.L. and Plenifi Payments Ltd? Are you an insider aware of how Depa Finance screens its “high-risk” clients? Help us expose the shadow banking of offshore gambling.Submit your data anonymously via our whistleblower platform: Share Information via Whistle42

Analysis by FinTelegram Compliance Team (December 15, 2025) Despite operating without a license in key European jurisdictions, the offshore casino Winning.io (part of the Scatters Group network) successfully onboards players from France, the Netherlands, Italy, and Germany with zero KYC requirements. Our latest compliance review exposes a sophisticated network of payment facilitators—including regulated European VASPs—that mask these illegal gambling transactions as “digital asset purchases.” Read our initial Winning.io Compliance Report here. The “Wise” Facade: Rillpay & Kryptonim The Winning.io payment page Winning.io’s cashier is a masterclass in transaction laundering. When European players select “Instant Banking” or the brand name Wise, the transaction is not a direct bank transfer. The Mechanism: The user is redirected to Rillpay, an “on-ramping” service. The Processor: Behind the scenes, Rillpay routes the funds to Kryptonim, a crypto service provider. The Result: What appears on the player’s bank statement is a purchase of digital assets, not a gambling deposit. This successfully bypasses banking blocks in strict jurisdictions like the Netherlands and Norway. This confirms our ongoing investigation into Kryptonim acting as a high-risk payment rail for offshore casinos. Read our Kryptonim reports here. The Big Tech Leak: Depasify & Open Way Ltd Perhaps the most alarming finding is the exploitation of Google Pay and Apple Pay to fund illegal gambling balances. The Gateway: Google Pay deposits are routed through an anonymous gateway, gate.commercebooth.io. The Merchant: The beneficiary appears as OPEN WAY LTD, a UK shell company controlled by Ilze Rudzite (Latvia).​ The Infrastructure: Our traffic intelligence links this gateway to backoffice.depasify.com. Depasify is a registered VASP in Spain (Bank of Spain Code: D705). This connection suggests that a regulated Spanish crypto infrastructure provider is effectively powering the payment rails for an unlicensed casino targeting French and Dutch consumers.​ The Cyprus Connection: Wagercraft Services Ltd For Revolut users, the payment path is facilitated by open banking provider Yapily, which connects to Contiant. The merchant of record here is Wagercraft Services Ltd, a Cyprus-registered entity (HE 455954). This entity acts as the payment agent for the St. Lucia-based operator, completing the classic “offshore license / EU payment agent” structure used to secure access to the European banking system.​ Identified Payment Facilitators Table Brand / GatewayLegal EntityJurisdictionRole / MechanismKryptonim (via Rillpay)Kryptonim sp. z o.o.Poland (VASP)Crypto-on-ramp masking “Instant Banking” deposits.Google Pay (via Commercebooth)OPEN WAY LTD (Controller: Ilze Rudzite)UK / LatviaGateway merchant linked to Depasify infrastructure.DepasifyDepasify S.L. (VASP Code D705)SpainInfrastructure provider linked to gate.commercebooth.io.Revolut (via Contiant)Wagercraft Services LtdCyprusPayment agent for Winning.io; processed via Yapily.MiFinityMiFinity Malta LtdMalta / UKHigh-risk e-wallet aggregating unlicensed gambling payments.Apple PayUnknown (Gateway: paidpays.com)AnonymousMobile wallet gateway for gambling deposits. Conclusion The ease with which Winning.io accepts deposits from prohibited jurisdictions highlights a catastrophic failure in merchant category code (MCC) monitoring by major fintechs like Wise, Revolut, and Google. By layering transactions through intermediate gateways (Rillpay, Commercebooth) and regulated VASPs (Depasify, Kryptonim), Winning.io has effectively neutralized EU AML controls. Whistleblower Call to Action Do you have information on the operational links between Depasify, Open Way Ltd, or Kryptonim? Are you an insider at Wagercraft Services Ltd in Cyprus? Help us expose the shadow banking of offshore gambling.Submit your data anonymously via our whistleblower platform: Share Information via Whistle42

Market intelligence suggests that the online casino Winning.io and its operating partner, Scatters Group, are replicating the high-risk, multi-brand offshore model previously popularized by Gammix Limited. Our analysis reveals a distinct pattern of “jurisdictional arbitrage,” where established brands like Scatters Casino and Locowin have been migrated from the regulated Malta Gaming Authority (MGA) environment to offshore entities in St. Lucia and Kahnawake. This structure allows the network to aggressively target grey markets—including the Netherlands and Norway—while shielding beneficial owners from direct EU regulatory enforcement. The “New Gammix” Thesis The comparison to Gammix Limited is not merely anecdotal; it is structural. Gammix became infamous for operating a massive network of white-label casinos that aggressively targeted regulated European markets without local licenses, eventually incurring record fines from the Dutch regulator (KSA). Scatters Group appears to be executing a nearly identical playbook, but with a new layer of corporate obfuscation. The Pivot: Brands that were historically operated by Gammix Limited (e.g., Scatters Casino, Locowin, Vegadream) have been quietly transferred to a St. Lucia-registered entity, Starscream Limited, which holds a license from the Kahnawake Gaming Commission (KGC). The Network: Winning.io, the group’s newer “crypto-friendly” brand, operates under a parallel St. Lucia entity, Wagercraft Limited. Despite the different shell company, it shares the same affiliate infrastructure and operational DNA as the Starscream brands.​ Structural Analysis: The Shell Game The “Scatters Group” presents itself publicly as a Malta-based consultancy led by industry veterans like Alexis Wicén (LinkedIn profile). However, the actual operational liability has been shifted offshore.​​ BrandFormer Operator (License)Current Operator (License)Scatters CasinoGammix Limited (MGA)​Starscream Limited (Kahnawake)​LocowinGammix Limited (MGA)​Starscream Limited (Kahnawake)​VegadreamGammix Limited (MGA)​Starscream Limited (Kahnawake)​Winning.ioN/A (New Launch)Wagercraft Limited (Kahnawake/Curacao)​ This migration from MGA to Kahnawake allows the operators to bypass strict European player protection mandates (such as centrally excluded player registries) while continuing to accept deposits from high-value European markets. Risk Indicators & Regulatory Red Flags 1. Dutch Enforcement ActionsJust like Gammix before it, this network is already in the crosshairs of regulators. The Dutch Gambling Authority (Kansspelautoriteit – KSA) has already issued a cease-and-desist order against Starscream Limited for offering illegal gambling in the Netherlands. This confirms that the “offshore pivot” has not gone unnoticed by EU authorities.​ 2. Jurisdictional Confusion & Opaque OwnershipWinning.io displays conflicting ownership signals—a classic compliance red flag. While some documents list Wagercraft Limited (St. Lucia) as the owner, other sources and affiliate materials link it to Dama N.V. (Curacao) or the Starscream affiliate network. This dual-identity structure makes it difficult for players and regulators to pinpoint the liable entity.​ 3. Player Protection IssuesEarly reports on Winning.io and Scatters brands echo the “Gammix legacy” of friction-heavy withdrawals. Complaints cite “unfinished KYC verification” loops and delays in payouts, a tactic often used by high-velocity offshore operators to stall withdrawals in hopes that players will gamble away their balances.​ Conclusion Winning.io and Scatters Group are not just “new players”—they appear to be the successor state to the Gammix business model. By moving established brands to offshore shells like Starscream Limited and Wagercraft Limited, they have created a “compliance firewall” that allows them to operate in grey markets with reduced regulatory oversight. Call to Whistleblowers Are you an insider at Scatters Group, Starscream Limited, or Wagercraft Limited? Do you have information regarding the beneficial ownership of these entities or their payment processing networks? FinTelegram wants to hear from you.We are dedicated to exposing the structures behind high-risk offshore gambling networks. You can share information anonymously and securely via our whistleblower platform: Share Information via Whistle42

The Russian-linked payment processor Payeer is now formally hit by an EU transaction ban—a move that, in practice, cuts off payment rails and counterparties across Europe. While Payeer blames sanctions-driven partner blocks and has announced shutdown timelines, FinTelegram continues to receive whistleblower complaints about frozen accounts and unpaid balances. The key question is no longer “is Payeer high-risk?”—but who is still exposed, and where the trapped funds actually sit. Key Points EU transaction ban: Payeer is added to Annex XLV (Part A) with entry into force on 25 November 2025, prohibiting EU persons/entities from engaging in transactions with Payeer (Source: Альта-Софт Payeer’s wind-down messaging: Payeer first said it would discontinue services for EU/Russia users with withdrawals until 24 November 2025, then later announced a broader shutdown and urged users globally to withdraw funds until 05 January 2026 (Source: PAYEER). “Partners blocked our accounts” claim: Payeer states “key partners” blocked Payeer accounts—some allegedly together with users’ assets—raising urgent questions about where funds are custody-held and under which legal entity (Source: PAYEER). Prior enforcement signal: Lithuania’s FCIS (FNTT) imposed a record fine (~€9.3m) on Payeer UAB for sanctions and AML/CFT breaches—well before the EU-wide transaction ban (Source: FNTT). Long-running opacity concerns: FinTelegram has documented Payeer’s Russian-linked control history and repeated jurisdiction/entity shifts as a recurring risk pattern (Source: FinTelegram). Short Narrative Payeer’s current situation looks like a classic “compliance endgame”: regulators escalate, counterparties de-risk, and users discover that the platform they treated as a functional wallet is, in reality, a counterparty risk—especially once sanctions bite. The EU’s 19th Russia sanctions package introduced a transaction ban tool and explicitly added Payeer to the targeted list with an effective date of 25 November 2025. In parallel, Payeer publicly communicated withdrawal windows (EU/RU until 24 Nov 2025) and later a broader shutdown timeline (withdraw until 05 Jan 2026, then “support only”). Extended Analysis 1) The transaction ban is operationally devastating (even without an “asset freeze” label).For EU counterparties—banks, PSPs, CASPs, merchants, vendors—“transaction ban” effectively means: stop touching it. Once enforcement dates hit, legitimate off-ramps and settlement partners disappear fast. 2) The EU also tightened the net around rebrands and “successor” setups.The amended framework explicitly extends the prohibition to actors operating on behalf of a listed entity and introduces criteria for “mirror or successor” entities (e.g., continuity of branding/UI, overlapping control, infrastructure continuity, user migration). That matters in ecosystems where payment/crypto services can reappear under fresh wrappers. 3) The Lithuania case was the early red flag—customers ignored it at their peril.Lithuania’s FCIS (FNTT) penalty against Payeer UAB (sanctions + AML/CFT failings) was already a strong supervisory signal that Payeer’s controls and governance were not where a high-volume payment/crypto platform should be. 4) Why the whistleblower complaints matter now.FinTelegram has received multiple reports describing frozen accounts, delayed withdrawals, and unpaid balances—a pattern that becomes especially critical when the platform itself states that partners blocked accounts and that some user assets may be locked at third parties. That turns the real question into a tracing exercise: Which entity contracted with the user, which partner custodied the funds, and under what jurisdiction can recovery even be pursued? Key Data Table Trading namePayeerBusiness activityhigh-risk payment processor, crypto exchange,merchant service prodiverDomainhttps://payeer.comhttps://payeer.ccLegal entitiesPayeer E.A.S. (Paraguay)Payeer OÜ (Estonia)Payeer UAB (Lithuania)PayCorp Limited (Vanuatu)Fincana OÜ (Estonia)Runwill Sp. z o. o. (Poland)PAYEER LLC (Georgia)FINGATE LLC (Georgia)AKKORD WELT LP (Scotland)Worldwide System K/S (Denmark)Mayzus Financial Services Ltd (UK)PAYMENT SOLUTIONS LTD (BVI)PAYEER RUS LLC (Russia)PB24 CORP (Panama)Related individualsAnton Stjopotškin, Estonia (UBO)Joseph Olatilewa Jaiyeola, EstoniaEkaterina Olegovna Gorshkova, RussiaLiubov Svezhentseva, Russia Kosolapova Evgenia Nikolaevna, RussiaElena Kulbikova, RussiaSergey Mayzus, RussiaDmitri Allikas (old)Stanislav Lattu (old)JurisdictionsEstonia, Vanuatu, Russia,BVI, Poland, Panama, Georgia,DenmarkRegulatorsFIU Estonia renounced in Jan 2023FCIS (Financial Crime Investigation Service) LithuaniaVFSCTrustpilot rating4.6-star rating with an “Excellent” trust levelFacilitated schemesPO Trade, Pocket Option,Capital Letter, FXTradePremiums, Deal TradeOptimus Markets, Spintop Capital, SuperForexand counting Call for Information FinTelegram is actively collecting evidence-grade information on Payeer’s current operations and the fate of customer funds. If you are a client, merchant, banking/PSP partner, exchange/CASP partner, affiliate, or insider, please submit information via Whistle42 (anonymity-supported). Share Information via Whistle42

The U.S. Securities and Exchange Commission (SEC) has charged Canadian citizen Nathan Gauvin and three affiliated entities—Blackridge, LLC, Gray Digital Capital Management USA, LLC, and Gray Digital Technologies, LLC—over two allegedly fraudulent securities offerings marketed to retail investors through Discord and other social channels. The SEC alleges more than $18 million was raised, with investor funds misappropriated and performance claims manufactured to keep the scheme alive. Key Points Two offerings, one ecosystem: (1) unregistered interests in the “Gray Fund” (Sept 2022–Nov 2024) and (2) a “seed stock” offering (starting May 2024) (Source: SEC). Distribution channel: Gauvin allegedly built credibility inside Discord communities and pushed the offering via a website and social channels. Core deception claims: fabricated credentials/AUM, inflated performance reporting, and allegedly fictitious account statements. Funds flow red flags: investors allegedly paid via stablecoins, wires, and credit cards; funds allegedly were not placed into a segregated “fund” account. Parallel criminal case: EDNY prosecutors announced criminal charges the same day; DOJ says Gauvin was arrested in England. Short Narrative According to the SEC, Gauvin cultivated an online following by portraying himself as a high-performing investment professional operating through “Blackridge,” which the SEC describes as a shell entity. 1 From there, the alleged pitch was classic: a professionalized pooled product (“Gray Fund”), marketed as diversified and sophisticated—spanning debt/equity securities, derivatives, and crypto—wrapped in social proof from an active Discord community. The SEC alleges that investors were shown eye-catching performance metrics (including double-digit monthly returns) and portfolio scale claims (e.g., fund assets purportedly “over $78 million”), while actual trading performance and assets were materially lower. When withdrawal pressure rose, the SEC claims withdrawals were restricted and explanations shifted—often a late-stage hallmark in online “fund” frauds. Extended Analysis This case matters beyond the headline numbers because it demonstrates how “finfluencer mechanics” can be operationalized into an unregistered securities distribution machine: 1) The community is the funnel; “performance reporting” is the lock-in.The SEC alleges Gray Digital published monthly metrics and disseminated account statements that did not reflect reality, including altered brokerage documentation. Even more telling: participation was allegedly restricted to “members” paying a $200/month subscription, a structure that can create perceived exclusivity and suppress skepticism (“I’m in the inner circle”). 2) Payments by stablecoin + mixed rails = compliance smoke screen.The complaint states investors could fund via stablecoins, wires, and credit cards—a combination that may reduce friction for retail deposits and complicate the investor’s ability to understand custody, segregation, and control of funds. From a compliance lens, the absence of clear custodial disclosures and segregated accounts is not a “minor” paperwork issue—it is often the difference between an investment operation and a pooled misappropriation pipeline. 3) The “seed stock” add-on illustrates how scams monetize hope when liquidity breaks.The SEC alleges Gauvin launched a second offering in May 2024: $30,000 “seed preferred” shares in Gray Digital Technologies, pitched with a $60 million valuation and claims of >$12 million annual revenue, while the issuer allegedly had no operations/assets/revenue. Notably, the SEC says the “proof of ownership” was framed as an NFT-based digital certificate—which allegedly was never delivered—leaving investors without even the marketed “on-chain” tokenized representation. 4) Legal posture: broad antifraud + unregistered offering theories.The SEC complaint includes claims under Exchange Act Section 10(b)/Rule 10b-5, Securities Act Section 17(a), Advisers Act Sections 206(1), 206(2), 206(4) and Rule 206(4)-8, and Securities Act Sections 5(a) and 5(c) (unregistered offers/sales). The SEC seeks permanent injunctions, disgorgement, penalties, and an investment-adviser bar for Gauvin, among other relief. Call for Information FinTelegram continues to investigate “Discord-first” investment schemes and the service providers that enable them (payment rails, OTC desks, stablecoin on/offramps, promoters, and offshore entities). If you have information about Nathan Gauvin, Blackridge, Gray Digital, Gray Digital Technologies, related Discord groups, payment processors, or investor communications, please reach out via Whistle42.com (anonymous submissions welcome). Share Information via Whistle42

Venom Foundation was established in Abu Dhabi, UAE in 2022 as a Layer-0 and Layer-1 blockchain platform, positioning itself as a next-generation scalable blockchain solution. It became the first crypto foundation licensed by Abu Dhabi Global Market (ADGM), later voluntarily exited ADGM, and relocated its operations to the Cayman Islands. However, Venom is also a crypto crime story! The crypto crime story around Venom (website) unfolded between its alleged founder/investor, Alibek Garcia Isaaev, and the project’s reported links to Ilya Kligman, a Russian banker tied to major bank-fraud allegations and cross-border enforcement actions. Key points Regulatory identity confusion: ADGM confirmed Venom Foundation ADGM ceased activities and is winding down; ADGM also warned the public about unrelated “Venom” launch claims on social media (Source: adgm.com). Founder/investor opacity allegations: Investigative reporting describes Alibek (Isaaev/Issaev/Isaev) as the “mastermind” behind Venom and highlights “murky” ownership/representation issues in fundraising narratives (Source: Whale Hunting). Kligman linkage centers on litigation + capital: Russian media reporting (citing Lenta.ru) describes Kligman-controlled Adventor Management Ltd as a major investor in Isaaev projects since 2014 and outlines IP/theft allegations and multi-jurisdiction threats (Source: Рамблер/личные финансы). Kligman risk profile: Multiple Russian outlets report Kligman as wanted/linked to large banking losses and enforcement proceedings (Sources: FinTelegram, 2Банки.ру). Malta angle (Papaya): Maltese reporting says investigators suspected a hidden Russian beneficial owner behind MFSA-licensed EMI Papaya (ownership contested/opaque in public narratives). Kligman has been speculatively linked in some ecosystem reporting, but identity is not confirmed by Maltese authorities in public documents(Sources: Times of Malta). What ADGM actually put on the record In a public notice, ADGM’s Registration Authority stated that Venom Foundation ADGM is no longer conducting any activities in ADGM, having cancelled its commercial licence in February 2024 and appointed a liquidator in March 2024. ADGM added that two associated ADGM companies—Venom Blockchain Holding Limited and Venom Blockchain Holding 2 Limited—also appointed a liquidator to wind down. ADGM also warned that the ADGM entities were not associated with “recent social media announcements” about launching Venom Blockchain, explicitly flagging name/brand confusion as a public-risk issue (Source: Gulfnews). For any exchange, OTC desk, VC, payment provider, or “partner program,” this is a textbook trigger for enhanced due diligence: when the “regulated” story is used as marketing collateral, but the regulator later publishes an official notice that the licensed entity is in liquidation and not connected to ongoing launch communications. Isaaev’s role—and the “representation” red flag While ADGM’s notice does not name individuals, investigative reporting has repeatedly tied Alibek Issaev/Isaaev (spelling varies across outlets) to Venom’s behind-the-scenes control. A detailed investigation by Project Brazen’s Whale Hunting describes being introduced to Issaev as the “mastermind” behind Venom—and highlights alleged promotional misrepresentation (including an investor’s image used in press coverage despite denial of any investment). Alibek Isaev operates under multiple identities and birth dates, raising significant red flags (Source: TrinityBugle):​ Alibek Garcia Isaev (born February 27, 1971) Alibek Gasanovich Isaev (born April 27, 1969) According to multiple reports, Isaev is wanted by Interpol for murder and terrorism charges originating from Russia. An arrest warrant was allegedly issued in the UAE on November 23, 2022, in connection with fraud involving 242 million dirhams (approximately $66 million) stolen from the Russian banker Ilya Kligman (see more below). Separately, The Block chronicled the broader opacity around the much-publicized Venom-linked “$1B” venture narrative, noting the absence of expected transparency and follow-through (Source: TheBlock). None of this alone proves criminality. But from a compliance standpoint it fits a familiar pattern: credential marketing (licence/sovereign “halo”) + thin verifiable governance + aggressive ecosystem promotion, followed by corporate restructuring, silence, or jurisdictional hopping. The Kligman connection: investment capital, litigation, and an enforcement backdrop The Venom Blockchain case represents one of the most controversial chapters in the criminal career of the Russian banker Ilya Kligman, involving allegations of a $70 million loan to Alibek Garcia Isaev, subsequent legal battles in UAE courts, and competing narratives about fraud, extortion, and money laundering. The case is particularly significant because it resulted in a UAE court conviction of Kligman in absentia in December 2023, with a reported $940 million compensation order—though the reliability and enforceability of this judgment remain contested. Russian media reporting (via Rambler/finance, citing Lenta.ru) described a dispute in which Adventor Management Ltd, said to be controlled by Ilya Kligman, accused Alibek Isaaev of attempting to misappropriate intellectual property and claimed Kligman invested around $60 million into joint UAE projects since 2014, with litigation and criminal-complaint threats spanning multiple jurisdictions (Sources: Рамблер/личные финансы). Kligman’s name is not a neutral counterpart in such disputes. Russian business/legal outlets have reported him as wanted internationally and linked him to large-scale banking losses and legal actions tied to failed banks and deposit-related schemes. (Source: FinTelegram.com 2Банки.ру). The UAE Court Case: Competing Narratives The court proceedings in the UAE between Kligman and Isaev generated two entirely contradictory narratives, making it difficult to establish definitive facts: Narrative 1: Isaev’s Initial Loss (Mid-2023) According to reports from July-August 2023 (Source: TrinityBugle):​ UAE court ruled against Alibek Isaev in the fraud case Isaev was ordered to repay Kligman $100 million (the original $70 million plus interest, legal costs, and damages) Failure to repay would result in multi-year prison sentence for Isaev The escalation to $100 million reflected interest rates, legal expenses, and confrontations with organized crime networks An arrest warrant was issued for Isaev on November 23, 2022 Court documents cited: Case involving 242 million dirhams ($66 million) in fraud Additional claims bringing total exposure to $100 million Risk of deportation to Russia to face murder charges Narrative 2: Dramatic Reversal (December 2023) In a stunning reversal, reports from December 2023 claimed (Source: LARA):​ All charges against Alibek Isaev were dropped in both civil and criminal courts Ilya Kligman was found guilty and sentenced to prison in absentia Kligman was ordered to pay Isaev compensation of $940 million in damages The UAE court allegedly ruled that Kligman had engaged in “extortion, blackmail, and obstructing normal business functioning” Kligman faces prison term, potential extradition from Germany to UAE, and then to Russia Papaya Ltd (Malta) would be seized as part of asset recovery Critical Analysis: Red Flags Suggesting Disinformation Campaign 1. Source Quality Concerns: The websites publishing these reports lack established journalistic credibility: Trinity Bugle (no established reputation) Sokal Info (unknown provenance) Repost News (minimal track record) Various crypto news aggregators republishing without verification 2. Timing Coincidences: The reversal occurred precisely when Venom Foundation was facing: ADGM license challenges Executive departures (Mustafa Kheriba resignation) Public scrutiny over Isaev’s criminal background Need to restore investor confidence 3. Lack of Official Verification: No official UAE court records, ADGM statements, or law enforcement announcements confirm: The existence of the criminal conviction The $940 million compensation order Extradition proceedings from Germany Seizure orders for Papaya Ltd 4. Inconsistent Legal Framework: The UAE legal system typically does not issue criminal convictions in absentia for foreign nationals without substantial evidence of jurisdiction. The claim that Kligman—residing in Germany—would face UAE criminal prosecution without prior extradition attempts is legally implausible. Our Assessment Evidently, this is a conflict between two Russian citizens of different ethnic backgrounds: Ilya Kligman, an ethnic Jewish Russian banker with alleged connections to the ethnic Russian Tambov organized crime organization, and Alibek Garcia Isaev, a businessman of likely North Caucasian (Dagestani or Chechen) origin, over a $70 million loan dispute that escalated into competing legal claims in UAE courts. Below, we outline the individual points in the battle between Kligman and Isaaev over the credibility of the Venom scheme. Confidence Levels: ElementConfidence LevelBasisKligman provided substantial funding to IsaevHighMultiple independent sources corroborateInitial loan amount ~$70 millionMedium-HighConsistent across sources, though exact amount variesCourt case existed in UAE (2022-2023)HighRussian court documents reference caseIsaev lost initial ruling (mid-2023)MediumConsistent with earlier reporting timelineReversal: Kligman convicted, $940M compensation (Dec 2023)Low-MediumQuestionable sources, no official confirmation, implausible amountKligman used Venom for money launderingMedium-HighConsistent with established pattern, circumstantial evidence strongIsaev has criminal history of project fraudHighWell-documented across multiple sourcesVenom Foundation exited ADGM (2024)ConfirmedOfficial ADGM statements The Venom Scheme Despite its controversial origins involving fugitive Russian banker Ilya Kligman and North Caucasian entrepreneur Alibek Isaev, Venom Blockchain operates as a functional, technically capable Layer-0/Layer-1 blockchain platform as of December 2025. The project maintains 99.99% uptime, processes 150,000-200,000 daily transactions, and has attracted institutional partnerships including with the Philippines government. However, unresolved questions about beneficial ownership, the sudden ADGM exit, and a 79% price collapse from launch highs suggest ongoing regulatory, legal, and market confidence issues that warrant continued investigative scrutiny. Legal entities explicitly named in official/regulatory or first-party materials Venom Foundation (ADGM) → in liquidation; licence cancelled, per ADGM RA public notice. adgm.com+1 Venom Blockchain Holding Limited (ADGM) → in liquidation (named in the same ADGM context). adgm.com+1 Venom Blockchain Holding 2 Limited (ADGM) → in liquidation (named in the same ADGM context). adgm.com+1 VNM Vault Ltd → named as the contracting party across venom.foundation legal documents; Cayman Islands governing law/arbitration is specified. venom.foundation+1 People-of-interest overlay Alibek (Garcia) Issaev/Isaaev → described in investigative reporting as a central figure in Venom’s origin story and ownership ambiguity. Ilya Kligman → frequently referenced in adverse-media narratives around offshore banking/crypto schemes; any “ownership” or “court outcome” claims should be framed as reported/alleged unless you have court documents. (For Papaya in Malta specifically, Times of Malta reports a probe into suspected concealed Russian ownership, while public-facing ownership is contested in public debate.) Call for Information (Whistle42) FinTelegram is seeking documents and first-hand accounts related to: Venom’s true controlling persons (past and present), cap table, and treasury movements Any UAE court filings/judgments involving Alibek Isaaev/Issaev and Ilya Kligman (especially any “in absentia” criminal ruling references) Kligman’s historic crypto ventures (including Swiss Crypto Alliance AG / Crypto Alliance GmbH) and any links to Malta-based structures or nominees If you have relevant information, please submit it securely via Whistle42 (anonymous submissions welcome). Share Information via Whistle42

A Vienna court has finally shut the door on U.S. efforts to put Ukrainian oligarch Dmytro Firtash on trial – with a justification that even Austrian media now call bizarre: Firtash is said to enjoy diplomatic immunity as an “advisor” to the Belarusian mission to UNIDO in Vienna. Officially, however, Austria does not even recognise him as a diplomat. Key Points The Vienna Regional Court ruled on 4 November 2024 that Firtash cannot be extradited to the U.S., arguing he enjoys immunity as advisor to Belarus’s permanent mission to UNIDO in Vienna (Source: Kurier). Austria’s Foreign Ministry told the court that Firtash is not properly accredited, has no diplomatic ID card and is therefore not considered a diplomat (Source: Kurier). The Higher Regional Court has now dismissed the prosecution’s appeal as inadmissible after a missed deadline – making the 2024 decision final (Sources: DER STANDARD). Belarus reportedly granted Firtash this “diplomatic” function in 2021, widely seen as a move to shield him from U.S. corruption charges (Source: RadioFreeEurope). Austria has previously refused a Spanish extradition request and now effectively guarantees luxury exile in the EU to a man wanted for large-scale bribery and embezzlement (Source: Reuters). Short Narrative: Legal Aburdism With the 9 December 2025 ruling by the Vienna Higher Regional Court, the Firtash saga has entered a new phase: legal absurdism. Prosecutors’ last appeal against the 2024 non-extradition decision was thrown out on formal grounds – a missed deadline. Substantively, however, the lower court’s reasoning is what shocks observers: Firtash allegedly enjoys diplomatic immunity as an advisor to Belarus’s permanent mission to UNIDO. The anonymised ruling, reported by Kurier, states that this advisory role shields him from U.S. extradition. At almost the same time, Austria’s Foreign Ministry and Justice Ministry confirmed that Firtash is not properly accredited to UNIDO, holds no MFA diplomatic card and is not considered a person entitled to diplomatic privileges. In other words: the court treated him as a diplomat even though the Austrian state does not. Extended Analysis: Austria Does Not Recognize Firtash Under international law, members of permanent missions to international organisations enjoy immunity only if they are formally notified and accepted by the host state. Here, the host state – Austria – explicitly told the court that Firtash is not recognised as such. Yet the Vienna Regional Court still used this supposed Belarusian “advisor” status to declare extradition inadmissible. This is not a legal nuance; it is the core of the case. Belarus, an authoritarian ally of Russia, appears to have handed a fugitive Ukrainian oligarch a tailor-made role in Vienna precisely to sabotage U.S. proceedings. Austrian ministries flagged that the accreditation was defective. The court nevertheless sided with Minsk’s paper construct over its own government’s position – and then the higher court sealed the deal due to a procedural failure by prosecutors. Read the FinCrime Observer report on the Firtash Case here. The political signal is devastating. Austria is part of the EU sanctions regime against Russian and Belarusian elites and officially supports Ukraine. Yet one of Kyiv’s most notorious ex-gas oligarchs, long aligned with pro-Russian president Viktor Yanukovych and wanted for bribery and alleged embezzlement of hundreds of millions from Ukraine’s gas transit system, remains safe in Vienna behind a Belarusian “diplomatic” fig leaf. Add to this earlier refusals to extradite Firtash to Spain over money-laundering allegations, and the picture is clear: Austria has become a premium safe harbour for post-Soviet oligarchs with the right lawyers, lobbyists and – in this case – a friendly authoritarian regime willing to制造 diplomatic paperwork. Call for Information FinTelegram will continue to investigate the Firtash network in Vienna – including his Belarusian “advisor” status, his business ties, and his political protectors in Austria and abroad. We explicitly call on insiders in Austrian ministries, UNIDO-related circles, the Belarusian mission, banks, law firms and advisory shops to share information, documents or leads with us confidentially. If you have knowledge about Dmytro Firtash’s activities, his alleged diplomatic status or other oligarch safe-harbour structures in Austria, please contact FinTelegram via our whistleblower channels. Share Information via Whistle42

A U.S. federal judge in Manhattan sentenced Terraform Labs founder Do Kwon to 15 years in prison, concluding that the TerraUSD/LUNA implosion was not a bad-product accident but a fraud that wiped out roughly $40 billion in market value and devastated real victims. The sentence lands as a defining “Startup on Trial” moment for crypto’s algorithmic-stablecoin era. Key Points Sentence: 15 years, imposed by U.S. District Judge Paul A. Engelmayer in Manhattan (Source: Reuters). Criminal posture: Kwon pleaded guilty (Aug 2025) to wire fraud and conspiracy; sentencing exceeded the government’s recommendation (Source: Reuters). Core finding: the court accepted that Kwon repeatedly misled investors and that the harm was “real money,” not “paper” losses (Source: AP News). Regulatory overlap: Terraform previously faced SEC action and agreed to a $4.55B settlement framework (including an $80M civil penalty and a crypto-activity ban for Kwon). Cross-border arc: extradited to the U.S. after detention in Montenegro; South Korea still looms as a separate exposure (Source: US DOJ). Short Narrative Terraform marketed a vision: a “self-healing” algorithmic stablecoin (TerraUSD/UST) paired with LUNA, promising a decentralized financial system that could keep stability through code and incentives. In May 2022, the promise collapsed—UST lost its peg, LUNA spiraled, and the shock radiated through the broader crypto market. Prosecutors framed what followed as a deception campaign, not merely a volatile unwind, and Engelmayer’s sentence signals the court agreed with that characterization. Extended Analysis 1) What the government said was fraudulent (beyond “UST depegged”)The DOJ’s sentencing release lays out a pattern of alleged misrepresentations, including: “Stablecoin misrepresentations”: claiming Terra Protocol restored UST’s peg after a 2021 wobble, while prosecutors allege a high-frequency trading firm secretly bought large amounts to prop it up. Reserve/governance claims around the Luna Foundation Guard (LFG): prosecutors allege Kwon presented LFG as independent while controlling it, moving funds as if interchangeable, and laundering misappropriated assets. Mirror Protocol: marketing synthetic stock exposure as decentralized while allegedly retaining control and using bots to manipulate prices/metrics. Chai payments narrative: claiming real-world transaction volume on Terra while prosecutors allege transactions were processed conventionally and then “mirrored” onto the chain to simulate usage. 2) Why this became a “startup” case with classic securities/commodities hooksThis wasn’t prosecuted as “crypto is risky.” It was prosecuted as fraud + market manipulation, packaged through instruments and narratives that touched securities-like expectations and commodities theories (as reflected in the charging posture and the DOJ’s description of the conspiracy). The legal lesson is blunt: a token’s technical novelty does not immunize misstatements about mechanism, reserves, governance, adoption, or market support. 3) Sentencing signals: deterrence over “crypto exceptionalism”Engelmayer rejected both the idea that 12 years was enough and the defense’s push for a far shorter term—calling the conduct an “epic” fraud and emphasizing the scale of human harm. That judicial language matters because it frames future cases: algorithmic design failure may be tolerated; concealment of interventions, fictive adoption metrics, and governance theater is not. 4) “Startup on Trial” takeaways for founders and investors Stress events are disclosure events: a peg break, liquidity rescue, or market-maker intervention must be treated like a material incident, not PR. Governance claims must be auditable (who controls keys, reserves, and decision rights). Adoption proof must be verifiable (no synthetic “usage” narratives). Investors should treat “algorithmic stability” as marketing, unless the issuer can evidence resilience under adversarial conditions and disclose all backstops. Actionable Insight For crypto startups: build compliance like a public company before you need it—incident logs, market-structure policies, reserve/governance attestations, and a hard rule that any external “support” (market makers, loans, buy programs, stabilization trades) is tracked and disclosed with legal review. For investors: diligence the backstop reality—who can intervene, when, and with what funds—because courts increasingly treat hidden backstops as core fraud facts, not footnotes. Call for Information FinTelegram is tracking Terra/LUNA-related enforcement and the broader “Startup on Trial” pipeline. If you are a former employee/contractor, a market-structure counterparty (MM/HFT/OTC), a protocol integrator, or an affected investor with documentation on Terraform’s communications, stabilization efforts, or governance controls, share your information via Whistle42.com (anonymity available). Share Information via Whistle42

The Innsbruck Regional Court in Austria has convicted former real-estate tycoon René Benko for a second time for fraudulent bankruptcy (betrügerische Krida), handing down a 15-month suspended sentence over hidden cash and luxury items in a family safe. His wife, Nathalie Benko, was acquitted. The ruling is not final and touches only a small asset-transfer strand, not the core Signa investigations. Key Facts Verdict: 15 months imprisonment, fully suspended with a three-year probation period, plus a fine of 360 daily rates (reported at €12 each) (Source: Die Presse). Offence: Insolvency fraud / fraudulent bankruptcy (betrügerische Krida) for hiding assets from creditors in his personal insolvency (Source: DIE WELT). Acquittal for Nathalie: The jury acquitted Nathalie Benko “in dubio pro reo”; the court did not see her complicity as proven (Source: Die Presse). Facts of the case: Around €120,000 in cash and 11 luxury watches plus cufflinks and other valuables worth roughly €250,000 were stored in a safe at relatives of Nathalie, instead of being made available to the insolvency estate (Source: Reuters). First conviction: In October 2025, Benko was already sentenced to two years’ imprisonment (not final) for moving €300,000 to his mother and other asset shifts around his personal insolvency (Source: Reuters). Short Analysis With this second non-final conviction, the picture painted in FinTelegram’s earlier “Safe Full of Luxury” report is now confirmed by a criminal court: Austria’s ex-billionaire twice found guilty of stripping assets out of reach of creditors while his empire collapsed (Source: FinTelegram). For now, however, we are still in the “mini-proceedings” phase. Both convictions concern personal asset transfers in Benko’s private insolvency—relatively small amounts compared to the tens of billions in claims surrounding the Signa collapse and the roughly €300 million damage estimate currently in the WKStA files (Source: DER STANDARD). The true Signa causa—suspected large-scale fraud, breach of trust and money laundering across complex structures—is still being investigated in at least 14 separate strands by Austria’s Wirtschafts- und Korruptionsstaatsanwaltschaft (WKStA), while prosecutors in Italy (Trento anti-mafia) and Germany (Munich public prosecutor’s office) are pursuing their own high-stakes probes into alleged corruption, “mafia-like” structures and triple-digit-million fraud and embezzlement (Source: Tagesspiegel). Procedurally, the suspended 15-month sentence does not end Benko’s pre-trial detention: he remains in custody because of the risk of evidence tampering and further offences in the broader Signa complex, as stated by WKStA (Source: justiz.gv.at). The decisive question is how future indictments in the Signa strands will interact with the existing sentences when they are finally aggregated. Call for Information FinTelegram will continue to treat the Signa Case as a long-term investigation. Insiders, advisers, employees, lenders, and counterparties with information on asset shifts, foundations, side agreements, or international structures around René Benko and the Signa Group are invited to submit documents and evidence securely via Whistle42.com. Share Information via Whistle42

The dramatic U.S. seizure of the supertanker Skipper off Venezuela’s coast—personally announced by President Donald Trump and amplified by Attorney General Pam Bondi’s helicopter-raid video—is officially framed as a sanctions and counter-terrorism operation. In reality, it sits at the intersection of three fault lines: Washington’s dependence on heavy Venezuelan crude, Venezuela’s slow exit from the classic petrodollar system, and PDVSA’s growing use of USDT stablecoins and Chinese channels to move oil money outside the reach of the U.S. banking system. The Strategic Perfect Storm: Quality, Currency, and Hegemony Venezuela presents the United States with a double vulnerability that intensifies pressure on an already heavily indebted superpower. First, Venezuela produces super-heavy, high-sulfur crude grades—particularly Merey, Boscan, and Hamaca—that are ideally suited to the complex coking units of U.S. Gulf Coast refineries. As Mexican heavy crude production declines and Canadian pipeline flows remain constrained, Venezuelan barrels have become irreplaceable for optimal refinery operations and diesel output. The loss of up to 200,000–300,000 barrels per day of Venezuelan heavy crude has already tightened U.S. refinery feedstock markets, driving up costs and threatening fuel price stability—a politically sensitive issue for any administration.​ Second and more strategically threatening, Venezuela under Maduro has systematically abandoned the petro-dollar. Since 2024, state oil company PDVSA has required new customers to prepay up to 50% of spot crude shipments in Tether’s USDT stablecoin via digital wallets, with over half of all crude shipments now involving USDT payments by mid-2025. Venezuela also shifted to pricing and settling oil in Chinese yuan as early as 2017, deepening financial integration with Beijing. In September 2025, approximately 84% of Venezuela’s crude exports flowed to China—either directly or via shadowy intermediaries—paid in yuan or converted through USDT.​ This combination undermines two pillars of U.S. financial hegemony simultaneously: it deprives U.S. refiners of optimal crude while routing oil revenues outside dollar-denominated banking channels that traditionally recycle petrodollars into U.S. Treasuries.​ USDT as the New Petro-Currency Infrastructure Venezuela’s reliance on USDT represents more than sanctions evasion—it constitutes a parallel petro-currency infrastructure that bypasses U.S. control while still referencing dollar value. By July 2025, an estimated $119 million in USDT flowed into Venezuela’s private sector in a single month, with the government quietly authorizing select banks to exchange bolívars for USDT since June 2025. PDVSA uses USDT to avoid the risk that oil proceeds will be frozen in foreign bank accounts subject to OFAC jurisdiction, effectively creating a “digital dollar” market that operates outside traditional correspondent banking and SWIFT.​ This model mirrors strategies deployed by Iran and Russia, which increasingly use crypto and stablecoins to conduct sanctioned energy trade. For the United States, the danger is not nominal de-dollarization—oil is still priced in dollar-equivalent USDT—but operational de-dollarization: the flows no longer pass through New York clearing banks, no longer generate demand for U.S. Treasuries, and no longer submit to U.S. financial surveillance and enforcement. Each barrel settled in USDT marginally weakens the structural demand for dollars and Treasuries that has enabled the U.S. to sustain $35 trillion in national debt and run persistent deficits without triggering a currency or bond crisis.​ Economic Pressure on a Heavily Indebted United States The erosion of petro-dollar recycling comes at a particularly vulnerable moment. The U.S. national debt surpassed $35 trillion in 2024, having nearly doubled from $14.8 trillion a decade earlier, sustained largely by Federal Reserve quantitative easing and robust foreign demand for Treasuries—much of it driven by petrodollar recycling from oil exporters. J.P. Morgan Research estimates that each 1-percentage-point decline in foreign Treasury holdings relative to GDP (roughly $300 billion) would drive yields up by more than 33 basis points, raising borrowing costs across the economy and constraining fiscal space. If major energy exporters systematically shift settlement outside the dollar banking system, the resulting reduction in Treasury demand would exert upward pressure on U.S. interest rates, crowding out domestic investment and destabilizing state and federal budgets already stretched by deficit spending.​ Venezuela’s pivot to USDT and yuan thus threatens not only dollar prestige but the fiscal arithmetic underpinning U.S. debt sustainability. Control over Venezuelan oil—the world’s largest proven reserves—would allow Washington to dictate currency terms for a substantial share of global heavy crude supply, reinforcing structural dollar demand and shoring up Treasury inflows.​ From Sanctions Enforcement to Military Action The 10 December tanker seizure must be understood in this dual economic context. While Attorney General Pam Bondi justified the operation as enforcement against a vessel “sanctioned for its involvement in an illicit oil shipping network supporting foreign terrorist organizations,” the execution involved Coast Guard personnel, Marines, special forces, two helicopters, and Department of Defense assets—an operation of military scale and character. Trump himself declared, “We keep the oil, I guess,” a statement that frames the seizure not as law enforcement but as resource appropriation.​ Senator Chris Van Hollen characterized the seizure as evidence that U.S. military operations in the Caribbean—including over 22 boat strikes killing at least 87 people since September 2024—are not primarily about drug interdiction but about regime change by force. The tanker seizure, combined with the deployment of the USS Gerald Ford carrier strike group, fighter jet overflights of the Gulf of Venezuela, and Trump’s stated intention to conduct land strikes, constitutes a campaign of escalating military pressure aimed at restoring U.S. control over Venezuelan oil and, by extension, over the currency terms of that oil’s sale.​ Hypothesis: Strategic Resource Seizure to Counter Financial Erosion The hypothesis emerging from these dynamics is stark: the United States, facing the twin pressures of irreplaceable heavy crude needs and eroding petro-dollar flows, has escalated from economic sanctions to quasi-military resource seizure in an attempt to reassert control over Venezuelan energy and re-anchor oil transactions within dollar-clearing infrastructure. The tanker seizure is not an isolated enforcement action but a signal of willingness to use military force to defend financial hegemony when economic levers prove insufficient.​ If Venezuela—and by extension China, Russia, and other USDT-adopting energy exporters—succeeds in normalizing stablecoin settlement outside U.S. banking rails, the resulting erosion of structural Treasury demand could trigger a fiscal crisis for a United States already burdened by unsustainable debt levels. In this framing, the Skipper seizure represents not law enforcement but a new form of economic warfare: the physical interdiction of energy flows to prevent their settlement in non-controlled digital currencies, even when those currencies are nominally pegged to the dollar.

Austria’s appeals court has definitively stopped the extradition of Ukrainian businessman Dmytro Firtash to the United States, closing a decade-long case and sharpening doubts about Vienna’s willingness to confront entrenched oligarch networks. The Firtash Case On 9 December 2025, the Vienna Higher Regional Court rejected prosecutors’ appeal and confirmed a 2024 ruling: Firtash will not be surrendered to the U.S (Source: Reuters). A 2013 indictment in Chicago accuses him of orchestrating an $18.5 million bribery scheme to secure titanium mining rights in India, in breach of the U.S. Foreign Corrupt Practices Act (Source: US Indictment). He denies the charges as politically motivated. In parallel, Ukrainian and U.S. authorities accuse him of embezzling nearly $500 million from Ukraine’s gas transit system (Source: Reuters). Arrest and Extradition Procedures Arrested in Vienna in 2014, Firtash has fought extradition ever since. A Vienna court first refused the U.S. request in 2015 as partly political, an assessment that already raised eyebrows among anti-corruption experts (Source: Euronews). Later, higher courts – and the then justice minister – signalled that extradition was legally possible, before new defence motions, a 2023 reopening of proceedings and renewed rulings produced the current refusal (Source: RadioFreeEurope). A Spanish extradition request on money-laundering allegations was also rejected, leaving Firtash still in comfortable exile on the Danube (Source: The Local Austria). Firtash built his fortune as an intermediary for Russian gas and was a key sponsor of former Ukrainian president Viktor Yanukovych. cdn.csd.bg Vienna’s tolerant environment for post-Soviet capital – with willing banks, prestige lawyers and ex-ministers for hire – has long made the city attractive to oligarchs he is often grouped with. Kremayr & Scheriau+1 Concluding assessment In March 2015, Firtash hired former foreign and finance minister Michael Spindelegger to run the Firtash-funded Agency for the Modernisation of Ukraine (AMU), just weeks before an Austrian court first refused extradition (Source: en.dmitryfirtash.com). Spindelegger is a long-time associate and former university “Cartellbruder” of then-justice minister Wolfgang Brandstetter (Source: parlament.gv.at). Ukrainian politicians already criticised the AMU at the time as a project to polish Firtash’s image and fend off extradition (Source: Vorarlberger Nachrichten). According to a 2015 CIA report seen by FinTelegram, U.S. intelligence assessed that Firtash enjoyed unusually good access to Austrian judges and senior politicians; that report explicitly links the Spindelegger appointment to his extradition fight (Source: Wiener Zocker). Austrian journalist Florian Horcicka has likewise argued that bringing Spindelegger on board substantially improved Firtash’s chances of avoiding a U.S. courtroom, fitting a broader pattern of oligarchs using Vienna’s political class as legal and reputational shields (Source: Kremayr & Scheriau). This ruling therefore reinforces the picture of Austria as a jurisdiction where money, influence and revolving doors can blunt international anti-corruption efforts at the expense of Ukraine, the U.S. and the credibility of the rule of law. FinTelegram calls on insiders, advisers and officials with knowledge of Firtash’s networks in Austria and Ukraine to contact us confidentially and provide further information about his activities and protection structures. Share Information via Whistle42

Venezuela, sitting on one of the world’s largest oil reserves, is no longer just selling crude in dollars. Under Nicolás Maduro, state oil company PDVSA is increasingly settling exports in Tether’s USDT, a dollar‑pegged stablecoin, to bypass U.S. sanctions and banking controls. This shift does not end dollar influence in oil, but it moves critical flows off the U.S.‑controlled banking grid and into opaque crypto rails—posing new challenges for Washington’s already strained, debt‑laden financial hegemony.​ USDT vs Petro‑Dollar: A Sanctions‑Driven Pivot Since 2024, PDVSA has re‑engineered its contracts to require that around half of many spot crude shipments be prepaid in USDT via digital wallets, pushing new clients into crypto‑based settlement and away from traditional correspondent banking. By 2025, more than 50% of crude shipments were reportedly partially or fully paid in USDT, with stablecoin inflows of roughly 119 million dollars reaching the private sector in a single month.​ This marks a decisive break with the classic petro‑dollar model, in which oil is invoiced, cleared, and stored in the U.S. banking system and Treasuries. Venezuela still references the dollar as unit of account, but execution now occurs on blockchains rather than via banks subject to OFAC and SWIFT. The strategy serves three objectives: Sanctions evasion and asset protection: USDT payments reduce the risk that proceeds are seized in foreign bank accounts under U.S. measures.​ Parallel “digital dollar” market: Caracas resells USDT domestically for bolívars, injecting hard‑currency liquidity while bypassing official FX channels.​ Template for other sanctioned oil exporters: Russia and others are already experimenting with crypto and stablecoins for energy trade, embedding de‑dollarisation into commodity flows.​ Strategic Risk for a Heavily Indebted U.S. For the United States, the danger is less about losing the dollar as unit of account in oil, and more about erosion of control over dollar‑linked flows. If major energy exporters can routinely clear large volumes via private stablecoin issuers outside the regulated banking core, U.S. sanctions, surveillance, and—ultimately—demand for U.S. Treasuries are gradually weakened.​ Yet Venezuela’s bet is fragile. USDT is centralized: Tether has already frozen addresses linked to sanctioned Venezuelan activity, proving that Washington can still exert pressure through issuers and key compliance choke points. A single freeze event could instantly strand millions in oil revenue, underscoring the geopolitical and counterparty risk of building an oil strategy on a private stablecoin.​ Conclusion Venezuela’s move to a USDT‑denominated oil trade is a live‑fire test of how far stablecoins can chip away at the operational dominance of the petro‑dollar without replacing the dollar itself. In a world of weaponised finance and mounting U.S. debt, every barrel settled in off‑bank “crypto dollars” marginally reduces Washington’s leverage—while pushing sanctioned regimes into a precarious dependency on opaque, privately run digital dollar infrastructures. The real contest is no longer dollar vs non‑dollar, but on‑shore dollar law vs off‑shore dollar technology. Share Information via Whistle42

Austria’s fallen real-estate tycoon René Benko and his wife Nathalie Benko are facing a second indictment for fraudulent bankruptcy (betrügerische Krida). Prosecutors allege that cash and luxury assets were secretly moved into a family safe to keep them out of the insolvency estate. The case escalates Benko’s already serious criminal exposure after a first, non-final prison sentence. Key Facts Forum & timing: Second criminal trial opens today before the Regional Court in Innsbruck; Benko remains in pre-trial detention since January 2025 (Sources: kurier.at, FinTelegram). Accused: René Benko as main defendant; wife Nathalie as alleged accomplice (Beitragstäterschaft) (Source: kurier.at). Core allegation: Concealment of approx. €120,000 cash plus luxury watches, cufflinks, and jewellery worth about €250,000–370,000 in a safe at relatives’ home, thereby reducing the pool available to creditors. Legal qualification: Fraudulent bankruptcy / insolvency-related asset transfer (betrügerische Krida), with a 1–10 year sentencing range (Source: DIE WELT). First trial: In October 2025, Benko was convicted in Innsbruck and sentenced to 24 months imprisonment over a €300,000 transfer to his mother; judgment not yet final (Source: Reuters). Short Analysis FinTelegram has documented for months how the Signa collapse evolved from a corporate insolvency into a full-blown criminal complex, with creditor claims approaching €40 billion and multiple WKStA investigation strands (Source: fintelegram). The new “safe case” fits the broader pattern already highlighted in previous FinTelegram reports: targeted asset shifts, opaque family-foundation structures, and luxury items quietly removed from the reach of insolvency administrators. Here, prosecutors allege a joint plan: Nathalie is said to have organised the safe at relatives, moved cash and watches there, and even asked that paperwork be destroyed to obscure the timing around Benko’s personal insolvency filing (Source: Kurier). Legally, this second indictment is critical. If the new charges also end in a conviction, courts will have to aggregate sentences. Against the backdrop of ongoing investigations into foundations, gold transfers, and advisory networks, the Benko proceedings increasingly define how Austria handles high-profile asset stripping in mega-insolvencies. Call for Information FinTelegram will continue to follow the Benko trials and the wider Signa Crime Case. Insiders, former employees, advisers, and counterparties who have information on asset transfers, foundations, or hidden valuables around René and Nathalie Benko are invited to share documents and evidence securely via Whistle42.com. Share Information via Whistle42

Noda, which poses itself as a payments service provider, recently saw some leadership reshuffling. As is evident from LinkedIn, a number of senior leaders left Noda in October 2025 – including CEO Igor Loktev (one of the co-founders), CRO Michael Bystrov, COO Anastasija Tenca, and many others. What has happened to the payments company, and who really runs it now? Noda’s Shareholders & Key People Firstly, let’s establish Noda’s registered locations. On its website, it is stated that for the payment initiation within the UK, the company’s official name is Naudapay Limited registered in London. Meanwhile, for the tech services within the EU, it’s Noda Holdings Limited, registered in Nicosia, Cyprus. One of the directors of the UK company NaudaPay (incorporated in 2018) was former COO Anastasija Tenca, yet in October 2025, her appointment was terminated (as is evident from LinkedIn too). Currently, the director of the UK company is Irina Konstantinova, a Latvian citizen. According to LinkedIn, she’s been in that position for seven years. Meanwhile, Noda’s co-founder Lasma Kuhtarska – who appears to be the only person from the original team still at Noda – is stated as the person with significant control, with 75% or more ownership of shares. Previously, entrepreneur Dmitri Volkov was one of the major shareholders too, yet his control ceased in 2023. Leadership Shifts to the UK There are two new UK-based leadership team members – financial director Ksenia Cohen and executive advisor Alex Batlin, who recently wrote an article about what the latest AWS outage means for the payments sector. NamePositionLocationPrevious relevant experienceKsenia CohenFinance DirectorUKEYAlex BatlinExecutive AdvisorUKBitpanda, UBS There are also a few UK-based leadership jobs advertised on LinkedIn. For example, Head of Analytics, Data Analyst, AML/KYC Risk Analyst, Product Designer – which suggests Noda may be shifting more of its team to the UK. Additionally, there are rumors that the expected Managing Director will be UK-based, along with the rest of the decision-making team. Noda’s UK address is 162 Buckingham Palace Road, which appears to be a “stylish co-working space”. What Has Changed with Noda Product? Are these position and location changes normal scaling adjustments or signs of deeper restructuring? Is there any disruption to the client-facing side of Noda, and what are the key changes to Noda’s product? Noda’s offering hasn’t changed. Its products still include open banking and card payments and payouts, checkout form, no-code pages, payment links and QR codes, interactive donation buttons (Noda Prime), sign-in via bank, and data enrichment. This suggests there hasn’t been a major disruption to Noda’s product.  Noda’s open banking network covers 2,051 banks across 28 countries – 250 in Europe, and full bank coverage in the UK. In the latest LinkedIn post, Noda stated that 1.7 million new users paid with Noda in the past six months, with 60% of them returning to this payment method. Possible Motives Behind Noda’s Restructuring So, if nothing else has changed with the product, what were the reasons for Noda’s leadership team restructuring in October-November 2025? As pointed out by Noda’s co-founder in the latest interview, Noda was built as an IT company, and its current competitive advantage lies in technology and accessibility. As for the future of Noda, she said that Noda will keep its focus on the UK and European payments. It’s possible that the current restructuring is strategy-lead or to refine corporate governance, yet there were no comments about this in the interview. Share Information via Whistle42

Bitcoin wallets that interact with certain privacy protocols are increasingly treated by exchanges and analytics providers as “high-risk” – even when there is no proven wrongdoing. This reflects a wider shift: in today’s regulatory environment, mixers are no longer just a niche privacy tool, but a core AML/CTF concern. Andjela Radmilac published a nice piece on this subject recently. 1. Mixers in simple terms Mixers (or tumblers) are services or protocols that: Take in crypto from many users Shuffle or transform the funds Return coins that are harder to link to the original sender There are two broad types: Custodial mixers – an operator takes custody of coins, pools them, and sends back “clean” outputs. Non-custodial mixers / CoinJoin tools – users keep control of their keys while a protocol builds a joint transaction with many similar inputs and outputs. The goal is transaction privacy; the side-effect is that law enforcement and regulators see them as deliberate obfuscation infrastructure. 2. UTXOs and why Bitcoin is transparent Bitcoin uses a UTXO model (Unspent Transaction Outputs). Each coin you hold is one or more UTXOs with a fixed amount and a full on-chain history: Every UTXO can be traced back through each spend The entire graph of transactions is public and permanent Blockchain analytics firms cluster addresses, identify known entities (exchanges, darknet markets, mixers) and score wallets and UTXOs by their exposure to illicit activity. In other words, Bitcoin is pseudonymous but highly transparent – exactly why mixers emerged. 3. The legal and regulatory view Across major jurisdictions, the trend is clear: United States: FinCEN treats custodial mixers as money transmitters subject to full BSA AML/KYC obligations. OFAC has already sanctioned specific mixer protocols and addresses in the past. Operating or servicing a mixer without compliance can trigger criminal and sanctions exposure (Source: FinCEN). European Union: Under the new AML package and the upcoming AMLA, crypto service providers are “obliged entities.” Centralized mixers are seen as unlicensed financial intermediaries; coins linked to mixes or CoinJoin often receive high risk scores in KYT (Know Your Transaction) systems and trigger enhanced due diligence or outright blocking (Source: EU Council). Global standards (FATF): Mixers collide head-on with the Travel Rule and risk-based AML expectations. Even where there is no explicit ban, interaction with mixers is treated as a material risk factor (Source: AML Watcher). 4. Blockchain transparency and modern KYC/AML tooling Contrary to popular belief, blockchain is not a shadowy black box. From a compliance standpoint, it is often more transparent than traditional banking: Every transaction is public, timestamped, and immutable. Analytics providers (Chainalysis, TRM Labs, Elliptic, etc.) map addresses to known entities, identify obfuscation services, and generate risk scores for UTXOs and wallets (Sources: Chainalysis, yellow.com). These tools integrate directly with exchange and bank monitoring systems to: Auto-block known illicit sources (sanctioned wallets, darknet markets, ransomware addresses), Flag mixer exposure and cross-chain obfuscation, Support SAR filing and law-enforcement investigations. For law-enforcement, as one practitioner-oriented guide notes, blockchain analytics now allows officers to follow the trail from crime scene to cash-out venue in a way that is difficult to replicate with physical cash (Source: ACFS) This is exactly why mixers have attracted so much attention: they are one of the few tools that try to reverse this transparency. 5. Implications for compliance and users For compliance teams at exchanges, brokers, and custodians: Define a written policy on mixer exposure (direct and indirect). Use professional KYT / blockchain analytics, but tune thresholds and document decisions. Prefer enhanced due diligence over automatic de-banking where proportionate (proof of funds, source-of-wealth checks, ongoing monitoring). Coordinate sanctions, AML, and fraud views – mixer exposure tied to sanctioned actors is a separate category of risk. For users, the key message is simple: Blockchain is no longer an “anonymous escape hatch.” It is one of the most transparent financial systems ever built – and modern KYC/AML tools can see much more than most people assume. In this environment, using mixers purely for privacy may still be lawful in many places, but it comes with clear and growing compliance consequences. Share Information via Whistle42

The Estonian Financial Intelligence Unit (EFIU) has published a groundbreaking typology report examining nested services in virtual currency exchanges—and its findings directly corroborate FinTelegram’s long-standing compliance reporting on crypto payment processors servicing illegal online casinos. In December 2025, the EFIU released “Nested Services in Virtual Currency Exchanges,” a comprehensive analysis conducted in consultation with the U.S. Financial Crimes Enforcement Network (FinCEN). The study examined 12 nested virtual currency exchanges, tracing over nine million blockchain data points to reveal systematic AML/CFT failures, beneficial owner concealment, multi-layered nesting structures, and direct exposure to darknet markets and sanctioned jurisdictions. What Are Nested Services? Source: FIU Estonia Report: Nested Services in Virtual Currency Exchanges Nested services allow smaller crypto exchanges—often unlicensed or operating from weakly supervised jurisdictions—to conduct business through accounts held at larger, licensed host exchanges. While legitimate uses exist, the EFIU found that illicit actors exploit these arrangements to obscure transaction origins, evade customer identification requirements, and bypass AML monitoring. The structure functions like Russian nesting dolls: customer transactions pass through multiple layers before reaching their destination, each layer adding obfuscation. The EFIU identified exchanges registered as private individuals despite conducting millions in commercial transactions, entities masking their Russian origins while advertising weak KYC controls, and host exchanges providing services to previously delicensed operators. Several nested exchanges had direct on-chain exposure to ransomware, darknet markets, and sanctioned entities. Download the FIU Estonia Report on Nested Services here Independent Validation of FinTelegram’s Work FinTelegram has published multiple compliance reports documenting these exact patterns among crypto payment processors servicing unauthorized gambling operators. The EFIU’s independent investigation—conducted by a government financial intelligence unit with regulatory authority—validates FinTelegram’s investigative methodology and findings. Download the Full Compliance Report FinTelegram has prepared a detailed comparative analysis examining how the EFIU’s findings align with our published investigations. The report includes case study comparisons, red-flag indicator frameworks, unanswered regulatory questions, and professional conclusions about systemic vulnerabilities in the crypto payment processing sector. Download the Full Nested Services Comparative Analysis. Insiders: Share Your Information Securely If you have knowledge of nested service arrangements, host exchange compliance failures, or payment processor misconduct, FinTelegram’s Whistle42 platform provides a secure, confidential channel to submit information. Your insights can support regulatory enforcement and protect consumers. Share Information via Whistle42

Austrian businessman Bernd Bergmair built his fortune in the shadows of Pornhub’s parent MindGeek while victims and activists accused the group of profiting from sex trafficking and child sexual abuse material. Now, as Reuters links him to a bid for Lukoil’s sanctioned assets, new questions arise over how porn profits may be recycled into Russian oil. Background Bernd Bergmair‘s estimated net worth is estimated at approximately $1.5 to $2 billion in various reports. However, this figure should be treated with caution, as it is based on valuations of MindGeek prior to the major scandals and the sale to Ethical Capital Partners (ECP) in 2023. He held the majority of shares through a complex network of shell companies (including in Luxembourg and Cyprus). Austrian investigative platform Wiener Zocker has spotlighted a name that until recently stayed in the shadows: Austrian businessman Bernd Bergmair, long described by media investigations as the former majority owner of Pornhub’s parent MindGeek, now rebranded as Aylo (Sources: Wiener Zocker, Wikipedia). According to a recent Reuters exclusive, Bergmair has approached the U.S. Treasury about buying the international assets of sanctioned Russian oil major Lukoil, a portfolio of refineries, oil-field stakes and fuel stations worth an estimated $22 billion and managed from Vienna (Source: Reuters). From secret porn mogul to would-be oil baron Raised near Linz and later working as an investment banker at Goldman Sachs, Bergmair built a low-profile fortune via a complex network of holding companies that controlled MindGeek, the Luxembourg-based conglomerate behind Pornhub, RedTube and YouPorn. His identity as the group’s principal owner was first widely reported in 2020–21 by the Financial Times and others, prompting political scrutiny in Canada.Wikipedia+1 MindGeek/Aylo has since faced an avalanche of civil lawsuits and class actions in the U.S. and Canada. Plaintiffs allege that the company knowingly hosted and monetised non-consensual videos, including child sexual abuse material, and violated federal sex-trafficking and child-pornography laws (Sources: GovInfo, The New Yorker). MindGeek denies the allegations but has responded to public pressure by deleting unverified content and tightening uploader verification and moderation. Laila Mickelwait and the #Traffickinghub campaign A central figure in the global backlash is U.S. anti-trafficking advocate Laila Mickelwait (@LaileMickelwait), founder of the #Traffickinghub movement. Her campaign and petition accuse Pornhub/MindGeek of “enabling, distributing and profiting from rape, child sexual abuse [and] sex trafficking” (Source: traffickinghubpetition.com, NCOSE) On X, she has called MindGeek/Aylo “one of the most vile, exploitative and criminal organizations in the world” and said the harm to children and lives “shattered for profit … are incalculable” (Source: Post on X, Post on X). Mickelwait also used social media to publicly identify Bergmair as the previously hidden majority owner of Pornhub, breaking the anonymity that offshore structures had long provided him (Post on X, Post on X). Ethical Capital Partners and open ownership questions In March 2023, Canadian private-equity firm Ethical Capital Partners (ECP) acquired MindGeek and later rebranded it as Aylo. ECP, chaired by businessman Rocco Meliambro and fronted by criminal-defence lawyer and rabbi Solomon Friedman, presents itself as a compliance- and trust-and-safety-driven owner seeking to reform the company (Source: ECP). Transaction terms and seller identities were not disclosed. Public reporting and Reuters now describe Bergmair as the former majority owner, and ECP says previous owners no longer hold interests (Source: Reuters). FinTelegram has found no public evidence that Bergmair retains a stake in Aylo via ECP or related funds, but the opacity of private-equity structures leaves room for continued speculation. Key Findings on MindGeek/Aylo Legal Exposure Jurisdictional Coverage: The company and its executives face coordinated legal action across three primary jurisdictions: USA — Multiple federal district courts (California Central, California Northern, Eastern District of New York), FTC administrative proceedings, state-level actions (Utah), and related criminal prosecutions of trafficking partners Canada — Quebec Superior Court class action, federal Privacy Commissioner investigation, and ongoing regulatory oversight following private equity acquisition International — Potential exposure through corporate structure (Luxembourg headquarters, Cyprus entities, Ireland profit routing) Key Defendants Named in Litigation: Bernd Bergmair — Identified as majority owner and “over-boss” of alleged criminal enterprise in USA racketeering complaints; previously kept identity hidden; named in California and Quebec lawsuits Feras Antoon — CEO; named as co-conspirator in organized crime allegations David Tassillo — Executive; named in sex trafficking complaints Corey Urman — VP Product Management; named in Quebec class action Corporate entities — MindGeek S.à.r.l. (Luxembourg), MindGeek USA Inc., MG Freesites Ltd. (Cyprus), Aylo Holdings (current name) Allegations Pattern: All jurisdictions allege similar core violations: Hosting CSAM — Videos depicting minors in sexual abuse situations Sex trafficking facilitation — Knowing profiting from coerced/fraudulent content (especially GirlsDoPorn partnership, 2011-2019) Non-consensual content — Intimate images/videos uploaded without consent; failure to honor removal requests Deceptive marketing — False claims about content safety and moderation Financial Exposure: ActionAmountStatusCanada Class Action$600 million+Pending class certificationFTC Settlement$15 millionFinalized Sept 2025 ($5M paid immediately)US DPA (DOJ)$1.84 millionFinalized Dec 2023California SettlementsConfidentialMultiple closed (terms not disclosed)GirlsDoPorn Civil Awards$13 millionTo victims (2020) No Strafrechtliche Verurteilung (Criminal Convictions) of MindGeek/Aylo Itself: Notably, while individual GirlsDoPorn operators received federal prison sentences, no criminal conviction has been obtained directly against MindGeek/Aylo as a corporate entity. Instead, the company has used deferred prosecution agreements and civil settlements to resolve matters without formal criminal adjudication — a common corporate enforcement approach for large entities. Reputation-laundering in Nigeria? Bernd Bergmair receives the honor Doctor of Business Administration in Nigeria In November 2024, the Enugu State University of Science and Technology (ESUT) in Nigeria awarded Bergmair an honorary Doctor of Business Administration for his “achievements” and the donation of a large solar power plant to the Faculty of Management Sciences (Source: The Guardian Nigeria). The honour stands in sharp contrast to the unresolved allegations surrounding MindGeek/Aylo and its former control structure. With Bergmair now reportedly eyeing sanctioned Lukoil assets from his base in London and Vienna, questions multiply: Who are his partners and financiers? How, if at all, are past MindGeek profits being recycled into strategic energy deals? And what did key executives know and do during the years when illegal content allegedly flourished on MindGeek platforms? FinTelegram, together with Wiener Zocker, will continue to investigate. Insiders, victims, employees, bankers or advisors with knowledge of Bernd Bergmair’s structures and deals are invited to contact us confidentially via our whistleblower platform Whistle42. Share Information via Whistle42

In a brazen display of regulatory overreach, the EU has slapped Elon Musk‘s X with a €120 million ($140 million) fine under the Digital Services Act (DSA), targeting alleged breaches like misleading blue checkmarks, opaque ad disclosures, and restricted data access for researchers. This punitive strike exposes the EU’s hypocritical war on U.S. tech giants, while the bloc languishes without a single noteworthy social media platform of its own. Musk and U.S. politicians are firing back with fury, demanding sanctions and even the EU’s abolition. As FinTelegram monitors cyber-financial risks, this escalating feud signals potential market disruptions, investment chills, and geopolitical fractures in global digital finance. The EU’s Punishment: A Censorious Power Grab The fine, announced December 5, 2025, accuses X of enabling misinformation through its paid verification system, hiding ad origins that could mask foreign influence, and blocking researchers from detecting bots and propaganda networks. This isn’t protection—it’s an outrageous assault on free speech, echoing the EU’s history of hammering American innovators like Google, Apple, and Meta with billions in fines under GDPR and DMA. Yet, the EU produces zero competitive social media platforms, relying on U.S. dominance while wielding regulatory hammers to kneecap rivals. Recent “initiatives” like the Digital Decade package and AI strategies tinker at edges but offer no real revitalization—mere window dressing for a stagnant tech scene drowning in bureaucracy. Reactions:Musk and U.S. Politicians Unleash Hell Elon Musk decried the fine as “crazy” and “insane,” falsely claiming it targeted him personally, and called for targeted U.S. retaliation against EU officials—financial sanctions, no-fly lists, and more. Senator Ted Cruz (@tedcruz) branded it an “abomination” and assault on American jobs and speech, urging President Trump to impose sanctions until reversed. JD Vance echoed the sentiment, slamming EU censorship fears. Supporters on X amplified calls to abolish the EU, restore sovereignty, and even shutter X in Europe, framing the bloc as a “socialist hellscape” weaponizing fines for control. Implications for FinTelegram This clash highlights EU jealousy and impotence: punishing U.S. success without building alternatives. For cyber-financial intelligence, watch for retaliatory tariffs disrupting transatlantic investments, heightened cyber risks from platform wars, and volatile tech stocks. The EU’s tech void invites exploitation—time for bold American countermeasures to crush this regulatory tyranny. Share Information via Whistle42