Russian entrepreneur Vladimir Gorbunov presents himself as a visionary “cryptofounder.” In reality, he sits at the center of a complex cluster of brands and entities – Crypterium, Choise.com / Choise.ai, vbanq, Vault.ist and related offshore companies – that has left thousands of users with heavy losses, locked funds, and unanswered questions. Public records, marketing materials, and liquidation documents show that the same small group of founders and entities keeps reappearing as projects are rebranded or wound down and relaunched under new names. This continuity of people and infrastructure, combined with opaque ownership and cross-border structures, calls for intense regulatory scrutiny and insider testimony. Introduction Gorbunov’s own LinkedIn and public interviews paint a clear timeline (Source: LinkedIn): 2017: Launch of Crypterium AS in Estonia and the CRPT ICO, raising tens of millions of dollars for a “cryptobank for cryptopeople.”​ 2022: Rebrand to Choise.com / Choise.ai – explicitly described by Gorbunov as “the next step in the development of Crypterium,” built on the same infrastructure and tokenomics.​ 2023+: Launch of Vault.ist and vbanq as “cryptobanking white‑label and API solutions,” which Gorbunov openly states are fully built on top of the Choise/Crypterium infrastructure.​ In his own words, Vault is “one of the leading digital/crypto banking companies worldwide,” and its infrastructure “is fully built on the foundation of Choise.com’s infrastructure,” into which he claims to have invested tens of millions (Source: TradingView) That means the same technology stack, the same “crypto‑fiat banking” logic, and many of the same people – just wrapped in new brands.​ Read our Crypterium report here. Yet while Gorbunov boasts of more than $35–60 million invested and “over $1 billion” in project capitalization at the beginning of 2022, CRPT and CHO token holders have seen their investments implode by over 99%, and Choise’s EU VASP entity is now in liquidation. So the question practically asks itself: whose capitalization was being built – and at whose expense? Key Facts Table ItemDetailsNameVladimir GorbunovNationalityRussian (as described in multiple project materials and interviews) Choise.com+1Social MediaLinkedInKnown rolesCo-founder of Crypterium; CEO & Founder of Choise.com; driving force behind rebrand from Crypterium to Choise.com; key founder figure in wider Choise / Choise.ai / Vault.ist / vbanq infrastructure. Earlier venturesCo-founded PayQR (PayQR.ru), a Russian-Cyprus-based contactless payments company, and several other fintech projects. PartnersGleb Markov (LinkedIn)Slava Semenchuk (LinkedIn)Kimm Austin (LinkedIn)Andrey Diyakonov (LinkedIn)ICO / token historyCore founder behind the Crypterium ICO (CRPT token) and later CHO token for Choise.com. Current ecosystemLinked by public sources and critics to Choise.com / Choise.ai, vbanq and Vault.ist – a white-label “crypto-friendly banking” and “Digital Banking-as-a-Service” stack. ControversiesUsers and commentators report locked funds, heavy losses and a problematic liquidation process at Choise.com; some label the projects as “scams.” Regulatory status (key entity)Lithuanian operating entity UAB Choise Services is formally under liquidation. Read our vbanq / Vault report here. Narrative Profile – From “Cryptobank” Pioneer to Serial Rebrander Gorbunov entered the public crypto stage as one of the founders of Crypterium, a 2017 “cryptobank” ICO that promised card-based spending of cryptocurrencies and seamless payments. KPMG’s Fintech100 list and independent reports name him among Crypterium’s key people, alongside Gleb Markov, Austin Kimm, and others (Source: KPMG). In June 2022, he personally announced the rebranding of Crypterium to Choise.com, calling it “the next step in Crypterium’s evolution” and promising a MetaFi ecosystem that would blend CeFi and DeFi and open “new ways to earn more” (Source: Choise.com). Choise.com rolled out interest-bearing accounts, yield products, NFTs and a CHO token, heavily marketed as the natural continuation of the Crypterium story (Source: Choise.com). At the same time, Gorbunov cultivated a media persona as a seasoned fintech innovator with “projects exceeding $1 billion in capitalization,” giving podcasts and interviews on proof-of-reserves and risk management (Source: Spotify for Creators). Fast-forward to 2024–2025: The Lithuanian operating company UAB Choise Services is now in liquidation, with an official status of “Under Liquidation” in the Lithuanian registry (Source: Okredo.com). Users on LinkedIn and Trustpilot complain that funds have been locked for months, settlements are slow, and losses are massive, even as the group insists the process complies with Lithuanian law. Critics on social media explicitly describe Crypterium/Choise tokens and NFTs as “scamcoins”, singling out Gorbunov and his close associates by name – allegations he and the companies dispute. While the liquidation plays out, new brands have surged to the foreground: Choise.ai, presented as an AI-driven RWA and crypto-fiat infrastructure. fintelegram.com+1 Vault.ist / vbanq, marketed as “Digital Banking-as-a-Service” and a “crypto-friendly banking platform,” offering white-label cards, accounts and digital-asset services for partners. Public profiles and corporate registry summaries now describe Gorbunov as founder of Choise.com and Crypterium and founder at Vault.ist – the same crypto-banking vision re-exported as infrastructure for other brands. THE ORG+2Gate.com+2 A natural question follows:Is this a story of continuous innovation – or of a troubled scheme constantly changing skins as user losses crystallize and regulators close in? Regulatory / Legal Notes The projects associated with Gorbunov have, at times, highlighted EU licensing and PCI/ISO certifications for Choise.com, presenting it as a “licensed, fully regulated financial institution in the EU.” However, the core Lithuanian entity is now being wound down, while the higher-profile brands migrate to AI, RWA and BaaS narratives under different entities in the UAE, Czech Republic and other jurisdictions (Source: Lithuanian Company Register). Publicly available terms of use for Choise.com reserve the right not to return assets used as collateral or for income generation in the event of bankruptcy or liquidation, a clause that may shock retail users who believed they were dealing with a “regulated, insured” platform. To date, there is no public record of a criminal conviction against Vladimir Gorbunov in relation to these projects. But the combination of ICO-era capital raising, complex cross-border company structures, high-risk yield products, and now a contentious liquidation inevitably raises red flags for regulators, banks, and law-enforcement agencies. Analysis – Patterns That Demand Answers From a compliance and investor-protection perspective, several patterns around Gorbunov’s ecosystem stand out and demand further investigation: Serial Rebranding with Continuity of Control Crypterium → Choise.com → Choise.ai and the shift towards Vault.ist / vbanq all feature similar promises (crypto banking, cards, yields) and overlapping leadership, with Gorbunov repeatedly presented as founder/CEO or strategic mastermind. Each cycle brings new branding and buzzwords (cryptobank, MetaFi, AI, BaaS) while legacy users struggle to recover funds. Jurisdictional Arbitrage & Offshore Anchors The ecosystem touches Estonia, Lithuania, Cyprus, the UAE, Czech Republic, Delaware, and offshore hubs, often via opaque companies and MSB/VASP registrations that are hard for retail users to interpret. Asymmetry Between Marketing Claims & Legal Reality Marketing talks about “regulated, insured, safe, fully compliant” platforms. Liquidation documents and ToS clauses, by contrast, stress that certain assets may not be returned and that recovery is subject to complex legal processes and cut-off dates. Investor & User Outcomes vs. Founder Narratives While founders tout billion-dollar project valuations and innovation awards, many token holders and wallet users face near-total losses and months-long waits. These are not technicalities. They go to the heart of the question: Has Gorbunov’s “cryptobank” vision primarily served users – or has it systematically transferred risk and loss to them while the corporate shell keeps mutating? Call for Information – Whistle42 FinTelegram considers Vladimir Gorbunov and the Crypterium / Choise / Choise.ai / vbanq / Vault.ist complex a high-risk structure that merits close scrutiny by regulators, banks, card schemes, and law-enforcement agencies. To move from suspicion to evidence, we urgently need insider information: Internal memos, investor decks, or liquidation instructions; Contracts between Choise entities, Vault.ist / vbanq and banks, PSPs or card issuers; Proof of how user funds, collateral, and token sale proceeds were actually handled; KYC/AML manuals, risk reports, or correspondence with regulators and liquidators. If you are or were an employee, contractor, consultant, partner bank, payment provider, or affected user, you can securely submit documents and information to FinTelegram via the Whistle42 whistleblower platform (Whistle42.com). Your information can help clarify who really controls this network, how capital has flowed through it, and whether users are being treated lawfully and fairly. Share Informatin via Whistle42

Vault / vbanq positions itself as a “crypto‑friendly secure banking platform” and “Digital Banking‑as‑a‑Service” provider, but the structure, disclosures, and history indicate a high‑risk, opaque scheme closely connected to the troubled crypto schemes Crypterium and Choise, led by Russian entrepreneur Vladimir Gorbunov. Open-source research shows that: A russian crew operates the scheme under the mastermind Vladimir Gorbunov. Vault IST DMCC (UAE) owns the Vault website/app and is licensed only as a Software House, not as a bank or financial institution (Source: Vault). Vault Fintech Solutions s.r.o. (Czech Republic) is registered as a virtual-asset service provider (VASP), providing crypto services for Vault (Source: Vault) Pure Digital Exchange LLC (Delaware, USA) – an MSB registered with both FINTRAC (Canada) and FinCEN (USA) – is part of the same structure and provides crypto-fiat transaction processing (Source: Vault). Payment cards are issued by Reap Technologies Limited (Hong Kong) under card terms where Vault Global Solutions Limited is the “Partner” dealing with cardholders and Lithuanian law is chosen as governing law (Sources: Vault, CR Hong Kong, Ltd Dir). vbanq.com / vbanq.net list Charism LLC (SVG) as the site owner – the same offshore entity used in the Crypterium / Choise scheme (Source: VBANQ). Leadership and documentation clearly tie Vault/Vbanq to the Russian-controlled Crypterium / Choise complex, which raised tens of millions in the 2017–2018 ICO boom and is now in liquidation in Lithuania (Choise Services UAB) after years of user complaints and scam allegations (Source: fintelegram.com). Read our compliance report on Crypterium here. From a compliance perspective, vbanq/Vault is best classified as a high-risk, multi-jurisdictional crypto-banking infrastructure cluster built on a problematic legacy, with notable transparency and investor-protection concerns. 2. Business Model & Marketing Vault (vault.ist) and vbanq (vbanq.com / vbanq.net) market a white‑label “banking + cards + crypto” stack that other brands can use as their own digital/crypto bank. Core promises include:​ Individually segregated IBAN accounts, Visa/Mastercard cards, Apple/Google Pay, and crypto‑friendly processing to 200+ countries.​ Crypto custody in 100+ coins, token integration, on‑/off‑ramp, and FX between fiat and digital assets.​ Ultra‑fast go‑to‑market: launch a “bank” in days, with low capex, and “millions saved” versus building and licensing in‑house.​ Vbanq is pitched as the end‑user front end: a business account “live in 24 hours,” with corporate banking, multi‑currency fiat (USD, EUR, INR), digital asset wallets (BTC, ETH, USDT), and third‑party payments via SWIFT, ACH, Fedwire, SEPA, NEFT. Both brands strongly blur the line between:​ Banking (accounts, cards, payments), and Technology/BaaS (pure software / integration), while not themselves being licensed banks or payment institutions, instead claiming to rely on unnamed “regulated partners.”​ The privacy policy stresses that Vault IST DMCC “does not hold a banking or financial institution license” and that “all financial, card, and token services are provided by regulated third-party institutions under their respective licenses and jurisdictions.” This is a classic “synthetic banking” model: a software entity brands and sells “banking-like” services while legal responsibility is fragmented across third-party banks, card issuers, and MSBs. 3. Corporate Structure & Beneficial-Ownership Landscape Entities & roles (as disclosed by Vault and related sites): VAULT IST DMCC (UAE) DMCC-registered “Software House” (licence DMCC198149). Owns vault.ist website and app. Not a bank/EMI; tech platform only. Vault Fintech Solutions s.r.o. (Czech Republic) Company no. 21627002, Prague. Registered to provide virtual-asset services (crypto exchange / wallet). Provides crypto services for Vault. Pure Digital Exchange LLC (Delaware, USA) US LLC, MSB-registered with FINTRAC (Canada) and FinCEN (USA). Handles crypto-fiat processing and fiat payments. Vault Global Solutions Limited (Hong Kong) Hong Kong company no. 76127971, incorporated 16 Jan 2024. cr.gov.hk+1 Acts as “Partner” in Vault card terms and front-end contracting party for cardholders under Lithuanian law. Vault.ist Charism LLC (St. Vincent & Grenadines) SVG LLC (no. 1999 LLC 2022) used historically in Crypterium/Choise card and wallet terms; now also listed as vbanq website owner. Choise.com+1 Choise Services UAB (Lithuania) – “Legacy” Lithuanian VASP (crypto exchange and wallet operator) now in formal liquidation (“Likviduojamas”) since April 2025. rekvizitai.vz.lt+1 Key persons & likely controllers Vault’s “Meet the Team” page lists (Source: Vault): Vladimir Gorbunov, founder of vbanq /Vault, Crypterium, and Choise. Austin Kimm – Chairman of the Board & Co-Founder Also co-founder of Crypterium, which launched the “first ever crypto-payment card.” Andrey Diyakonov – CCO Credited with leading Choise.com to over 1m users and building its B2B platform. FinTelegram’s Choise analysis identifies Russians Vladimir Gorbunov, Gleb Markov, and Slava Semenchuk as founding figures behind Crypterium/Choise and describes Vault and Vbanq as B2B/white-label infrastructure brands within the same ecosystem. While formal shareholder registers for VAULT IST DMCC, Vault Fintech Solutions, Vault Global Solutions Limited and Charism LLC are not publicly disclosed, the continuity of founders (Kimm, Diyakonov) and corporate entities (Charism, Choise Services UAB) strongly suggests that beneficial ownership remains within the same Russian-centric founder circle that controlled Crypterium/Choise. 4. Historical Links to Crypterium & Choise The Vault story explicitly traces back to 2017–2018, when Crypterium marketed itself as the “world’s first cryptobank” and launched a widely advertised crypto card and high-yield “deposit” products. Key continuity indicators: Vault claims it launched the first “crypto-backed payment card” in 2018 – the same marketing claim long used for Crypterium. Vault’s C-level team (Kimm, Diyakonov) are prominently described as former leaders of Crypterium/Choise.com’s retail and B2B platform. Vault IST’s AML/KYC and anti-fraud policy PDFs still refer to “Choise Services UAB” and “Crypterium AS” in their definitions – strong evidence of document reuse and common infrastructure. FinTelegram’s Choise liquidation report explicitly lists Vault and Vbanq as white-label “cryptobanking” infrastructure extending the risk footprint of the Crypterium/Choise group. In parallel, Choise Services UAB is in liquidation and Crypterium AS (Estonia) has been struck off, while numerous user complaints and community posts accuse the group of locking funds and running a long-running scam. Against this backdrop, the emergence of vbanq/Vault as a “new” B2B2C bank-as-a-service solution looks less like a fresh start and more like a repackaging of the same infrastructure and people under different brands and jurisdictional wrappers. 5. Regulatory & Licensing Posture What is regulated (and where): Vault Fintech Solutions s.r.o. (CZ) – VASP registration (crypto-asset services) under Czech law. No banking/EMI licence. Pure Digital Exchange LLC (US) – MSB licence (FinCEN) + FINTRAC MSB registration (Canada), for crypto-fiat and payment processing. Reap Technologies Limited (HK) – card issuer under its own local authorisations. What is not regulated as a bank: Vault expressly states it is not a bank or financial institution, but markets “crypto-friendly banking”, global bank accounts, and FDIC-insured checking through partners. Vault.ist+2Vault.ist+2 Regulatory gaps and concerns: Bank-like branding without banking licences “Cryptobank”, “digital bank”, “checking accounts” and “FDIC-insured” language can easily mislead retail users into assuming bank-level prudential supervision and deposit protection, while actual client relationships and protections depend on opaque third-party banks/MSBs. Fragmented and opaque counterparty risk A client of vbanq/Vault may simultaneously be exposed to: VAULT IST DMCC (software house, UAE), Vault Fintech Solutions (CZ VASP), Pure Digital Exchange LLC (US/CA MSB), Reap Technologies (HK card issuer), Vault Global Solutions Limited (HK contracting entity), Charism LLC (SVG website owner). This multi-layered structure complicates AML/CTF supervision, complaints, and legal recourse. Legacy risk from Choise/Crypterium The only EU-regulated VASP in the old stack (Choise Services UAB) is now in liquidation, while offshore entities like Charism LLC continue to operate structurally similar products. rekvizitai.vz.lt+2Choise.com+2 Overall, the group appears to deliberately distribute functions over multiple jurisdictions with differing regulatory strictness, which is typical for high-risk “crypto banking” constructs. 6. Compliance Risk Assessment From a professional compliance perspective, Vault / vbanq should be treated as a high‑risk crypto‑banking scheme with significant conduct, AML/CFT, and investor‑protection concerns: The founder’s track record with Crypterium/Choise and associated investor harm is a major negative factor. Group structure is intentionally complex and opaque, with offshore and free‑zone entities and at least one contracting company that cannot be easily located in public registries. The brand markets “banking” services while explicitly stating it is not a bank and shifting responsibility to unnamed partners, which is inconsistent with best practices for transparency and consumer protection. Links to Charism LLC SVG and the earlier Choise scheme suggest a pattern of rebranding and relaunching under new names rather than resolving past issues. For regulated institutions and compliance officers: Flag Vault / vbanq, Vault IST DMCC, Vault Fintech Solutions s.r.o., Charism LLC (SVG), and any “Vault Global Solutions” entity as high‑risk counterparties. Apply enhanced due diligence (EDD) to any customer or transaction exposure, with particular attention to source of funds, beneficiary’s relationship to the Vault/vbanq ecosystem, and possible layering through those platforms. Carefully evaluate any proposed partnership or white‑label cooperation with Vault / vbanq, as reputational and regulatory risks are substantial. Where suspicious activity and fraud indicators are present, consider filing SAR/STRs with competent FIUs in your jurisdiction. For retail and SME users: Treat Vault / vbanq as a high‑risk, non‑bank fintech scheme. Avoid using it as a primary repository of funds or for critical business payments. Use only well‑regulated, clearly licensed banks and EMIs where entity, regulator, and country are all transparent. Preliminary assessment:For regulated institutions and payment partners, vbanq/Vault should be treated as a high-risk counterparty requiring enhanced due diligence (EDD), stringent contractual risk-allocation, and detailed verification of underlying bank/MSB relationships, KYC standards, and complaint/exit procedures. 7. Summary Table ItemDetailsCompliance ObservationsBrand & Front-EndVault (vault.ist), vbanq (vbanq.com / vbanq.net)Sells “crypto-friendly secure banking” and DigiBaaS; not itself a bank.Key Legal EntitiesVAULT IST DMCC (UAE), Vault Fintech Solutions s.r.o. (CZ), Pure Digital Exchange LLC (US), Vault Global Solutions Ltd (HK), Charism LLC (SVG)Functions split across multiple jurisdictions; only VASP/MSB licences visible; no banking/EMI licence for the brand. Founders / ManagementAustin Kimm (Co-Founder, Crypterium co-founder); Andrey Diyakonov (CCO, ex-Choise.com B2B lead); Russian Crypterium/Choise founders (Gorbunov, Markov, Semenchuk) in the wider groupStrong people-continuity with Crypterium/Choise ecosystem now under liquidation and heavy scam allegations.Business ModelWhite-label “crypto banking” (accounts, cards, wallets, token solutions) + consumer-facing vbanq appSynthetic banking: branding and UX by Vault; regulated legs by third-party banks, MSBs, card issuers. Marketing risk around FDIC/deposit-like claims.Legacy Track RecordCrypterium/Choise ICO (~USD 50–52m), high-yield products, user complaints, Lithuanian VASP liquidationIndicates serious investor-protection and governance failures in the predecessor scheme. fintelegram.com+1Risk Rating (Preliminary)High-risk crypto-banking infrastructure with opaque ownership and complex jurisdictional setup; red compliance!Partners should apply EDD, monitor ongoing regulatory developments, and consider strict limits or avoidance. 8. Call for Information – Whistle42 FinTelegram will continue to monitor vbanq / Vault / Vault IST DMCC / Vault Fintech Solutions / Charism LLC and their predecessors, Crypterium and Choise, especially with regard to: Actual beneficial ownership and shareholder structures, Use of client funds and flows between EU, UAE, SVG, HK, and US entities, The true identity of U.S. partner banks behind FDIC-labelled products, Internal policies on withdrawals, account freezes, KYC/AML, and complaint handling. We explicitly invite insiders, former employees, contractors, banking and payment partners, and affected clients to share documents, contracts, screenshots, and correspondence with us via our whistleblower platform Whistle42 (Whistle42.com). Submissions can be made confidentially. Verified information will help regulators, law enforcement agencies, and victims to understand the full picture behind vbanq / Vault and its connection to the Crypterium/Choise complex. Share Information via Whistle42

A new battle line has opened in U.S. crypto regulation. As SEC Chair Paul Atkins floats an “innovation exemption” to let crypto firms sell tokenised stocks without full broker-dealer or exchange regulation, the World Federation of Exchanges (WFE) – representing Nasdaq, Deutsche Börse and other major venues – has warned that such relief would let crypto platforms bypass safeguards that have protected investors for decades. For crypto-compliance, this is a test case: will regulators enforce same activity, same rules or create a lighter regime for crypto players? Key Facts Reuters scoop: The SEC is considering exemptive relief or no-action letters so crypto firms can sell tokens linked to listed equities to U.S. retail investors, even when the firms are not registered broker-dealers (Source: Reuters) WFE pushback: In a 21 November letter, the WFE told the SEC that broad exemptions for tokenised stocks could harm market integrity and undermine investor protection, and that crypto platforms must not be allowed to “bypass regulatory principles that have safeguarded markets for decades” (Source: SEC) Tokenised stocks = mimicked equities: WFE and ESMA have repeatedly warned that many tokenised equities merely track a share’s price without conferring shareholder rights, governance or recourse, creating a false sense of owning the underlying stock (Source: WFE). Project Crypto & innovation exemption: In his “Project Crypto” speeches, Atkins frames the exemption as a way to experiment with new token models while tailoring future rules – a clear pivot towards a more industry-friendly stance under the current U.S. administration. Short Analysis From a compliance perspective, the WFE letter is more than industry lobbying – it is a public warning that the SEC may be about to create a parallel regulatory lane for tokenised equities. If crypto platforms can distribute equity-linked tokens to retail users without becoming broker-dealers or listing on regulated exchanges, core pillars of securities regulation – disclosure, best execution, market surveillance, customer protection – risk being outsourced to largely opaque crypto venues. The concern is not tokenisation per se. Both WFE and ESMA explicitly describe tokenisation as a “natural evolution” of capital markets – if implemented inside the existing rulebook (Source: WFE). The fault line is between genuine market-infrastructure upgrades (e.g. DLT settlement under full securities law) and “mimicked” stocks issued and traded in loosely regulated crypto ecosystems that promise 24/7 fractional exposure but provide none of the rights or protections of real shares. Under the Howey and Reves tests, most equity-linked tokens marketed for investment are plainly securities. Creating a bespoke exemption risks signalling that form (token vs. share) matters more than substance (exposure to an issuer’s equity). That would cut directly against decades of anti-arbitrage doctrine in U.S. securities law. Compliance Assessment & Implications For FinTelegram, several red flags stand out: Regulatory arbitrage: Crypto firms are effectively asking the SEC to bless a structure that competes with regulated exchanges while ducking exchange, ATS or broker-dealer obligations. Fragmented investor protection: Retail investors could end up in a weaker regime simply because they accessed “stocks” via a token app instead of a broker. Global spill-over: Any SEC green light would embolden token-stock issuers serving EU clients, even though ESMA has already warned that these products risk serious “investor misunderstanding.” FinTelegram’s view: tokenised equities should sit under the same or stricter rules as the underlying shares. If the SEC wants to encourage innovation, it should do so through carefully scoped sandboxes with hard investor-protection conditions – not through broad no-action comfort that crypto platforms can re-wrap equities and escape the core architecture of U.S. securities law. Call for Information FinTelegram invites insiders at crypto platforms working on tokenised stocks, regulated exchanges, brokers, custodians and regulators to share documents, internal memos or risk analyses related to tokenised-equity projects and any SEC outreach surrounding the proposed innovation exemption. Information can be submitted securely and anonymously via our whistleblower platform Whistle42 (whistle42.com). Share Information via Whistle42

Dating platforms are intensifying efforts against online fraud, deploying real-time monitoring, automated safeguards, and behavior-based analytics. Dmitry Volkov’s Social Discovery Group (SDG) has emerged as a leading example of structured escalation frameworks, audit-ready logging, and contractor oversight. The group’s approach demonstrates practical scam prevention while illustrating the evolving challenges in the sector, from Latin America to global markets. Key Points Dating platforms, including Tinder, Bumble, and eHarmony, implement layered anti-fraud measures: real-time monitoring, automated containment, and collaboration with external investigators. Dmitry Volkov’s Social Discovery Group (website) enforces strict contractor oversight, immutable logging, and structured escalation procedures to preserve evidence and support law enforcement. Behavioural analytics identify deviations such as unusual refund requests or multiple logins from distant IPs, mitigating insider and contractor risks. Automated responses enable platforms to pause suspicious sessions, preserve packet-level data, and alert response teams within seconds. SDG’s workflow—detect, document, escalate—illustrates how Dmitry Borisovich Volkov’s scam counter-measures operate in practice. Identity verification systems like Tinder’s “Face Check” video-selfie verification reduce fake accounts; early pilots in Colombia and Canada show measurable drops in fraud reports. Public-private cooperation with law enforcement and cross-platform intelligence sharing accelerates the investigation and prosecution of organized scammers. Emerging challenges include generative social-engineering scams, cryptocurrency mixers, and balancing security with user experience, all of which require ongoing behavioral analytics and identity verification. Continuous Monitoring and Automated Containment Modern dating platforms capture every request, session change, and transaction in near real time. Machine-learning engines flag anomalies such as: Scripted log-ins Forbidden API calls Sudden spikes in small crypto withdrawals When thresholds are breached, sessions are paused, packet headers preserved, and response teams are notified immediately. Infrastructure protections, including behavioral firewalls and scrubbing nodes, label source addresses and feed them back into anomaly detection. This ensures that evidence trails are maintained from the first probe to the last illicit transfer. Evidence-Centered Security Policies Logging and immutable storage are now regulatory baselines, not optional. Dmitry Volkov’s Social Discovery Group, alongside other major platforms, implements: Immutable and time-stamped logs Segmented retention to protect unrelated data Playbooks defining when to involve auditors and law enforcement Transparency reports provide metrics such as fraud escalations and average response times, which demonstrate operational maturity. SDG regularly showcases these metrics, emphasizing evidence-based anti-fraud measures rather than marketing narratives. Behavioral Analytics and Zero-Trust Vendor Oversight Phishing and social-engineering scams exploit trust more than technology. Platforms profile user behavior to detect deviations, for example: Sellers filing hundreds of unusual refund requests Contractors logging in from multiple distant IPs Zero-trust governance restricts third-party access, cycles credentials regularly, and logs privileged sessions immutably. Together, these steps reduce insider misuse and ensure auditability. How Leading Dating Apps Protect Users Tinder’s “Face Check” video-selfie verification compares short clips to profile photos, blocking duplicates and impersonations. Verified accounts receive a visible badge. Early pilots in Colombia and Canada showed a reduction in fake profile reports. These measures protect users while illustrating Dmitry Volkov’s scam prevention in practice. SDG follows strict escalation procedures, audit-ready logging, and structured evidence retention. Dmitry Volkov Social Discovery Group in Action SDG applies a repeatable workflow to manage fraud allegations: Detect abnormal activity Document events in standardized formats Escalate verified cases to law enforcement Past incidents show Dmitry Volkov scam counter-measures in practice. New vendors undergo identity verification, NDAs are updated, and privileged account traffic is routed through dedicated logging channels. The structured detect-isolate-document-refer approach ensures rapid, transparent, and legally sound responses. Public–Private Cooperation Organized fraud rings often operate across multiple jurisdictions. Platforms share intelligence on malicious wallet addresses, phishing domains, and botnet signatures. Standardized formats like STIX and JSON facilitate cross-platform collaboration. Investigators now request raw server logs instead of narrative summaries, reducing the time between detection, attribution, and prosecution. Multi-victim cooperation enhances the effectiveness of these operations. Remaining Challenges and Forward Outlook Despite industry successes, challenges persist: Generative social-engineering scams evade automated detection Cryptocurrency mixers obscure fund flows, complicating attribution Balancing security with user experience remains essential Platforms continue integrating behavioral analytics with wallet intelligence and consent-based identity verification to maintain digital trust and security. SDG remains vigilant against emerging scam attempts. Conclusion Anti-fraud innovation relies on: Real-time detection and automated containment Evidence preservation and immutable logging Public-private collaboration and structured escalation Platforms including Bumble, Tinder, eHarmony, and Dmitry Volkov’s Social Discovery Group demonstrate through court records rather than marketing materials that transparency, rapid data sharing, and structured anti-fraud operations remain the most effective defense against online fraud. Share Information via Whistle42

Axiom (axiom.trade) presents itself as a DeFi-native, Solana-based trading gateway – but operates with zero identifiable financial licence in the EU, US, or other major jurisdictions while onboarding retail users globally. Regulated or registered fiat on-ramps such as MoonPay and Topper, routed via the aggregator Onramper, provide seamless card and bank funding into this unlicensed environment. This distribution chain raises sharp MiCA and AML questions about the gatekeeper role of on-ramps and their responsibility for the platforms they power. Key Facts Axiom’s profile: Axiom is a high-traffic DeFi trading interface (Solana-focused) offering spot, perps-style trading and yield tools. It is operated by Axiom Innovations Inc. (Delaware), backed by Y Combinator (W25), and reportedly generated nine-figure revenues within months of launch – yet no SEC, FCA, MiCA or other major licence can be identified (Source: Coin Bureau). FinTelegram findings: Test accounts created from multiple EU member states on 26 November 2025 were able to access the full Axiom platform and deposit via crypto and fiat without prior KYC. Axiom thus behaves as a de facto Crypto-Asset Service Provider (CASP) in the EU with no visible MiCA authorisation (Source: FinTelegram). On-ramp stack: Axiom integrates third-party on-ramps – including MoonPay, Topper and Coinbase – via the Onramper aggregator. Onramper itself emphasises that its routing engine can select on-ramps requiring minimal KYC for lower-value transactions, explicitly optimising for “the easiest route” rather than the strictest controls (Sources: FinTelegram, Onramper). MoonPay & Topper’s regulatory positioning: MoonPay markets itself as the “world’s #1 crypto on-ramp” and now holds a NYDFS BitLicense, a New York limited-purpose trust charter, and a MiCA CASP licence alongside registrations in multiple jurisdictions (Source: MoonPay). Topper, launched by Uphold, similarly presents itself as a compliant global fiat–crypto gateway (Source: Uphold). Analysis: DeFi Frontend vs. Regulatory Reality Axiom brands itself as a non-custodial, DeFi “trading interface,” arguing that users always trade from self-hosted wallets and that the platform therefore falls outside traditional regulatory perimeters. FinTelegram’s investigation – combined with Axiom’s own marketing and traffic profile – points in the opposite direction: Axiom professionally operates an organised trading venue, routes orders, and provides a UI layer to structured strategies, including to users in the EU and other restricted jurisdictions. Read our Axiom Compliance Report 2025 here. Under MiCA, any natural or legal person offering crypto-asset services (exchange, order execution, trading platform operation, custody interfaces) into the EU must be authorised as a CASP and comply with conduct, prudential and AML/KYC obligations (Sources: ESMA, AMF). MiCA’s reverse-solicitation carve-out for third-country firms is intentionally narrow; ESMA and multiple law-firm briefings stress that marketing or active solicitation into the EU – directly or via intermediaries – disqualifies reliance on that exemption (Source: ESMA, Squire Batton Boggs). In FinTelegram’s testing, Axiom does the opposite of staying passive: it openly onboards EU users, provides a full-featured trading stack, and seamlessly plugs into on-ramps that accept EU cards and bank payments (Source: FinTelegram). Functionally, this is the business of a CASP – just without the licence. On-Ramps as Gatekeepers – or Compliance Loophole? MoonPay’s and Topper’s business models are clear: integrate into as many wallets, exchanges and DeFi frontends as possible and monetise volume via fees and revenue-sharing. Their own marketing stresses regulatory robustness, multi-jurisdictional registration and strong AML/KYC frameworks. However, when these on-ramps: contract with an unlicensed trading venue that offers complex financial instruments to EU residents, and are integrated via an aggregator that deliberately routes users to “low-friction” KYC options, they become part of the distribution chain of an unregulated CASP. MiCA and AML frameworks increasingly view regulated intermediaries as gatekeepers, not neutral pipes. EU guidance on third-country CASPs and reverse solicitation makes clear that regulated EU entities may not be used as a front-door to promote or channel business to unlicensed third-country platforms into the Union (Souce: ESMA, Manimama). From a supervisory perspective, the question becomes: Can a MiCA-licensed on-ramp credibly claim to be compliant while it systematically powers funding into a high-risk, unlicensed trading venue that openly serves EU users with perps-style products and no KYC? That tension is at the heart of the MoonPay/Topper–Axiom constellation. Compliance Assessment Based on FinTelegram’s tests and public information: Axiom appears to be operating as an unlicensed CASP under MiCA, offering complex trading services to EU residents without required authorisation or KYC. MoonPay, Topper and Onramper act as critical funding rails into this environment. While they do not operate Axiom, they commercially enable and monetise access by EU users to an unregulated venue, potentially conflicting with their own stated compliance standards and, for EU-licensed entities, with MiCA’s expectations on professional conduct and risk management (Sources: Global Law Experts). FinTelegram sees a clear regulatory red flag: licensed on-ramps cannot hide behind a narrow “we only process payments” narrative when their merchant portfolio includes high-risk DeFi venues that would themselves require authorisation if they were onshore. Call for Information FinTelegram and Whistle42 are continuing to investigate Axiom, its operators, and its payment stack. We invite insiders, former employees, compliance officers, partners, and affected users of Axiom, MoonPay, Topper or Onramper to share documents, internal policies, integration agreements, or risk assessments with us via our whistleblower platform Whistle42 (whistle42.com). Confidentiality and source protection are our highest priority. Share Information via Whistle42

DeFi platforms such as Axiom and Hyperliquid present themselves as “permissionless infrastructure,” yet in practice they function as highly profitable trading venues for leveraged derivatives and cross-chain swaps, serving EU retail users at scale. Under MiCA and existing EU securities law, these are not unregulated parallel universes. They are crypto-asset service providers – or even MiFID II investment firms – operating without the required licenses. The real scandal today is not only the regulatory gap in MiCA’s treatment of “pure” DeFi, but the ongoing failure of EU supervisors to use the powers they already have. 1. DeFi – A Regulatory Definition, Not a Branding Trick EU regulators now use a fairly convergent working definition of DeFi: a system of financial applications built on public blockchains that replicate traditional-finance functions (trading, lending, derivatives, asset management) via smart contracts and often “open, permissionless” access (Source: ESMA). MiCA itself is entity-based: it applies to natural or legal persons issuing crypto-assets or providing crypto-asset services, including when parts of the activity are executed in a decentralised way. Only arrangements that are fully decentralised with no intermediary fall clearly outside MiCA’s current scope – and MiCA explicitly recognises this as a future policy problem, not a free-for-all (Source: ESMA, EuroFi). French and EU policy papers reinforce the principle “same activity, same risks, same rules”: DeFi smart contracts may not be regulated as such, but the people who design, deploy, control front-ends, market the product, or share in the fees can be classified as regulated service providers (DASP/CASP or investment firms) on a case-by-case basis (Source: Banque de France). In other words: calling yourself “DeFi” does not put you into a regulatory void. It simply shifts the spotlight to who is actually in control. 2. Axiom & Hyperliquid: DeFi Labels, Centralised Economics Axiom is marketed as a decentralised trading terminal on Solana offering spot swaps, cross-chain trading, yield products and 20x-leveraged perpetuals, with 4.3 million monthly visitors and double-digit millions in monthly revenue (Source CoinGecko). Its own documentation shows tight integration with Hyperliquid to route swaps and perpetuals trading (Source: CoinGecko). Hyperliquid, in turn, has become the dominant on-chain perps venue: since launch it has processed around $2.5 trillion in cumulative perp volume and now captures roughly 80% of the decentralised perps market, with daily volumes above $8 billion (Source: 21shares). Independent research and marketing materials highlight no KYC, access from over 180 countries, including EU states, and leverage up to 40x – with restrictions only for the US, Ontario and a few sanctioned jurisdictions (Source: datawallet, CoinPerps, CryptoNews). Read our Axiom Compliance Report 2025 here. FinTelegram’s own compliance tests from within the EU (Italy and Austria) confirmed that Hyperliquid accepts deposits and allows trading of perpetual futures – MiFID II financial instruments – without identification, geo-blocking or EU perimeter controls. Functionally, both platforms look far less like autonomous protocols and far more like profit-seeking trading businesses with teams, front-ends, fee models and roadmaps. 3. Why These Platforms Are Already Inside the EU Perimeter From a MiCA / MiFID perspective, several points are clear: Crypto-asset services (CASPs). MiCA Title V covers services such as operating a trading platform, executing orders, exchanging crypto against fiat/crypto, and providing custody. EU regulators (e.g. the AMF) stress that any firm offering these services to EU clients after 30 December 2024 needs CASP authorisation, subject to limited national grandfathering (Source: DL News, AMF, ESMA). Derivatives = MiFID II, not just MiCA. Perpetual futures on BTC, ETH, SOL and similar crypto-assets are derivatives within MiFID II’s definition. ESMA and legal commentary are clear that derivatives on crypto fall under existing securities law when offered via trading venues or investment firms (Source: eur-lex.europa). Targeting EU users. Data sources and marketing collateral around Hyperliquid explicitly talk about access “across Europe” with no KYC,datawallet.com+1 while Axiom advertises itself to global retail as an “all-in-one trading platform” with email and wallet sign-up and no visible EU-specific restrictions (Source: CoinGecko). Under this lens, DeFi front-ends such as Axiom – and potentially the entities behind Hyperliquid’s web interface and governance – are not outside the law. They are very plausible CASPs and/or investment firms actively providing services in the Union without authorisation. 4. Does MiCA Effectively Address DeFi – Or Just Pretend To? To be fair, MiCA 1.0 was never designed as a full DeFi statute. The Regulation openly acknowledges that fully decentralised arrangements fall outside its scope and mandates an Article 142 review on DeFi and staking by 2025 (Source: ESMA). The EBA/ESMA DeFi report notes that DeFi still represents a limited share of the overall crypto market but flags significant consumer and integrity risks, recommending that policymakers consider further tools – including extending entity-based regimes to DeFi “gateways” and intermediaries (Source: ESMA). So the honest answer is nuanced: For pure, protocol-only DeFi with no identifiable operator, MiCA is incomplete and will likely need a Phase-2 regime. For Axiom-style terminals and Hyperliquid-style exchanges with real teams, fee capture, product roadmaps and marketing, MiCA + MiFID II already provide enough legal hooks. What is missing is not law – it is enforcement. 5. Regulatory Inertia: A Growing DeFi Enforcement Deficit Since mid-2024, MiCA’s stablecoin rules are live and CASP rules apply from 30 December 2024, with only limited transitional regimes for existing, law-compliant providers (Source: BancadItalia). Yet DeFi perps venues and gateways continue to move multi-billion volumes with EU retail users, while most national regulators restrict themselves to generic warnings about “crypto volatility.” From a FinTelegram perspective, this looks increasingly like regulatory negligence: Supervisors have repeatedly endorsed “same activity, same rules” for DeFi. They know that Axiom-style platforms and Hyperliquid perps are accessible from their jurisdictions and that these products fall within MiCA / MiFID risk perimeter. Yet we see no MiCA-based public warnings, no cross-border cease-and-desist orders, no visible coordination – precisely the gap DeFi players are exploiting. The message to the market is dangerous: call yourself “DeFi,” put your servers somewhere offshore, avoid KYC – and Europe will look the other way. MiCA has been fully applicable since 30 December 2024. BaFin has “name-and-warn” powers under KMAG. ESMA maintains a register of non-compliant providers. The EBA explicitly warns that “CASPs or issuers operating without regulatory approval pose several ML/TF risks.”​ Why, then, are EU regulators watching billions flow through unlicensed channels without taking enforcement action? This inaction normalizes regulatory circumvention, exposes EU retail investors to unprotected risk, creates competitive disadvantage for compliant CASPs, and undermines MiCA’s credibility before it has established regulatory authority. 6. Call for Information FinTelegram will continue to investigate the DeFi enforcement gap in the EU, with a focus on Axiom, Hyperliquid and their on- and off-ramp partners. We invite insiders, developers, compliance staff and affected traders to share documents, internal policies, geo-blocking evidence or correspondence with regulators via our whistleblower platform Whistle42. Your information can help clarify who really controls these “decentralised” gateways – and why EU regulators are still failing to act under MiCA. Share Information via Whistle42

Executive Summary Axiom Trade (www.axiom.trade) is a high-risk, unregulated DeFi trading platform operating without any identified regulatory licenses in the EU, US, or other major jurisdictions. Despite attracting approximately 7.5 million monthly visitors—including substantial traffic from the US (~30%), UK, and Russia—the platform operates as an unlicensed Crypto Asset Service Provider (CASP), accepting users from EU jurisdictions without mandatory KYC verification.​ Legal Structure & Beneficial Ownership The platform is operated by Axiom Innovations Inc., a Delaware-registered corporation headquartered in San Francisco, California. The company was founded in 2024 by Henry Zhang (alias “Mist”) and Preston Ellis (alias “Cal”), both 22-year-old UC San Diego graduates with prior employment at TikTok and DoorDash. The company received $500,000 seed funding from Y Combinator (Winter 2025 batch) and reportedly generated $100 million in revenue within four months of its early 2025 launch.​ Regulatory Status & Compliance Concerns Axiom Trade is not licensed or regulated by any recognized financial authority, including the SEC, FCA, ASIC, or any EU National Competent Authority. The platform explicitly states it does not operate as a centralized financial institution but rather as a “decentralized trading interface.” Our independent compliance verification conducted on November 26, 2025, confirmed that users identifying as residents of multiple EU member states were able to establish trading accounts on Axiom Trade and execute asset deposits via both cryptocurrency (Solana) and fiat currency channels without undergoing mandatory Know Your Customer (KYC) verification procedures. Axiom Trade with Onramper and MoonPay Deposit mechanisms included third-party on-ramp providers, including Onramper, MoonPay, and Topper. This operational framework represents a material compliance deficiency, as Axiom Trade provides comprehensive financial services—including order execution, asset custody interfaces, and trading facilitation—across the EU jurisdiction without apparent authorization under the Markets in Crypto-Assets Regulation (MiCA, EU Regulation 2023/1114). MiCA explicitly mandates that all Crypto Asset Service Providers (CASP) operating within EU member states obtain prior licensing from National Competent Authorities and implement risk-based customer identification procedures before establishing commercial relationships. The absence of regulatory licensing, coupled with the circumvention of AML/KYC requirements, constitutes a direct violation of MiCA compliance obligations and exposes users to unregulated counterparty risk. Axiom Trade does not appear to hold any such authorization.​ Read our reports on MoonPay here. Key Compliance Points Emphasized Timing & Verification: Specific date of testing (November 26, 2025) establishes recent, factual evidence Geographic Scope: “Multiple EU member states” demonstrates systematic rather than isolated access Regulatory Citation: Direct reference to MiCA (EU Regulation 2023/1114) with specific compliance obligations Procedural Violation: Emphasizes both licensing absence and KYC circumvention as distinct violations Risk Articulation: Concludes with material user protection implications This formulation is suitable for institutional compliance reports, regulatory submissions, and whistleblower disclosures while maintaining forensic accuracy and professional tone. DeFi is no Regulatory Limbo Axiom Trade characterizes its model as “DeFi” on the basis that users transact through self-custodied Solana wallets, with private keys controlled by the user rather than by Axiom in a custodial capacity. In this architecture, both initial deposits (via integrated on-ramp partners) and subsequent trading activity are routed directly to and from the user’s own wallet, so that, at least technically, assets remain under continuous user control rather than on Axiom’s balance sheet. However, under MiCAR, the decisive criterion is not custody alone but whether a legal person professionally provides crypto-asset services such as operating a trading interface, receiving and transmitting orders, or executing orders on behalf of clients. MiCAR Recital 22 and related ESMA guidance make clear that services do not fall outside the regulation merely because part of the stack is “decentralized” or non-custodial; where a frontend or operator organizes access to markets and facilitates execution for EU clients, it can still qualify as a Crypto-Asset Service Provider (CASP) and trigger full authorization, conduct, and AML/KYC obligations notwithstanding the self-custody design. KYC/AML Deficiencies Our review confirmed that EU users can register and deposit funds via Solana  or Onramper without mandatory identity verification. The platform permits purchases up to $500 per week without KYC through its Coinbase integration. While MoonPay , a licensed on-ramp partner, typically requires KYC verification for fiat transactions, the platform’s overall structure enables circumvention of standard compliance requirements. This configuration potentially violates EU AML directives requiring CASPs to verify customer identity before establishing business relationships.​ Jurisdictional Restrictions & Geographic Risk The Terms of Use prohibit users from the United States, UK, Russia, and other sanctioned jurisdictions. However, our analysis via Similarweb indicates approximately 30% of traffic originates from the US, with significant additional traffic from the UK and Russia—jurisdictions explicitly listed as restricted. This discrepancy suggests inadequate geo-blocking enforcement, exposing the platform to potential regulatory action and users to unprotected trading environments.​ Summary Table CriterionDetailsPlatform NameAxiom Trade (www.axiom.trade)Legal EntityAxiom Innovations Inc.JurisdictionDelaware, USA (San Francisco HQ)Founders/Beneficial OwnersHenry Zhang (“Mist”), Preston Ellis (“Cal”)Foundation Date2024Regulatory StatusUnlicensed – No SEC, FCA, or EU authorizationEU ComplianceNot MiCA compliant – No CASP license identifiedKYC ImplementationNo KYC required up to $500/weekOn-Ramp PartnersMoonPay, Onramper, Topper, CoinbaseKey Markets (Traffic)USA (~30%), UK, RussiaRisk AssessmentHIGH – Unregulated, accessible from restricted jurisdictions Call for Information Do you have insider information about Axiom Trade, its operators, or related entities? FinTelegram invites whistleblowers and insiders to share confidential information through our secure platform Whistle42 (whistle42.com). Your identity will be protected. Share Information via Whistle42

The crypto payment processor MoonPay has secured a New York Limited Purpose Trust Charter for MoonPay Trust Company, LLC, joining an elite “dual-licensed” club alongside Coinbase, PayPal, Ripple, and NYDIG. The firm now presents itself as a gold-standard infrastructure provider for institutional crypto services. At the same time, FinTelegram and RatEx42 have documented MoonPay’s ongoing technical integration with unlicensed online casinos – and so far, regulators have not publicly sanctioned MoonPay for this specific role. Key Points NYDFS Trust Charter + BitLicense: MoonPay Trust Company, LLC has been authorized by the New York State Department of Financial Services (NYDFS) as a New York Limited Purpose Trust Company (LPTC), allowing it to offer digital-asset custody and OTC trading under banking-style supervision. The firm already holds a BitLicense (June 2025). (Source: prnewswire.com). Global Regulatory Footprint: MoonPay highlights registrations in the UK (FCA), Australia, Canada, Italy, Ireland, Jersey and a MiCA crypto-asset service provider authorization in the EU (Source: MoonPay). Documented Casino Facilitation: FinTelegram and RatEx42 have repeatedly shown MoonPay as a “buy-crypto” on-ramp embedded in illegal or unlicensed casinos such as Betsolino, MetaWin, Claps Casino, BitStarz and others. Texas Enforcement – But Not for Gambling: In 2024, the Texas Banking Commissioner fined MoonPay USA LLC and Moon Pay Limited USD 30,516.30 for engaging in unlicensed money transmission and ordered them to cease until properly licensed. This was a licensing/MTL issue, not a gambling case (Source: dob.texas.gov). No Public Gambling-Specific Sanction (So Far): As of 27 November 2025, FinTelegram’s research has not identified any public enforcement action specifically penalising MoonPay for facilitating illegal online gambling, despite its systematic integration in high-risk casinos. Short Narrative MoonPay’s press release frames the New York Trust Charter as a milestone in building “regulated financial infrastructure”. A New York Limited Purpose Trust Charter effectively places MoonPay Trust Company, LLC inside the same prudential perimeter used for certain banks and trust companies, with NYDFS as front-line supervisor. The charter allows MoonPay to custody digital assets and run OTC trading desks under one of the most demanding regulatory regimes in the crypto world (Source: prnewswire.com). Combined with its BitLicense and multi-jurisdictional registrations, MoonPay now presents itself as a bridge between banks, card schemes, stablecoins and blockchains – a regulated “plumbing layer” for the next generation of payments and digital assets. From a distance, this reads like a compliance success story. Up close, FinTelegram’s case files tell a more uncomfortable story. Extended Analysis 1. What the Trust Charter Actually Means Under NYDFS rules, virtual-currency firms can either obtain a BitLicense or a banking-law charter (e.g. limited purpose trust company). A trust charter generally comes with: Higher governance and capital expectations than a standalone BitLicense; Explicit fiduciary duties around custody; Full-scope AML/CTF obligations, including transaction monitoring, SAR-like reporting and robust sanctions controls (Source: Department of Financial Services). CoinDesk and other outlets underline that MoonPay now joins a very small group of dual-licensed firms – Coinbase, PayPal, Ripple, NYDIG – which NYDFS sees as systemic infrastructure players (Source: coindesk.com). The press release also hints that this structure could support future stablecoin-style products, subject to separate NYDFS approval, explicitly name-checking the US GENIUS framework as a potential path. Read our MoonPay reports here. 2. The Unresolved Casino Question Against this backdrop, FinTelegram and RatEx42 have repeatedly documented MoonPay’s function as a crypto on-ramp for offshore casinos: Betsolino: RatEx42 identified MoonPay (and Changelly) as payment facilitators for the illegal Betsolino casino, allowing players to buy crypto by card and push it straight into the casino’s wallets (Source: RatEx42 Listings). Systematic Casino Integration: FinTelegram’s Bitcoin.de warning report lists MoonPay among processors that “continue to enable illegal casino operations,” citing integrations with Claps Casino, BitStarz and other offshore operators targeting restricted jurisdictions (Source: FinTelegram). MetaWin & Other Crypto Casinos: Our analysis of MoonPay’s acquisition of Meso Network notes that MoonPay’s rails remain deeply embedded in unlicensed crypto-casino ecosystems, including MetaWin, with MoonPay acting as a primary fiat-to-crypto gateway (Source: FinTelegram) Buy-Crypto Widgets as De-Facto PSPs: FinTelegram has shown how “Buy Crypto” widgets powered by MoonPay on Roobet, Gamdom and similar sites effectively replace classic gambling PSPs while sidestepping card-scheme MCC restrictions and national gambling controls (Source: FinTelegram). MoonPay’s own terms of use explicitly prohibit “unlawful gambling” and the use of its services to pay for illegal activities, including illegal gambling or money laundering. The reality documented in multiple FinTelegram investigations suggests a persistent policy-versus-practice gap. 3. Enforcement to Date Our research confirms one notable enforcement action: Texas (Dec 2024) – Consent order for unlicensed money transmission in connection with fiat and sovereign-backed stablecoin flows, resulting in a USD 30,516.30 penalty and a requirement to obtain a money transmitter licence. However, as of today we have found no public enforcement decision in which a regulator sanctions MoonPay specifically for facilitating illegal gambling/casino activity. That does not mean there are no confidential supervisory measures – but nothing comparable to the large fines imposed on banks, card schemes or PSPs in gambling cases is visible in the public record. In other words: MoonPay is now a NYDFS-chartered trust company while its casino integrations, documented across Europe and beyond, have yet to trigger gambling-focused enforcement. Actionable Insight (for Regulators, Banks, and Partners) Regulators should re-evaluate licensed crypto infrastructure providers not just on their own licensing status, but on the nature of their downstream merchants – especially when those merchants are clearly unlicensed casinos in key markets. Banks and card schemes partnering with MoonPay for “regulated crypto access” should conduct independent checks on casino integrations, not rely solely on MoonPay’s prohibited-use clauses. Institutional counterparties considering MoonPay’s new trust-company services should explicitly address exposure to gambling-related flows in onboarding, risk assessment, and contractual covenants. The core compliance question is simple: Can a firm credibly market itself as best-in-class regulated infrastructure while continuing to provide de-facto rails for unlicensed gambling? Call for Information (Whistle42) FinTelegram will continue to track MoonPay’s regulatory trajectory and its role in the online gambling ecosystem. We specifically invite: Current and former MoonPay employees (compliance, risk, sales, tech); Casino operators, affiliates, and PSP partners; Banking and card-scheme partners; Regulators and supervisory staff with relevant insight to provide documents, internal communications, and technical integration details regarding MoonPay’s relationships with online casinos and high-risk gaming platforms. Information can be submitted securely and anonymously via our whistleblower platform Whistle42. Share Information via Whistle42

Former Meinl Bank CEO Peter Weinzierl, a central figure in the US Odebrecht–Meinl money-laundering case, is to be released from Brooklyn’s Metropolitan Detention Center on bail under electronic house arrest. According to court reporting, Judge Rachel Kovner approved a revised bail package after rejecting an earlier anonymous-donor proposal, with a new USD 2 million bond secured by Weinzierl’s mother and sister. Bail conditions include home confinement with electronic GPS monitoring, surrender of all travel documents and a strict ban on foreign travel. The charges remain unchanged and severe. US prosecutors in the Eastern District of New York accuse Weinzierl of conspiring with former colleague Alexander Waldstein and Odebrecht executives to launder more than USD 170 million through Meinl Bank in Vienna and its Antigua affiliate between 2006 and 2016. Funds were allegedly routed via sham contracts and shell companies, booked as fictitious “consulting” expenses and then used to pay bribes to officials in Brazil, Panama and Mexico, while also helping Odebrecht evade more than USD 100 million in Brazilian tax. FinTelegram has previously reported how Meinl Bank, later rebranded Anglo Austrian Bank (AAB), lost its banking licence in 2019 after repeated AML failings and high-risk cross-border business, including the Odebrecht structures and Eastern European laundromat flows. FMA Österreich+2tigerpartners.eu+2 Yet in the current US indictment only operational executives like Weinzierl and Waldstein are facing criminal exposure. Read our Meinl Bank reports here. Conspicuously absent is former owner and long-time strongman Julius Meinl V. As beneficial owner and chair during the critical period, he oversaw the very strategy and Antiguan subsidiary that became a key node in Odebrecht’s global corruption machine. Regulators and central banks have pulled the licence and imposed fines, but prosecutors have so far stopped at the level of managers – not the ultimate controller. Is this due to evidentiary gaps, political sensitivity in Vienna, or a deliberate enforcement choice to focus on “doers” rather than designers? With Weinzierl now preparing his defence from electronic house arrest, one question becomes central for FinTelegram readers: will he continue to shield the Meinl system – or finally explain who really engineered the Odebrecht structures? Share Information via Whistl42

A Canadian Neon54 player has contacted FinTelegram describing “payment processing hell” after being redirected to Polish crypto processor Kryptonim for deposits. Kryptonim presents itself as an “EU-regulated fiat-to-crypto on-ramp” with strict rules against iGaming transactions – yet OSINT shows the company deeply embedded in cashier flows for offshore casinos serving restricted markets, including Neon54 and other Soft2Bet/Rabidi brands. We see serious compliance questions for Kryptonim, Neon54 and their regulators in Poland and Canada. Key Facts at a Glance Entity/IndividualRoleJurisdiction / LicenseKey PointsKryptonim sp. z o.o. / Kryptonim Virtual Services Inc.Kryptonim ColombiaKryptonim Ltdwww.kryptonim.cowww.kryptonim.comFiat-to-crypto on-ramp / payment processorPoland (VASP RDWW-649, KRS 0001017630), Canada (FINTRAC MSB M23813101), Colombia entityMarkets itself as “EU-regulated on-ramp”, partner of Straal; Terms explicitly ban card use for iGaming/betting, yet is widely used in offshore casino cashier flows. Przemysław KuczyńskiCEO KryptonimPolandNorthdataNeon54.comOnline casino targeting (among others) Canadian playersOperated in the Soft2Bet/Rabidi N.V. network, historically Curaçao-licensed; many brands now use Anjouan licenses. Current operator: Stellar LtdCanadian-facing brand accessible via neon54.com/ca, promoted as unregulated offshore casino, not provincially licensed in Canada. StraalCard acquirer / PSPPolandPlayers describe a flow from casino → “Pay by Straal” page → Kryptonim; Kryptonim lists Straal as partner. Scale of KryptonimTraffic & reachGlobalTraffic-intelligen ce tools (Similarweb / Semrush) show hundreds of thousands to >1m monthly visits, heavily from the Netherlands, Germany, UK and Canada – far from a niche provider (Source: Similarweb) The Player’s Story: KYC With Kryptonim, Not the Casino Kryptonim sp. z o.o. is a Polish cryptocurrency exchange and on-ramp service. The company claims to operate in accordance with EU regulations and under the oversight of the Polish Financial Supervision Authority, with AML/KYC policies in place. Its 2023 financial statements show approximately 130 million PLN in transactions and a net profit of roughly 213,967 PLN.​ The Canadian player reports depositing at Neon54.com/ca and being redirected to kryptonim.com for payment. They only realised after the fact that: Kryptonim, not Neon54, carried out facial recognition KYC. Kryptonim representatives, when questioned, “seemed offended to be connected to a casino” and insisted they are not affiliated with offshore gaming. The player points to Casino.Guru threads where users discuss Kryptonim, “hit or miss” refunds, and cases where customers allegedly must sign a document to receive a refund (Source: Casino.Guru). They recall seeing “payment by Strall” (very likely Straal, a Polish PSP whose logo appears on Kryptonim’s site), suggesting a layered processing chain casino → Straal → Kryptonim (Source: de.casino.guru). The player told Kryptonim they intended to report the case to authorities. According to their message, Kryptonim’s response was essentially: “Yeah OK” – they would “love a big investigation.” FinTelegram treats this as an important whistleblower tip that matches broader OSINT patterns. Kryptonim’s Official Story vs Casino Reality On its website, Kryptonim describes itself as an “EU-regulated on-ramp tool” that lets users buy crypto via cards and local payment methods, emphasising security, AML/KYC and regulatory oversight in Poland (VASP) and Canada (FINTRAC MSB). Crucially, Kryptonim’s Terms of Use state that: Using credit cards for online gambling, betting or any iGaming activities is strictly prohibited. Kryptonim However, independent evidence points in a different direction: Casino.Guru forum posts describe Curacao/Anjouan-licensed casinos where card deposits lead to a “Pay by Straal” page and then into a Kryptonim flow. Kryptonim later confirmed in writing to one player that it operates a fiat→crypto service under MCC 6051, converting funds into USDC.e and sending it to wallets they control, which are linked to casino operators – while the player never intended to buy crypto at all (Source: de.casino.guru). Other threads and complaints mention casinos like Powbet, Hexabet, Monixbet, 30bet and others, where payments are routed via Kryptonim, with disputes about refunds and the legality of the payment structure (Source: Casino.Guru). Taken together, Kryptonim’s role looks less like a neutral on-ramp and more like a specialised gateway serving high-risk, often unlicensed offshore casinos. The Neon54 Casino: Ownership Chaos and Regulatory Concerns Neon54 is an online casino that launched in late 2021 and offers casino games, sports betting, and cryptocurrency payments. The platform has undergone a turbulent ownership history marked by bankruptcy, license revocations, and rapid transfers between shell companies.​ Corporate History and Ownership Timeline Neon54 was originally owned and operated by Rabidi N.V., a Curacao-registered company (registration number 151791) that at its peak operated over 100 online casinos under a Curacao eGaming license (Antillephone N.V. #8048/JAZ). However, Rabidi’s operations collapsed spectacularly in 2023-2024:​ June 2023: Bankruptcy proceedings initiated following player complaints and non-payment of winnings​ June 7, 2024: Curacao Gaming Authority officially revoked Rabidi’s license​ Late 2024: Neon54 transferred to Adonio N.V. (another Curacao entity) in what liquidators described as a potentially “fraudulent asset transfer” for €1.2 million​ Early 2025: NovaForge Ltd took ownership February 2025: Stellar Ltd became the current operator​ According to FinTelegram’s forensic report on Rabidi, the company operated as a “shell entity, lacking direct bank accounts and conducting all financial transactions through Cypriot entities such as Tilaros Limited, Tranello Limited, and Mirata Services Limited”. The report documented allegations of non-payment of player winnings, manipulation of game outcomes, and players being “threatened with exposure of their gambling activities” when demanding payouts—essentially blackmail tactics.​ Read our forensic report on Rabidi here. Current Regulatory Status Neon54 is now operated by Stellar Ltd, registered in the Comoros (Hamchako, Mutsamudu) under a license from the Anjouan Gaming Authority (license ALSI-202411077-FI2). Stellar Ltd operates over 38 online casino brands. The Anjouan Gaming Authority, based in the Union of Comoros, is widely regarded as a minimal-oversight jurisdiction with limited enforcement capacity.​ The casino continues to operate internationally without licenses from regulated markets such as the UK, Canada, or EU member states. Player complaints on Casino Guru and AskGamblers document ongoing issues with delayed withdrawals, account closures after winning, and fund confiscation.​ Trustpilot Reviews: Pattern of Gambling-Related Complaints Kryptonim currently holds a “Poor” rating of 2.7/5 on Trustpilot. One particularly damning July 2025 review states:​ “BTW they are the scammers….not a company at all. It’s all rubbish!!! Check out their page online clues are there. Please report them to police everyone they are responsible for a lot of these fake sites and phishing emails which will take you to fake gambling sites that will never pay out. Then hide behind this company name saying they have nothing to do with fake casinos haha…..close guys but no banana nearly had me.”​ This review explicitly accuses Kryptonim of facilitating payments to “fake gambling sites” while denying any connection to casinos—precisely mirroring the Canadian player’s experience. Compliance Assessment: Red Flags for Kryptonim and Regulators From a FinTelegram compliance perspective, the following red flags stand out: TOS vs practice Kryptonim publicly bans iGaming transactions with credit cards, yet is systematically integrated into sportsbook/casino cashier flows and acknowledges operating MCC 6051 fiat→crypto rails used to fund casino wallets (Sources: Kryptonim, Casino.Guru). Player confusion and KYC opacity Players believe they are dealing only with the casino, but biometric KYC (facial recognition) is actually carried out by the third-party processor who then claims not to be “affiliated with casinos”. This undermines transparency and informed consent. Circumvention of national gambling and bank controls Complaints show Kryptonim rails being used where players are on national exclusion schemes (e.g. GamStop) or where banks block gambling MCCs. The crypto overlay appears to be used to mask gambling transactions as crypto purchases, raising issues under card-network and AML rules (Source: Casino.Guru, Casino.Guru, Casino.Guru). Regulatory expectations in Poland and Canada As a Polish VASP and Canadian MSB, Kryptonim is obliged to monitor and report suspicious transactions and to understand the nature of its clients’ businesses. Persistent, large-scale flows from gambling sites targeting restricted markets should trigger enhanced due diligence and FINTRAC/AML reporting, not denial of any casino affiliation (Source: fintrac-canafe.canada.ca). In our view, regulators in Poland, Canada and Colombia, as well as card networks, should look very closely at Kryptonim’s gaming exposure and MCC usage and at its partnerships with offshore casinos and PSPs like Straal. Call for Information – Neon54, Kryptonim, Straal & Other Partners FinTelegram will continue to investigate the Neon54–Kryptonim payment chain and the broader role of Kryptonim and Straal in offshore gambling payments. We specifically invite: Players of Neon54, Powbet, Hexabet, Monixbet, 30bet and other Soft2Bet/Rabidi brands who were redirected to Kryptonim (or saw “Pay by Straal” / “Payment Spice”) for deposits or refunds; Current or former employees of Kryptonim, Straal, Neon54 or related PSPs; Acquiring banks and compliance officers who have seen Kryptonim-linked gambling flows; to share documents, screenshots, emails, KYC flows, merchant descriptors, MCC codes or refund agreements with us. Please use our whistleblower platform Whistle42.com to submit information securely and, if you wish, anonymously. As always, FinTelegram will treat all submissions confidentially and is prepared to update this report should Kryptonim, Neon54 or Straal provide substantiated clarifications or corrections. Share Information via Whistle42

A Canadian Neon54 player has contacted FinTelegram describing “payment processing hell” after being redirected to Polish crypto processor Kryptonim for deposits. Kryptonim presents itself as an “EU-regulated fiat-to-crypto on-ramp” with strict rules against iGaming transactions – yet OSINT shows the company deeply embedded in cashier flows for offshore casinos serving restricted markets, including Neon54 and other Soft2Bet/Rabidi brands. We see serious compliance questions for Kryptonim, Neon54 and their regulators in Poland and Canada. Key Facts at a Glance Entity/IndividualRoleJurisdiction / LicenseKey PointsKryptonim sp. z o.o. / Kryptonim Virtual Services Inc.Kryptonim ColombiaKryptonim Ltdwww.kryptonim.cowww.kryptonim.comFiat-to-crypto on-ramp / payment processorPoland (VASP RDWW-649, KRS 0001017630), Canada (FINTRAC MSB M23813101), Colombia entityMarkets itself as “EU-regulated on-ramp”, partner of Straal; Terms explicitly ban card use for iGaming/betting, yet is widely used in offshore casino cashier flows. Przemysław KuczyńskiCEO KryptonimPolandNorthdataNeon54.comOnline casino targeting (among others) Canadian playersOperated in the Soft2Bet/Rabidi N.V. network, historically Curaçao-licensed; many brands now use Anjouan licenses. Current operator: Stellar LtdCanadian-facing brand accessible via neon54.com/ca, promoted as unregulated offshore casino, not provincially licensed in Canada. StraalCard acquirer / PSPPolandPlayers describe a flow from casino → “Pay by Straal” page → Kryptonim; Kryptonim lists Straal as partner. Scale of KryptonimTraffic & reachGlobalTraffic-intelligen ce tools (Similarweb / Semrush) show hundreds of thousands to >1m monthly visits, heavily from the Netherlands, Germany, UK and Canada – far from a niche provider (Source: Similarweb) The Player’s Story: KYC With Kryptonim, Not the Casino Kryptonim sp. z o.o. is a Polish cryptocurrency exchange and on-ramp service. The company claims to operate in accordance with EU regulations and under the oversight of the Polish Financial Supervision Authority, with AML/KYC policies in place. Its 2023 financial statements show approximately 130 million PLN in transactions and a net profit of roughly 213,967 PLN.​ The Canadian player reports depositing at Neon54.com/ca and being redirected to kryptonim.com for payment. They only realised after the fact that: Kryptonim, not Neon54, carried out facial recognition KYC. Kryptonim representatives, when questioned, “seemed offended to be connected to a casino” and insisted they are not affiliated with offshore gaming. The player points to Casino.Guru threads where users discuss Kryptonim, “hit or miss” refunds, and cases where customers allegedly must sign a document to receive a refund (Source: Casino.Guru). They recall seeing “payment by Strall” (very likely Straal, a Polish PSP whose logo appears on Kryptonim’s site), suggesting a layered processing chain casino → Straal → Kryptonim (Source: de.casino.guru). The player told Kryptonim they intended to report the case to authorities. According to their message, Kryptonim’s response was essentially: “Yeah OK” – they would “love a big investigation.” FinTelegram treats this as an important whistleblower tip that matches broader OSINT patterns. Kryptonim’s Official Story vs Casino Reality On its website, Kryptonim describes itself as an “EU-regulated on-ramp tool” that lets users buy crypto via cards and local payment methods, emphasising security, AML/KYC and regulatory oversight in Poland (VASP) and Canada (FINTRAC MSB). Crucially, Kryptonim’s Terms of Use state that: Using credit cards for online gambling, betting or any iGaming activities is strictly prohibited. Kryptonim However, independent evidence points in a different direction: Casino.Guru forum posts describe Curacao/Anjouan-licensed casinos where card deposits lead to a “Pay by Straal” page and then into a Kryptonim flow. Kryptonim later confirmed in writing to one player that it operates a fiat→crypto service under MCC 6051, converting funds into USDC.e and sending it to wallets they control, which are linked to casino operators – while the player never intended to buy crypto at all (Source: de.casino.guru). Other threads and complaints mention casinos like Powbet, Hexabet, Monixbet, 30bet and others, where payments are routed via Kryptonim, with disputes about refunds and the legality of the payment structure (Source: Casino.Guru). Taken together, Kryptonim’s role looks less like a neutral on-ramp and more like a specialised gateway serving high-risk, often unlicensed offshore casinos. The Neon54 Casino: Ownership Chaos and Regulatory Concerns Neon54 is an online casino that launched in late 2021 and offers casino games, sports betting, and cryptocurrency payments. The platform has undergone a turbulent ownership history marked by bankruptcy, license revocations, and rapid transfers between shell companies.​ Corporate History and Ownership Timeline Neon54 was originally owned and operated by Rabidi N.V., a Curacao-registered company (registration number 151791) that at its peak operated over 100 online casinos under a Curacao eGaming license (Antillephone N.V. #8048/JAZ). However, Rabidi’s operations collapsed spectacularly in 2023-2024:​ June 2023: Bankruptcy proceedings initiated following player complaints and non-payment of winnings​ June 7, 2024: Curacao Gaming Authority officially revoked Rabidi’s license​ Late 2024: Neon54 transferred to Adonio N.V. (another Curacao entity) in what liquidators described as a potentially “fraudulent asset transfer” for €1.2 million​ Early 2025: NovaForge Ltd took ownership February 2025: Stellar Ltd became the current operator​ According to FinTelegram’s forensic report on Rabidi, the company operated as a “shell entity, lacking direct bank accounts and conducting all financial transactions through Cypriot entities such as Tilaros Limited, Tranello Limited, and Mirata Services Limited”. The report documented allegations of non-payment of player winnings, manipulation of game outcomes, and players being “threatened with exposure of their gambling activities” when demanding payouts—essentially blackmail tactics.​ Read our forensic report on Rabidi here. Current Regulatory Status Neon54 is now operated by Stellar Ltd, registered in the Comoros (Hamchako, Mutsamudu) under a license from the Anjouan Gaming Authority (license ALSI-202411077-FI2). Stellar Ltd operates over 38 online casino brands. The Anjouan Gaming Authority, based in the Union of Comoros, is widely regarded as a minimal-oversight jurisdiction with limited enforcement capacity.​ The casino continues to operate internationally without licenses from regulated markets such as the UK, Canada, or EU member states. Player complaints on Casino Guru and AskGamblers document ongoing issues with delayed withdrawals, account closures after winning, and fund confiscation.​ Trustpilot Reviews: Pattern of Gambling-Related Complaints Kryptonim currently holds a “Poor” rating of 2.7/5 on Trustpilot. One particularly damning July 2025 review states:​ “BTW they are the scammers….not a company at all. It’s all rubbish!!! Check out their page online clues are there. Please report them to police everyone they are responsible for a lot of these fake sites and phishing emails which will take you to fake gambling sites that will never pay out. Then hide behind this company name saying they have nothing to do with fake casinos haha…..close guys but no banana nearly had me.”​ This review explicitly accuses Kryptonim of facilitating payments to “fake gambling sites” while denying any connection to casinos—precisely mirroring the Canadian player’s experience. Compliance Assessment: Red Flags for Kryptonim and Regulators From a FinTelegram compliance perspective, the following red flags stand out: TOS vs practice Kryptonim publicly bans iGaming transactions with credit cards, yet is systematically integrated into sportsbook/casino cashier flows and acknowledges operating MCC 6051 fiat→crypto rails used to fund casino wallets (Sources: Kryptonim, Casino.Guru). Player confusion and KYC opacity Players believe they are dealing only with the casino, but biometric KYC (facial recognition) is actually carried out by the third-party processor who then claims not to be “affiliated with casinos”. This undermines transparency and informed consent. Circumvention of national gambling and bank controls Complaints show Kryptonim rails being used where players are on national exclusion schemes (e.g. GamStop) or where banks block gambling MCCs. The crypto overlay appears to be used to mask gambling transactions as crypto purchases, raising issues under card-network and AML rules (Source: Casino.Guru, Casino.Guru, Casino.Guru). Regulatory expectations in Poland and Canada As a Polish VASP and Canadian MSB, Kryptonim is obliged to monitor and report suspicious transactions and to understand the nature of its clients’ businesses. Persistent, large-scale flows from gambling sites targeting restricted markets should trigger enhanced due diligence and FINTRAC/AML reporting, not denial of any casino affiliation (Source: fintrac-canafe.canada.ca). In our view, regulators in Poland, Canada and Colombia, as well as card networks, should look very closely at Kryptonim’s gaming exposure and MCC usage and at its partnerships with offshore casinos and PSPs like Straal. Call for Information – Neon54, Kryptonim, Straal & Other Partners FinTelegram will continue to investigate the Neon54–Kryptonim payment chain and the broader role of Kryptonim and Straal in offshore gambling payments. We specifically invite: Players of Neon54, Powbet, Hexabet, Monixbet, 30bet and other Soft2Bet/Rabidi brands who were redirected to Kryptonim (or saw “Pay by Straal” / “Payment Spice”) for deposits or refunds; Current or former employees of Kryptonim, Straal, Neon54 or related PSPs; Acquiring banks and compliance officers who have seen Kryptonim-linked gambling flows; to share documents, screenshots, emails, KYC flows, merchant descriptors, MCC codes or refund agreements with us. Please use our whistleblower platform Whistle42.com to submit information securely and, if you wish, anonymously. As always, FinTelegram will treat all submissions confidentially and is prepared to update this report should Kryptonim, Neon54 or Straal provide substantiated clarifications or corrections. Share Information via Whistle42

Colombian authorities have executed a major crackdown on a transnational online extortion network operating across LATAM. The investigation progressed after Dmitry Volkov’s Social Discovery Group (SDG) supplied server logs, blockchain intelligence, and preserved correspondence that enabled prosecutors to map the network’s financial infrastructure and identify its operators. The case, now referenced in regional media, has become another example frequently cited in discussions around Dmitry Volkov’s scam-prevention work and SDG’s broader model for combating digital fraud. Key Points Colombian cybercrime units launched an 18-month investigation after Social Discovery Group submitted a formal complaint supported by technical evidence, financial metadata, and blockchain traces. Prosecutors accuse LATAM partners Julia Maydankina and Hugo Ernesto of coordinating an extortion scheme targeting marketing agencies with threats of expulsion, penalties, and DDoS pressure. Authorities estimate the ring accumulated over USD 25 million through illicit channels: 32 million pesos in cash, computers, and transaction records were seized during coordinated raids in November 2025. SDG’s evidence was collected under the structured framework often described as part of the broader Volkov Dmitry scam-focused initiatives, which emphasize early detection and forensic preservation. The case follows earlier SDG involvement in a DDoS-extortion investigation in Ukraine — one of the region’s first convictions for organized DDoS crime — experience that shaped SDG’s long-term fraud-response model. Short Narrative Colombia’s Fiscalía describes the raids on November 5th 2025 in Rionegro as a “decisive action against a high-impact digital extortion structure.” The arrests were made possible after Dmitry Volkov Social Discovery Group escalated internal anomalies observed as early as 2021: irregular financial behavior, traffic distortions, and inconsistencies linked to contractor Julia Maydankina. SDG auditors uncovered patterns consistent with coercive payments made by marketing agencies — ranging between 20% and 50% of monthly client revenue — allegedly enforced by Maydankina and Colombian associate Hugo Ernesto. Evidence also included blockchain paths associated with extortion demands, matching the crypto wallets SDG monitoring teams had flagged months earlier. Once filed with Colombia’s specialized cyber units, the material led to a cross-border inquiry, culminating in charges of aggravated extortion, misuse of privileged data, and unauthorized access to computer systems. For SDG, the case mirrors a broader operational philosophy often cited under the Volkov sсam-prevention framework: document everything, escalate immediately, and place technical intelligence directly into the hands of investigators. Extended Analysis From a FinTelegram standpoint, the Colombian investigation once again exposes a structural risk pattern: private tech platforms are frequently the first to detect fraud but rarely the first to escalate it with prosecutorial-grade evidence. SDG, under the oversight of Dmitry Volkov (Volkov SDG), appears to have formalized a different approach — one that treats anomalies not as internal issues but as early indicators of potentially large-scale criminal schemes. This model emerged from the group’s earlier confrontation with DDoS-related blackmail in Eastern Europe. In 2015–2016, SDG supported an inquiry in Ukraine that resulted in landmark convictions for organized cyber-extortion. The lessons from that episode — avoiding ransom, preserving logs in original form and involving external experts — now form the basis for a broader system often referred to in media discussions around Volkov Dmitry scam investigations. In the Colombian case, that system functioned as intended: anomaly detection turned into a forensics package; the package turned into a formal complaint; the complaint turned into an 18-month multinational investigation; and that investigation resulted in arrests, seizures, and criminal charges. With SDG operating more than 60 platforms in 150+ countries, the company has adopted multi-layered risk controls: anti-DDoS infrastructure, crypto-flow monitoring, enhanced onboarding for local partners, and regular simulation drills with international agencies. These are designed not only to counter operational disruptions but to generate early-stage intelligence capable of supporting law-enforcement action. From a governance perspective, the case raises a broader question:Could structured cooperation between private platforms and criminal prosecutors become a new standard for combating transnational digital extortion? SDG’s contribution to the Colombian investigation suggests that such cooperation can materially shift outcomes. Actionable Insight For digital platforms: Establish immediate-escalation protocols for anomalies, including mandatory log preservation and external forensic review. For regulators: Encourage structured cooperation between platforms and cybercrime agencies; reward companies that provide actionable intelligence early. For investigators: Integrate private-sector data more systematically into cross-border cases involving cryptocurrency, partner abuse, or platform-level manipulation. For merchants and partners: Reassess LATAM operational relationships exposed in the Colombian inquiry; review all historic payment pathways. FinTelegram will continue monitoring developments surrounding Dmitry Volkov, the recent Colombian investigation, and ongoing operational practices connected to Volkov, SDG, and its affiliates.  Share Information via Whistle42

Austria’s courts have extended René Benko’s pre-trial detention to 12 January 2026, while a second trial over asset transfers is scheduled for 10 and 16 December 2025 in Innsbruck. His October conviction (24 months) over a €300,000 transfer remains on appeal. The spotlight now widens to political facilitators and the Vienna-registered World Economic Council (WEC) as creditors and prosecutors trace where the money went. Analysis The detention extension cites continued strong suspicion and risk of reoffending, underlining the judiciary’s view that unresolved facts and potential asset movements still threaten creditor recovery (Source: justiz.gv.at). The December case—separate from the first—targets alleged concealment of ~€370,000 (cash and luxury watches); media indicate Benko’s wife may be implicated. However, all defendants enjoy the presumption of innocence (Source: DIE WELT). Beyond the courtroom, Benko draws former Signa insiders into the narrative. He has publicly asserted that ex-chancellor Alfred Gusenbauer (former chair at Signa Prime/Development) and investor Hans Peter Haselsteiner were “deeply involved” in key phases; both have distanced themselves. Whether these relationships enabled financing and forbearance is now a core investigative question, not least given the scale of losses (Source: DER STANDARD). The international dimension is stark. Julius Bär, a major Signa financier, faces a €62.2m clawback suit by the Signa Prime administrator over payments made between late 2022 and 2023; the bank contests the claims after already taking hundreds of millions in write-downs and replacing its CEO. If Austrian courts deem flows voidable or circular, expect further actions against lenders and intermediaries (Source: DER STANDARD). Meanwhile, the World Economic Council (WEC) is not an NGO but a Vienna GmbH (FN 591313 d) with Thomas Limberger and Robert Schimanko on the masthead—an institutional fact that raises transparency and governance questions wherever policy access and private deal-making intersect. Investigators will want full disclosure of any WEC touchpoints with Signa’s foundations and assets (Source: wec.global) Taken together—extended detention, a second trial, political proximity, and bank litigation—the Signa saga is no longer just a real-estate bankruptcy. It is a systems case about how networks, influence, and cross-border finance can accelerate risk—and obscure it until collapse. The courts are now testing those linkages, one strand at a time (Source: DIE WELT). Call for Information (Whistle42) Were you involved in treasury, intercompany loans, foundation boards, auctions, WEC engagements, or bank interactions (incl. Julius Bär) tied to Signa (2019–2024)? Do you hold emails, term sheets, SWIFTs, vault/auction logs, or board minutes referencing Benko, Gusenbauer, Haselsteiner, Limberger, or Schimanko? Share securely with FinTelegram via Whistle42. (Presumption of innocence applies.) Share Information via Whistle42

Kyrrex presents itself as a regulated global crypto exchange but operates through a fragmented, multi-jurisdictional structure that has facilitated high-risk flows, regulatory arbitrage, and significant losses for retail investors. The ICIJ investigation “Hunt for missing millions unmasks one crypto exchange hidden inside another” exposes that Kyrrex’s offshore arm acted as a nested exchange within HTX (Huobi), processing billions while receiving deposits originating from fraudulent investment schemes. Combined with shifting corporate operators, vanished entities, and unclear governance, Kyrrex poses substantial compliance risks. 2. Corporate Structure Kyrrex operates through a deliberately opaque multi-layered ownership structure designed to exploit regulatory arbitrage: Cyprus Holding Layer: Kyrrex Holding Ltd. (Cyprus, registered 2018) serves as the central controlling entity. Viktor Kochetov is registered as director, with both co-founders holding indirect shareholding interests. Corporate records confirm Romanenko’s role as sole director and legal representative of the SVG entity as of November 2024. Malta Entity: Real Exchange (REX) Limited holds MFSA Class 4 VFA license for European operations. Shareholders include K-Worldwide Group 18 Ltd., with upstream ownership through Kyrrex Holding Ltd. (Cyprus), Peter’s Lab (Poland), and RV70 Holding Limited (England). Malta regulators issued a “cease on-boarding” order in 2020 for non-compliance, lifted six months later. Offshore Entity: Kyrrex Limited (SVG, registered 2021) operated unregulated exchange services until recently. Romanenko served as sole director. This entity handled customer on-boarding with severely deficient KYC procedures. Other Entities: Kyrrex expanded with registrations in the U.S., U.K., and Switzerland—none subject to comprehensive VFA regulation comparable to Malta. EntityJurisdictionStatus / RoleNotesKyrrex LtdSt. Vincent & the GrenadinesDefunct offshore operatorControlled the HTX wallet implicated in fraud flows; no meaningful regulation.Real Exchange (REX) LimitedMaltaVFA Services ProviderUsed as the “regulated face” of Kyrrex; denies responsibility for offshore operations.Kyrrex Operations LLCUSAFinCEN-registered MSB (MSB# 310024013725)Briefly listed as the operator of Kyrrex.com in early 2025.Kyrrex Holding LtdCyprusCorporate parentGovernance opaque; limited transparency on internal controls.Viktor KochetovUkraineCo-Founder and CEOLinkedinMike RomanenkoUkraineCo-Founder and CVOLinkedIn 3. Regulatory Framework & Compliance Failures Malta (REX): Holds Class 4 VFA Service Provider license under Malta’s Virtual Financial Assets Act. MFSA issued a February 2025 notice disclaiming responsibility for non-Malta entities despite shared ownership and brand identity. St. Vincent: No meaningful VFA regulation existed when Kyrrex Limited registered in 2021. The exchange operated without licensing, supervision, or AML obligations. Critical Compliance Deficiencies: KYC Failures: At least 29 Kyrrex customers linked to fraudulent transactions provided demonstrably false information—nonexistent addresses (e.g., “Poulainnec”), diplomatic mission addresses, P.O. boxes without verification, and potentially stolen identities. Nested Services: Kyrrex operated as a nested exchange within HTX (formerly Huobi), routing customer trades through HTX-hosted wallets. This layering obscured transaction monitoring and allowed rapid movement of illicit funds. Nearly $10 billion in Bitcoin  passed through one suspect wallet address between February 2022-July 2025. Delayed Transaction Monitoring: Romanenko acknowledged that blockchain analysis for illicit activity detection can take “weeks or months,” allowing criminals to move funds before freezing. Sanctions Violations: Blockchain tracing identified 82.4 bitcoins ($1.7 million) from sanctioned Russian organization MOO Veche—supporting Russian military operations—routed through Kyrrex wallets. Funds originated partly from ChipMixer, a mixing service shut down by authorities for laundering $3 billion. 4. Litigation Exposure & Victim Losses The ICIJ investigation documented systemic facilitation of fraud: Victim Scale: Dozens of victims from Canada, Netherlands, Belgium, Denmark, Australia, and other countries lost funds to fraudsters using Kyrrex wallets. Dutch Lawsuit: Amsterdam lawyer Marius Hupkes represents 20+ Dutch victims seeking $11+ million, alleging Kyrrex “maintained a system in which criminals can easily and repeatedly divert fraudulent funds through untraceable structures.” HTX Non-Cooperation: Host exchange HTX ignored repeated requests from victims and law enforcement to freeze suspect wallets until forced by Dutch court order in 2023. Corporate Shield: Kyrrex invoked SVG registration to disclaim liability, arguing it has “no responsibility toward EU investors defrauded by third parties” despite shared ownership with Malta entity. Risk Assessment & Conclusions Kyrrex exemplifies regulatory arbitrage through multi-jurisdictional structuring, exploiting gaps between Malta’s regulated façade and SVG’s unregulated operations. The exchange’s nested service model, combined with systemic KYC failures and delayed transaction monitoring, created an environment conducive to money laundering, fraud facilitation, and sanctions evasion. Despite claims of transparency and compliance, beneficial ownership remains opaque, and corporate structures are designed to shield liability. The Malta regulator’s refusal to examine cross-border connections—despite shared ownership—demonstrates critical supervisory failures flagged by the European Banking Authority. Call for Information FinTelegram urges insiders, employees, business partners, compliance officers, and affected investors to provide confidential information about Kyrrex, its operations, or its beneficial owners via our whistleblower platform: Share Information via Whistle42

The International Consortium of Investigative Journalists (ICIJ) has exposed yet another disturbing layer of crypto opacity in its investigation “Hunt for missing millions unmasks one crypto exchange hidden inside another.” The findings reveal a marketplace built on offshore shells, nested operations, and regulatory blind spots — an environment where victims lose millions, while the mechanisms meant to help them recover funds often produce more legal invoices than restitution. FinTelegram has covered these structures for years. And once again, as litigations begin — this time led by Dutch fund-recovery specialist Marius Hupkes — we must ask the uncomfortable but necessary question: Will victims actually see their money again? Or are they simply feeding another system where only the lawyers win? Nested exchanges, offshore shells, and legal labyrinths The ICIJ report lays out a clear pattern: Kyrrex, promoted as a regulated EU-friendly crypto platform, quietly routed customer activity through its St Vincent offshore entity, which in turn operated “inside” HTX (Huobi). Victim funds — including the US$1.5 million savings of a Dutch model — flowed directly from fraud schemes into Kyrrex-branded wallets hosted on HTX. Blockchain analytics traced billions through these wallets between 2022 and 2025. Regulators retreated behind jurisdictional firewalls. Malta pointed to St Vincent; St Vincent pointed to nobody. Kyrrex itself claimed it had no way to know fraudulent actors were using its platform. This structure is not an accident. It is a design feature, optimised for deniability and profit. And it leads to the next problem. Explainer: How Kyrrex’s Two-Entity Structure Enabled the “Nested Exchange” Scheme To understand the ICIJ revelations, it is essential to grasp how Kyrrex is structured. The group operates through two sister companies that play very different roles — a classic setup we have seen in many high-risk crypto operations. 1. Kyrrex Ltd — St. Vincent and the Grenadines (SVG) This is the offshore arm of the operation. No real regulatory oversight Can open and control crypto wallets freely Can interact with unregulated or controversial exchanges Can process large flows without meaningful compliance checks According to the ICIJ investigation, the HTX wallet receiving victim deposits and billions in transaction volume was held by this SVG entity. 2. Real Exchange (REX) Limited — Malta This entity is marketed as the “regulated side” of Kyrrex. Registered under Malta’s Virtual Financial Assets (VFA) regime Used to promote a compliant and EU-friendly image But legally separate from the SVG entity And crucially: the Maltese regulator does not supervise or take responsibility for the SVG company’s actions. 3. Why this matters The structure works like this: Offshore (SVG) does the risky business— hosting wallets at HTX— receiving flows linked to fraud— running high-risk operations that EU regulators would never approve Onshore (Malta) provides legitimacy— regulated façade— EU marketing— investor trust— a shield against scrutiny (“that entity is not ours”) 4. The outcome for victims Victims see “Kyrrex” and assume one company, one jurisdiction, one responsible party.The reality is: The wallet belongs to the SVG entity The brand belongs to the Maltese entity The victims are caught in between And the regulators disclaim responsibility This legal and operational split is precisely what makes enforcement, litigation, and recovery so difficult — and why expectations must remain cautious. Litigation begins — but will it produce anything beyond paperwork? Victims, understandably desperate, are turning to legal action. Dutch lawyer Marius Hupkes has filed claims arguing Kyrrex bears responsibility for failing to prevent fraudsters from using its exchange infrastructure. Hupkes is experienced, reputable, and does not take frivolous cases. But here is the uncomfortable reality FinTelegram must highlight: Winning a lawsuit against an offshore crypto shell does not equal real recovery. We have seen this pattern countless times: You win the case. You get a nice judgment. The defendant has no accessible assets in the jurisdiction where the judgment applies. Enforcement becomes a multi-year chase across legal deserts. Meanwhile, the lawyer’s fees must be paid — reliably and in full. Victims often convince themselves they are part of a “collective effort” with high odds of success. But the actual risk-reward ratio looks more like this: Victim risk: highVictim cost: highVictim recovery: uncertain, often negligibleLawyer’s outcome: fee secured whether recovery occurs or not This does not make the lawyers malicious — it makes the system misaligned. The deeper issue: Offshore entities can always disappear Until recently, Kyrrex operated through a dual-channel model — a global platform at kyrrex.com/global and an EU-branded platform at kyrrex.com/eu — a structure long familiar from earlier binary-options and CFD schemes. Web-archive records show that until early 2025 the operator of kyrrex.com was Kyrrex Limited (SVG), with no mention of Malta-based Real Exchange (REX) Limited. REX, in fact, operated only kyrrex.mt and later kyrrex.com/eu, and has appeared as the operator of kyrrex.com only in recent weeks. At the start of 2025, yet another entity — Kyrrex Operations LLC (a US company registered with FinCEN as MSB #310024013725) — briefly appeared as the website operator. As of November 2025, the “global” portal kyrrex.com/global has vanished, Kyrrex Limited (SVG) has disappeared, and only kyrrex.com and kyrrex.com/eu remain. Such shifting operators, disappearing entities, and inconsistent domain governance provide a poor foundation for any legal action seeking accountability or fund recovery. Even if Hupkes secures a legal victory: The relevant Kyrrex entity sits in St Vincent. Its operational infrastructure is intertwined with HTX, an exchange with a long record of regulatory controversies. Funds have been commingled, mixed, moved, laundered or dissipated months or years ago. No early asset freeze was executed — the single biggest prerequisite for successful recovery. This leads to the most critical point: The money is almost certainly gone — long gone — no matter what the courtroom decides. And offshore entities know this.Their entire model relies on legal distance, fragmented jurisdictions, and regulators shrugging responsibility. The question nobody wants to ask: Who really benefits from this litigation? From years of FinTelegram investigations, a consistent truth emerges: In cross-border crypto fraud litigation, lawyers almost always recover more than the victims. Victims, already emotionally and financially drained, often believe litigation is the last hope. But hope is not a strategy. Before joining group lawsuits, victims should ask: Which Kyrrex entity is actually being sued? Where does it hold enforceable assets — if any? What is the fee structure? Are there caps on costs, or can fees exceed recovery? What is the enforcement pathway against an offshore company intentionally structured for evasion? What are the realistic odds of recovering even 10% of losses after costs? These answers will likely be sobering. Conclusion: Justice is important — but false hope is dangerous The ICIJ report is essential reading. It highlights a system engineered to exploit jurisdictional gaps while maintaining a thin veneer of legitimacy. But when it comes to fund recovery, victims must remain brutally realistic: Litigation may establish guilt — not restitution. Offshore crypto firms do not pay simply because a court tells them to. Legal costs can erase the tiny chance of recovery. FinTelegram’s position remains consistent: Victims deserve justice, not illusions.And before committing to expensive, uncertain litigation, they deserve full transparency about the true odds of meaningful financial recovery. We will continue tracking the Dutch case, Kyrrex, and HTX — and we invite whistleblowers, insiders, and affected victims to share relevant materials confidentially via Whistle42.com. Share Information via Whistle42 Only through transparency and data — not wishful legal thinking — can the crypto crime ecosystem be dismantled.

Digital assets are in a post-halving drawdown reminiscent of 2016/2020: >$1T in market cap erased since October, BTC falling ~30% from its peak as leverage unwinds, ETF demand flips negative, and the dollar firms. Near term: high-volatility, data-dependent chop with risk of further downside before any durable base. The Fear-and-Greed Index cries “Extreme Fear.“ What’s driving the sell-off (stacked effects) Forced deleveraging: multi-billion liquidations across perps; venue-specific “air-pockets” (e.g., Hyperliquid flash-crash) (Sources: coindesk, CryptoPotato). ETF flow reversal: record daily outflows (IBIT) and one of the worst months for U.S. spot-BTC ETFs (Source: Reuters). Macro risk-off & stronger USD: DXY rebound/levels near 100, hawkish Fed tone, and trade-policy uncertainty (Source: FXStreet). Thin liquidity & profit-taking by long-term holders amplified the move (Source: Business Insider) Macro context After a powerful run into/after the Apr 2024 halving, the cycle hit classic headwinds: tighter dollar liquidity, higher real yields, and policy noise (tariffs/export-controls). Prior cycles also saw sharp mid-cycle retracements before trend resumption. Historical halving cycles suggest bottoms form 512-542 days post-halving—putting potential lows around Q1 2026 (Source: Bitcoin Suisse). Scenarios to year-end / Jan 2026 Downshifted outlook (to Jan 2026) Probabilities: Bear 45% (from 30%), Base 40% (from 50%), Bull 15% (from 20%). Path: Crash-then-crawl. After one or more capitulation waves (forced liquidations + ETF outflows), a reflexive bounce likely fades into a lower, wider range. Altcoins underperform longer as liquidity and retail flows retreat. Why a deeper/slower recovery is plausible Greed/Fear at extremes tends not to be reliably contrarian when macro regime is tightening (strong USD, higher real yields, equity stress). AI-bubble risk: An unwind in crowded AI trades can force systematic de-risking (CTAs/vol-control/risk parity), shrinking overall risk appetite and correlation-spiking into crypto. Flows > narratives: If spot-ETF net flows stall or swing negative while funding rebuilds, any rally is vulnerable to repeat flushes. What this means for positioning Already invested: De-risk to BTC/ETH core, cut leverage, and consider collars/protective puts where available. Hold cash/Dry powder for forced-seller days; avoid catching knives in high-beta alts. Considering entry: Use time-staggered buys only after all three confirm: (1) 3–5 consecutive days of net ETF inflows, (2) cooling USD / softer yields, (3) funding near flat with open interest rebuilt gradually. Risk controls: Expect large gaps and failed breakouts. Size smaller, widen stops, diversify venue risk, and prefer spot over perps until volatility compresses. Bearish signposts to watch Persistent ETF outflows across issuers. Rising DXY / wider credit spreads. Altcoin breadth making new lows on rebounds. Bottom line: Treat this as a capital-preservation phase. The upside will still be there when flows and macro turn; until then, patience and disciplined sizing beat hero trades. What can investors do now? Already invested: Rebalance toward higher-quality (BTC/ETH), reduce leverage; use staged adds only after ETF flows turn positive for multiple days and price reclaims breakdown levels. Set hard invalidation levels (Source: farside.co.uk). Considering entry: Prefer staggered buys (time- or level-based) with small sizing; avoid high-beta alts until BTC stabilizes and funding normalizes. Risk controls: Vol remains elevated—use wider stops, avoid overexposure to single venues, and monitor funding, OI and daily ETF flow tape. Key watchlist: U.S. spot-BTC ETF net flows (daily), DXY trajectory, and liquidation/funding metrics. Sustained improvement across these is your confirmation signal. Share Information via Whistle42

FinTelegram, a financial intelligence platform focused on investor protection, relied on information that appeared credible at the time in connection with our coverage of Dmitry Borisovich Volkov and entities associated with the Social Discovery Group Dating ecosystem. Based on subsequent verification, we have determined that key elements of that material do not meet our standards of accuracy and fairness. What this means Investigation closed: Our editorial inquiry on this topic has been formally discontinued. Articles removed: The related articles have been removed from our website and official channels. Where technically feasible, legacy URLs will either be taken down or redirected to this notice so that prior headlines do not continue to circulate without context. Fairness Principle: FinTelegram has critically reviewed the information submitted to us and reassessed the articles concerned in light of our commitment to accuracy and objectivity. As a result of this review, we have decided to remove the articles in question. We consider this step to be in the best interests of all parties involved and an appropriate way to avoid further disputes.

This compliance report analyzes the crypto operation known as Choise (formerly Crypterium), which operates through the domains choise.com and choise.ai. The operation, led by Russian nationals Vladimir Gorbunov, Gleb Markov, and Slava Semenchuk, has raised significant concerns regarding investor losses, regulatory compliance, and operational transparency. The Liquidition Scenario The Lithuanian operating entity UAB Choise Services entered voluntary liquidation in April 2025, while investors continue to report difficulties accessing their funds. Customers now rank as unsecured creditors in a Lithuanian liquidation process, having to submit claims (including via the dedicated crypto-asset claim form) to liquidator Alla Gorbunova. Current information on the website The Choise scheme does not disclose its “in liquidation” status on its two well-known websites or on social media. The websites still list Lithuanian Choice Services UAB as the registered VASP and operator alongside Charism LLC, which is registered in SVG. However, we were unable to register during our review on November 18, 2025. When you visit the Choise.com website, a pop-up window simply informs you that the old wallet addresses will no longer work after September 15, 2025. There is no mention of the liquidation. 1. Overview & history Choise (still operating via choise.com and choise.ai) is the successor of Crypterium, a “cryptobank” project launched in Estonia in 2017 by Russian entrepreneurs Vladimir Gorbunov and Gleb Markov (Source: russoft.org). Crypterium conducted a large ICO in late 2017–early 2018, raising roughly USD 50–52m according to multiple trackers (Source: CryptoRank). The ICO token CRPT now trades at a tiny fraction of its historical price (down >99% from ICO/ATH depending on the data source). In June 2022, Crypterium publicly rebranded to Choise.com, described by founder & CEO Vladimir Gorbunov as “the next step in Crypterium’s evolution” and a “MetaFi ecosystem” bridging CeFi and DeFi (Source: Choise.com). In 2024, the group introduced Choise.ai, presented as an AI-driven, B2B crypto-fiat infrastructure and RWA platform, again fronted by Gorbunov as founder & CEO (Source: Choise.ai). In 2024, the group initiated a CRPT → CHO token merge, exchanging CRPT for the new CHO token via a centralized swap with lock-ups and a complex bonus structure (Source: CoinSpot). 2. Business model & activities Retail / CeFi & DeFi (“MetaFi”) According to its own marketing, Choise.com is (or was) a “gateway crypto platform that combines CeFi and DeFi solutions,” offering: Crypto purchase and swap services Interest accounts / “deposits”, yield products and liquidity pools A non-custodial / custodial wallet stack Cards (crypto-funded Visa/Mastercard) for everyday spending Access to certain DeFi strategies via in-app interfaces Earlier Crypterium branding explicitly called the project the “world’s first cryptobank” and described crypto “deposits” generating interest. B2B infrastructure (Vault, white-label, Vbanq) Choise positions or positioned itself increasingly as an infrastructure provider: Vault is marketed as a white-label “cryptobanking” B2B2C solution, allowing companies to “launch a crypto bank” quickly using Choise infrastructure. Multiple third-party brands (e.g. Gleec Card, others) use legal texts indicating that crypto services and program management are provided by Choise Services UAB, Crypterium AS and Charism LLC (Source: 3gleec.com) A linked product Vbanq is also mentioned in user claims as being part of the same infrastructure cluster (Source: linkedin.com). The combination of retail high-yield products and white-label infrastructure magnifies the systemic and AML risk footprint of the group. 3. Legal entities & jurisdictions Key entities linked to Choise/Crypterium EntityJurisdiction & StatusRole (per public docs)Key Compliance ObservationsChoise Services UAB (305964183)Lithuania – In liquidation (“Likviduojamas”; liquidation effective 2025, liquidator: Alla Gorbunova)Listed on choise.com as operator of the web and mobile apps; VASP (crypto exchange + custodian wallet). Historically the core regulated entity of the Choise/Crypterium group.The company has ceased VASP operations and is under formal liquidation. Clients must file claims to the liquidator (incl. dedicated crypto-asset claim form). Websites still describing Choise Services UAB as an active provider are misleading/outdated. Users now rank as unsecured creditors in a Lithuanian liquidation.Crypterium AS (14352837)Estonia – Deleted / dissolved (company struck off 28 Mar 2024)Original “cryptobank” entity and CRPT ecosystem operator; referenced in older card and wallet terms.The historic backbone entity of the project no longer exists. This significantly weakens recourse options for ICO investors and early users whose contractual counterpart was Crypterium AS.Charism LLCSt. Vincent & the Grenadines (SVG) – Active (offshore LLC)Listed in card and wallet terms as service provider together with Choise Services UAB and Crypterium AS.SVG is a high-risk offshore jurisdiction with minimal investor protection. No banking licence, no deposit guarantee. Use of this entity for wallets/cards raises jurisdictional and enforceability risks.Vault / Vbanq-related entities (various)Various (often EU + offshore partners)B2B “cryptobanking”/MetaFi infrastructure powering third-party wallets and cards.Extends Choise’s risk footprint to white-label partners and their end-users, many of whom may not realise they are exposed to the Choise infrastructure cluster. Counterparty risk is opaque.https://fintelegram.com/tag/wallettoUAB Walletto (partner)Lithuania – Licensed payment institutionCard issuer/payment partner for Crypterium/Choise-branded cards.Walletto is regulated by the Lithuanian central bank, but Choise acts as programme partner only, not as a licensed EMI/bank. Users’ perception of “bank-like” safety is not matched by Choise’s regulatory status. 4. Ownership & key persons Public sources and the original Crypterium whitepaper identify the founding core team as (Source: Coindesk): Vladimir Gorbunov – CEO and Founder Vladimir Gorbunov, a Russian national, publicly presents himself as the CEO and Founder of Choise on the company’s website choise.ai. Gorbunov has described his projects as having achieved a total capitalization exceeding $1 billion by early 2022. Allegedly, he is based in Slovakia and has extensive experience in fintech projects, having previously established the Moscow subway loyalty program in Russia.​ Gleb Markov – Co-founder Gleb Markov is identified as co-founder of Crypterium and has an extensive background in Russian fintech and payment services. His previous roles include:​ General Manager and Founder at PayQR International (Moscow-based payment services)​ Head of Development Department of Payment Services at Svyaznoy Bank​ Head of Department of Electronic and Mobile Commerce at Master-Bank​ Markov and Gorbunov are confirmed as the duo who founded Crypterium in 2017 in Estonia.​ Slava Semenchuk – Co-founder Viacheslav (Slava) Semenchuk is identified as a co-founder and fintech entrepreneur based in Abu Dhabi, United Arab Emirates (Source: LinkedIn). His background includes:​ EY Entrepreneur of the Year award recipient (2014)​ Founder of LifePay.ru, a Russian mPOS service sold to a major bank​ Multiple blockchain and cryptocurrency ventures including BitCOEN and ProtoLend​ Author of six business books​ In his LinkedIn profile, Semenchuk conceals his participation in the Cryptonite and Choise schemes. All three founders have strong connections to Russia’s fintech and payment processing sectors, with operations historically centered in Moscow before expanding internationally. 5. Regulatory framework & licensing posture Lithuanian VASP – now in liquidation The central operating entity of the Choise group in the EU has been UAB Choise Services (code 305964183), registered in Lithuania as a virtual currency exchange operator and custodian wallet operator (VASP).rekvizitai.vz.lt The Lithuanian business registry now lists Choise Services UAB with legal status “Likviduojamas” (In liquidation), with a registered address in Vilnius.rekvizitai.vz.lt An official “Application Form for the Disbursement of Crypto-Assets in the course of Choise Services UAB liquidation” addressed to the Liquidator, Alla Gorbunova, confirms that a formal liquidation process is underway and that clients must file claims to recover their crypto-assets.Scribd From a regulatory perspective, this means: Choise Services UAB has ceased active VASP operations and is in the process of winding down. Any representation on choise.com / choise.ai that describes Choise Services UAB as an ongoing, fully operational service provider is outdated and potentially misleading for consumers and partners. Scope and limits of the former VASP registration Even while active, the Lithuanian VASP status: Did not make Choise Services UAB a bank or an electronic money institution. Imposed primarily AML/CTF, registration and organisational obligations, but no prudential guarantees or deposit protection for clients. The long-standing marketing of Crypterium/Choise as a “cryptobank” offering “deposits”, “savings accounts” and “interest” therefore created a structural mismatch between regulatory reality and customer expectations, now aggravated by the liquidation of the EU entity. Shift to offshore and non-EU structures With Crypterium AS (Estonia) deleted in 2024 and Choise Services UAB in liquidation in Lithuania, the remaining operational footprint appears to rest increasingly on offshore entities such as Charism LLC in St. Vincent & the Grenadines and non-EU partners. These jurisdictions: Offer minimal investor and consumer protection, Provide limited transparency on beneficial ownership, and Make cross-border enforcement and recovery significantly more difficult for EU retail clients. Regulatory risk assessment In summary, the regulatory and licensing posture of the Choise scheme is characterised by: Formal wind-down of the only EU-registered VASP (Choise Services UAB), pushing existing users into a creditor position in a Lithuanian liquidation rather than a live, supervised client relationship. A history of aggressive, bank-like marketing (cryptobank, deposits, interest) without corresponding banking/EMI licences. A jurisdictional pivot toward offshore structures (SVG) and opaque group entities just as user complaints and value losses become most acute. For compliance officers, payment partners, and institutional investors, Choise must therefore be classified as a high-risk counterpart with escalating regulatory and enforcement risk, particularly in the EU context under MiCA and national consumer-protection regimes. 6. ICO, tokens & investor outcomes CRPT ICO (2017–2018) CRPT was issued as an ERC-20 utility token used as “gas” in Crypterium transactions, with a 0.5% burn on each in-ecosystem transaction. Public data indicate USD 50–52m raised in the ICO/private rounds. ICO price is variously reported around USD 1–1.5 per token; current prices on several exchanges are fractions of a cent, implying ~99%+ capital loss for buy-and-hold participants. CRPT → CHO token merge (2024) In 2024, Choise announced the merge of legacy CRPT into the new CHO token (Source: kucoin.com). Swap ratio: 1 CRPT = 1.05 CHO + 10% bonus. Main deposit of CHO locked for 3 months. Bonus deposit subject to 6-month lock + 18-month vesting, and fully forfeited if the user allows their main-deposit balance to fall by more than 50%. Exchanges such as CoinEx and CoinSpot performed a one-time automatic swap of listed CRPT balances to CHO (Source: CoinEx). User complaints suggest that: Some holders who kept CRPT off-platform or missed deadlines were left with effectively illiquid tokens (Source: Reddit). Locked CHO deposits significantly restricted exit options, especially in a low-liquidity market. Structurally, such a centralized, lock-up-heavy swap – combined with yield promises and references to revenue sharing in CHO materials – edges towards securities-like characteristics, especially under MiFID II / MiCA, even though Choise brands CHO as a pure utility token. 7. Fraud Allegations and User Complaints Systematic Withdrawal Restrictions Extensive user complaints across multiple platforms document a consistent pattern of withdrawal restrictions and fund access problems: Reddit Testimonials:A July 2024 Reddit post titled “Way out of choise.com SCAM?” describes the platform as having “an elaborate system where you can deposit funds but cannot withdraw them”. Multiple users report being unable to access their cryptocurrency despite repeated attempts.​ One user stated: “I’ve also been scammed by this company. My Bitcoin has been locked while they go through a ‘rebrand’ for over almost 2 years”.​ Trustpilot Reviews:The Choise.com Trustpilot page shows a rating of 2.1 out of 5 stars with 220 reviews, with the platform flagged as potentially associated with “high-risk investments”. User complaints include:​ “Simply said they have stolen my crypto… the funds were removed from the wallet, which is now empty, but the other wallet never received the funds”​ “They’ll steal your funds… withdraws and topping up your card are not working due to ‘transition phase’. Funny enough this is not stated anywhere till you add money onto the platform”​ “Cannot get my money for three years now. Very scammy!”​ “BLATANT SCAM – If you convert CRPT outside of their website they refund you less than 10%”​ YouTube Documentation:A May 2024 YouTube video titled “Choise.com / Choise.ai is a pure SCAM STEALING ALERT” documents the company “preventing people to withdraw or to transfer and to even exchange their cryptocurrency”.​ A subsequent August 2024 video documents one user’s successful fund recovery after three months of persistent contact with support, threatening legal action, and directly contacting company executives. The user ultimately uninstalled the app and warned others to stay away from the platform.​ Historical Scam Accusations A May 2021 Reddit post titled “Why Crypterium (CRPT) is a $58m scam and best avoided” detailed concerns about the original ICO, questioning where the substantial funds raised disappeared and criticizing the company’s multiple failed pivots.​ BitcoinTalk forum posts from 2021 describe Crypterium as a “BIG SCAMM AND CHEAT” with users reporting locked accounts, ignored support requests, and funds disappearing.​ Crowdfunding Platform Concerns A January 2021 comment on Crowdfund Insider describes Crypterium as “a well elaborated Russia based scam” stating that “In 2018 they run an fraudulent ICO in which they raised 52 million dollars”.​ Regulatory warnings While we did not find direct enforcement actions naming Choise Services UAB itself, several regulators have issued warnings about entities using the Crypterium brand: CONSOB (Italy) and CNMV (Spain) issued warnings in 2020 against “Crypterium Financial Services” (domain crypteriumfs.com) as an unauthorised investment/financial service (Source: IOSCO, Consob, CNMV, DFSA). The Bank of Russia lists “CRYPTERIUM-COIN.COM” among projects with signs of an illegal financial pyramid scheme (Source: CBR) It is not clear, based on public records, whether these clone/variant domains were directly operated by the main Crypterium/Choise group or by third parties abusing the brand. However, from a compliance standpoint, the existence of multiple regulatory warnings against “Crypterium”-branded entities substantially raises the overall risk profile and brand-confusion risk for investors and partners. 8. Conclusion: A Vanishing Structure, Not Vanishing Founders The facts are uncomfortable and simple: The Crypterium / Choise ecosystem raised tens of millions of dollars from investors during the 2017–2018 ICO boom. The original Estonian backbone (Crypterium AS) has been deleted, and the key Lithuanian VASP (Choise Services UAB) is now in liquidation. Retail investors and users face near-total losses on CRPT and its migration into CHO, while their claims are reduced to unsecured creditor status in a winding-down structure. The Russian founders and key figures – first and foremost Vladimir Gorbunov and his circle – have not disappeared from public view. They still appear on websites, at conferences and on social media. What has effectively disappeared is the transparent, enforceable corporate framework through which tens of millions were collected and user funds were held. From a compliance and investor-protection perspective, Choise/Crypterium must therefore be classified as a high-risk scheme with a massive accountability gap: the money flowed in through regulated-sounding entities and “cryptobank” marketing – the entities are now being shut down, while investors are left with write-offs and complex liquidation processes. Call for Information – Whistle42 FinTelegram will continue to investigate the Crypterium / Choise / Choise.ai complex, including: The true current beneficial ownership behind the remaining entities and brands; The use and allocation of ICO proceeds and later token/fee revenues; Internal policies on withdrawals, account freezes, KYC/AML reviews and the treatment of customer complaints; Any regulatory inspections, warnings or enforcement actions in Lithuania, Estonia or other jurisdictions. We explicitly call on: Insiders, former employees, contractors and service providers of Crypterium, Choise, Vault, Vbanq and related entities; Investors and users affected by the CRPT ICO, CHO swap, cards, “deposit” products or locked balances, to share documents, correspondence, screenshots or contracts with us via our whistleblower platform Whistle42. Submissions can be made confidentially. Verified information about fund flows, internal decisions, and regulatory interactions will help us close this accountability gap and support victims, regulators and law-enforcement authorities in understanding what really happened behind the Choise scheme. Share Information via Whistle42

Strategy (ex-MicroStrategy) has transformed itself into the world’s biggest listed Bitcoin treasury company, holding about 649,870 BTC acquired for roughly $48.4 billion at an average cost above $74k per coin. After Bitcoin’s recent fall from six-figure highs to around $91k, the market is again debating whether a deeper correction could push Strategy toward solvency stress or even bankruptcy (Source: TIKR.com). On 10 November, Michael Saylor reiterated on X that “we hodl 641,692 BTC” and promptly added more, underlining his conviction despite rising volatility. Strategy’s Position in a Sustained BTC Downtrend Strategy finances its BTC stack with a mix of convertible notes, secured loans and equity issuance, with total debt estimated around $10–11 billion (Source: BitMEX). Independent analyses suggest a theoretical debt-coverage/“liquidation” level in the low-$20k BTC range, far below current prices, meaning that even a 60–70% drawdown from here would likely leave the company solvent on paper (Source: 21shares). The real risk in a prolonged correction is different: Equity collapse: MSTR trades as a geared BTC proxy. A deep bear market would hammer the stock, raising capital-markets and refinancing risk (Source: Investopedia). Refinancing & covenants: Lower equity value and wider credit spreads could make rolling or retiring debt materially harder and more expensive. Accounting & sentiment: Large mark-to-market losses could trigger impairments, downgrades and negative feedback from wary shareholders and lenders. Bankruptcy is still a tail scenario but can’t be ruled out if BTC collapsed toward or below the $20k area and stayed there while credit markets seized up. Impact on the Broader Crypto Market Strategy controls more than 3% of all BTC that will ever exist (Source: The Block). Any forced liquidation or distressed restructuring would be systemically bearish: direct selling pressure, loss of a key bullish narrative (“corporate BTC standard”), tighter lender risk appetite for BTC-backed borrowing and structured products. Even without bankruptcy, a prolonged Strategy drawdown would chill institutional appetite and likely widen the next crypto winter. Link to an AI Bubble Bust As FinTelegram has argued in its AI-bubble doomsday briefing, a sharp AI-tech crash would likely trigger a broad risk-off phase. Strategy is doubly exposed: it is listed as a tech stock and fully tied to BTC, which increasingly trades like a high-beta macro asset. An AI bust with tightening liquidity, higher real rates and falling tech valuations would greatly increase the probability of a deep BTC bear phase – and, by extension, of serious stress at Strategy. Working hypothesis: bankruptcy remains a low-probability tail risk, but the combination of an AI-driven equity crash and a 60–80% BTC drawdown would push Strategy close to that edge and would be structurally negative for the entire crypto segment. Share Information via Whistle42

When FinTelegram’s recent investor briefing outlined a tail-risk “AI bubble crash” scenario, it was a macro thought experiment. Peter Thiel’s Thiel Macro LLC now adds a very real data point: according to SEC filings, the fund sold its entire Nvidia stake – around 537,742 shares worth roughly $100 million – during Q3 2025 (Source: Reuters). The move comes just as central banks, from the ECB to the Bank of England, and even tech leaders like Google’s Sundar Pichai, warn of bubble-like dynamics and “irrational” AI spending (NYPost.com) At the same time, SoftBank and other large investors have also exited or reduced Nvidia positions, intensifying the debate over whether AI valuations are peaking (Source bitget.com). Read more about the AI Bubble fears here. How Much Does Thiel’s Move Matter? Nvidia is the key equity barometer for the AI trade. Its chips power data centres, model training and much of the AI arms race. A complete exit by an insider-level tech investor like Thiel inevitably looks like a vote of no confidence in current pricing, even if his fund has not publicly framed it that way (Source: finextra.com). However, portfolio mechanics matter. Thiel Macro had a highly concentrated Nvidia position; taking profits and reducing single-name risk near all-time highs is rational risk management. Read purely as a timing call, the sale is a warning signal, not definitive proof that the AI cycle is over. Revisiting the Doomsday Scenario In our FinTelegram briefing, we described a doomsday variant where: AI megacaps fall 60–75%, broad equity indices drop 30–40%, and crypto suffers a 60–80% drawdown in BTC and ETH, with many altcoins effectively wiped out. Thiel’s exit and other large divestments slightly increase our estimated probability that such an extreme unwind could occur over the next 2–3 years – from roughly 10–15% to the upper end of that range. They indicate that sophisticated capital is starting to de-risk at the margin. Our view: this is not a call to panic, but a clear reminder to investors that AI and crypto exposures are tightly linked high-beta trades. Concentration, leverage and liquidity risk should now be treated as primary portfolio variables, not footnotes. Share Information via Whistle42