1. Case Summary — Germany Ends Sanctions Probe via Monetary Settlement German prosecutors in Munich have formally discontinued a criminal investigation into Russian‑Uzbek billionaire Alisher Usmanov concerning alleged violations of sanctions and the German Außenwirtschaftsgesetz (Foreign Trade and Payments Act), on the condition that Usmanov pays €10 million (Source: SZ). The case stemmed from allegations that Usmanov, who has been subject to EU and U.S. sanctions since 2022, arranged payments (~€1.5 m) through foreign‑based firms for security services at properties near Tegernsee and allegedly failed to declare valuable assets to German authorities — conduct prosecutors viewed as potential sanctions/non‑compliance (Source: n-tv). Prosecutors and the Munich Regional Court (Landgericht München II) agreed that in light of “special circumstances of this individual case” and unresolved legal questions around sanctions application, the matter could be closed under German criminal procedural law through a monetary condition (Geldauflage), without a conviction or penalty (Source: Deutschlandfunk). The payment is not treated as a fine or punitive sanction; the presumption of innocence remains intact, and the prosecution cannot be reopened on the same facts once the payment is completed (Source: DIE WELT). According to prosecutors, €8.5 m of the €10 m will go to Bavaria’s treasury and €1.5 m to social support charities (e.g., prisoner welfare and victim support) (Source: Reuters). This resolution follows a previous 2024 German discontinuation of a money‑laundering investigation against Usmanov on similar terms (payment of ~€4 m), again without admission of guilt. 2. Legal and Procedural Context Under German law, prosecutors may discontinue proceedings by imposing a Geldauflage — a conditional financial contribution — when it serves procedural efficiency and public interest, and where outright prosecution may not be warranted or legally certain. Such an arrangement: is not a conviction; does not establish guilt or liability; and maintains the presumption of innocence under criminal law. German authorities highlighted unresolved questions relating to sanctions rules and formal requirements, particularly concerning how EU sanctions obligations intersect with German law and reporting duties. This sort of prosecutorial discretion is relatively rare in high‑profile sanctions cases, especially involving politically exposed persons (PEPs) with frozen assets, leading to divergent reactions in legal and policy circles. 3. Usmanov’s Broader Sanctions and Legal Challenges Sanctions status: Usmanov was placed on the EU sanctions list in February 2022 following Russia’s invasion of Ukraine; similar sanctions were imposed by the U.S., UK, and Canada. He has challenged his sanctions designations, including an appeal to the EU General Court (dismissed in 2025) and legal actions against the EU Council and media outlets over alleged defamatory reporting (Source: Wikipedia). Litigation history in Germany: German courts previously found aspects of law enforcement conduct — including property search warrants — to be unlawful, citing formal violations and legal shortcomings. Some cases involved alleged misattribution of property ownership and contested links between Usmanov and entities purportedly connected to him. Ongoing enforcement landscape: At present, there is no public indication of equivalent criminal sanctions or prosecutions against Usmanov continuing in other jurisdictions directly tied to the German case. However: EU and U.S. sanctions remain in force, including asset freezes and travel bans. Compliance and sanctions enforcement agencies in various jurisdictions continue to monitor and enforce restrictions against sanctioned individuals, and legal challenges may continue indirectly through administrative sanctions proceedings. Wikipedia 4. Compliance Implications and Evaluation For sanctions compliance analysts and investigators, this development underscores several important themes: a. Sanctions Enforcement Complexity Sanctions cases involving PEPs and globally diversified asset structures pose unique legal challenges, particularly when: ownership structures involve trusts and indirect holdings, and the application of reporting obligations across jurisdictions remains legally unsettled. Wikipedia Courts may scrutinize enforcement mechanisms and procedural requirements, affecting prosecutorial strategies. b. Prosecutorial Discretion vs. Public Policy The use of a monetary settlement (Geldauflage) in lieu of prosecution — without a formal penalty — raises policy questions: Does such a settlement effectively enforce compliance norms? Might it create perceptions of unequal treatment for high‑net‑worth PEPs? How should sanctions enforcement balance legal certainty, resource allocation, and enforcement impact? These questions are increasingly relevant in cross‑border sanctions enforcement. c. Asset Freezes vs. Criminal Liability Sanctions regimes (EU, U.S., UK) can operate independently of criminal prosecutions. Freezes restrict economic interaction, while criminal liability requires proof of specific statutory violations. Usmanov’s case illustrates how sanctions obligations may intersect with domestic criminal law, but regulatory enforcement does not automatically lead to conviction. 5. Conclusion The termination of the German proceedings against Alisher Usmanov against a €10 million monetary condition — without conviction or admission of guilt — reflects a legal compromise shaped by unresolved legal questions, procedural considerations, and prosecutorial discretion. While this preserves Usmanov’s presumption of innocence, it also highlights the challenges regulators face in enforcing sanctions and foreign trade laws against sophisticated global actors. The sanctions frameworks under which Usmanov remains designated continue to have legal force, and compliance scrutiny persists, even as discrete criminal proceedings are resolved. For FinTelegram intelligence and compliance monitoring, this case demonstrates the nuanced interplay of sanctions enforcement, legal defenses, and prosecutorial strategy — and underscores the need for continued observation of how such high‑profile sanctions matters evolve across jurisdictions. Share Information via Whistle42.

Offshore casinos are no longer “just unlicensed websites.” They are increasingly engineered systems designed to be hard to regulate: anonymous operator presentation, jurisdiction-neutral legal clauses, and—most importantly—multi-layer payment architectures that turn a “casino deposit” into something else entirely. FinTelegram’s recent Stellar investigation illustrates how crypto rails (including bridged stablecoins like USDC.e), open-banking style flows, and payment intermediaries can effectively free offshore operators from meaningful constraints—raising an uncomfortable question: does regulation still work if enforcement can’t touch the rails? Read our Stellar Report here. Key Facts Offshore casinos can swap domains and brands quickly; enforcement measures like warnings and blacklists are often slow, fragmented, and easy to route around. Modern payment stacks split a single “deposit” into multiple counterparties (on-ramp, PSP rail, wallet transfer, settlement layer), obscuring merchant-of-record and weakening consumer redress. In the Stellar cluster documented by FinTelegram, recurring patterns include “fake bank transfers” that are actually crypto purchases (e.g., USDC.e) followed by automatic transfers to casino wallets—plus repeated appearances of the same facilitators. The competitive distortion is structural: regulated operators bear licensing and compliance cost; offshore operators externalize cost to consumers and the financial system. Short Analysis 1) The enforcement gap is structural, not accidental Classic gambling enforcement assumes an operator has identifiable ownership, a stable jurisdiction, and bank rails that regulators can pressure. Offshore casino networks increasingly avoid all three. They “export” gambling into regulated markets while keeping legal entities, infrastructure, and settlement arrangements outside practical reach. Regulators can publish warnings—but warnings do not stop payments. 2) Payment architecture has become the real regulatory battleground The crucial shift is the replacement of direct gambling payments with proxy transactions. “Deposits” are re-framed as: crypto purchases (sometimes bridged variants like USDC.e), open-banking style payments through intermediaries, or e-wallet/aggregator flows where the payee is a third party and the casino receives crypto or pooled settlement elsewhere. This doesn’t only complicate chargebacks. It breaks the supervisory levers regulators historically relied on: the purpose becomes blurry, the merchant-of-record becomes debatable, and the jurisdictional hook disappears. 3) Why offshore casinos are getting bolder When enforcement is slow or ineffective, the economics shift. Offshore operators rationally become more aggressive: expanding into restricted markets, scaling affiliate distribution, and hardening deposit flows against reversal. Over time, “compliance” becomes a cost center for regulated firms—and a competitive handicap. 4) Does regulation still make sense? Yes — but only if it targets chokepoints This is not an argument for deregulation. It is a warning that enforcement must migrate from the casino brand to the rails. Offshore casinos can rotate domains cheaply; they cannot operate without: payment gateways and PSPs enabling disguised deposits, crypto on-ramps and stablecoin rails used as “fake-fiat,” open banking facilitators and consent flows, affiliates and traffic brokers powering distribution. If regulators focus only on the offshore “operator” while ignoring the chokepoints, the outcome is predictable: more volume, more harm, less redress. Call for Information FinTelegram is building case files on the payment chokepoints that enable offshore gambling at scale. If you have evidence on gateway operators, on-ramps, merchant descriptors, acquiring banks, open-banking facilitators, affiliate networks, or withdrawal failures linked to “fake-fiat” deposit flows (including USDC.e), please submit it via Whistle42.com. Share Information via Whistle42

FinTelegram has expanded its review beyond Legiano and observed a repeatable pattern across multiple casino brands attributed to the operator Stellar Ltd: near-identical site structures, minimal operator disclosure, boilerplate “applicable law” clauses, and the same payment rails—most notably “fake bank transfers” facilitated by Polish Chainvalley that convert fiat into USDC.e and forward it to casino wallets. This report consolidates the pattern and explains why USDC.e adds bridge-risk on top of the already deceptive “fake-fiat” UX. Key Facts Casino review aggregators attribute brands such as Ragnaro, Astromania, SpinFin (and others) to Stellar Ltd (Source: Online Casino Groups). Across Stellar-branded sites we reviewed, operator/jurisdiction disclosure is weak, and legal language is often generic or template-like—e.g., SpinFin’s terms literally include a placeholder “laws of [insert jurisdiction]” (Source: SpinFin Casino). The Legiano rail (already published) appears reusable across the network: utPay/Chainvalley checkout → Skrill/Neteller funding → USDC/USDC.e purchase → automatic transfer to casino walle (Source: FinTelegram, Chainvalley) In MiFinity-branded flows, FinTelegram again observed the payee CANAMONEY EXCHANGE LTD (Canada) d/b/a CenturaPay (Source: CenturaPay). Read our Legiano reports here. Short Analysis 1) “Anonymity by Design.” A legitimate gambling operator typically discloses the licensed entity, the licensing authority, and a concrete governing law/jurisdiction. In the Stellar cluster, those anchors are frequently missing or diluted into non-answers (“applicable law”)—or left as template placeholders. This is not a cosmetic defect; it is a dispute and enforcement obstacle. 2) The Payment Architecture is the Same—Because it’s a Template What players experience as a “bank transfer” or “fiat deposit” is, in practice, a crypto purchase executed through a third-party on-ramp and forwarded to a casino wallet. Chainvalley’s own terms contemplate delivering virtual currency to a user-specified wallet address and even freezing crypto/fiat under its rules—confirming the flow is built as an exchange/on-ramp product, not a casino deposit product. For the player, the consequence is predictable: the transaction becomes “I bought crypto and received it,” not “I paid a gambling merchant,” which can undermine chargeback narratives and complicate complaints. 3) Why USDC.e is a second risk layer FinTelegram’s screenshots show USDC.e being purchased in these cashier flows. USDC.e is typically “bridged USDC”—a representation created via third-party bridge mechanics, not native issuance on that chain. Circle’s own documentation and legal terms state that bridged USDC is not issued/redeemed by Circle and is not backed by Circle’s USDC reserves, adding dependency on bridge integrity (“bridge risk”) (Sources: Circle, Circle, USDC, Avalanche).In short: fake-fiat rail + bridged stablecoin = less transparency, weaker redress, more technical failure modes. Call for Information FinTelegram is expanding the Stellar/Legiano case into a broader investigation of this casino template and its payment chokepoints. If you are a player, affiliate manager, PSP/acquirer insider, or have evidence about merchant descriptors, settlement accounts, token contract addresses for the “USDC.e” used, wallet clusters, chargeback outcomes, or payout/withdrawal issues across Legiano/SpinFin/Ragnaro/Astromania/MonsterWin and related brands, submit securely via Whistle42.com. We will publish dedicated deep-dive compliance notes on Chainvalley and CenturaPay/CANAMONEY as this case expands. Share Information via Whistle42

Daftcode’s Kryptonim: How a Warsaw Venture Builder’s Crypto Payment Processor Enables Offshore Casino Fraud Through Deceptive Banking Infrastructure Despite publishing explicit prohibitions against gambling transactions in its Terms of Service, Kryptonim sp. z o.o.—a cryptocurrency payment processor owned by Warsaw-based venture builder Daftcode—systematically processes cryptocurrency payments for illegally operating offshore casinos, including Neon54, LuckyWins (Dama N.V.), and Winning.io. FinTelegram’s latest compliance investigation documents how Kryptonim‘s technical infrastructure, combined with deliberate obfuscation through payment aggregators, enables players to believe they are making bank transfers while actually purchasing stablecoins that bypass traditional chargeback protections. INVESTIGATION SUMMARY FinTelegram’s compliance research division has completed a comprehensive investigation into Kryptonim sp. z o.o. (KRS 0001017630), a Polish virtual asset service provider incorporated February 3, 2023, and documented systematic facilitation of cryptocurrency payment flows for illegal offshore casinos operating without proper licenses in EU member states and Canada. FinTelegram’s complete 40-page compliance profile—“Systematic Facilitation of Illegal Gambling Payments: A Comprehensive AML/CTF Compliance Analysis of Kryptonim sp. z o.o.”—is now available for download. The profile includes: Complete beneficial ownership analysis and Daftcode venture builder governance structure Detailed documentation of payment flows through Neon54, LuckyWins, and Winning.io Screenshots showing fake banking infrastructure and merchant integration AML/CTF control gap assessment Regulatory enforcement risk analysis comparing KuCoin precedent Operational recommendations for compliance remediation Download the Full Kryptonim Compliance Report here. Key Findings: 1. Controlled by Daftcode Venture Builder Network Kryptonim operates as a portfolio company of Daftcode sp. z o.o., a Warsaw-based venture builder founded in 2011 by Kacper Szcześniak (Malta resident), Jędrzej Szcześniak, Daniel L., and Jarek Berecki. Unlike traditional venture capital (10-30% ownership stakes), Daftcode’s venture building model retains 50%+ control of portfolio companies, including Kryptonim. This structure ensures Daftcode’s founders exercise substantive decision-making authority over Kryptonim’s compliance approach, merchant acceptance policies, and operational risk tolerance. Kacper Szcześniak, primary Kryptonim shareholder (96% disclosed ownership), simultaneously serves as Oxla CEO and investor across 25+ Daftcode portfolio companies. This concentration of authority among founding partners with competing portfolio interests creates organizational conflicts that systematically devalue specialized compliance expertise in favor of portfolio-wide revenue optimization. 2. Fake Banking Infrastructure at Winning.io FinTelegram’s uploaded screenshots document Kryptonim’s technical integration with Winning.io casino (operated by Scatters Group). Players selecting “Instant Banking” or “Wise – Instant Banking” deposit options are redirected through Rillpay (Costa Rica-registered payment aggregator) to Kryptonim’s checkout page, where they unknowingly purchase USDC stablecoins (108.16 USDC for 100.00 EUR) that are automatically transferred to Winning.io’s pre-configured wallet address. This architecture accomplishes three compliance violations simultaneously: (1) it mischaracterizes the merchant category code as “purchase of digital assets” rather than “gambling payment,” (2) it eliminates players’ ability to initiate chargebacks by establishing the contractual relationship with Kryptonim rather than the casino, and (3) it uses false “Wise” and “Revolut” branding to suggest legitimacy from regulated payment service providers. Kryptonim’s system displays warnings when players attempt to modify the pre-populated destination wallet address (“may cause transaction to fail or result in loss of funds”), creating friction that discourages address modification while maintaining plausible deniability about merchant integration. 3. Regulatory Violation and Control Deficiencies Kryptonim’s Terms of Service explicitly prohibit “using credit cards for online gambling, betting, or any other iGaming activities.” Yet documented transactions for Neon54, LuckyWins, and Winning.io demonstrate systematic processing of precisely this prohibited category. The company lacks adequate merchant due diligence procedures, transaction monitoring controls, and suspicious activity reporting (SAR) protocols to prevent or detect casino-pattern transactions. Kryptonim faces regulatory transition to EU’s Markets in Crypto-Assets (MiCA) licensing regime by Q2 2025, requiring capital injection (EUR 50,000+ minimum), independent board oversight, and remediation of documented control gaps. CALL FOR INFORMATION FinTelegram seeks additional information from players, compliance professionals, and industry insiders regarding: Experiences with Kryptonim payment processing for offshore casinos (Neon54, LuckyWins, Winning.io, or others) Technical evidence documenting additional casino operators using Kryptonim or Rillpay infrastructure Documentation of payment failures, fund loss, or difficulty withdrawing deposited funds through Kryptonim Information about other crypto payment processors facilitating illegal gambling in EU/Canada Regulatory correspondence or complaints filed with KNF (Poland), FINTRAC (Canada), or FCA (UK) regarding Kryptonim Submit information confidentially to: [FinTelegram contact information] Share Information via Whistle42

FinTelegram is seeing a growing pattern in offshore casino cashier flows: what looks like a normal fiat deposit (e.g., via Skrill) is quietly re-routed into a crypto purchase—often USDC.e—that is then sent to a prefilled casino wallet. This “fake banking rail” reduces chargeback leverage and adds a second risk layer: USDC.e is bridged USDC, not native issuance. Key Facts In cashier flows like the Legiano / Chainvalley setup, the user pays fiat (e.g., 150 EUR via Skrill) while the checkout states they are buying USDC.e and sending it to a specified wallet address—with the consent checkbox already ticked. This is not a “casino deposit” in the traditional sense; it is a crypto purchase + transfer, which can materially weaken dispute/chargeback narratives. USDC.e is typically a bridged form of USDC moved from Ethereum to another chain via third-party bridging infrastructure—not issued by Circle (Sources: USDC, Circle). Short Analysis 1) The “fake-fiat” rail:This flow is designed to feel like a bank/PSP deposit to a gambling account, but it functions as a consumer crypto purchase. The UX does the rest: minimal disclosure, a pre-ticked consent statement, and a prefilled destination wallet that the user is effectively discouraged from changing. The result is predictable: the player sees a casino balance credit, but the payment trail is now “fiat → crypto purchase,” not “fiat → gambling merchant.” That distinction matters for consumer protection, dispute handling, and AML controls—especially in offshore gambling contexts where card acquiring and banking rails are often constrained. 2) Why “USDC.e” raises the stakes:USDC.e explainer: USDC.e usually denotes bridged USDC (ported from Ethereum), meaning it is a different token contract than “native” USDC on that chain and introduces an additional bridge-risk layer on top of the deposit flow. Circle and USDC documentation explicitly distinguish bridged forms (commonly branded “USDC.e”) from native USDC and note that bridged forms are not issued by Circle and rely on third-party mechanisms. 3) The compliance angle (why processors should care):When regulated PSP rails (or PSP-adjacent e-money rails) are used to fund crypto purchases that immediately feed offshore gambling wallets, the risk profile changes. Key concerns include: inadequate informed consent, purpose/merchant-of-record opacity, potential circumvention of gambling-payment restrictions, and elevated AML exposure. If the casino later faces payout friction, players may only discover after the fact that their “deposit” was a crypto transaction—often involving a bridged asset with its own infrastructure dependencies. Call for Information FinTelegram is expanding its mapping of USDC.e “casino rails.” If you are a player, PSP insider, compliance officer, or former contractor with information about Chainvalley-style checkouts, merchant descriptors used on Skrill/Neteller statements, the token contract address (to verify whether it is canonical USDC.e or a lookalike), the chain/network used, or payout/withdrawal issues linked to these flows, please report securely via Whistle42.com. Share Information via Whistle42

The offshore casino Legiano, operated by Stellar Ltd under an Anjouan Gaming Board licence, has been found using deceptive “fake-fiat” deposit mechanisms that systematically mislead players about the true nature of their transactions. This compliance analysis examines the payment infrastructure and identifies substantial regulatory violations by both the casino operator and its on-ramping partners. Our Legiano (legiano.com / legiano-1212.com) reviews shows a recurring “fake-fiat” deposit pattern: what is presented as a normal fiat top-up is, in reality, an embedded crypto purchase (USDC) that is automatically routed to the casino’s wallets via app.chainvalley.pro—with only minimal, pre-ticked disclosure. This setup shifts the transaction from “deposit to a casino” into “consumer bought crypto,” materially weakening chargeback and complaints leverage and raising AML/consumer-protection red flags for the payment processors involved. Key Facts Three deposit options at Legiano are branded as UTRG (Lithuania) d/b/a utPay, yet route users to app.chainvalley.pro (Source: utPay) The checkout includes a small consent line (“buy crypto and send to the specified address”) that is already ticked; changing the destination wallet triggers warnings and appears effectively blocked. Users ultimately purchase USDC, which is then transferred to casino wallets (example wallet provided: 0x7519…4496). Funding for the USDC purchase is processed via Skrill/Neteller (embedded e-money rails). Card deposits and “Jeton Bank” deposits are routed via api.payment-gateway.io “MiFinity” deposits appear payable to CANAMONEY EXCHANGE LTD (Canada) operating as CenturaPay (Source: CenturaPay). Anjouan’s license register lists Stellar Ltd, but legiano.com does not appear among the authorized URLs shown for Stellar Ltd (as of the register’s latest update displayed) (Sourcde: Anjouan Gaming). Short Analysis 1) Why this is “fake-fiat” (and why it matters): A player believes they are depositing fiat into a gambling account. Instead, the flow converts them into a crypto purchaser, then immediately forwards the crypto to the casino. This creates a compliance “shield”: the player received the crypto they “ordered,” so chargebacks/disputes become structurally harder—precisely the opposite of what regulators expect in high-risk gambling payments (clear consent, transparent merchant purpose, and effective consumer redress). chainvalley.pro+1 2) Likely compliance breaches and control failures (operator + on-ramper): Misleading presentation / inadequate consent: pre-ticked crypto-purchase consent and low-salience disclosure raise unfair-commercial-practice concerns and undermine “informed authorization.” AML/CTF & sanctions exposure: embedded on-ramps enabling offshore gambling flows demand enhanced merchant due diligence, transaction monitoring, and clear purpose labeling—especially where the end beneficiary is an offshore casino wallet. Gambling-payments facilitation: when processors knowingly (or negligently) provide rails into unlicensed/offshore gambling, they invite regulatory scrutiny, de-risking actions, and partner terminations. Entity Profiles (short) Chain Valley Sp. z o.o. (chainvalley.pro / app.chainvalley.pro) — Poland Incorporated in Poland on May 16, 2023, Chain Valley positions itself as a compliant fiat-to-crypto bridge, claiming “comprehensive legal compliance” and “streamlined KYC/AML” on its website. Key Findings Identified in Chainvalley policies as a Polish company (KRS 0001036419, Warsaw address) collecting extensive KYC/SOF data (Source: chainvalley.pro). Listed in Poland’s register for virtual-currency activity (entry shows CHAIN VALLEY Sp. z o.o., KRS 0001036419) (Source: slaskie.kas.gov.pl).Key questions: Who is the “merchant of record” in these Legiano flows, why is utPay branding used at selection, and what controls stop “embedded crypto buys” from being used as gambling-payment circumvention? CANAMONEY EXCHANGE LTD d/b/a CenturaPay (centurapay.com) — Canada Incorporated under the Canada Business Corporations Act, CenturaPay markets itself as a FINTRAC-registered Money Services Business and claims compliance with PCI DSS, KYC/AML, and GDPR standards. At Legiano, deposits made via the MiFinity e-wallet option are routed to CenturaPay, which acts as the payment processor of record. Key Findings CenturaPay states it is a trading name of CANAMONEY EXCHANGE LTD (Corp. No. BC1465281) with MSB Registration Number C100000299 and a North Vancouver business address (Source: centurapay.com) FINTRAC notes MSBs must register and that registration is a compliance obligation (not a “quality stamp” on risk controls) (Source: fintrac-canafe.canada.ca).Key questions: What is CenturaPay’s exact role behind MiFinity-routed deposits, and what gambling-merchant screening/monitoring is applied? Conclusion The Legiano case exemplifies a growing compliance blind spot: offshore casinos using crypto on-ramps to disguise the nature of player deposits, thereby bypassing traditional payment-processor controls and eliminating consumer recourse. Both Chain Valley and CenturaPay appear to prioritize transaction volume over due diligence, enabling a casino that operates without credible oversight. Key Data Table Brand / Role in flowDomains observedLegal entity (as known)JurisdictionRegulatory / licensing posture (relevant)Payment facilitators / gatewaysKey notes (compliance relevance)Legiano (offshore casino)legiano.comStellar Ltd (operator, per your review)Anjouan / Union of Comoros (offshore)Offshore gambling licence regime (“Anjouan Gaming” / similar)Uses multiple rails incl. crypto + PSPs belowPresents fiat-style options but routes users into crypto purchase/transfer flows (“fake-fiat”).utPay (payment option label at casino)utpay.ioUtrg, UAB (d/b/a utPay)LithuaniaCrypto/on-ramp positioning (CASP/VASP-type activity implied by service + T&Cs)Routes into Chainvalley checkout (per your screenshots)Three “utPay” options appear in Legiano’s cashier, but actual execution is via Chainvalley.Chainvalley (crypto on-ramp / checkout)chainvalley.pro, app.chainvalley.proChain Valley Sp. z o.o.PolandListed in Poland’s virtual-currency activity register (per public register)Skrill / Neteller fund the crypto buy; USDC forwarded to casino walletCore “fake-fiat” component: user is converted into “crypto buyer,” then USDC is auto-sent to casino wallet. Consent box is pre-ticked; wallet-change is practically blocked (per your screenshots).Stablecoin used in deposit(on-chain transfer)USDC (stablecoin)(issuance is non-local; token flows are global)Cryptoasset transfer; consumer redress differs materially from card/bank depositsBought via Chainvalley flow; then transferred to casino walletFunctional outcome: player can’t credibly pursue classic chargeback because they “received crypto,” which was then sent onward.Destination wallet (casino)(example) 0x7519d6836d1Adc49aa524840A4b0e7b471634496(wallet beneficiary: casino operator side)(on-chain)Outside card scheme redress mechanismsReceives USDC from on-ramp flow“Wallet hard-lock” warnings suggest intent to prevent user-controlled destination changes.Card / “Jeton Bank” deposit gatewayapi.payment-gateway.io (and payment-gateway.io)Unknown / not transparently disclosed (from public-facing domain)UnknownUnknownProcesses card deposits + deposits presented as “Jeton Bank”Gateway domain repeatedly appears in gambling-related traffic/infra; needs KYB/KYT mapping in follow-up.MiFinity (e-wallet option at casino)(brand-level) mifinity.com(e-wallet operator not analysed here)(varies)(varies)Player payments routed to CenturaPay/CANAMONEY (per your screenshots)MiFinity option appears to pay an external processor, not directly the casino—needs merchant-of-record clarity.CenturaPay (payment processor / payee in MiFinity flow)centurapay.comCANAMONEY EXCHANGE LTD (trading name: CenturaPay)Canada (BC)States MSB registration (FINTRAC MSB no. shown on site)Receives player funds via MiFinity option (per your review)High-risk role if servicing unlicensed gambling flows; KYB/merchant screening and transaction monitoring questions.Skrill / Neteller (funding rails inside “crypto buy”)skrill.com, neteller.com(brand-level; group entity varies)(varies)(typically e-money/regulated PSP rails; depends on entity)Used as payment methods to fund USDC purchaseKey risk: regulated rails potentially being used to “launder” gambling deposits into crypto transfers.PaysafeCard (deposit option at casino)paysafecard.com(brand-level)(varies)(varies)Voucher-based deposit methodIf offered into offshore gambling, raises merchant acceptance / purpose-labelling questions. Source notes (for the “known” legal-entity fields) Chain Valley Sp. z o.o. (KRS 0001036419, Warsaw address) is stated on Chainvalley’s policy pages. Chain Valley is listed in Poland’s “Rejestr działalności w zakresie walut wirtualnych” (virtual-currency activity register) with KRS 0001036419. utPay.io Terms: “utPay.io refers to the company Utrg, UAB …” Lithuanian company directory entry for UTRG, UAB shows website utpay.io and registration details. CenturaPay site states it is a trading name of CANAMONEY EXCHANGE LTD, with MSB registration number displayed. payment-gateway.io / app.payment-gateway.io appears in gambling-related scans/traffic context (useful as an OSINT pointer; operator still needs identification). Call for Information FinTelegram will publish detailed compliance reports on both Chain Valley and CenturaPay in the coming weeks. If you are a Legiano player, a processor insider, or a merchant-risk/AML professional with knowledge of Chainvalley, utPay/UTRG, CenturaPay/CANAMONEY, or api.payment-gateway.io (merchant descriptors, acquiring banks, KYB files, screenshots, correspondence, blocked withdrawals, dispute outcomes), please submit information via Whistle42.com. FinTelegram will follow up with dedicated deep-dive compliance reports on Chainvalley and CenturaPay. Share Information via Whistle42

Former Alameda Research CEO Caroline Ellison—one of the central insiders in the FTX collapse—is scheduled to leave federal custody in January 2026, according to updated Bureau of Prisons records cited by multiple outlets. Her early release, after extensive cooperation, re-raises the core question: Was FTX a politically targeted crypto casualty—or a classic, old-school fraud wearing a “new finance” hoodie? Key Points Ellison pleaded guilty, cooperated heavily, and testified against Sam Bankman-Fried (SBF); she is now set for release around Jan. 21, 2026 (BOP-record reporting) (Source: Yahoo Finanzen). SBF was convicted on 7 counts and sentenced to 25 years for misappropriating customer funds and related fraud conspiracies (Source: US DOJ). SBF’s playbook now: appeal (seeking a new trial) + a parallel pardon/clemency campaign aligned with a “politicized prosecution” narrative (Sources: ft.com, Reuters). The “Biden was hostile to crypto, therefore I’m innocent” thesis conflicts with the trial record: insider testimony, controlled backdoors, fabricated lender materials, and customer-asset misuse are governance and fraud facts, not ideology (Source: US DOJ). Ellison’s Situation: Early Release, But Not a Clean Reset Ellison was sentenced to two years in September 2024 after pleading guilty to multiple fraud/conspiracy counts and providing what the court called substantial assistance—yet the judge still imposed prison time given the scale of harm. Her custody status has already shifted toward community confinement, consistent with “end-of-sentence” federal practice (Source: Business Insider). Now, late-December reporting—citing updated BOP records—puts her release in January 2026 (some earlier reporting showed later projected dates, illustrating how BOP projections can move). Separately, the SEC has pursued/secured officer-and-director bars against key FTX/Alameda executives; Ellison agreed to a multi-year restriction from leadership roles at public companies (Source: US SEC). What FTX Was: The Case in Plain Language The government’s theory—accepted by the jury—was not complicated crypto theology. It was misappropriation + concealment: FTX (the exchange) held customer assets. Alameda Research (the affiliated trading firm) received special privileges and access. Billions in customer deposits were allegedly routed/used to plug Alameda losses, make investments, buy assets, and fund political influence—while customers were told their money was safe and liquid. SBF was found guilty on two counts of wire fraud and five conspiracy counts (including securities/commodities fraud and money laundering conspiracy) and sentenced to 25 years. Other insiders split into two buckets: Cooperators (e.g., Gary Wang, Nishad Singh) who received time served / no prison outcomes after assisting prosecutors (Source: Courthouse News). Non-cooperator/other track (e.g., Ryan Salame) who received a substantial custodial sentence (90 months). Ellison’s role, per courtroom testimony and public case narratives, sat at the center: she ran Alameda and admitted to decisions and communications used to mask Alameda’s true risk and funding—including the kind of lender-facing picture management that compliance teams treat as a “do not pass go” red flag (Source: The Guardian). SBF’s Current Exit Strategy: Appeal + Pardon Narrative On the legal track, SBF is pursuing an appeal arguing he did not get a fair trial (including complaints about evidentiary rulings). The Second Circuit heard arguments in November 2025; reporting describes judges as skeptical (Source: Reuters). On the political track, reporting says SBF’s family and representatives have explored Trump-era clemency/pardon channels, a marketplace increasingly shaped by access, intermediaries, and narrative alignment (Source: Bloomberg). Media coverage also frames SBF’s public messaging as a PR campaign designed to make clemency thinkable (Source: WIRED). And yes—SBF has tried to brand himself as a victim of a “crypto-hostile Biden administration,” implying political bias drove his conviction (Source: DL News). Was FTX “Just” a Victim of Biden’s Crypto Stance? A hostile regulatory climate can shape industry growth. It does not explain away customer-asset misuse, deception to lenders/investors, and concealed related-party privileges. The FTX prosecution was built on: insider testimony (including Ellison and others), internal controls/permissions evidence, and classic fraud elements—misrepresentation, reliance, concealment, and diversion. Calling that “a Biden problem” reads less like a legal argument and more like a clemency pitch tailored to a political moment. Even if some FTX customers may ultimately recover funds through bankruptcy processes, that does not retroactively legalize how the funds were allegedly taken and used. FinTelegram view: FTX wasn’t “cancelled.” It failed the oldest compliance test in finance—segregation of client assets and conflicts-of-interest controls—and then allegedly lied about it at scale. Call for Information (Whistle42) Do you have firsthand information about cyberfinance wrongdoing—exchange/prime broker conflicts, payment-rail laundering, stablecoin settlement abuse, offshore casino or shadow trading flows, or compliance cover-ups? FinTelegram is building case files on the sector’s chokepoints. Submit tips—anonymously if needed—via Whistle42. Share Informtion via Whistle42

FinTelegram has completed an in‑depth compliance investigation into Lithuanian VASP UTRG UAB d/b/a utPay. The findings indicate that utPay has evolved into a high‑volume payment hub for unlicensed online casinos and sports betting operators, particularly targeting German players through deceptive “fake bank transfer” schemes.​ Summary of the Compliance Report FinTelegram’s long‑form compliance report on UTRG/utPay, now available as a downloadable document linked in this article, reconstructs the group’s structure, licensing status, traffic patterns, and merchant portfolio using registry data, Similarweb analytics, and previous investigative work on NovaForge and associated casino networks. The report identifies UTRG UAB as a Lithuanian‑registered virtual currency exchange and depository wallet operator whose payment gateway app.utpay.io processed more than 720,000 visits in November 2025, nearly 80% of which originated from Germany.​​ Traffic and referral analysis shows that at least 58% of utPay’s observed traffic is driven by casino, gambling, and sports betting sites, with the top five referrers all being offshore casinos such as Legiano and BetAlice. These flagship merchants are operated by Marshall‑Islands entities within the NovaForge network and licensed in high‑risk jurisdictions like Anjouan or via non‑EU regulators such as PAGCOR, meaning they are not authorized to serve German players under the GlüStV 2021 regime.​​ Analysis and Interpretation The report documents how utPay’s checkout is embedded in casino cashier pages as a “bank transfer” or card deposit option, while the underlying transaction is in fact a crypto purchase from UTRG followed by an on‑chain transfer to the casino operator. This structure allows offshore casinos to route German player deposits via regulated SEPA and card rails while formally categorizing the payment as a crypto exchange transaction rather than gambling, effectively bypassing German payment blocking measures and bank‑side gambling controls.​​ FinTelegram’s analysis highlights that 42% of utPay’s referral traffic in November 2025 came from BetAlice and Legiano (connected to Fat Pirate), both linked to NovaForge Ltd, a Marshall Islands vehicle previously exposed by FinTelegram as the successor structure to the collapsed Rabidi Group network of illegal casinos. Combined with the complete lack of publicly disclosed beneficial owners, overdue financial filings in Lithuania, and the imminent MiCA licensing deadline, the pattern strongly suggests a business model optimised for regulatory arbitrage rather than long‑term, compliant operations.​​ Compliance Hypothesis Download the full UTRG Compliance Report 2025 here. Based on the compiled evidence, FinTelegram formulates the following working compliance hypothesis: UTRG UAB d/b/a utPay operates as a crypto‑based payment facilitator whose core business consists in processing German player deposits for unlicensed offshore casinos through deceptive “fake bank transfer” flows, thereby enabling large‑scale violations of German gambling law and creating a high‑risk channel for money laundering and player‑loss recycling. This hypothesis is supported by: The overwhelming German traffic share to app.utpay.io and the exclusive referral pattern from gambling domains.​​ The integration with NovaForge‑controlled casinos documented as part of an illegal, multi‑jurisdictional network using Cyprus‑based payment agents and high‑risk processors such as MiFinity and Binance.​​ The structural opacity around UTRG’s beneficial owners and the lack of current audited financial statements despite very strong growth in transaction volumes.​ The report concludes that UTRG/utPay should be classified as a critical‑risk counterparty for banks, payment institutions, and crypto exchanges and that Lithuanian and German authorities, in cooperation with other EU supervisors, should review the case in the context of MiCA licensing and GlüStV 2021 enforcement.​ Call to Whistleblowers and Insiders FinTelegram’s investigation into utPay and the NovaForge casino network is ongoing. The current report is built on open‑source intelligence, registry data, traffic analytics, and previous enforcement precedents, but important questions remain unanswered—especially regarding internal ownership structures, banking relationships, and the exact flow of customer funds between UTRG, casino operators, and associated payment agents in Cyprus and elsewhere.​ If you have insight into utPay, NovaForge, or their banking and payment structures, visit Whistle42 and help FinTelegram shed more light on this suspected high‑risk payment gateway. Your information may be crucial for regulators, affected players, and future enforcement actions. Share Information via Whistle42

After nearly twelve years of legal limbo, Austria’s justice system is now reportedly paying back €125 million—the record bail posted by Ukrainian oligarch Dmytro Firtash after his 2014 arrest in Vienna. The repayment lands right after an Austrian appeals court definitively blocked his extradition to the U.S.—partly because prosecutors missed a deadline. A Christmas present, and a compliance scandal in slow motion. Key Facts Bail repayment: Austrian media reported that courts must repay Firtash his €125M record bail after the extradition saga effectively ended (Source: Krone) Extradition to the U.S. blocked: Vienna’s Higher Regional Court rejected prosecutors’ final appeal as inadmissible—widely reported as linked to a missed appeal deadline and/or procedural defects (Source: Reuters). Core U.S. case: Firtash was indicted in the U.S. over an alleged bribery conspiracy tied to Indian titanium mining licenses (often described as ~$18.5M in bribes); he denies wrongdoing (Source JUS. DOJ). Immunity angle: Austrian proceedings referenced claimed international-law immunity linked to a Belarus representative role (Source: AP News). Ukraine angle: Reuters reports Firtash is also wanted in Ukraine (separate allegations) and yet was not extradited there either (Source: Reuters). Vienna residency & networks: Multiple reports over years place Firtash in Vienna-Hietzing, renting a villa linked to Austrian investor Alexander Schütz (politically connected donor in past reporting) (Sources: Austrian Parlament, Profil). Short Analysis Austria has now delivered a remarkable double outcome: no extradition and (reportedly) €125 million returned—a sum that was once justified as the “seriousness premium” needed to keep a globally-connected oligarch from vanishing. If this repayment is correct, it raises the obvious question: what exactly did twelve years of Austrian proceedings achieve—other than turning Vienna into a long-term safe base for a high-risk political-business actor? The compliance red flag is the procedural core: Austria’s final “no” was widely reported as not primarily a substantive vindication, but the consequence of formal barriers—including prosecutors missing deadlines. That is not a technicality in a case of this magnitude; it is a governance failure. When the state loses a decade-long extradition fight through avoidable procedure, “rule of law” starts to look like rule-by-process. Then there is the geopolitical asymmetry: Firtash fought U.S. extradition for years, while Ukraine also wanted him back and President Zelensky publicly pressed Austria to help return fugitive oligarchs—Firtash included in Ukrainian media coverage. Yet Austria remained the end-station. For FinTelegram, this is the real “Firtash case”: Vienna’s ability (or willingness) to enforce cross-border accountability when power, money, and local networks collide. Call for Information Do you have first-hand knowledge about Firtash’s residency arrangements in Vienna, his local facilitators, legal/PR intermediaries, or any political/economic networks that influenced this outcome? FinTelegram invites insiders, affected parties, and whistleblowers to submit information securely via Whistle42.com. Share Information via Whistle42

PlatinCasino is an offshore casino without regulatory permission in the UK or the EU. Its cashier labels a deposit option “Sofort,” but our testing indicates a very different mechanism: an open-banking style bank-selection and authorization flow via secure.bankgate.io, leading into a user’s bank (e.g., Revolut) to approve a third party. This is a classic chokepoint: regulated rails enabling offshore gambling deposits. Key facts (what we observed) Selecting “Sofort” on PlatinCasino opens a pop-up at secure.bankgate.io (bank selection / routing UI). (Confirmed) Choosing a bank (e.g., Revolut) redirects to the bank’s Open Banking domain (e.g., oba.revolut.com) for login and authorization. (Confirmed) The Revolut authorization screen shows the user is asked to authorize a third party (e.g., “PERSPECTEEV SAS” in our capture). (Confirmed) A bankgate endpoint returns a SALTEDGE-branded error page (404), suggesting infrastructure linkage between bankgate.io and SALTEDGE. (Corroborated) This rail can operate even when the casino itself appears offshore and accessible across EU/UK jurisdictions with limited friction at onboarding. (Confirmed in our deposit UX tests; merchant-of-record details remain Unknown) Rail Map Mini (hop sequence) platincasino.com (cashier) → “Sofort” secure.bankgate.io (bank picker / gateway) oba.revolut.com (bank login + consent) → “Authorize [third party]” Return to gateway/casino flow (completion/confirmation step) (Indicated; receipt evidence pending) Why this matters This is not just “another payment option.” It’s a compliance chokepoint: open-banking rails can become a high-velocity funding path into offshore gambling, shifting the risk burden to intermediaries (gateway/TPP/banks) while players may assume “Sofort” means a familiar consumer method. Read more We publish the full SALTEDGE Compliance Note with entity transparency, risk flags, and evidence gaps to resolve (merchant-of-record, payee details, contracting chain). Read the full report here. Call for Information (Whistle42) Worked at SALTEDGE / bankgate.io, in onboarding, risk, compliance, or partnerships? Or deposited via this “Sofort” flow and can share receipts/merchant descriptors? Submit securely via Whistle42.com. Share Information via Whistle42

Our PlatinCasino review indicates that the casino’s “Sofort” deposit option is not Klarna’s Sofort in the traditional sense, but a bank-to-bank open-banking rail that runs through secure.bankgate.io, a gateway branded to SALTEDGE (Salt Edge Limited). The flow redirects users into Revolut’s Open Banking authorization to approve a third party—creating a sophisticated domain-hop sequence that allows an unlicensed Curaçao offshore casino to tap regulated EU/UK financial infrastructure for player deposits. Key points Salt Edge Limited (UK) presents itself as an FCA-authorised open-banking provider and publicly positions Payment Initiation as a solution for iGaming deposits and payouts (Sources: Salt Edge Blog, Salt Edge Blog, Salt Edge Case Study). Companies House shows Tamara Royz (Canada) as the Person with Significant Control (PSC), holding >75% of shares/voting rights (Sources: UK Companies House). Salt Edge’s filed accounts show a small balance sheet and negative equity (~£41.6k)—not a big firm operationally, yet linked to a high-risk vertical rail (Source: UK Companies House). In the PlatinCasino “Sofort” flow, secure.bankgate.io appears to broker the bank selection and handoff into bank authorization—an A2A deposit rail that can bypass classic card-acquiring friction and KYC expectations at the casino layer (per your tests). The branding/UX suggests a white-label open-banking payment interface. Whether Salt Edge is acting as a regulated TPP in this specific flow—or as a technical service provider behind another regulated PISP—requires clarification. What we observed in the PlatinCasino deposit rail In PlatinCasino’s cashier, “Sofort” is presented as a familiar consumer payment brand. In practice, the deposit path we tested routes users into an open-banking style journey: PlatinCasino → secure.bankgate.io: a pop-up payment window opens where the user selects their bank (e.g., Revolut). The user is then redirected into the bank’s Open Banking authorization flow (e.g., oba.revolut.com) to approve a third party (e.g., PERSPECTEEV SAS). After authentication/consent, the user is returned to the payment journey—effectively enabling an offshore casino to receive funds through a regulated, bank-native flow. This is the compliance crux: a Curaçao-licensed (often EU-unlicensed) gambling operator appears able to use regulated open-banking rails to accept EU/UK deposits, even where the casino itself remains outside meaningful EU supervision. SALTEDGE profile and risk interpretation Regulatory posture vs product reality Salt Edge publicly states that Salt Edge Limited is authorised by the FCA and positions itself as an open-banking platform offering Account Information and Payment Initiation, including UK/EU payment initiation documentation. Critically, Salt Edge also markets open-banking payments directly into the iGaming sector—explicitly describing deposits/top-ups and payouts via Payment Initiation as an iGaming use case. That doesn’t prove wrongdoing. But it raises the probability that bankgate.io is not an accidental appearance; it may represent a deliberate high-risk vertical integration pathway. Ownership & financial signal Companies House lists Tamara Royz as the PSC with >75% control. In fact, SALTEDGE appears to be a Canadian scheme. Its LinkedIn profile lists Ottawa, Canada, as its headquarters. Royz also lists Canada as her place of residence in her LinkedIn profile. Crunchbase names Dmitrii Barbasura, Garri Galanter, Tamara Royz as the founder of SALTEDGE. Salt Edge’s accounts show negative equity of ~£41,553, indicating a thin capital base for a firm that—at least in market positioning—touches high-risk payment flows. This matters because thinly-capitalised fintech intermediaries can be more vulnerable to high-risk merchant concentration, complaints escalation, and compliance strain. The “bankgate.io” question Your screenshots show secure.bankgate.io as the operational gateway UI, and a SALTEDGE-branded 404 page appears when probing the domain/path—supporting an operational linkage between “bankgate” and SALTEDGE branding. (Internal test evidence.) However, to be precise and defensible in compliance terms, FinTelegram should frame this as: Confirmed: PlatinCasino deposit flow uses secure.bankgate.io and redirects to bank Open Banking authorization (e.g., Revolut). (Your test evidence.) Corroborated: SALTEDGE branding appears on a bankgate.io error page and Salt Edge publicly offers payment initiation products for iGaming (Source: saltedge.com). Open question: Is Salt Edge the TPP of record (PISP/AISP) in this exact PlatinCasino flow, or an underlying technical provider for another regulated entity? Compliance conclusion If an EU/UK-regulated open-banking stack is enabling deposits into a Curaçao offshore casino that appears accessible without meaningful KYC at onboarding, regulators and banks should treat this as a “chokepoint” exposure. The compliance risk is not merely “illegal gambling,” but also: merchant due diligence / high-risk merchant acceptance misleading UX (“Sofort” branding implying a familiar consumer method while actually running an open banking consent rail) AML/CTF and source-of-funds expectations displaced from the casino onto fragmented intermediaries potential licensing perimeter questions depending on who is the regulated payment initiator of record. FinTelegram will continue investigating who the merchant of record is, which entity receives funds, and which compliance controls (if any) screen offshore gambling merchants in the bankgate stack. Summarizing Table Brand / ProductLegal entityJurisdictionRegulatory posture (public)Key individuals / controlDomains / endpoints observedRole in PlatinCasino railSALTEDGE (open banking platform)www.saltedge.comSalt Edge Limited (Company #11178811), United KingdomCanada (HQ)FCA-authorised Account Information Service Provider(Ref No (822499).PSC: Tamara Royz (>75% control). Salt Edge founder (link): Dmitrii Barbasurasecure.bankgate.io; (SALTEDGE-branded 404 page observed on bankgate path); saltedge.com product/docsGateway UI for “Sofort” option: bank selection + redirect into bank Open Banking authorizationPlatinCasino (offshore casino)Latiform B.V. (operator stated by you)Curaçao (offshore gaming environment)Not an EU/UK licensed casino in your tests; accessible across EU/UK with deposit options—platincasino.com (cashier flows open multiple gateway domains)Origin merchant / cashier initiating the open banking flowBridge (authorization counterparty shown)Perspecteev SASFranceRegulated fintech (per public legal mentions on bridgeapi.io)—oba.revolut.com shows “Authorize PERSPECTEEV SAS” in the flow (your screenshot)Third party presented in Revolut Open Banking consent step Rail Mini StepUser-facing labelDomain hopWhat the user seesLikely functionEvidenceConfidence1Deposit method: “Sofort”platincasino.comCasino cashier shows “Sofort” as payment optionInitiates A2A/open banking deposit flow (not classic Klarna checkout)Your cashier screenshot + test descriptionConfirmed2Redirect / pop-upsecure.bankgate.ioBank selection screen (Italy + banks incl. Revolut, UniCredit, Poste, etc.)Open banking gateway UI / bank picker + consent journey launcherYour secure.bankgate.io screenshotConfirmed3Select bankoba.revolut.comRevolut login/consent pageBank Open Banking authorization (SCA + consent)Your Revolut OBA screenshot(s)Confirmed4Authorize third partyoba.revolut.com“To authorise PERSPECTEEV SAS”Consent to TPP / payment request initiator shown by the bankYour “Perspecteev SAS” screenshotConfirmed5Return / completionsecure.bankgate.io → platincasino.comUser returns to gateway/casino flow after consentFinalizes payment initiation / confirmation back to merchant flowFlow inference based on standard OB journey; requires transaction receipt proofIndicated Call for Information (Whistle42) Have you processed payments, onboarding, compliance, risk, or partner management for SALTEDGE / Salt Edge / bankgate.io? Are you a player who deposited via “Sofort” on PlatinCasino (or other casinos) and can share receipts, merchant descriptors, confirmation emails, or bank references? Please contact FinTelegram via Whistle42 with documents/screenshots. Anonymous submissions welcomed. Share Information via Whistle42

Hyperliquid markets itself as a non‑custodial, permissionless DEX for perpetual futures, thereby positioning its high‑risk leverage products outside traditional licensing regimes. In substance, however, Hyperliquid operates a foundation‑controlled Layer‑1 with closed‑source infrastructure, a concentrated validator set, and discretionary market intervention powers that closely resemble a centralized exchange (CEX) without formal custody. From a European regulatory perspective, such a structure is more appropriately assessed under MiCA and, where relevant, MiFID II, rather than treated as exempt “DeFi.”​ Structural Analysis: CEX in DeFi Clothing Hyperliquid publicly describes itself as a decentralized, non‑custodial derivatives exchange running on its own high‑performance blockchain. Users deposit collateral into protocol smart contracts and maintain legal ownership of assets, which is then used as margin for leveraged perpetual futures.​ Read our Hyperliquid reports here. However, key structural elements are neither open nor credibly decentralized: Closed‑source node code and HyperBFT: The consensus client, including the HyperBFT implementation and critical logic (oracle, matching, liquidations), is closed source and distributed as a single binary, making independent technical audit impossible and creating a “black‑box” trading venue.​ Validator concentration and foundation control: Public validator letters and analysis report that approximately 80% of staked HYPE, and thus effective consensus power, is controlled by foundation‑linked nodes. The foundation also designs the delegation program and sets qualification criteria, enabling it to gate access to the validator set.​ Discretionary market intervention: In past stress events, Hyperliquid validators/foundation have intervened by delisting markets, fixing settlement prices and altering liquidation outcomes via validator votes, demonstrating centralized decision‑making that goes beyond “code‑is‑law” execution.​ Functionally, this is equivalent to a CEX with: Internal matching and risk engines, Centralized control over listing, liquidations and oracle behavior, But implemented via foundation‑controlled infrastructure rather than a traditional corporate IT stack.​ Download our Hyperliquid Compliance Report 2025 here. Hyperliquid in Numbers From a financial‑stability perspective, Hyperliquid is no niche experiment but a systemic player in on‑chain leverage. As of mid‑2025, public analytics place its total value locked (TVL) in the range of 3.5–4.3 billion USD, with the core HLP and related pools alone accounting for several hundred million in user collateral. Daily notional derivatives volumes oscillate between roughly 4 and 20 billion USD, with open interest figures reported in the high single‑ to low double‑digit billions, ranking Hyperliquid among the top three crypto derivatives venues globally and the clear market leader among so‑called perpetual DEXs. Cumulative perp volume has crossed the trillion‑dollar mark in recent months, illustrating that this foundation‑controlled venue is already a trading giant in the cyber‑finance segment, operating effectively under regulators’ radar while offering high‑risk leverage products to EU and global clients.​ The “Unknown Foundation”: Governance Without Transparency A striking feature of Hyperliquid’s setup is the opacity surrounding the Hyper Foundation (website), the entity presented as steward of the protocol and ecosystem. Public materials describe it as a Cayman‑based foundation company that “supports development of the Hyperliquid protocol and ecosystem,” but offer no detailed corporate registry data (e.g., LEI, registration number, directors, or audited financials). Ecosystem profiles and the foundation’s own website likewise omit beneficial ownership disclosure, group structure, and governance arrangements, leaving regulators and compliance officers without the basic counterparty information normally expected for an operator of a multi‑billion‑dollar trading venue.​ Despite this lack of transparency, the Hyper Foundation explicitly positions itself at the center of network control. Official documentation (whitepaper here) shows the foundation designs and runs the validator delegation program, sets eligibility criteria (including jurisdictional and KYC/KYB filters), and reserves the right to change these criteria at any time, making it the effective gatekeeper for consensus participation. It is also the focal point for institutional partnerships and incentive schemes: reports on Circle’s strategic HYPE investment and prospective validator role describe Circle as becoming a “direct stakeholder in the Hyperliquid ecosystem” through engagement with the foundation, underlining its central coordinating function.​ This combination—opaque Cayman foundation, closed‑source infrastructure, and foundation‑curated validator set—means that public claims such as “no single entity owns or operates the Hyperliquid network” are, at best, incomplete. From a compliance and supervisory standpoint, the Hyper Foundation is the de facto operator and governance nexus of a global, highly leveraged trading platform, yet it does not currently meet even minimal transparency standards expected of a regulated market operator in the EU or comparable jurisdictions. Regulatory Hypothesis: MiCA / MiFID II Applicability MiCA expressly targets crypto‑asset service providers (CASPs) that operate trading platforms, with only fully decentralized models potentially falling outside scope. Hyperliquid’s governance and validator structure clearly fails this “fully decentralized” threshold: a known foundation coordinates development, controls most consensus stake, and administratively shapes validator composition and protocol parameters.​ Accordingly: For non‑financial‑instrument crypto derivatives, Hyperliquid should be assessed as a MiCA‑regulated CASP operating a trading platform and providing execution of orders for third parties, irrespective of its non‑custodial design.​ Where underlyings or structured products qualify as financial instruments, operators and controlling entities fall within the MiFID II perimeter (e.g., operation of a multilateral system and investment services in derivatives), with associated organizational, conduct and prudential requirements.​ The decisive regulatory test is control, not marketing labels: Hyperliquid’s effective centralization means it should be treated as a CEX‑like venue without custody, not as an exempt DeFi protocol.​ Call for Information FinTelegram invites insiders, former team members, validators, technical contractors and counterparties with knowledge of Hyperliquid’s validator arrangements, governance structures, and intervention practices to provide information in confidence via our whistleblower platform Whistle42. Share Information via Whistle42