A Wise customer has accused the fintech of obscuring gambling-related card transactions by displaying Apple Pay or incomplete merchant information instead of the real payee, even though the transactions allegedly carried MCC 7995, the card-network code for gambling. The customer has already escalated the matter to the FCA and the Financial Ombudsman Service. FinTelegram has reviewed substantial material and sees a serious contradiction worth investigating: if Wise says it does not support gambling transactions, why did gambling-coded payments go through at all? And if they did, what exactly did Wise know internally about the real merchant? Key Findings The customer alleges that disputed Wise card transactions were internally associated with MCC 7995 (Gambling Transactions) while the customer-facing view did not clearly identify the underlying merchant. In support exchanges reviewed by FinTelegram, Wise support allegedly stated that Wise does not support gambling transactions. The same material appears to show internal-style merchant information referencing Applepay, Limassol, CY, and MCC 7995, raising questions about what Wise knew internally versus what was shown to the customer. The customer claims Wise relied on incomplete or simplified presentation layers, including Apple Pay / Applepay, while the true merchant remained obscured during the support process. Wise’s public documentation presents a more nuanced policy position than an absolute ban, including restrictions on gambling-related transfers and a statement that users cannot receive money to their Wise card from gambling or betting institutions. FinTelegram has received additional evidence that is still under review, including materials suggesting links between the gambling-side payment chain and Cyprus-linked processing environments. Article draft Wise & Gambling: If Wise Does Not Support Gambling Transactions, Why Did MCC 7995 Payments Go Through? A dispute between Wise and one of its customers is raising uncomfortable questions about how “clean” fintechs actually handle gambling-related payments. The payments cited by the player in the Wise case involve deposits made via a Wise card to casinos operating illegally in the EU and the UK. As the player’s documents show, these deposits were orchestrated through Payabl, which is regulated as an EMI in the UK and Cyprus.The recipients included, among others, the Irish company Zentoria Ltd and the Cypriot company NovaForge, which act as payment agents for casinos operating illegally and are merchants of Payabl. Payabl and Wise in a debosit transactions to an illegal casino operator According to extensive materials reviewed by FinTelegram, the customer repeatedly challenged Wise over a series of card transactions that were classified with MCC 7995 — Gambling Transactions but were not clearly presented to him as gambling payments at the customer-facing level. Instead, the disputed transactions allegedly appeared in a blurred or misleading way, including references such as Apple Pay or Applepay / Limassol, rather than a clear underlying merchant identity. That matters because, in support communications reviewed by FinTelegram, Wise support allegedly told the customer that Wise “does not support gambling transactions.” At the same time, the customer says his disputed transactions carried MCC 7995, the standard card-network category for gambling. If both things are true, then one obvious question follows: how did those transactions get through in the first place? Wise’s public materials present a more nuanced position than a simple blanket ban. Wise says gambling-related transfers must not involve certain listed countries under its position on gambling. Its Acceptable Use Policy also states that some unsupported-business restrictions do not apply to lawful transactions using the Wise Multi-Currency Card, while Wise separately says users cannot receive money to their Wise card from gambling or betting institutions. Data Manipulation Allegations The customer’s allegation goes further. He claims Wise did not simply mishandle the case, but obscured or manipulated the transaction information shown to him. The core allegation is not that backend data did not exist. It is that Wise allegedly had access to deeper merchant-level information — including merchant identifiers, structured merchant data, and gambling classification — while the customer-facing view remained vague, incomplete, or misleading. In materials reviewed by FinTelegram, the customer points to internal-style merchant information showing Applepay, Limassol, CY, and MCC 7995, while the real merchant allegedly remained hidden during the support process. This is where the case becomes genuinely interesting. If Wise publicly presents itself as a compliant, low-risk financial institution that does not support non-licensed and thus illegal gambling transactions, then it would have an obvious incentive to avoid a customer-facing record that openly shows a Cyprus-linked gambling merchant. In that context, the alleged appearance of Apple Pay as a front-facing label, while the real merchant allegedly sat behind a processor chain in Limassol, stops looking random and starts looking functional. It would make reputational and compliance sense. Whether that was legitimate wallet-display simplification, poor internal handling, or something more serious is the question. Wise & Illegal Casino Activities? The customer’s logic is not absurd. If Wise processed gambling-coded transactions related to illegal casino actitivies while publicly distancing itself from gambling, then concealing the true merchant behind Apple Pay, or reducing merchant visibility in the customer view, would at least have a motive. And motive matters. The material reviewed by FinTelegram suggests a widening contradiction: Wise allegedly says it does not support gambling transactions; the customer’s disputed transactions allegedly carry MCC 7995; internal-style merchant information allegedly pointed to Applepay / Limassol / Gambling Transactions; and the customer says he was left to reconstruct the merchant trail himself. The customer has already escalated the matter to the FCA and the Financial Ombudsman Service, and FinTelegram has received substantial further material that is still under review. At this stage, the Wise case should be seen as an initial warning signal, not a final verdict. But if it turns out that Wise was in fact handling illegal gambling-related payments while publicly presenting itself as a company that does not support gambling — and if it further turns out that customer-facing transaction data was shaped in a way that concealed the real merchant — then this would not be a minor support failure. It would be a major compliance scandal with the potential to damage Wise’s carefully cultivated clean-cut image. FinTelegram will continue to review the evidence. Further reports will follow. Share Information If you are a player, former employee, payments insider, or compliance professional with information about gambling-related transactions processed through Wise, Payabl, or related merchant/payment-agent structures, contact FinTelegram confidentially via Whistle42. Share Information via Whistle42

FinTelegram’s current assessment is clear: Klickl Europe Sp. z o.o. appears inside the KXTRA fraud rail, not outside it. Victim materials reviewed by FinTelegram indicate that funds deposited into OpenPayd-linked, victim-facing accounts were swept onward to Klickl Europe, with the transaction reference reportedly stating “Sweep to Primary Account.” This is not a minor payment-processing footnote. It identifies Klickl Europe as the apparent primary-account recipient in the alleged KXTRA / KKR Global Investment money trail. The 2-Minute Briefing Klickl is not a random payee. Its own websites present a broad Web3 finance and virtual-asset infrastructure group offering global accounts, wallet services, merchant payments, stablecoin payments, payment APIs, custody services, OTC/exchange services, asset-management products, card/spending services, and Web3 SaaS solutions. Klickl describes itself as a multi-jurisdictional virtual-asset services group and states that, unless otherwise specified, the products and services on klickl.com are provided by Klickl Europe. That makes the OpenPayd → Klickl sweep highly material: victim funds were allegedly routed into a crypto-financial operating structure, not into an incidental commercial recipient. Klickl’s Polish regulatory footing should not be overstated. Klickl states that Klickl Europe is incorporated in Poland under KRS 0001053580 and registered in Poland’s virtual-asset activity register under RD WWW-930. But Poland’s Ministry of Finance states explicitly that the register is record-keeping in nature, that entry is not equivalent to a licence or warranty, and that virtual-currency activity is not licensed or supervised in the way mainstream financial sectors are supervised. Control and governance are equally important. Polish register data identifies Xu Zhao as president of the management board and shareholder of Klickl Europe. SEC materials for Crypto 1 Acquisition Corp identify Michael (Xu) Zhao as founder, CEO and director, and describe his background in crypto trading, IDCM, and VGPay, a crypto-payment business. FinTelegram treats Michael Zhao / Michael Xu Zhao / Xu Zhao as the relevant control identity for the Klickl Europe analysis, subject to any clarification from Klickl. Read more on the KXTRA investment scam here. Key Findings 1. Klickl Europe appears inside the KXTRA money trail Victim materials reviewed by FinTelegram indicate that funds deposited into OpenPayd-linked accounts were swept to Klickl Europe Sp. z o.o. as the apparent primary-account recipient. That makes Klickl a central payment-rail actor in the KXTRA case. 2. Klickl is a crypto-financial infrastructure group, not a passive merchant Klickl markets services including accounts, fiat and crypto payments, global transfers, stablecoin payments, payment API, custody, cards, OTC/exchange services, asset management, and Web3 SaaS infrastructure. Its own disclaimer describes Klickl as a multi-jurisdictional virtual-asset services group. 3. Klickl Europe’s Polish registration is not a robust financial licence Klickl Europe discloses Polish KRS registration 0001053580 and virtual-asset register number RD WWW-930. However, Polish Ministry of Finance guidance states that the register is record-keeping in nature, that entry cannot be equated with a licence or warranty, and that virtual-currency activity is not licensed or supervised like mainstream financial institutions. 4. The “regulated” branding requires scrutiny Klickl markets itself as a regulated virtual-asset platform. Polish official guidance states that Polish virtual-currency register entries cannot market themselves as conducting licensed or supervised activity under Polish law. Any reliance on Polish registration as a substitute for prudential authorisation is misleading in substance. 5. The Michael Zhao / Xu Zhao control issue is material Polish register data reviewed by FinTelegram identifies Xu Zhao as president and shareholder of Klickl Europe. SEC filings identify Michael (Xu) Zhao as a crypto entrepreneur linked to IDCM and VGPay. This points to a broader China-linked crypto-payments network behind the Polish VASP. 6. Klickl’s public management presentation raises governance questions Klickl’s public pages identify senior figures including Ben Huang, Dermot Mayes, Sanne Ke, Shawn Xie, Alihan Ekesan, Andrea Gay, Jane Record and others. The older klickl.eu page presents a different team format, including Ben Huang as Chief Compliance Officer and several senior figures with first names only. This is not proof of fabrication, but it is a governance and identity-verification red flag. 7. Klickl should know where the KXTRA money went next If Klickl Europe received swept victim funds, it should know its customer, ledger entries, conversion records, wallet destinations, exchange accounts, OTC counterparties and settlement partners. “We do not know” would be an unacceptable answer for a crypto/on-ramp provider. 8. TFG Technology is a live hypothesis node TFG Technology Ltd allegedly appeared on the payout side of the KXTRA case. Companies House records show TFG Technology Ltd as controlled by Chinese national Libo Wang and subject to a section 1002A warning relating to misleading, false or deceptive incorporation information. The possible link between TFG and the same China-linked crypto-payment infrastructure around Klickl remains a hypothesis, not a proven fact. 9. RatEx42 Red / DAREX D is justified Klickl’s risk profile is severe: fraud-rail exposure, transitional Polish VASP status, opaque governance, China-linked control, broad crypto/on-ramp functionality, and unanswered downstream fund-flow questions. Summary Table FieldDetailsBrandKlicklCore entityKlickl Europe Sp. z o.o.Main domainsklickl.com, klickl.eu, klicklx.com, klicklone.com, klicklpay.com, klicklcustody.com, ex.klickl.com, futures.klicklx.com, alliance.klickl.com, cryptoeasy.appJurisdictionPolandPolish VASP registrationRD WWW-930Business model presented by KlicklWeb3 account, merchant payments, global transfers, stablecoin payments, payment API, custody, cards, OTC/exchange, asset management, SaaSControl / UBO issuePolish register data identifies Xu Zhao; SEC sources identify Michael (Xu) Zhao in crypto-payment and exchange businessesKnown payment-rail roleApparent recipient of funds swept from OpenPayd victim-facing accounts in KXTRA caseKXTRA connectionVictim evidence indicates OpenPayd → Klickl Europe sweep structureTFG Technology connectionWorking hypothesis only; TFG appears on payout side and is controlled by Chinese national Libo WangRatEx42 ratingRed with DAREX tier D Corporate And Regulatory Profile Klickl presents itself as a Web3 finance platform and virtual-asset group. Its website describes KlicklX as a Web3 digital financial account integrating wallet, digital assets, fiat accounts and card-based consumption services. KlicklONE is described as a digital finance system for corporates and merchants. Klickl Pay includes merchant payments, global transfers, stablecoin payments, POS terminals and payment API. The wider stack also includes custody, cards, OTC/exchange, asset management, professional trading, and listing applications. Klickl’s regulatory pages state that Klickl Europe is incorporated in Poland under KRS 0001053580 and registered in Poland’s virtual-asset activity register under RD WWW-930 for exchange, brokerage and virtual-asset account-maintenance activities. This registration must be read correctly. Poland’s Ministry of Finance has stated that only an application and declaration are needed for the register entry; the register is record-keeping in nature; and entry cannot be equated with a licence or warranty. The MiCA transition adds a second risk layer. UKNF has stated that Poland had not designated a national competent authority for CASPs due to the absence of implementing legislation. It also stated that virtual-currency register entities may operate under transitional arrangements, but after 1 July 2026 domestic operators lose that possibility unless authorisation exists under the MiCA framework. In compliance terms, Klickl Europe’s Polish VASP registration should be treated as a high-risk transitional registration, not as a strong prudential authorisation. Control And Governance The identity and control structure require close scrutiny. Polish register data reviewed by FinTelegram identifies Xu Zhao as president of the management board and shareholder of Klickl Europe Sp. z o.o. Public market filings identify Michael (Xu) Zhao as founder, CEO and director of Crypto 1 Acquisition Corp and describe him as having started International Digital Currency Markets (IDCM) and VGPay, a crypto-payment business. This matters because Klickl’s KXTRA exposure cannot be treated as a small Polish registration anomaly. The control person is linked to a broader crypto-exchange and crypto-payment history. Klickl’s governance presentation also deserves scrutiny. Klickl’s main site lists senior figures including Ben Huang as President, Dermot Mayes as CEO of Klickl UAE, Sanne Ke as Head of Compliance / MLRO, and other regional, business and functional leaders. The older klickl.eu page presents a different structure, naming Ben Huang as Chief Compliance Officer and listing several figures with minimal identifiers, including first-name-only entries. For a crypto/on-ramp entity handling cross-border payment flows, unclear or shifting management presentation is a governance red flag. FinTelegram does not state that Klickl’s listed executives are fake. The finding is narrower and stronger: Klickl’s public governance disclosures are inconsistent and require independent verification. Klickl In The KXTRA Fraud Rail The evidence-supported rail map is: Victim → OpenPayd victim-facing VIBAN / sub-account → sweep to Klickl Europe → suspected crypto/on-ramp or settlement layer → KXTRA operators That puts Klickl Europe in a critical position. The company’s own business model matches the functional role suggested by the evidence: fiat/crypto exchange, brokerage, account maintenance, payment API, stablecoin payments, global transfers and settlement infrastructure. Klickl therefore should be able to answer the essential question: what happened after the money hit Klickl Europe? Possible scenarios: ScenarioStatusImplicationKlickl acted as on-ramp processor for a KXTRA-related customerWorking hypothesisKlickl should identify the customer and downstream wallets / exchangesKlickl acted as settlement intermediary for another processor or merchantWorking hypothesisKlickl should identify the counterparty and transaction purposeKlickl was closer to the KXTRA operatorsOpen investigative questionRequires evidence from wallet trails, onboarding files, communications or internal recordsKlickl was abused by fraudstersPossible defenceKlickl should prove this by disclosing customer, monitoring, reporting and termination records The key point is non-negotiable: Klickl is not a random name in a bank statement. It appears to be the entity that received the swept funds. TFG Technology Ltd: Working Hypothesis TFG Technology Ltd is not proven to be a Klickl affiliate. It is, however, a serious hypothesis node. The UK Companies House records identify TFG TECHNOLOGY LTD, company number 16544033, and show a warning that the registrar is taking or has taken steps to strike off the company under section 1002A of the Companies Act 2006 due to incorporation information described as misleading, false or deceptive. Companies House records identify Libo Wang, a Chinese national resident in China, as director and person with significant control, with ownership of shares and voting rights of 75% or more and the right to appoint or remove directors. In the KXTRA case, TFG appears on the payout side as the sender of a partial victim payout through a Danish IBAN / Banking Circle-type rail. That fits the confidence-payout pattern seen in investment fraud: return a controlled amount to maintain trust, then block larger withdrawals or demand additional payments. Working hypothesis: TFG Technology Ltd may have been connected to the same China-linked or Asia-linked crypto-payment infrastructure orbit that intersects with Klickl and the KXTRA fraud rail. Status: hypothesis only. FinTelegram does not yet have evidence proving a corporate or ownership link between TFG Technology Ltd and Klickl Europe. Conclusion Klickl Europe is not peripheral to the KXTRA case. Based on victim evidence reviewed by FinTelegram, it appears as the recipient of funds swept from OpenPayd victim-facing accounts. That places Klickl inside the money trail. Klickl markets itself as a regulated Web3 finance platform. But the Polish regulatory basis it discloses is a record-keeping VASP registration, not a banking-style licence or prudential authorisation. Poland’s own Ministry of Finance says the register cannot be equated with a licence and that virtual-currency activity is not supervised like mainstream financial institutions. If Klickl was merely abused by the KXTRA operators, it should prove it. It should disclose the customer, the ledger trail, the wallet destinations, the exchanges, the settlement partners, the suspicious-activity filings, and the termination actions. If Klickl cannot or will not explain where the money went, the suspicion deepens. KXTRA was the bait. OpenPayd was the intake pipe. Klickl appears to have been the gateway. That is why RatEx42 flags Klickl Red and DAREX D. Whistleblower Call FinTelegram invites victims, former employees, compliance officers, payment staff, crypto-exchange personnel, OpenPayd insiders, Klickl insiders, Banking Circle contacts, law-enforcement officials, and other knowledgeable sources to contact Whistle42. We are specifically looking for: OpenPayd Excel files Klickl account statements Klickl wallet addresses crypto transaction hashes KXTRA app screenshots WhatsApp chats onboarding files internal compliance emails DSAR responses Banking Circle / Danish IBAN documentation TFG Technology payout records any information on Michael Xu Zhao / Xu Zhao any information on Libo Wang any evidence linking Klickl, OpenPayd, TFG Technology, or KXTRA operators Share Information via Whistle42 Source Notes Klickl About page — describes Klickl as a Web3 finance platform, sets out services, and lists management/team members.https://www.klickl.com/about Klickl Regulatory Information — states Klickl Europe’s KRS number, RD WWW-930 registration and Polish virtual-asset activities.https://www.klickl.com/help/detail?id=569113099598475264609f Klickl Europe legacy page — lists the Warsaw office, KRS, Polish tax ID and RD WWW-930 activities.https://klickl.eu/about.html Polish Ministry of Finance Communication No. 77 — states that Polish virtual-currency register entry is record-keeping, not a licence or warranty, and that virtual-currency activity is not licensed/supervised like mainstream financial sectors.https://www.gov.pl/web/finance/communication-no-77-on-the-status-of-virtual-currency-operators UKNF MiCA transition position — explains the absence of a Polish CASP competent authority and transitional-period issues.https://www.knf.gov.pl/knf/pl/komponenty/img/Stanowisko_UKNF_-_nadzor_nad_krypto_96996.pdf SEC Form S-1, Crypto 1 Acquisition Corp — identifies Michael (Xu) Zhao and his IDCM / VGPay background.https://www.sec.gov/Archives/edgar/data/1870471/000110465921138253/tm2124028d3_s1.htm Companies House — TFG Technology Ltd officers — identifies Libo Wang and the section 1002A warning.https://find-and-update.company-information.service.gov.uk/company/16544033/officers Companies House — TFG Technology Ltd PSC — identifies Libo Wang as person with significant control.https://find-and-update.company-information.service.gov.uk/company/16544033/persons-with-significant-control

A Dutch legal-forensic initiative has pushed the illegal-casino debate into a new phase. ITFY Legal has served a detailed forensic cluster report, a Casino Monitor infrastructure report, and a follow-up addendum concerning the HolyLuck-linked casino network on casino operators, payment facilitators, regulators, government agencies and infrastructure providers. The reports draw on FinTelegram’s earlier investigative findings but go deeper into technical infrastructure analysis, mapping shared domains, Cloudflare accounts, origin IP blocks, payment descriptors and apparent staging environments. Based on FinTelegram’s initial review, the ITFY findings align with and materially expand our own reporting on the HolyLuck / Booms.bet / Lyntec / SENDS payment-rail environment. Key Findings Dutch initiative against illegal casino rails: ITFY Legal, based in the Netherlands, has prepared and circulated forensic reports concerning the HolyLuck Casino Network and connected operators. CRUKS player at the center: The reports concern a Dutch CRUKS-registered player who allegedly lost €18,280 across HolyLuck, Spinstar, Spindog, Millioner2 and InstantCasino. Cluster, not isolated casinos: ITFY alleges that the relevant casino brands form part of a broader operational cluster sharing infrastructure, legal operators, payment-presentation layers and mirror-domain architecture. FinTelegram findings confirmed and expanded: The ITFY report expressly cites FinTelegram’s earlier investigations into RevDuck, Sapphire Summit, Lyntec, SENDS/Smartflow and the HolyLuck payment rails, but adds a deeper forensic infrastructure layer. Payment providers and regulators on notice: The reports were circulated to casino operators, PSPs, regulators, public authorities, card/payment actors and infrastructure providers, including Cloudflare and Google-related channels. Post-service reaction: Within 24 hours after service of the first reports, ITFY observed changes in the cluster: several domains became unreachable, while the shared origin infrastructure allegedly remained stable and the observed domain footprint increased. Read our reports on HolyLuck A Dutch Forensic Initiative Enters The Illegal Casino Battle FinTelegram has received a set of reports and correspondence from ITFY Legal, a Dutch legal-forensic initiative, concerning what it calls the HolyLuck Casino Network and Connected Operators. The material was transmitted through the Whistle42 whistleblower channel and is directly relevant to FinTelegram’s ongoing investigations into illegal offshore casinos, merchant opacity and payment-rail abuse. The first package consisted of a full forensic cluster report and a Casino Monitor infrastructure report. A one-page addendum followed one day later. According to the ITFY report, the matter concerns a Dutch resident registered in the Central Register for Self-Exclusion of Players (CRUKS), who was allegedly able to deposit funds with several unlicensed offshore casinos despite being barred from participating in remote gambling offers directed at Dutch residents. The report states an aggregate restitution position of €18,280. This is not merely a private player complaint. It is a structured escalation package directed at casino operators, payment facilitators, supervisory authorities, public agencies and infrastructure providers. The HolyLuck Cluster Allegation The report identifies five principal casino operators in the client’s loss calculation: HolyLuck Casino, Spinstar Casino, Spindog Casino, Millioner2 Casino and InstantCasino. It also links them to a wider network of brands including Booms.bet, TrueLuck, Kokobet, IgoBet, Winorio, Mega.bet, Bino, Fano, Moko, Starzino, Rakebit, Spinorhino, Casho-app, Luckygem, Baloo, Betory, Dragobet, Zazibet, Winhero and PlayMegaWin. ITFY forensic report on HolyLuck In a per-casino analysis, the ITFY report details, for each player, how the events unfolded and what actions the player took. See also the screenshot regarding the analysis of HolyLuck (right). The core allegation of the report is simple but explosive: ITFY says the relevant casino brands should not be treated as independent operators, but as parts of a single operational cluster. This assessment aligns with that of FinTelegram regarding payment rails as well, where there are not only isolated payment facilitators but also networks of multi-layered payment rails that facilitate these illegal activities through these casino and domain networks. The alleged losses of the player repretended by ITFY are broken down as follows: OperatorAlleged DepositsHolyLuck Casino€10,035Spinstar Casino€2,855Spindog Casino€1,805Millioner2 Casino€1,780InstantCasino€1,805Total€18,280 The report states that the claims are based on bank-reconciled deposit records and player-account data. From FinTelegram Reporting To Deeper Forensic Mapping The ITFY report explicitly draws on FinTelegram’s earlier reporting. This is important. FinTelegram had already investigated elements of the HolyLuck / Booms.bet / RevDuck / Sapphire Summit / Lyntec / SENDS ecosystem, including the alleged use of UK-linked merchant fronts, payment descriptors and PSP routing layers. ITFY takes that reporting and adds a deeper technical layer. The report states that its findings are supported by forensic infrastructure analysis, KSA sanction records, UK Companies House records, industry sister-site databases, operator disclosures and FinTelegram’s investigative series. Based on FinTelegram’s initial review, the ITFY findings are broadly consistent with our own investigations and appear to build upon them. The ITFY material does not merely repeat prior allegations. It attempts to reconstruct the casino cluster technically — through domains, nameservers, origin IPs, MX records, TLS fingerprints, HTML hashes and payment-presentation layers. That is where the report becomes particularly powerful. The Methodology: Follow The Infrastructure The Casino Monitor report describes a forensic clustering methodology based on public sources such as Certificate Transparency logs, urlscan.io, Wayback Machine records and manual additions. For each reachable domain, ITFY records infrastructure fingerprints including nameservers, IP addresses, /24 hosting blocks, MX records, SSL certificate hashes and HTML-body hashes. Domains sharing identical values are grouped as clusters. The full ITFY report then identifies several key infrastructure signals: multiple Cloudflare nameserver pairs, allegedly indicating several separate Cloudflare accounts; convergence on the same origin infrastructure, especially the 82.139.216.0/24 block; shared or unusual MX configurations; HTML-template congruence at the payment-presentation layer; exposed developer or staging deployments; tracking and analytics domains linked to casino brands. One of the most striking findings is the claimed use of multiple Cloudflare account-level compartments that nevertheless converge on the same origin block. ITFY interprets this as deliberate compartmentalisation: separate front-end exposure, shared underlying infrastructure. The Casino Monitor report separately shows HolyLuck, TrueLuck, Booms.bet, Spinstar, Moko and other domains resolving into the same 82.139.216.0/24 environment. The Payment-Rail Dimension The report is not limited to casino domains. It also targets payment rails and merchant presentation. According to ITFY, the disputed flows involve or touch several payment actors and routes, including Visa, Klarna, Skrill/Paysafe, Mangopay, SaferSepa / AB Mano Bankas, MiFinity, Trustly/Brite, Worldpay, Mollie, and others. The report states that several payment-side investigations or disputes were opened and that some initial findings were favourable to the client. The Lyntec / GEMCEBR element is especially relevant to FinTelegram. The report identifies Lyntec Limited as a UK-linked card-processing front associated with the descriptor “GEMCEBR LONDON GBR” and refers to the alleged use of MCC 5816 / Digital Goods instead of the gambling MCC 7995. If confirmed, this would be classic transaction-laundering territory: gambling payments dressed up as digital-goods transactions. The Addendum: Did The Cluster React? The most dramatic element came one day later. On 9 May 2026, ITFY circulated an addendum stating that material changes had been observed in the cluster within 24 hours after service of the original report. The addendum says the shared 82.139.216.0/24 origin block had increased from 67 domains to 79 domains, while several domains became unreachable, including instantcasino.com, millioner.com, millioner2.com, clickholyluck.com, clickwinorio.com, boomstrackers.com and trackingbino.bet. ITYF interprets this as active operator-side rotation, not dissolution of the cluster. In other words: some front-end or tracking domains may disappear, but the infrastructure beneath them allegedly remains stable. That is a key finding. Illegal casino networks are not static websites. They are adaptive conversion machines. Domains change. Mirrors appear. Trackers go dark. Payment fronts rotate. But the infrastructure pattern may survive. The addendum also reports a newly identified development pipeline involving lottopark.work and whitelotto.work, with exposed subdomains such as admin, aff, api, casino, manager, mailhog and phpmyadmin, plus Polish DevOps terminology in path strings. ITFY describes this as operationally significant for Dutch and Polish authorities. FinTelegram’s Initial Position FinTelegram has not adopted every legal conclusion in the ITFY report. However, based on our initial review, the forensic material is serious, structured and highly relevant. It aligns with and expands upon several findings previously published by FinTelegram concerning HolyLuck, Booms.bet, Sapphire Summit, Lyntec, SENDS/Smartflow, RevDuck and related payment infrastructure. The addendum is particularly important because it suggests that the report may already be producing operational consequences. If casino domains, trackers or staging endpoints move shortly after legal notice, regulators and PSPs should pay attention. FinTelegram will continue reviewing the material and expects to publish follow-up reports on specific aspects of the ITFY dossier, including payment facilitators, merchant descriptors, Cloudflare and Google infrastructure, Dutch CRUKS implications, Polish-linked domains and the broader offshore casino ecosystem. Call For Information FinTelegram invites insiders, former employees, payment-service providers, acquiring banks, compliance officers, affected players and technical investigators to provide information about the HolyLuck Casino Network, Booms.bet, Spinstar, Spindog, Millioner2, InstantCasino, Lyntec Limited, SENDS/Smartflow, Mangopay, Skrill/Paysafe, Klarna, SaferSepa, Brite, Trustly, Cloudflare-hosted casino infrastructure, or related merchant descriptors. Information can be submitted securely through the Whistle42 whistleblower platform. Share Information via Whistle42

The crypto winter continues to freeze out industry giants. In its Q1 2026 earnings report, leading U.S. cryptocurrency exchange Coinbase revealed a staggering $394 million net loss, following a similar slump in the previous quarter. Amid crashing retail trading volumes, CEO Brian Armstrong has initiated a drastic 14% reduction in the workforce—axing approximately 700 employees—under the guise of an “AI-native” corporate restructuring. FinTelegram analyzes the disastrous quarter and the controversial technological shift. Key Findings Massive Earnings Miss: Coinbase reported Q1 2026 total revenue of $1.41 billion, down 21% quarter-over-quarter, falling short of Wall Street’s $1.56 billion expectation. Deepening Losses: The exchange suffered a net loss of $394 million, with Earnings Per Share (EPS) plunging to -$1.49, against an anticipated positive EPS of $0.29. Drastic Layoffs: Roughly 14% of the global workforce (about 700 employees) is being laid off as management trims the organizational hierarchy down to just five levels below the executive suite. The “AI Pivot”: CEO Brian Armstrong claims the cuts are part of a strategic transition toward “AI-native pods,” utilizing artificial intelligence to write code and automate workflows, effectively replacing traditional human developer and management roles. Restructuring Costs: The massive operational overhaul will cost the struggling exchange between $50 million and $60 million in severance, equity vesting, and termination benefits. Read our Coinbase reports here. CyberFinance Analysis: A Smokescreen for Survival? Coinbase’s Q1 2026 financial disclosure paints a grim picture of an exchange struggling to retain its footing amid broader macroeconomic headwinds and a cyclical crypto market slump. Trading volumes and overall crypto market capitalization both plummeted over 20% in the quarter. Retail transaction revenue bore the absolute brunt of the hit, declining 23% alongside waning consumer spot volumes, heavily impacting the bottom line despite the company logging its 13th consecutive quarter of positive adjusted EBITDA ($303 million). However, the financial hemorrhage is only half the story. The abrupt termination of 700 employees, framed as an inevitable evolution into an “AI-native” corporate structure, has raised immediate red flags among industry analysts. Armstrong’s narrative suggests that AI agents can now perform engineering tasks in days rather than weeks, and that 40% to 50% of daily code will soon be AI-generated, rendering a significant chunk of the workforce obsolete. While flattening the corporate hierarchy to eliminate pure management roles might reduce operational bloat, critics and market insiders argue the “AI pivot” is a highly convenient smokescreen for panic-driven cost-cutting. The critical question remains whether the transition to a heavily automated, lean model can adequately substitute human oversight, security auditing, and compliance in a heavily regulated and historically volatile financial sector. Summary of Q1 2026 Performance MetricQ1 2026 ResultAnalyst ExpectationQuarter-over-Quarter TrendTotal Revenue$1.41 Billion$1.56 BillionDown 21%Net Income / Loss-$394 MillionPositive Net IncomeContinuing LossesEPS (Earnings Per Share)-$1.49$0.29Missed by $1.78Workforce Reduction~700 Employees (14%)N/AN/ARestructuring Costs$50M – $60MN/AN/A Hypothesis: The Future of Coinbase and the Crypto Sector FinTelegram hypothesizes that Coinbase’s drastic operational pivot is a bellwether for the broader digital asset sector. The transition to an “AI-native” workforce is likely less about technological utopianism and more about sheer corporate survival. As regulatory pressures from the SEC mount and retail trading volumes stagnate, crypto exchanges will increasingly rely on automated workflows to aggressively slash overhead. If Coinbase’s AI integration succeeds in maintaining platform stability without human engineers, we expect a massive wave of AI-driven layoffs across rival exchanges (such as Binance, Kraken, and Gemini) as they mimic this hyper-automated structure. However, if the removal of human oversight leads to smart contract vulnerabilities, code degradation, or compliance failures, Coinbase risks catastrophic systemic breaches and the loss of its dominant U.S. market share. Armstrong is betting the house that AI can navigate the extreme complexities of Web3 infrastructure—a high-stakes gamble with zero margin for error. Call to Action: Whistleblowers Wanted Are you a current or former employee of Coinbase? Do you have internal documents regarding the recent layoffs, the true functional reality of the “AI-native” pods, or undisclosed financial/security risks? FinTelegram urges insiders to come forward. We provide a secure, anonymous platform for whistleblowers to expose corporate malfeasance, regulatory circumvention, and hidden systemic risks. Submit your information securely to our research team via our whistleblower portal and help us bring necessary transparency to the opaque crypto ecosystem. Share Information via Whistle42

The KXTRA / KKR Global Investment scheme was not merely another fake trading-app scam. Based on victim files reviewed by FinTelegram, it appears to have been a fraud operation with a professional payment rail behind it. The front end was familiar: Facebook bait, WhatsApp grooming, fake advisers, a slick app, and fabricated investment profits. The back end is more explosive: victims were pushed into OpenPayd-linked accounts that appeared to be held in their own names, while at least one OpenPayd-provided transaction file shows the money being swept immediately to Klickl Europe, a Polish crypto/on-ramp provider. On the payout side, a partial “withdrawal” allegedly came from TFG Technology Ltd, a short-lived UK company later dissolved after Companies House flagged incorporation information as misleading, false, or deceptive. This is not a story about “weak compliance.” This is a suspected fraud-facilitation rail. OpenPayd, Klickl Europe and TFG Technology were not names floating at the edge of the scam. Based on the evidence reviewed by FinTelegram, they appear inside the money trail. If you lost money through KXTRA, KKR Global Investment, OpenPayd accounts, Klickl Europe, TFG Technology, Thunes, Banking Circle, or related crypto-payment channels, contact FinTelegram via Whistle42. Your documents may help expose the operators behind the machine. 2-Minute Briefing The alleged KXTRA / KKR Global Investment scheme appears to have been a fraud operation dressed up as an investment app — and supported by identifiable payment rails. FinTelegram has reviewed victim files that point to the same disturbing architecture: victims were lured through social media and WhatsApp, shown fabricated investment profits in the KXTRA app, and instructed to transfer substantial funds into OpenPayd-linked accounts that appeared to be held in the victims’ own names. One victim file, reportedly provided by OpenPayd itself, shows incoming deposits being immediately swept onward to Klickl Europe Sp. z o.o., a Polish virtual-asset provider registered as a crypto/on-ramp operator. The critical finding is brutal: the money did not simply disappear into cyberspace. It moved through identifiable payment infrastructure. OpenPayd appears to have provided the victim-facing VIBAN collection layer.Klickl Europe appears to have received the swept victim funds as the primary-account beneficiary.TFG Technology Ltd appears on the payout side as the sender of at least one partial “withdrawal.” This is the payment architecture that made the fraud executable. A further layer emerges on the payout side. In one case, a partial “withdrawal” of approximately €17,000 was allegedly paid from TFG Technology Ltd, a short-lived UK company later dissolved after UK Companies House flagged incorporation information as misleading, false, or deceptive. This fits the classic confidence-payout pattern used in investment scams: return a controlled amount, maintain the illusion of legitimacy, and push the victim toward further deposits or fees. The emerging rail map is blunt: Victim → OpenPayd victim-named VIBAN → sweep to Klickl Europe → suspected crypto/on-ramp settlement layer → KXTRA operators TFG Technology → Danish payment account → partial victim payout The fake KXTRA app was the theatre. The payment rail was the machine. FinTelegram Finding Based on the victim files reviewed, KXTRA was the fraud interface — but OpenPayd, Klickl Europe and TFG Technology appear to have been part of the payment machinery that allowed the fraud to collect, move, convert, and partially recycle victim funds. If these entities were merely abused by criminals, they must now prove it with records: onboarding files, account-control data, wallet destinations, suspicious-transaction reports, termination records, and communications with law enforcement. Silence is no longer a neutral position. Key Findings 1. KXTRA Was The Fraud Front-End The victim files describe a familiar but highly effective fraud pattern: social-media targeting, WhatsApp grooming, fake investment advisers, a professional-looking app called KXTRA, and an alleged KKR Global Investment / KKR Globale Aktienstrategie narrative built around IPO and private-equity opportunities. Victims were shown fabricated profits and pressured into moving larger sums through payment infrastructure that appeared legitimate. The fraud did not rely only on persuasion. It relied on rails. 2. OpenPayd Was The Victim-Facing Collection Layer One criminal complaint states that the victim was instructed to transfer funds to an OpenPayd virtual IBAN that appeared to be in the victim’s own name. The complaint lists four payments to OpenPayd Financial Service Malta totaling €100,500 and identifies OpenPayd Malta and Klickl Europe, Warsaw, Poland, as involved payment service providers. This makes OpenPayd central to the collection side of the alleged fraud. The relevant question is no longer only whether OpenPayd had adequate AML procedures. The question is why its infrastructure was available as the victim-facing intake layer for a fraud scheme. 3. Victim-Named Accounts Created A False Sense Of Safety The use of victim-named OpenPayd accounts or virtual IBANs is not a minor technicality. It is a critical element of the fraud psychology. To the victim, the payment looked safer because the account appeared to be in their own name. But the evidence suggests that these accounts functioned as collection sub-accounts rather than real investment accounts controlled by the victims. That is how a fake investment story becomes financially credible: the victim sees their own name, trusts the account, and sends more money. 4. OpenPayd’s Own File Allegedly Shows The Sweep To Klickl Europe A second victim file, reportedly provided by OpenPayd, appears to reveal the internal mechanics. Incoming payments into a victim-named OpenPayd account were followed immediately by matching outgoing transfers to: KLICKL EUROPE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ The transaction description reportedly states: “Transfer to Klickl Europe – EUR/Sepa” The transaction reference reportedly states: “Sweep to Primary Account” That phrase is explosive. It suggests that Klickl Europe was the primary-account beneficiary behind the victim-facing OpenPayd collection structure. In plain language: the victim-facing account was the intake point. Klickl Europe was the apparent receiver. 5. Klickl Europe Was Not A Random Receiver — It Is A Polish Crypto-On-Ramp Klickl Europe is not an ordinary commercial payee. It is registered in Poland as a virtual-asset business and appears to operate as a fiat/crypto exchange, brokerage, and account-maintenance provider. That makes its role highly material. The victim funds were not merely forwarded to some passive company. They were allegedly swept to a crypto/on-ramp provider. That raises a direct question: were the funds converted, transferred to wallets, settled to exchanges, or routed to the real KXTRA operators? Klickl Europe should know. 6. OpenPayd → Klickl Europe Looks Like A Structured Fraud Rail The victim files point to the same payment architecture: OpenPayd provided the victim-facing VIBAN/sub-account layer.Klickl Europe received the swept funds as the apparent primary-account recipient. This is not random payment noise. It is a structured rail. The central question for OpenPayd is whether it onboarded Klickl Europe as the master-account customer — and whether it understood that large retail “investment” deposits were flowing through victim-named accounts and being swept into a Polish crypto-services provider. The central question for Klickl Europe is even simpler: Who was the real customer behind the KXTRA money? 7. TFG Technology Appears On The Payout Side The criminal complaint states that one victim received only partial withdrawals, including approximately €17,000 from TFG Technology Ltd via a Danish IBAN, while the full withdrawal was blocked. This fits the classic confidence-payout pattern: send back a controlled amount to preserve the illusion of a real investment platform. Fraudsters know that one partial payout can unlock much larger victim deposits. It tells the victim: “The system works.” It buys time. It deepens trust. It delays suspicion. In this case, TFG Technology appears to have played that role. 8. TFG Technology Was A Short-Lived UK Entity With Severe Registry Red Flags TFG Technology Ltd appears to have been incorporated shortly before the relevant payment events and later dissolved after UK Companies House flagged incorporation information as misleading, false, or deceptive. In the context of the alleged KXTRA fraud, this makes TFG Technology look less like a legitimate investment counterparty and more like a high-risk payout vehicle. A short-lived UK company.A Danish payment account.A partial withdrawal to a fraud victim.A registry warning about false or deceptive incorporation information. That is not normal commercial activity. That is a red-flag cluster. 9. Klickl Europe Should Know Where The Money Went Next If Klickl Europe received the swept victim deposits, it should know the next destination: exchange accounts, wallets, merchants, counterparties, settlement partners, or internal ledgers. Unless Klickl Europe itself operated the KXTRA scheme, it should be able to identify who stood behind the transactions. Silence from Klickl would be a major compliance, governance, and potential criminal-facilitation red flag. The question is no longer vague: Who instructed Klickl Europe to receive the victim funds, and where did Klickl send them next? 10. This Was Not A Compliance Gap — It Was A Fraud Rail KXTRA appears to have been a fraud. Once that is established, the role of OpenPayd, Klickl Europe and TFG Technology cannot be reduced to soft language about “AML weaknesses” or “compliance gaps.” The evidence suggests that these entities formed part of the financial infrastructure that allowed the fraud to collect victim money, sweep it to a crypto/on-ramp layer, and pay back controlled amounts to preserve the illusion of legitimacy. The real question is not whether compliance was imperfect. The real question is whether the payment participants knowingly, recklessly, or blindly enabled a scam payment network. KXTRA / KKR Scam — Payment Rail & Entity Map LayerEntity / IndividualJurisdiction / StatusApparent Role In The RailEvidence / InterpretationFraud Front-EndKXTRA AppApp presented to victims; linked in complaint to “Sales House Hendrix Bail, SRL,” MoldovaFake investment interface showing alleged IPO/private-equity profitsVictims were instructed to use KXTRA to follow the alleged investment strategy. The app allegedly showed fabricated gains.Fraud Narrative“KKR Global Investment” / “KKR Globale Aktienstrategie”Alleged brand/name used by fraudstersFalse investment story used to create credibilityVictims were told they were participating in IPO/private-equity opportunities under a KKR-branded narrative.Victim Acquisition“Julia Hoffmann,” “Till van Dorp,” and other alleged advisersUnknown / likely aliasesWhatsApp grooming, investment instructions, withdrawal obstructionComplaint identifies these names as contacts used in the scam approach.Collection InfrastructureOpenPayd Financial Service Malta / OpenPayd MaltaOpenPayd.comMalta; regulated payment institution / EMI-type payment infrastructureVictim-facing VIBAN / account layer used to receive depositsComplaint lists four transfers totaling €100,500 to OpenPayd Malta and describes the account as a virtual IBAN appearing in the victim’s own name.Primary Sweep RecipientKlickl Europe Sp. z o.o.Klickl.comPoland; registered virtual-asset business / on-ramp providerApparent primary-account beneficiary receiving swept victim funds from OpenPaydOpenPayd-provided Excel reportedly shows incoming victim payments immediately followed by “Transfer to Klickl Europe – EUR/Sepa” with reference “Sweep to Primary Account.” The criminal complaint also names Klickl Europe in the payment structure.Klickl Control PersonMichael Xu Zhao / Xu ZhaoPublic Klickl CEO identity; Polish register UBO/directorIdentified control person behind Klickl EuropePolish register data identifies Xu Zhao as UBO/director/shareholder of Klickl Europe; public sources identify the Klickl founder/CEO as Michael Xu Zhao.Crypto / On-Ramp LayerKlickl Group / Klickl EuropePoland / broader Klickl crypto-payment groupSuspected fiat-to-crypto conversion, wallet, settlement or onward-routing layerKlickl Europe’s VASP/on-ramp profile fits the role suggested by the payment files: victim fiat funds swept from OpenPayd into a crypto-services provider.Confidence Payout LayerTFG Technology LtdUnited Kingdom; short-lived/dissolved companyAlleged partial payout vehicleComplaint states that a partial withdrawal of about €17,000 was received from TFG Technology Ltd via Danish IBAN DK8789000058970017.TFG Control PersonLibo WangChinese national / UK company director according to Companies House researchFounder/director/controller of TFG Technology LtdRelevant because TFG appears as payout sender and was reportedly dissolved after Companies House flagged false/misleading/deceptive incorporation information.Payout Banking InfrastructureBanking Circle Denmark / Danish IBAN railDenmarkAccount/payment rail used for partial payout from TFG TechnologyThe Danish IBAN used by TFG suggests a Banking Circle-type payment infrastructure layer. Needs direct confirmation from Banking Circle or account records.Regulatory ChokepointMFSA / MaltaMalta regulatorRelevant regulator for OpenPayd MaltaOpenPayd’s role as a regulated payment institution makes the victim-fund collection and Klickl sweep pattern a regulatory and potential law-enforcement issue.Regulatory ChokepointPolish VASP Register / Polish authoritiesPolandRelevant authority for Klickl EuropeKlickl Europe’s apparent role as primary sweep recipient and crypto/on-ramp provider raises AML, fraud-facilitation and VASP-supervision questions. Read our OpenPayd reports here. Beyond Compliance: Who Enabled The Fraud? KXTRA was not a difficult case to understand. It was not a licensed broker.It was not a legitimate investment platform.It was not a normal merchant. It was a fraud interface. That changes everything. The question for OpenPayd, Klickl Europe and TFG Technology is not whether their compliance manuals looked acceptable on paper. The question is whether their accounts, VIBANs, sweeps, on-ramp services and payout channels enabled a fraud to operate at scale. Victim money entered through OpenPayd. It was allegedly swept to Klickl Europe. A partial payout allegedly came back through TFG Technology. That is not a random compliance mishap. That is a functioning fraud rail. The possible criminal-law questions are obvious: Did any payment participant know, suspect, or consciously ignore that KXTRA was fraudulent? Who controlled the accounts receiving victim funds? Who gave the instructions for the sweeps to Klickl Europe? Who instructed or funded the TFG Technology payout? Were the funds converted into crypto, moved to wallets, or settled to the real KXTRA operators? Did any regulated or semi-regulated actor profit from the flow? Were suspicious activity reports filed, or were the transactions allowed to continue despite obvious red flags? If OpenPayd and Klickl Europe were merely abused by fraudsters, they should be able to explain the account structure, customer relationships, transaction monitoring, downstream beneficiaries, and termination actions. If they cannot, the issue becomes much more serious than weak compliance. It becomes suspected fraud facilitation. Conclusion KXTRA was the bait. The payment rail was the weapon. Victims were not merely deceived by fake app screens and WhatsApp manipulators. They were pushed into a financial pipeline that gave the scam credibility, scale and operational power: OpenPayd accounts for collection, Klickl Europe as the apparent sweep recipient and crypto/on-ramp layer, and TFG Technology as the suspected confidence-payout vehicle. This is not a paperwork story. It is not a soft AML story. It is a suspected cross-border fraud-facilitation case. OpenPayd must explain why its regulated infrastructure became the victim-facing collection layer. Klickl Europe must explain why victim funds were swept into its primary account and where the money went next. TFG Technology’s role as a payout vehicle must be investigated. Regulators in Malta, Poland, Denmark and the United Kingdom should treat this as a payment-enabled fraud case, not as a clerical compliance failure. The question is no longer whether KXTRA was a scam. The question is who enabled it. Who opened the accounts?Who controlled the VIBANs?Who ordered the sweeps?Who converted the funds?Who funded the payouts?Who profited from the victims’ losses? If OpenPayd, Klickl Europe and TFG Technology were merely abused by criminals, they should disclose the records and help identify the operators. If they cannot or will not, the suspicion deepens. The fake KXTRA app was the theatre. The real crime scene is the rail map. FinTelegram will follow it. Share Information FinTelegram calls on all victims, whistleblowers, compliance insiders, payment employees, crypto-exchange staff, former Klickl or OpenPayd personnel, and law-enforcement contacts to come forward. We are looking for: OpenPayd account statements Klickl Europe payment references KXTRA app screenshots WhatsApp chats TFG Technology payouts Thunes transactions Banking Circle IBANs Crypto wallet addresses DSAR responses Onboarding documents Internal compliance communications If you have information about KXTRA, OpenPayd, Klickl Europe, TFG Technology, Banking Circle, Thunes, or related payment and crypto rails, contact FinTelegram via Whistle42. This case is no longer only about one fake app. It is about the payment infrastructure behind the fraud. Share Information via Whistle42

Passpoint markets itself as a financial orchestration platform for Africa, Europe, and G20 payment corridors. But FinTelegram’s Betify review found something far more problematic: Passpoint Sp. z o.o., its Polish entity, appeared as the named payee in an open-banking/bank-transfer rail used to fund Betify, an offshore casino accessible from EU jurisdictions. This is not a passive API footprint. A payee is the payment-facing recipient. Unless Passpoint can show a proper regulated basis, the arrangement raises serious concerns of unlicensed payment agency, merchant masking, and transaction-laundering risk. Executive Summary Passpoint operates under the domain mypasspoint.com and presents itself as a financial orchestration platform connecting businesses to payment, compliance, FX, liquidity, and settlement infrastructure across Africa, Europe, and G20 markets. Its own website says Passpoint is “not a payments company” but an orchestration layer between businesses and global finance, while its terms describe Passpoint Technologies Inc. as a global payment infrastructure provider connecting businesses to multiple pay-in and payout methods through a single API. That positioning must now be assessed against the facts found in FinTelegram’s May 2026 Betify review. In the reviewed bank-transfer/open-banking flow, the payment route was: Betify Cashier → InstantBankPayment → Yapily Connect UAB → Revolut / Wise → Passpoint Sp. z o.o. Read our latest Betify review here. The critical point is that Passpoint Sp. z o.o. appeared as the payee. That is not a minor technical trace. In an account-to-account or open-banking payment, the payee is the entity presented to the payer and the banking/payment chain as the recipient of funds. If Passpoint is the payee in a casino deposit flow, then Passpoint is not merely “somewhere in the stack.” It is the payment-facing entity in the transaction. The Polish entity is not a remote or unrelated company. Public Polish company data identifies Passpoint Sp. z o.o. under KRS 0001139121, NIP 8762513363, and REGON 540221384. Public registry data links the entity to Kelechi Chidiebube Uchegbulem, Adejuwon Samuel Oyebanjo, and Chinedu Bendeict Ojiteli. Passpoint’s own public narrative emphasizes compliance, governance, and control. In a May 2026 TechCabal publication, CEO Kelechi Uchegbulem stated that the payment-infrastructure challenge is not merely moving money, but “governing it,” including routing, compliance across jurisdictions, FX exposure, and predictable settlement. Key Findings Passpoint appeared as the payee in Betify’s EU-facing payment rail. In FinTelegram’s May 2026 Betify review, Passpoint Sp. z o.o. was shown as the payee in the bank-transfer/open-banking flow. This makes Passpoint payment-facing in the transaction, not a passive infrastructure vendor. The reviewed rail connected Betify to regulated open-banking infrastructure. The flow ran through InstantBankPayment, presented Yapily Connect terms, routed toward Revolut/Wise-style bank access, and then showed Passpoint Sp. z o.o. as payee. A payee role implies onboarding and settlement relevance. If Passpoint is the payee, it must have been introduced into the payment chain, must have a contractual or operational role, and must be able to explain who onboarded the underlying merchant, who controls settlement, and who receives the funds after Passpoint. Passpoint Sp. z o.o. is not a licensed EU payment institution. Publicly available company records identify it as a Polish limited liability company with financial-services-related business classification and minimal share capital. That is not the same as authorization to act as a payment institution, acquiring entity, payment agent, or merchant-of-record layer for third-party gambling operators. The Polish entity is controlled by the Passpoint team. Public Polish company data links the entity to Kelechi Uchegbulem, Adejuwon Oyebanjo, and Chinedu Ojiteli, with registry data showing Oyebanjo and Uchegbulem as shareholders and Uchegbulem/Ojiteli as representatives. Passpoint’s public positioning increases, not reduces, its compliance responsibility. Passpoint markets itself as a financial orchestration layer that unifies payments, compliance, liquidity, and settlement across Africa, Europe, and G20 markets. Passpoint’s disclaimer does not solve the issue. Its terms say it does not assume liability for the legality or quality of goods or services paid for using its infrastructure. That may be a platform disclaimer, but it does not neutralize AML, merchant-screening, licensing, payment-purpose, or gambling-risk obligations where Passpoint appears as the payment-facing payee. The Betify finding suggests merchant masking. The player is funding Betify, but the payee shown in the payment rail is Passpoint Sp. z o.o. That mismatch is a central red flag in payment-rail investigations. The compliance risk is very high. Unless Passpoint can demonstrate a lawful regulated basis, transparent merchant-of-record structure, and proper gambling-merchant onboarding, the arrangement raises concerns of unlicensed payment intermediation, merchant masking, and transaction-laundering risk. Key Data Table: Passpoint FieldDataBrandPasspointMain domainmypasspoint.comSocial Media LinkedInPublic positioningFinancial orchestration layer for Africa, Europe, and G20 marketsNamed contracting entity in termsPasspoint Technologies Inc.Claimed functionUnified API for pay-ins, payouts, compliance, FX, liquidity, and settlementDelaware entity referenced by profilePasspoint Technologies Inc., Delaware / United StatesPolish entityPasspoint Sp. z o.o. (registered Nov 2024)Polish KRS / NIP / REGON0001139121 / 8762513363 /540221384Registry-linked personsAdejuwon Oyebanjo (LinkedIn) and Kelechi Uchegbulem (LinkedIn)Observed casino railBetify → InstantBankPayment → Yapily Connect UAB → Revolut / Wise → Passpoint Sp. z o.o.Observed role in Betify railNamed payeeLicense issueNo evidence identified that Passpoint Sp. z o.o. is authorized as an EU payment institution or payment agent for third-party casino collection Compliance Analysis 1. Passpoint’s payee role is active, not incidental The decisive fact is simple: Passpoint Sp. z o.o. appeared as payee. That changes the legal and compliance assessment. A payee in a bank-transfer or open-banking flow is not a background vendor, analytics provider, or invisible API component. The payee is the entity presented to the payer and the payment chain as the recipient. Therefore, the question is not merely whether Passpoint had technical exposure to Betify. The question is: Why was Passpoint Sp. z o.o. presented as the payee for a Betify casino deposit? That role strongly indicates that Passpoint’s Polish entity was being used as a payment-facing entity, payment agent, merchant-of-record proxy, or settlement intermediary. 2. The licensing issue is central Passpoint Sp. z o.o. is a Polish limited liability company. Public records show a recent registration, minimal share capital, and financial-services-related activity classification. Public records do not establish that the company is licensed as a payment institution, electronic money institution, acquiring institution, or authorized payment agent. If Passpoint collects or appears to collect funds for third-party merchants, especially high-risk merchants such as offshore casinos, it must have a lawful regulatory basis. If it does not, the arrangement may amount to unlicensed payment intermediation. In a gambling context, the issue becomes more serious. Payment providers cannot simply insert a corporate payee between the player and the gambling operator and claim to be a neutral orchestration layer. The onboarding, licensing, merchant-risk, and settlement responsibilities do not disappear because the flow is routed through an API. 3. Merchant masking and transaction-laundering risk In the Betify flow, the economic purpose was funding a casino account. But the visible payee was Passpoint Sp. z o.o., not Betify, not Fortuna Games N.V., and not Deltaprime Limited. That mismatch is a classic Rail Atlas red flag. It can obscure the true merchant from the player’s bank, the open-banking provider, the payer, and potentially downstream monitoring systems. In plain terms: if the customer is funding Betify but the bank sees Passpoint, the transaction chain is masking the gambling merchant. This is exactly the sort of structure that regulators, banks, and payment institutions should examine for transaction-laundering risk. 4. Passpoint’s own claims create a higher standard Passpoint does not describe itself as a minor local reseller. It describes itself as a financial orchestration layer that unifies payments, compliance, liquidity, and settlement. Its public website says it provides access to pay-ins, payouts, acquiring, unified APIs, and compliance infrastructure. Its TechCabal announcement emphasizes governance, routing, compliance, FX exposure, and settlement control. That makes the Betify finding more damaging, not less. A platform that claims to govern cross-border payment flows cannot plausibly treat the identity of the underlying merchant and the legality of the payment purpose as irrelevant. If Passpoint’s Polish entity is the named payee, then Passpoint must explain the onboarding file, merchant category, settlement chain, and risk assessment. 5. Disclaimers do not override payment obligations Passpoint’s terms include a disclaimer that it does not control or assume liability for the legality or quality of goods or services paid for through its infrastructure. That clause may protect Passpoint in ordinary contractual disputes, but it does not answer the compliance question. A payment infrastructure provider that facilitates pay-ins and payouts cannot contract out of AML screening, sanctions controls, merchant due diligence, licensing analysis, or high-risk vertical monitoring. For gambling-related flows, the obligation is even clearer: processors and payment facilitators must know whether they are servicing an authorized gambling merchant, an unauthorized offshore casino, or an intermediary disguising the true gambling beneficiary. The Betify Rail: Why It Matters FinTelegram’s May 2026 Betify review identified the following bank-transfer/open-banking rail: Betify Cashier → InstantBankPayment → Yapily Connect UAB → Revolut / Wise → Passpoint Sp. z o.o. This rail creates at least five compliance questions: Who onboarded Betify or the Betify-related merchant? Who decided that Passpoint Sp. z o.o. would appear as payee? What legal basis allows Passpoint Sp. z o.o. to act as the payment-facing recipient? Who receives the funds after Passpoint? Did Yapily, Revolut, Wise, or any banking partner know the payment purpose was offshore casino funding? Until these questions are answered, Passpoint should be treated as a high-risk payment-rail entity. Conclusion Passpoint’s appearance in the Betify payment rail is not a harmless technical artifact. It is a serious compliance finding. If Passpoint Sp. z o.o. is shown as payee, then Passpoint is the payment-facing recipient in a casino deposit transaction. That creates an immediate duty to explain the legal basis, licensing status, merchant onboarding, settlement path, and risk controls. The central issue is no longer whether Passpoint is an African fintech with a Delaware parent and a Polish subsidiary. The issue is whether its Polish company is being used to collect or route EU player funds for an offshore casino without the necessary payment authorization and without transparent merchant disclosure. Until Passpoint provides a convincing explanation, FinTelegram classifies Passpoint as a Very High Risk Rail Atlas Watchlist entity. Whistleblower Request FinTelegram invites players, bank employees, PSP insiders, open-banking professionals, former Passpoint staff, casino-payment insiders, and compliance officers to provide information about: Passpoint Technologies Inc., Passpoint Sp. z o.o., Kelechi Uchegbulem, Adejuwon Oyebanjo, Chinedu Bendeict Ojiteli, Betify, Fortuna Games N.V., Deltaprime Limited, InstantBankPayment, Yapily Connect UAB, Revolut, Wise, and related settlement accounts, merchant agreements, wallet addresses, and onboarding files. Information can be submitted confidentially through Whistle42. Share Information via Whistle42

FinTelegram’s May 2026 review of Betify shows a materially reconfigured payment architecture compared with the August 2024 review. The visible corporate wrapper has changed from Altacore N.V. / Altaprime Limited to Fortuna Games N.V. / Deltaprime Limited, but the underlying risk pattern remains: EU players can apparently access and fund an offshore casino through layered payment rails involving open banking, wallets, crypto purchase flows, Binance Pay, card gateways, voucher payments, and third-party payees that obscure the true gambling beneficiary. Key Findings Betify’s visible corporate setup has changed. In August 2024, Betify was linked to Altacore N.V. in Curaçao and Altaprime Limited in Cyprus. In the May 2026 review, Betify names Fortuna Games N.V. as operator and Deltaprime Limited in Cyprus as EEA representative/payment-facing entity. The jurisdictional model remains substantially the same. Despite the name change, the structure still follows the familiar pattern of a Curaçao offshore casino with a Cyprus-based EU-facing layer. EU access and deposit initiation remained possible. During the May 6, 2026 review, registration and simulated deposit flows were accessible from EU jurisdictions, despite no evidence that Betify holds the required gambling licenses in those jurisdictions. The bank-transfer rail exposed an open banking chokepoint. Betify routed users through checkout.instantbankpayment.com, where players were shown a bank-selection interface and Yapily Connect terms. Yapily Connect UAB appeared inside the open banking flow. The Revolut authorization screen stated that the player was authorizing Yapily Connect UAB, a regulated Lithuanian payment institution. This raises questions about Yapily’s onboarding, merchant-screening, and payment-purpose controls. Passpoint Sp. z o.o. appeared as the payee in the Revolut/Wise bank-transfer flow. The visible payee was not Betify, Fortuna Games N.V., or Deltaprime Limited, but the Polish company Passpoint Sp. z o.o., creating a clear merchant-of-record and payee-opacity issue. The screenshots do not prove that Yapily controls InstantBankPayment. They confirm that Yapily terms and authorization appeared in the flow, but ownership or control of checkout.instantbankpayment.com remains unverified and requires clarification. MiFinity deposits showed Buscarar LLC as recipient. The MiFinity rail did not display Betify or Fortuna/Deltaprime as recipient, but Buscarar LLC, adding another opaque third-party payee layer. Skrill and Neteller rails operated as fake-FIAT crypto flows. The player selected familiar wallet methods but was routed through Nylo, where the transaction was framed as buying crypto and sending it to a specified address. Nylo acted as a crypto-purchase intermediary. The Nylo screen showed an exchange order and required confirmation that the user agreed to buy crypto and send it onward. The origin of the crypto, the destination wallet owner, and the final beneficiary were not disclosed on the reviewed screen. No evidence currently confirms ChainValley’s role in the Betify/Nylo flow. ChainValley has appeared in similar Skrill/Neteller fake-FIAT casino flows in other reviews, but its involvement in this specific Betify rail is not confirmed. The eps rail powered by Skrill showed Deskimopay as recipient. The local bank-transfer rail did not identify the gambling operator as recipient, but instead displayed Deskimopay. The Visa/card rail used a layered routing chain. The observed route was: Betify → checkout.processingpsp.co → tx.segopay.com → api.axipays.com → Skrill. The card test showed “BLUETECH GBP” as recipient/descriptor. This creates a descriptor-opacity concern and raises questions about the merchant of record, acquirer, and transaction coding. Binance Pay was routed through CryptonBTC. The Binance Pay option used pay2.cryptonbtc.com before redirecting to Binance Pay, adding another opaque crypto-gateway layer. Flexepin was also available as a deposit method. The presence of voucher/prepaid-style funding adds a cash-like deposit option to the payment stack. The overall payment architecture is fragmented and opaque. The May 2026 setup involves open banking, wallets, fake-FIAT crypto flows, card gateways, Binance Pay, and voucher payments, with multiple third-party payees appearing instead of the gambling operator. The central compliance issue is merchant-of-record opacity. Across several rails, the visible recipient differs from the gambling brand and named operator, suggesting that the payment architecture separates the casino-facing experience from the payment-facing merchant identity. The strongest regulatory chokepoints are the payment providers, not only the offshore casino. The relevant supervisory focus should include Yapily, Revolut/Wise endpoints, MiFinity, Skrill/Neteller/Paysafe, Binance Pay, Axipays, SegoPay, card acquirers, and the third-party payees. The May 2026 review does not show remediation compared with August 2024. It shows a broader and more complex rail architecture, with more intermediaries, more third-party payees, and more crypto-conversion elements. Read our initial Betify review here. Evidence Grading FindingEvidence gradeBasisBetify accessible via betify2.so and deposits could be initiated from EU jurisdictionsConfirmedFinTelegram simulated review and screenshotsCurrent Betify setup names Fortuna Games N.V. and Deltaprime LimitedConfirmedBetify FAQ and company-data referencesPrevious setup identified Altacore N.V. and Altaprime LimitedConfirmedFinTelegram August 2024 review and RatEx42 profileInstantBankPayment rail presented Yapily Connect termsConfirmedFinTelegram screenshotsYapily Connect UAB is regulated by Bank of Lithuania under LB002045ConfirmedBank of Lithuania / Yapily disclosuresYapily controls or operates checkout.instantbankpayment.comUnknown / Requires clarificationScreenshots show Yapily terms, but do not prove control or ownership of the gatewayPasspoint Sp. z o.o. appeared as payee in Revolut/Wise bank-transfer flowConfirmed by screenshot; registry corroboratedFinTelegram screenshots plus Polish company dataNylo was used as intermediary for Skrill/Neteller crypto-purchase flowConfirmedFinTelegram screenshotsNylo markets itself as a payment gatewayConfirmedNylo public websiteChainValley is behind Nylo in this specific Betify flowUnknownPattern seen in other reviews, but not confirmed hereBuscarar LLC appeared as MiFinity recipientConfirmed by screenshotFinTelegram screenshotsDeskimopay appeared as eps/Skrill recipientConfirmed by screenshotFinTelegram screenshotsBLUETECH GBP appeared as card recipient/descriptorConfirmed by screenshot/test paymentFinTelegram simulated paymentAxipays appears in the card routing chainConfirmed by screenshot; public PSP role corroboratedFinTelegram screenshots plus Axipays public websiteCryptonBTC routed Binance Pay flowConfirmed by screenshot; public page opaqueFinTelegram screenshot; search result shows no public information for pay2.cryptonbtc.com Then vs Now: Betify Review Comparison AreaAugust 2024 ReviewMay 2026 ReviewCompliance interpretationOperatorAltacore N.V., CuraçaoFortuna Games N.V., CuraçaoCorporate wrapper changed; offshore model remainsEU/Cyprus layerAltaprime LimitedDeltaprime LimitedCyprus-facing payment/representative layer persistsDomain patternBetify and related/mirror domainsbetify2.so used in reviewDomain-shifting remains relevantCore issueUnauthorized offshore casino access and open banking exposureOpen banking, wallets, fake-FIAT crypto, Binance Pay, card routing, voucher railsPayment architecture became broader and more fragmentedMain compliance concernEU access through offshore casino and payment facilitatorsThird-party payees, regulated chokepoints, fake-FIAT conversion, descriptor opacityRisk increased in complexityKey regulated chokepointsOpen banking/payment providersYapily, Revolut/Wise endpoints, MiFinity, Skrill/Neteller/Paysafe, Binance Pay, card processorsSupervisory focus should shift to payment rails FinTelegram’s August 2024 review described Betify as part of the Altacore/Altaprime structure and highlighted open banking concerns. The May 2026 review does not show a clean remediation of that issue. Instead, it shows a broader payment stack with more intermediaries, more third-party payees, and more crypto-conversion logic. Summary Table: Betify and Payment-Rail Entities CategoryEntity / DomainRole observedJurisdiction / statusEvidence gradeCompliance relevanceCasino brandBetify / betify2.soOffshore casino interface accessed in reviewPublic site names Curaçao operatorConfirmedMain gambling destinationCurrent operatorFortuna Games N.V.Named operatorCuraçaoConfirmedOffshore gambling operatorCurrent Cyprus layerDeltaprime LimitedEEA representative of Fortuna Games N.V.Cyprus, HE 444864ConfirmedEU-facing corporate layerPrevious operatorAltacore N.V.Operator identified in 2024CuraçaoConfirmedReplaced visible operatorPrevious Cyprus layerAltaprime LimitedPayment agent/payment processor identified in 2024CyprusConfirmedReplaced visible Cyprus layerOpen banking gatewaycheckout.instantbankpayment.comBank-selection and payment interfaceOperator unknownConfirmed by screenshotAnonymous gateway / control unclearRegulated open banking providerYapily;Yapily Connect UABTerms shown; Revolut authorization flowLithuania, LB002045ConfirmedRegulated chokepointBank endpointRevolut OBAAuthorization page for Yapily Connect UABRevolut interfaceConfirmed by screenshotBank-access endpointBank endpointWisePayee flow reportedly also showed PasspointWise interfaceConfirmed by reviewAlternative A2A endpointBank-transfer payeePasspoint Sp. z o.o.(LinkedIn)Payee in Revolut/Wise flowPoland, KRS 0001139121Confirmed/corroboratedThird-party payee riskWallet providerMiFinityDeposit railGlobal wallet providerConfirmed by screenshotWallet funding railMiFinity payeeBuscarar LLCRecipient shown in MiFinity flowNot verifiedConfirmed by screenshotPayee opacityCrypto-purchase interfaceNylo / Nylo LLCapp.nylo.proBuy-crypto-and-send flowPublic website markets payment gatewayConfirmedFake-FIAT crypto railWallet providerNeteller /SkrilUsed to complete Nylo crypto purchasePaysafe brandConfirmedWallet-to-crypto routeeps payeeDeskimopayRecipient in eps/Skrill flowNot verifiedConfirmed by screenshotOpaque local-method recipientCard gatewaycheckout.processingpsp.coCard payment pageUnknownConfirmed by screenshotAnonymous card gatewayCard-routing layerSegoPay / tx.segopay.comIntermediate redirectNot fully verifiedConfirmed by screenshotRouting layerProcessor/API layerAxipays / api.axipays.comIntermediate API domainPublic site describes PSP servicesConfirmed/corroboratedProcessor exposureCard descriptorBLUETECH GBPRecipient/descriptor in card testNot verifiedConfirmed by testDescriptor opacityCrypto gatewayCryptonBTC / pay2.cryptonbtc.comBinance Pay routing domainPublic info unavailableConfirmed by screenshotCrypto-gateway opacityCrypto payment methodBinance PayFinal crypto-payment interfaceBinance ecosystemConfirmedCrypto-payment railVoucher methodFlexepinAvailable deposit optionVoucher/prepaid railConfirmed by cashierCash-like funding risk Core Finding 1: The Corporate Wrapper Changed, the Jurisdictional Model Did Not The visible corporate setup changed materially between August 2024 and May 2026. In 2024, Betify was linked to Altacore N.V. in Curaçao and Altaprime Limited in Cyprus. In 2026, Betify names Fortuna Games N.V. and Deltaprime Limited. The jurisdictions, however, remain functionally similar: Curaçao as offshore gambling base and Cyprus as the EU-facing corporate or payment-facing layer. This should not be interpreted as a compliance upgrade without further evidence. A change of operator/payment-agent names does not resolve the central issue if EU players can still register, deposit, and fund gambling accounts through payment infrastructure that does not transparently identify the true gambling merchant. Compliance assessment: the corporate change should be treated as a risk event requiring enhanced due diligence. Payment providers should verify whether the migration from Altacore/Altaprime to Fortuna/Deltaprime reflects a genuine licensing, ownership, and control change, or merely a re-papering of the same gambling and payment infrastructure. Core Finding 2: Open Banking Rail — InstantBankPayment, Yapily, Revolut/Wise, and Passpoint The bank-transfer rail led to checkout.instantbankpayment.com, where the user was shown a bank-selection interface. In the reviewed flow, the user was then routed toward Revolut. The Revolut page stated that the user was signing in to authorize Yapily Connect UAB. The InstantBankPayment screen also presented Yapily Connect terms. Read our reports on Yapily here. Yapily Connect UAB is a regulated Lithuanian payment institution supervised by the Bank of Lithuania under authorization number LB002045. Yapily’s own materials state that Yapily Connect UAB is incorporated in Lithuania and regulated by the Bank of Lithuania under the same authorization number. The payee identified in the open banking flow was Passpoint Sp. z o.o., not Betify, Fortuna Games N.V., or Deltaprime Limited. Polish company data identifies Passpoint Sp. z o.o. under KRS 0001139121 and links it to Adejuwon Oyebanjo (LinkedIn) and Kelechi Uchegbulem (LinkedIn). Read more about Passpoint here. Compliance concern: an EU player appears able to fund an offshore casino through an open banking flow in which the visible payee is a third-party Polish company. That pattern raises merchant-of-record, AML, transaction-monitoring, consumer-disclosure, and gambling-licensing questions. Core Finding 3: Fake-FIAT Crypto Rails via Nylo, Skrill, and Neteller The Neteller and Skrill rails are not simple wallet deposits. They are the most significant fake-FIAT finding in this review. The user selects Neteller or Skrill as a familiar payment method. The flow then redirects to Nylo at app.nylo.pro. The Nylo screen displays an exchange order and requires the user to confirm that they agree to buy crypto and send it to the specified address. The user is then routed to Skrill or Neteller to complete the payment. Nylo publicly describes itself as a payment gateway processing multiple currencies through its own infrastructure and partners. This structure is materially different from a straightforward wallet deposit. The player-facing method looks like a fiat/wallet payment, but the transaction is structured as a crypto purchase and onward transfer. The origin of the crypto, the wallet destination, the beneficial owner of the destination address, and the contractual merchant relationship are not disclosed on the reviewed screen. Paysafe publicly markets Skrill and Neteller as digital wallet payment methods and states that Paysafe Payment Solutions Limited trades as Paysafe, Neteller, Skrill, Rapid Transfer, and Skrill Money Transfer and is regulated by the Central Bank of Ireland. Compliance concern: the fake-FIAT model may reduce transparency for the player, weaken recovery or chargeback expectations, and obscure the true gambling beneficiary from financial institutions. It may also shift the transaction from gambling funding into crypto acquisition, creating a different compliance footprint for AML, travel-rule, sanctions, and source-of-funds controls. Core Finding 4: MiFinity and Buscarar LLC The MiFinity rail showed Buscarar LLC as the recipient. The screenshot does not identify Fortuna Games N.V., Deltaprime Limited, or Betify as the direct payment recipient. This is important because the same Betify ecosystem appears to have used different corporate wrappers across domains and time periods. A third-party recipient in a wallet flow requires clarification: is Buscarar LLC a payment agent, merchant of record, reseller, affiliate, crypto facilitator, or unrelated payment processor? Compliance concern: MiFinity should be able to identify the contractual merchant, the actual gambling beneficiary, the settlement recipient, and the jurisdictional legality assessment applied to Betify-related deposits. Core Finding 5: eps Powered by Skrill — Deskimopay as Recipient The eps rail, powered by Skrill, showed Deskimopay as recipient. The screen stated that eps was not available and recommended MyBank – Bonifico immediato, but the displayed recipient layer remains relevant. Paysafe’s public materials identify eps and other local payment methods as part of the Paysafe/Skrill/Neteller ecosystem, with Paysafe Payment Solutions Limited regulated by the Central Bank of Ireland. Compliance concern: local bank-transfer methods such as eps and MyBank are trusted by consumers as ordinary bank-payment rails. In a gambling context, the appearance of an unrelated recipient name creates a duty to examine whether the merchant identity and gambling purpose were properly disclosed to the consumer and to the regulated payment chain. Core Finding 6: Card Rail — processingpsp.co, SegoPay, Axipays, Skrill, and BLUETECH GBP The Visa/card rail showed a layered path: Betify Cashier → checkout.processingpsp.co → tx.segopay.com → api.axipays.com → Skrill → BLUETECH GBP The card screen showed a Betify-related deposit reference, but the recipient/descriptor surfaced in the test was BLUETECH GBP. Axipays publicly describes itself as a payment gateway specializing in credit-card processing, crypto payments, and risk-management services. Compliance concern: this rail raises classic card-processing red flags: descriptor mismatch, payment orchestration opacity, potential payment-facilitator layering, and possible transaction-laundering risk. The cardholder is not clearly presented with the offshore gambling operator as the merchant of record. Core Finding 7: Binance Pay via CryptonBTC The Binance Pay rail was initiated through pay2.cryptonbtc.com and then redirected to Binance Pay. The public search result for pay2.cryptonbtc.com shows no meaningful information, which itself is a transparency concern for a payment gateway involved in casino funding. Binance Pay is a crypto payment method that supports a broad range of cryptocurrencies and enables users to send or pay with crypto. Compliance concern: Binance Pay should examine whether CryptonBTC or the merchant behind the QR/payment request is properly onboarded, whether the gambling purpose is disclosed, whether the destination wallet belongs to a licensed operator or payment agent, and whether EU gambling restrictions are reflected in merchant monitoring. Compliance Analysis 1. Merchant-of-record opacity The dominant pattern is that the visible payee often differs from the gambling brand and the named operator. The user sees Passpoint, Buscarar, Nylo, Deskimopay, or BLUETECH GBP rather than Fortuna Games N.V., Deltaprime Limited, or Betify. This is the central compliance problem. It suggests that the payment architecture may be designed to separate the player-facing gambling experience from the payment-facing merchant identity. 2. Regulated chokepoints inside high-risk flows The case is not merely about an offshore Curaçao casino. The critical issue is the use of regulated or mainstream payment chokepoints: Yapily Connect UAB, Revolut/Wise-style account-to-account flows, MiFinity, Skrill/Neteller/Paysafe, Binance Pay, and card-processing gateways. These providers are the points where merchant onboarding, transaction monitoring, payment-purpose detection, and jurisdictional blocking should occur. 3. Fake-FIAT conversion risk The Nylo/Skrill/Neteller structure is particularly problematic because it blurs the line between fiat casino deposit, wallet payment, crypto purchase, and crypto transfer. The player may believe they are using a normal wallet rail, while the actual transaction is framed as purchasing crypto and sending it onward. That structure creates a material consumer-protection and AML issue. 4. Open banking as a casino-funding rail Open banking payments are account-to-account transfers. They are fast, difficult to reverse, and often lack the dispute expectations associated with card payments. When such rails are used for offshore gambling, the compliance burden on open banking providers and bank endpoints is especially high. 5. Descriptor and payee mismatch The appearance of BLUETECH GBP, Passpoint, Buscarar, and Deskimopay suggests descriptor and payee opacity. This should trigger enhanced due diligence by acquirers, banks, wallet providers, open banking providers, and card schemes. Conclusion The May 2026 Betify review does not show a cleaned-up payment architecture. It shows a more fragmented one. The visible corporate setup has changed from Altacore N.V. / Altaprime Limited to Fortuna Games N.V. / Deltaprime Limited, but the fundamental risk remains: EU players can apparently access and fund an offshore casino through payment rails that separate the gambling brand from the visible payee. The most important findings are: Open Banking Chokepoint: the InstantBankPayment flow presented Yapily Connect terms and routed through Revolut/Wise-style bank flows, with Passpoint Sp. z o.o. shown as payee. Fake-FIAT Crypto Rails: Skrill and Neteller deposits were converted into a Nylo crypto-purchase-and-send flow. Payee and Descriptor Opacity: MiFinity showed Buscarar LLC, eps/Skrill showed Deskimopay, the card rail showed BLUETECH GBP, and Binance Pay was routed through CryptonBTC. This is a textbook Rail Atlas case: the key risk is not only the offshore casino, but the payment infrastructure that enables the casino to reach EU consumers while obscuring the true beneficiary, payment purpose, and merchant-of-record chain. Whistleblower Request FinTelegram invites players, PSP employees, bank compliance officers, former Betify insiders, wallet-provider employees, crypto-payment insiders, and payment-orchestration specialists to provide information about: Betify, Fortuna Games N.V., Deltaprime Limited, Altacore N.V., Altaprime Limited, Passpoint Sp. z o.o., Nylo, Buscarar LLC, Deskimopay, BLUETECH GBP, InstantBankPayment, Yapily Connect UAB, Revolut, Wise, MiFinity, Skrill, Neteller, Paysafe, Binance Pay, CryptonBTC, SegoPay, Axipays, and related settlement accounts or wallet addresses. Information can be submitted confidentially via Whistle42. Share Information via Whistle42

The UK Financial Conduct Authority (FCA) has opened Competition Act 1998 investigations into PayPal, Mastercard and Visa over suspected anti-competitive conduct linked to the funding and usage of PayPal’s digital wallet. This is not an AML case, not a consumer-fraud case, and not yet a finding of wrongdoing. It is something potentially more structural: a competition-law probe into how the hidden contractual and economic architecture behind a major digital wallet may influence which payment rails consumers are nudged to use. The FCA confirmed that it is investigating Mastercard, PayPal and Visa under Chapter I of the Competition Act 1998, and Mastercard and Visa under Chapter II, while stressing that it has reached no conclusions and made no findings that competition law has been breached. The regulator says it is still gathering evidence and may or may not issue a statement of objections later in the process. For FinTelegram, the significance is clear: this is a payments-chokepoint investigation. The FCA appears to be looking beneath the familiar PayPal checkout interface into the contractual arrangements, volume incentives, wallet-default logic, and card-scheme economics that may determine whether consumers use card rails, bank-account funding, stored wallet balances, or alternative account-to-account payment methods. Key Findings Confirmed FCA investigation. The FCA announced on 6 May 2026 that it is investigating Mastercard, PayPal and Visa under the UK Competition Act 1998 in relation to suspected anti-competitive conduct connected to the funding and usage of PayPal’s digital wallet. Different legal tracks. All three companies are under investigation under Chapter I, which concerns anti-competitive agreements, concerted practices or decisions. Mastercard and Visa are also under investigation under Chapter II, which concerns abuse of a dominant position. No findings yet. The FCA expressly states that it has not concluded that competition law has been breached. The case is still in the evidence-gathering stage, and not every Competition Act investigation results in a statement of objections. PayPal disclosed the matter first. PayPal’s Q1 2026 Form 10-Q disclosed that, in March 2026, it received notices of investigations and related information requests from the FCA concerning provisions in PayPal’s contractual agreements with Visa and Mastercard relating to funding and use of the PayPal digital wallet. PayPal said it is cooperating. The contractual background matters. Public PayPal-Visa partnership materials from 2016 show terms under which Visa cards would be presented as clear and equal payment options in PayPal flows, users could set Visa as a preferred payment method, PayPal would not encourage Visa cardholders to link bank accounts via ACH, and PayPal would receive certain economic incentives, including incentives for increased Visa volume and longer-term Visa fee certainty. These historic terms are not proof of illegality, but they show why wallet funding and usage provisions may now be competition-sensitive. Digital wallets are now systemically important payment interfaces. The FCA and Payment Systems Regulator previously noted that the share of UK card transactions using a digital wallet increased from 8% in 2019 to 29% in 2023, showing that wallets are no longer a niche checkout convenience but a major interface layer in retail payments. The FinTelegram Analysis: The Wallet Is the Interface, But the Rail Is the Business Consumers see a PayPal button. Regulators see a routing layer. That distinction is crucial. A digital wallet is not merely a convenient front-end. It is a decision engine. It determines how payment instruments are displayed, which options are made frictionless, which rails are set as defaults, which funding methods are promoted or deprioritised, and which economic incentives flow between wallets, card schemes, banks and merchants. The FCA’s reference to the “funding and usage” of PayPal’s digital wallet therefore goes to the heart of modern payment competition. The issue is not simply whether consumers can technically choose between cards, bank accounts or wallet balances. The sharper question is whether contractual arrangements and commercial incentives influence the architecture of choice itself. In plain terms: does the wallet neutrally present payment options, or does it steer users toward rails favoured by the dominant schemes? Why Chapter I and Chapter II Matter The FCA’s legal split is important. Under Chapter I, the regulator is examining whether agreements or arrangements between undertakings may prevent, restrict or distort competition in the UK. This captures the horizontal and vertical contractual dimension: what PayPal agreed with Visa and Mastercard, how those agreements shaped wallet behaviour, and whether such provisions affected competition between payment methods. Under Chapter II, the FCA is looking only at Mastercard and Visa. This provision concerns abuse of a dominant position. That does not mean the FCA has concluded that either scheme abused dominance. But it does suggest that the regulator may be examining whether the card schemes’ market power, combined with wallet-related contractual arrangements, could have restricted alternative payment rails or entrenched scheme-card usage inside PayPal. This distinction gives the case its real weight. It is not just about PayPal. It is about the interaction between a dominant consumer-facing wallet and the dominant global card-scheme infrastructure behind it. The Historic PayPal-Visa Model: Consumer Choice or Rail Steering? PayPal’s 2016 Visa partnership was publicly framed as improving consumer choice and expanding digital-payment adoption. The agreement included several commercially significant elements: Visa cards would be presented as clear and equal payment options, consumers could set Visa cards as their preferred payment method, PayPal would not encourage Visa cardholders to link bank accounts via ACH, and PayPal would receive economic incentives including volume incentives and fee certainty. From a business perspective, this was understandable. PayPal needed better card-scheme relationships, broader point-of-sale acceptance, tokenisation capabilities and issuer cooperation. Visa and Mastercard wanted to prevent PayPal from becoming a bank-account-funded alternative that bypassed card rails. From a competition perspective, however, the same arrangements raise obvious questions. If a wallet receives incentives tied to card volume, and if it agrees not to encourage bank-account linking for certain users, then the regulator may ask whether lower-cost or non-card rails were disadvantaged before the consumer even reached the checkout decision. That is the chokepoint: not the transaction itself, but the pre-transaction architecture. The Hidden Economics of Wallet Funding Digital-wallet funding is not neutral. Each funding source carries different economics. Card-funded PayPal payments generate scheme fees, issuer economics, acquiring economics and merchant costs. Bank-account-funded payments may bypass some of those card economics. Stored wallet balances can create another layer of value capture. Account-to-account or open-banking payments may introduce new competitors and reduce dependence on card rails. The regulatory concern, therefore, is not that PayPal offers card payments. It is that contractual and economic incentives may shape whether consumers are nudged toward card-funded payments even when alternatives exist or could develop. This is especially relevant because the FCA and PSR previously identified digital wallets as both an opportunity for innovation and a potential competition concern. Their feedback statement noted that digital wallets could support non-card forms of payment as they become available, but also recorded stakeholder concerns that card schemes’ position in UK retail payments could become entrenched unless consumers can access alternative forms of payment inside wallets. The Bigger Picture: Wallets as Payment-Rail Gatekeepers The FCA probe fits a wider regulatory shift. Payment regulators are increasingly looking beyond the visible merchant checkout page and into the layers that determine transaction routing: User-interface design: Which funding source appears first? Which one is default? Which one has the least friction? Commercial incentives: Does the wallet receive payments, volume rebates or fee certainty that favour one rail over another? Technical dependency: Does tokenisation, contactless access or in-store acceptance depend on card-scheme infrastructure? Alternative-rail suppression: Are bank-account, open-banking or account-to-account payment options made less visible, less convenient or commercially unattractive? Market power: Do the dominant card schemes use their position to preserve scheme-card volumes inside wallets that might otherwise become competitors? This is exactly where FinTelegram’s rail-analysis lens applies. In illegal gambling and high-risk broker investigations, FinTelegram frequently follows payment rails to identify the real operators, intermediaries, acquiring relationships and risk chokepoints. Here, the FCA is applying a different legal framework, but the analytical logic is similar: follow the rails, not just the brand interface. What the Companies Say According to media coverage based on the FCA announcement and company responses, all three companies said they are cooperating with the regulator. Mastercard confirmed it had received an information notice from the FCA requesting details of its contractual relationship with PayPal; Visa said it had been informed of an inquiry into contractual provisions regarding the PayPal digital wallet; and PayPal declined further comment because the investigation is pending. The cooperation statements are standard and should not be overread. The important point is that the FCA’s investigation is live, document-driven and focused on contractual provisions. Compliance Note The FCA has not concluded that PayPal, Mastercard or Visa breached UK competition law. The investigation is ongoing and remains at the evidence-gathering stage. This report reflects FinTelegram’s analysis of the FCA announcement, PayPal’s public SEC disclosure, historic public PayPal-card-scheme partnership materials, and related regulatory context. Whistleblower Request FinTelegram invites payment-industry insiders, merchants, PSP employees, open-banking providers, former PayPal staff, and card-scheme professionals to share documents, contractual insights, interface screenshots or merchant-pricing evidence relating to digital-wallet funding, default payment settings, rail incentives, or payment-method steering. Information can be submitted securely via Whistle42.com. Share Information via Whistle42

FinTelegram’s Revolut Rail Atlas review of 1Go Casino identified CAPITOLIO INC. as the visible payee in a tested Revolut/Yapily open-banking casino deposit flow. Capitolio presents itself as a Canadian MSB offering open-banking, fiat-to-crypto, payout, and digital-asset infrastructure — including for the “Gaming & Digital Economy” segment. This raises the central compliance question: why does a player deposit initiated inside an offshore casino cashier end up as an open-banking payment to a Canadian payment and crypto-infrastructure entity? Executive Summary FinTelegram’s 1Go Casino payment-rail review exposed a layered casino-payment structure involving open banking, crypto infrastructure, changing payee names, and regulated chokepoints. In the tested Revolut/Yapily rail, the user journey started inside the 1Go Casino cashier and moved through BillBlend, SegoPay, Tryzto, InstantBankPayment, Yapily Connect UAB, and finally Revolut OBA. The payment-review screen then showed the visible beneficiary as CAPITOLIO INC. Read our 1Go Payment Rails analysis here. This is significant. Capitolio is not presented as the casino brand, not as 1Go Casino, and not as the apparent Curaçao casino operator Galaktika N.V. Instead, Capitolio’s website presents the company as an Alberta-incorporated Canadian MSB registered with FINTRAC under number M24928320, with stated activities including virtual currency exchange, virtual currency transfer, and money transfer. Capitolio also markets open-banking payments, account-to-account bank payments, fiat-to-crypto and crypto-to-fiat infrastructure, payouts, card acquiring, OTC liquidity, embedded widgets, and services for Gaming & Digital Economy platforms. FinTelegram’s assessment is direct: in the tested 1Go flow, Capitolio was not merely a background technology provider. It was the named beneficiary of player funds at the Revolut/Yapily authorisation layer. Whether Capitolio acted as merchant of record, payment agent, collection agent, settlement intermediary, crypto on/off-ramp provider, or processor for another upstream party requires clarification. But its appearance as payee is not a neutral technical detail. It is the compliance story. Key Findings CAPITOLIO INC. appeared as the visible payee in the tested 1Go Casino Revolut/Yapily open-banking deposit flow. The payment originated inside the 1Go Casino cashier but, after several gateway layers, reached a Revolut/Yapily payment-review screen showing CAPITOLIO INC. as beneficiary. Capitolio presents itself as a Canadian MSB. Its regulatory-information page identifies CAPITOLIO INC. as an Alberta corporation with Corporate Access Number 2025599024, registered address in Calgary, and FINTRAC MSB number M24928320. Capitolio’s stated registered activities are virtual currency exchange, virtual currency transfer, and money transfer. These are listed on Capitolio’s own regulatory-information page. Capitolio markets itself as infrastructure for open banking, crypto conversion, card acquiring, payouts, and embedded payment widgets. Its website describes open-banking payments, account-to-account payments, fiat-to-crypto flows, card acquiring, payout infrastructure, on-ramp/off-ramp services, and OTC liquidity. Capitolio explicitly targets “Gaming & Digital Economy.” Its website says it enables players and users to fund accounts, purchase digital assets, and withdraw earnings through integrated payment and conversion infrastructure. Capitolio says it is not a bank, payment institution, or investment firm. Its regulatory page states that it does not accept deposits, does not provide investment services, and that funds transferred through Capitolio are not covered by CDIC protection. Capitolio’s public beneficial ownership remains unclear. The public pages reviewed disclose legal entity, address, MSB registration, services, and compliance claims, but do not disclose ultimate beneficial owners or controlling persons. Capitolio’s website contains an unexplained CSSF/RCS footer issue. Capitolio pages display CSSF registration number B00000408 and RCS number B222310, while the same identifiers appear on Banking Circle’s official regulatory-information page. Capitolio should clarify why those Luxembourg banking identifiers appear on its Canadian MSB website. Read our Revolut Rail Atlas reports here. Source Discipline: What Is Confirmed, What Is Inferred, What Remains Open CategoryStatusEvidence / CommentCAPITOLIO INC. appeared as payee in 1Go Casino railConfirmed from FinTelegram test evidenceScreenshot from the tested Revolut/Yapily payment-review screen showed CAPITOLIO INC. as beneficiary.1Go payment originated inside casino cashierConfirmed from FinTelegram test evidenceThe user journey began at the 1Go Casino deposit interface.Capitolio legal entity and Alberta registration detailsConfirmed from Capitolio disclosureCapitolio identifies CAPITOLIO INC., Alberta Corporate Access Number 2025599024, and Calgary address.FINTRAC MSB number M24928320Confirmed from Capitolio disclosure; registry status should be independently verified before final publicationCapitolio discloses FINTRAC number M24928320. FINTRAC warns that registry details should be verified and that registration is not endorsement or licensing.Capitolio’s business modelConfirmed from Capitolio disclosureOpen banking, account-to-account payments, fiat-to-crypto, crypto-to-fiat, payouts, OTC liquidity, embedded widgets.Gaming and digital-economy targetingConfirmed from Capitolio disclosureCapitolio says it enables players/users to fund accounts, purchase digital assets, and withdraw earnings.Capitolio’s exact role in the 1Go flowStrong inference from payment evidenceNamed payee status indicates apparent collection/payee role; merchant-of-record, processor, settlement, or agency role requires clarification.Beneficial owners / controllersUnresolvedNot disclosed in the public pages reviewed.Contractual relationship with 1Go, Galaktika, BillBlend, SegoPay, Tryzto, InstantBankPayment, Yapily or RevolutUnresolvedRequires contracts, onboarding files, settlement data, or responses from involved parties.CSSF/RCS footer identifiersConfirmed anomalyCapitolio pages show identifiers also used by Banking Circle; no conclusion of relationship is drawn, but clarification is required. Summary Table: Capitolio Key Data FieldInformationBrand / nameCapitolioMain domaincapitolio.ioLegal entityCAPITOLIO INC.JurisdictionAlberta, CanadaAlberta Corporate Access Number2025599024Registered address700-602 12 Ave SW, Calgary, Alberta, T2R 1J3, CanadaFINTRAC registration disclosed by CapitolioM24928320Stated registered activitiesVirtual Currency Exchange, Virtual Currency Transfer, Money TransferStated productsOpen banking, account-to-account payments, fiat-to-crypto on/off-ramp, payouts, card acquiring, OTC liquidity, embedded widgetsTarget segmentsFintechs, marketplaces, exchanges, digital platforms, gaming and digital economyCompliance tools disclosedKYC/KYB review, AML/CFT programme, transaction monitoring, sanctions/PEP screening, blockchain analytics, SumSub biometric verificationRegulatory caveatCapitolio states it is not a bank, payment institution, or investment firm; it does not accept deposits; funds are not CDIC-protectedPublic UBO / executive informationNot identified in the public sources reviewedAlex Melov, Compliance Officer (LinkedIn)1Go Casino relevanceAppeared as visible payee in tested 1Go Casino Revolut/Yapily open-banking flowKey compliance riskCasino-origin payment, non-casino payee, open-banking endpoint, crypto/payment infrastructure, unclear merchant-of-record roleWebsite integrity issueCapitolio pages show CSSF/RCS identifiers matching Banking Circle references The Capitolio Scheme: Infrastructure, Not a Consumer Brand The Capitolio case is important because it does not look like a traditional consumer-facing payment brand. Capitolio positions itself as backend infrastructure for platforms. Its website states that it provides regulated payment infrastructure, open-banking connectivity, and fiat-to-crypto on/off-ramp solutions for fintechs, platforms, and enterprises. The operating model appears to combine several high-risk components: ComponentCapitolio PositioningRail Atlas RelevanceOpen banking / A2A paymentsAccount-to-account payments with bank authentication and instant settlementCan be used to move player funds directly from bank accounts into platform ecosystems.Fiat-to-crypto on-rampUsers can purchase digital assets using bank accounts, cards, or local alternative methodsCreates a bridge between bank money and crypto-funded casino or gaming flows.Crypto-to-fiat off-rampDigital assets can be converted into fiat and paid out to bank accountsRelevant for settlement, withdrawals, and cash-out layers.Payout infrastructureFunds can be sent to bank accountsUseful for platform withdrawals, partner payouts, refunds, or settlement structures.Embedded widgetsPayment modules integrated into third-party platformsReduces visibility of the underlying processor for end-users.Gaming & Digital EconomyPlayers/users can fund accounts, purchase digital assets, and withdraw earningsDirectly overlaps with the type of payment context observed in the 1Go Casino review.MSB registrationCanadian FINTRAC registration, not bank/payment-institution statusRegistration creates AML obligations but is not a prudential licence or endorsement. This is the core of the Capitolio scheme as observed by FinTelegram: Capitolio appears to provide infrastructure that can sit behind platforms and receive or move funds without being the consumer-facing merchant brand. In the 1Go case, that model becomes highly relevant because the consumer-facing merchant was a casino cashier, while the bank-facing payee was Capitolio. The 1Go Casino Link: Where Capitolio Appears in the Rail FinTelegram’s 1Go Casino payment-rail review reconstructed the following tested Revolut route: 1Go Casino cashier→ pay.billblend.com/checkout→ tx.segopay.com/payment→ tryzto.com/ct/check→ checkout.instantbankpayment.com→ Yapily Connect UAB→ Revolut OBA→ Payee: CAPITOLIO INC. The final Revolut/Yapily payment-review screen did not show the casino brand as the beneficiary. It did not show Galaktika N.V. It showed CAPITOLIO INC. That makes Capitolio a central entity in the payment trail. In the tested transaction, Capitolio appears to be the entity designated to receive funds originating from a player deposit at 1Go Casino. Functionally and economically, this indicates an apparent collection/payee role in the casino deposit flow. This is the core Rail Atlas concern: by the time the transaction reaches the regulated banking interface, the visible beneficiary is no longer the casino brand. The bank-facing layer sees a corporate payee. The player knows the money is being deposited into a casino account. Red Flags Red FlagWhy It MattersCasino-origin transactionThe payment began in a 1Go Casino deposit cashier.Non-casino payeeCAPITOLIO INC. appeared instead of 1Go Casino or Galaktika N.V.Open-banking endpointRevolut/Yapily was used as the final authorisation layer.Payment-purpose dilutionThe economic purpose was a casino deposit, but the visible payee was a payment/crypto infrastructure entity.Gaming-targeted infrastructureCapitolio markets services to the “Gaming & Digital Economy” segment.Crypto on/off-ramp modelFiat-to-crypto and crypto-to-fiat flows create elevated AML, source-of-funds, and transaction-monitoring risk.UBO opacityPublic sources reviewed did not identify controlling owners or ultimate beneficial owners.Regulatory ambiguityFINTRAC registration is not a licence, prudential supervision, or endorsement.Website integrity issueCapitolio pages show CSSF/RCS identifiers that match Banking Circle’s Luxembourg regulatory identifiers.Gateway layeringBillBlend, SegoPay, Tryzto, and InstantBankPayment appeared upstream of Yapily/Revolut in the tested flow. Legal Entity, Jurisdiction, and FINTRAC Status Capitolio’s regulatory-information page identifies CAPITOLIO INC. as a company registered under Alberta’s Business Corporations Act, with Alberta Corporate Access Number 2025599024 and a registered address in Calgary, Alberta. It also states that Capitolio is registered with FINTRAC as an MSB under number M24928320, with registered activities of virtual currency exchange, virtual currency transfer, and money transfer. Capitolio may disclose a FINTRAC MSB registration, but FINTRAC registration is not a banking licence, not prudential supervision, not an investment-firm licence, and not a statement that the business model is low-risk. FINTRAC’s consumer guidance also states that FINTRAC regulates MSBs only within the framework of Canada’s AML law and does not assess their broader business practices, approve or cancel transactions, freeze funds, access customer accounts, or help customers recover funds. The Regulatory Caveat: Not a Bank, Not a Payment Institution Capitolio’s regulatory-information page states that Capitolio is not a bank, payment institution, or investment firm, does not accept deposits, and does not provide investment services. It also states that funds transferred through Capitolio are not covered by Canada Deposit Insurance Corporation protection. This is important because Capitolio’s public product language looks like payment infrastructure: open banking, account-to-account payments, card acquiring, payouts, embedded widgets, and crypto conversion. Yet the same website disclaims bank/payment-institution status. For FinTelegram, this is the classic boundary-zone profile: an entity offering regulated-looking payment and crypto infrastructure, while operating under an MSB-registration framework rather than a bank or payment-institution framework. When such an entity appears as payee in an offshore casino deposit flow, enhanced scrutiny is warranted. AML/CFT Claims and Compliance Infrastructure Capitolio’s AML/CFT policy summary says the company is subject to Canada’s Proceeds of Crime (Money Laundering) and Terrorist Financing Act and FINTRAC guidelines. It states that Capitolio’s services include fiat-to-crypto and crypto-to-fiat virtual currency exchange, virtual currency transfer, and money transfers. The same policy summary describes a risk-based AML approach, customer identification, enhanced due diligence, sanctions screening, transaction monitoring, blockchain analytics, suspicious transaction reporting, recordkeeping, and staff training. Capitolio also says it uses biometric verification via SumSub and screens transactions against sanctions lists including UN, OSFI, EU and PEP databases. That is relevant to the 1Go Casino finding. If Capitolio was the visible payee in a casino-origin deposit, its AML/CFT programme should have captured at least three critical risk signals: the upstream merchant context; the gambling-related payment purpose; the multi-layer gateway chain leading into the open-banking payment. If Capitolio’s systems did not detect those risk signals, the issue is operational. If they did detect them and the flow was permitted anyway, the issue is more serious. The Website Integrity Issue: Banking Circle Footer Data? One unusual finding deserves attention. Capitolio pages contain footer references to “CSSF registration number: B00000408” and “RCS number: B222310.” Capitolio otherwise presents itself as a Canadian company registered in Alberta and as a FINTRAC MSB. The same CSSF and RCS identifiers appear on Banking Circle’s official regulatory-information page (screenshot above), where they are presented as Banking Circle’s Luxembourg registration details. FinTelegram does not conclude from this alone that Capitolio is connected to Banking Circle. The more immediate conclusion is a website-integrity and regulatory-representation problem: Capitolio appears to display regulatory footer data that corresponds to another financial institution or was copied from another website template. For a payment and crypto-infrastructure provider, such ambiguity is not harmless. It should be corrected or explained. Beneficial Ownership and Management: What Is Publicly Visible? Capitolio’s public website identifies the legal entity, jurisdiction, MSB registration, address, services, compliance policies, and regulatory caveats. It does not clearly disclose ultimate beneficial owners, controlling shareholders, directors, or senior managers in the pages reviewed. That is a material gap. A company appearing as payee in offshore casino payment flows should disclose who controls the entity, who is responsible for compliance, and who approved gaming-related merchants or payment partners. The Alberta corporate registry may provide additional filing data through official searches. Until those filings are obtained and reviewed, FinTelegram treats Capitolio’s beneficial ownership and control structure as unresolved. Compliance Assessment 1. Apparent Collection Role in Casino Deposit Flow In the tested 1Go Casino Revolut/Yapily rail, Capitolio appeared as the visible beneficiary of player funds. FinTelegram’s view is direct: Capitolio was not a passive observer in the tested payment screen. It was the named payee. This places Capitolio at the collection end of a casino-origin payment flow. 2. Non-Casino Payee Risk The player starts at 1Go Casino, but the Revolut/Yapily screen shows Capitolio. This payee mismatch creates the risk that regulated institutions classify the transaction as a transfer to a Canadian MSB/payment infrastructure provider rather than as a casino deposit. 3. Open-Banking Chokepoint Risk The presence of Yapily Connect UAB and Revolut OBA in the flow shows how open banking can become the final authorisation layer for offshore gambling payments. Capitolio’s appearance as payee raises the question of whether the upstream casino context was visible to Yapily and Revolut. 4. Crypto Infrastructure Risk Capitolio markets fiat-to-crypto and crypto-to-fiat infrastructure, digital-asset conversion, payout channels, and OTC liquidity. Those services are high-risk by nature and require strong merchant monitoring, especially where the upstream merchant environment includes online gambling. 5. Gaming Targeting Risk Capitolio explicitly markets to Gaming & Digital Economy and says its infrastructure enables players and users to fund accounts, purchase digital assets, and withdraw earnings. That does not make its activity unlawful. But it makes the 1Go Casino finding highly relevant. 6. Regulatory Representation Risk The unexplained CSSF/RCS footer references create an avoidable but serious credibility issue. Payment-infrastructure providers must be precise about regulatory status. Copy-pasted or unexplained regulatory identifiers can mislead merchants, counterparties, or users. Questions for Capitolio FinTelegram invites Capitolio to answer the following questions: Did Capitolio onboard 1Go Casino, Galaktika N.V., or any intermediary connected to the 1Go Casino cashier? Why did CAPITOLIO INC. appear as the visible payee in the tested 1Go Casino Revolut/Yapily payment flow? Was Capitolio acting as merchant of record, payment agent, collection agent, settlement intermediary, processor, or crypto on/off-ramp provider? Did Capitolio know that the payment originated from a casino cashier? What KYB and merchant due diligence did Capitolio perform on the upstream merchant and gateway stack? Did Capitolio classify the transaction as gambling-related? What was the role of BillBlend, SegoPay, Tryzto, InstantBankPayment, Yapily Connect UAB, and Revolut in relation to Capitolio? Does Capitolio provide services to offshore casino operators, gambling affiliates, gaming payment agents, or crypto-casino infrastructure providers? Who are Capitolio’s ultimate beneficial owners and controlling persons? Why do Capitolio webpages display CSSF/RCS identifiers that also appear on Banking Circle’s regulatory-information page? Conclusion Capitolio is exactly the type of entity FinTelegram’s Rail Atlas was designed to identify. It sits at the intersection of open banking, crypto conversion, payouts, account funding, gaming platforms, and regulated payment rails. In the 1Go Casino review, CAPITOLIO INC. did not appear in a footnote. It appeared as the visible payee in the tested Revolut/Yapily payment flow. That matters. A player started inside an offshore casino cashier. After passing through multiple gateway layers, the payment reached Revolut and Yapily. The beneficiary shown was CAPITOLIO INC., a Canadian MSB and digital-asset/payment infrastructure provider — not the casino brand. This is the recurring compliance problem: the consumer-facing merchant is gambling, but the bank-facing payee may be a payment infrastructure company. If banks, payment-initiation providers, and regulators cannot see through this structure, then open banking becomes a high-risk funding rail for offshore casinos. Capitolio should explain its role. Yapily and Revolut should explain what upstream merchant context they saw. Regulators should ask whether Canadian MSB infrastructure is being used as a collection layer for European offshore casino deposits. FinTelegram will continue following the rail. Whistleblower Call FinTelegram invites insiders, former employees, casino players, payment-processing staff, compliance officers, merchant-onboarding teams, PSP partners, and open-banking specialists to provide information about CAPITOLIO INC., its merchants, processors, banks, crypto partners, gaming clients, and settlement flows. We are particularly interested in information about Capitolio’s beneficial owners, merchant onboarding files, casino or gaming clients, relationships with BillBlend, SegoPay, Tryzto, InstantBankPayment, Yapily, Revolut, or related payment gateways, payment descriptors, beneficiary names, bank-account details, crypto on/off-ramp flows linked to online casinos, and internal AML/CFT concerns. Information can be submitted confidentially through the Whistle42 whistleblower system.

FinTelegram’s latest Revolut Rail Atlas review of 1Go Casino shows how a player-facing offshore casino cashier can route deposits through a multi-layered payment stack before reaching a regulated open-banking interface. In the tested Revolut flow, the user journey moved from 1Go Casino through BillBlend, SegoPay, Tryzto, InstantBankPayment, Yapily Connect UAB, and finally oba.revolut.com, where the user was asked to authorise Yapily Connect UAB. The visible payee was not 1Go Casino or Galaktika N.V., but CAPITOLIO INC. Other 1Go rails showed Domus Payment Solutions and Galaktika N.V. as payees. The case illustrates the structural weakness FinTelegram’s Revolut Rail Atlas is documenting: a casino deposit can be transformed through several routing layers into an open-banking payment where the regulated chokepoint appears only at the final authorisation stage. Key Findings 1Go Casino offered a dedicated Revolut deposit rail. The tested flow led to oba.revolut.com, where the user was asked to sign in to Revolut to authorise Yapily Connect UAB. The Revolut rail showed CAPITOLIO INC. as payee. In the payment-review screen, the beneficiary for the €25 Revolut payment was CAPITOLIO INC., not 1Go Casino and not Galaktika N.V. The observed Revolut gateway chain was multi-layered. The tested sequence included pay.billblend.com/checkout, tx.segopay.com/payment, tryzto.com/ct/check, checkout.instantbankpayment.com, and finally oba.revolut.com. Yapily Connect UAB appeared at the regulated open-banking layer. At the final stage, the Revolut page stated that the user was signing in to Revolut “to authorise Yapily Connect UAB.” BillBlend and SegoPay appeared as upstream routing layers. BillBlend was the first visible payment gateway in the Revolut sequence, followed by SegoPay and then additional routing pages. InstantBankPayment was used in more than one rail. The same checkout.instantbankpayment.com infrastructure appeared both in the Revolut flow and in a separate Pay by Bank route with bank selection. Different payment rails produced different payees. The screenshots show CAPITOLIO INC. in the Revolut/Yapily rail, Domus Payment Solutions in one Pay by Bank route, and Galaktika N.V. in the MiFinity route. The cashier also offered MiFinity, ByBit, direct crypto, and two Pay by Bank options. This indicates a resilient multi-rail deposit architecture rather than a single transparent payment setup. Evidence Reviewed FinTelegram reviewed the following screenshots and payment-flow evidence from the May 5, 2026 test: 1Go Casino cashier screenshot showing deposit options for MiFinity, Crypto Currency, ByBit, Revolut, and two Pay by Bank rails. ByBit gateway screenshot hosted under nczds3g4.fxcamyjxts.com/132882/, showing a QR-code/app-based payment page for $29.23 and instructions to pay via the ByBit app. InstantBankPayment / Wise review screen showing a €25 payment from Wise to Domus Payment Solutions. MiFinity payment screen showing a €25 deposit to Galaktika N.V. Direct IBAN Pay by Bank screen requiring the user to enter an IBAN/account number. During FinTelegram’s review, this payment route did not work. InstantBankPayment bank-selection screen listing available banks in Italy, including Wise, Revolut, N26, PostePay, ING, UniCredit, Intesa Sanpaolo, and others. InstantBankPayment Revolut transition screen instructing the user to go to Revolut to complete the payment. Revolut/Yapily payment-review screen showing a €25 payment from Revolut to CAPITOLIO INC. Revolut OBA authorisation screen at oba.revolut.com, stating: “Sign in to Revolut — To authorise Yapily Connect UAB.” The 1Go Casino Cashier: A Multi-Rail Deposit Architecture At the user-interface level, 1Go Casino presents a standard offshore casino cashier: account currency in EUR, deposit tiles, bonus-code input, and minimum/maximum deposit amounts. However, the screenshots reveal much more than a simple payment menu. The cashier functions as a payment rail selector. Each deposit method routes the user into a different operational and legal environment. This is typical of high-risk offshore casino payment architecture. If one rail fails, is blocked, or becomes unavailable for a specific user, jurisdiction, or bank, the cashier can offer alternatives. From a compliance perspective, the risk is not only the existence of multiple payment methods. The risk is that each rail may show a different payee and may conceal the actual economic purpose of the transaction behind intermediary processors. Condensed Rail View RailObserved PathVisible Payee / BeneficiaryMain Risk SignalRevolut / Yapily rail1Go → BillBlend → SegoPay → Tryzto → InstantBankPayment → Yapily Connect UAB → Revolut OBACAPITOLIO INC.Casino deposit transformed into open-banking payment with non-casino payee.Pay by Bank / Wise rail1Go → InstantBankPayment → bank-selection screen → WiseDomus Payment SolutionsCasino deposit routed to corporate payee not visibly identified as the casino.MiFinity rail1Go → MiFinityGalaktika N.V.Wallet rail shows operator-linked payee, unlike the other bank rails.ByBit / crypto rail1Go → ByBit-branded QR/payment page → crypto app flowNot confirmed from screenshotCrypto/app rail may shift casino funding outside standard bank/card monitoring.Direct IBAN Pay by Bank rail1Go → IBAN/account-number input formNot confirmedRoute failed during review; still indicates additional fallback payment architecture. The Revolut Rail: Casino Deposit Becomes Open-Banking Authorisation The most important finding for the Revolut Rail Atlas is the tested Revolut flow. The sequence observed by FinTelegram was: 1Go Casino cashier→ pay.billblend.com/checkout→ tx.segopay.com/payment→ tryzto.com/ct/check→ checkout.instantbankpayment.com→ oba.revolut.com→ Yapily Connect UAB authorisation At the final stage, the Revolut page did not simply show a casino payment. It displayed the message: “Sign in to Revolut — To authorise Yapily Connect UAB.” This confirms that the Revolut payment was being initiated through an open-banking layer involving Yapily Connect UAB. In other words, 1Go’s Revolut cashier button ultimately led to a regulated payment-initiation authorisation flow. The issue is not merely that 1Go Casino offers Revolut as a payment option. The issue is that a player-facing casino deposit is transformed through several routing layers into an open-banking payment where the regulated provider appears only at the final authorisation stage. That is precisely the structural weakness FinTelegram’s Rail Atlas is documenting. The Payee Problem: CAPITOLIO Instead of the Casino Brand The Revolut/Yapily payment-review screen did not show 1Go Casino, Galaktika N.V., BillBlend, SegoPay, or InstantBankPayment as the beneficiary. It showed CAPITOLIO INC. as the payee. This is not a minor technical detail. In the tested transaction flow, Capitolio appeared as the entity designated to receive player funds originating from the 1Go Casino cashier. CAPITOLIO presents itself as a Canadian-incorporated payment and digital-asset infrastructure provider registered with FINTRAC as a Money Services Business under registration number M24928320. Capitolio’s website describes services including open-banking payments, account-to-account transactions, fiat-to-crypto on/off-ramp solutions, payout infrastructure, and digital-asset infrastructure. It also lists “Gaming & Digital Economy” among the sectors it serves. This makes its appearance as the visible payee in the 1Go Casino Revolut/Yapily flow especially relevant: the user begins in a casino cashier, but the open-banking payment-review screen shows a Canadian MSB/payment-infrastructure entity rather than the casino brand or the apparent Curaçao operator. That makes Capitolio an apparent collection/payee entity within the casino payment rail. Whether Capitolio acted as merchant of record, payment agent, settlement intermediary, crypto on/off-ramp provider, or payment processor for another party requires further clarification. However, the payment screen indicates that Capitolio was the visible recipient of the funds at the bank/open-banking layer. As such, Capitolio’s role is central to the compliance analysis. The key question is therefore not merely whether 1Go Casino offered a Revolut rail. The question is why a player deposit initiated inside an offshore casino cashier resulted in an open-banking payment to CAPITOLIO INC., a non-casino-branded entity. BillBlend, SegoPay and the High-Risk Routing Layer The first visible payment gateway in the Revolut sequence was: pay.billblend.com/checkout. BillBlend appears as an upstream payment gateway in the tested 1Go Revolut flow. FinTelegram notes that BillBlend presents itself as a payment operator serving high-risk and online-gaming merchants. This makes its appearance in the 1Go payment sequence relevant for compliance analysis. The next visible stage was: tx.segopay.com/payment FinTelegram has previously identified SegoPay in connection with high-risk casino payment flows. SegoPay is currently rated “black” on RatEx42. In the 1Go case, the relevant point is not simply the presence of BillBlend or SegoPay as individual entities. The relevant point is their role in the routing chain. They appear before the payment flow reaches additional gateway layers and finally the regulated open-banking interface. That creates a layered structure in which the original casino context may be diluted before the transaction reaches the bank-facing authorisation screen. Opaque Gateway Layer & Domus Payment Solutions After BillBlend and SegoPay, the tested Revolut flow passed through: tryzto.com/ct/check and then checkout.instantbankpayment.com FinTelegram treats these as opaque or unbranded gateway layers in the tested user journey. The screenshots do not show a clear consumer-facing disclosure at those stages explaining the full merchant chain, the responsible acquiring/payment entity, or the relationship between the casino, the displayed payee, and the payment-initiation provider. InstantBankPayment was particularly important because it appeared in more than one 1Go rail. In the tested InstantBankPayment/Wise Pay by Bank route, the payment-review screen showed Domus Payment Solutions as the beneficiary of a payment initiated from the 1Go Casino cashier. Public information links Domus Payment Solutions LTD to the DomusPay financial platform in Canada, with wallet/account services, payment processing, currency exchange, and fiat/crypto functionality. Notably, a FINTRAC-related 2023 notice listed Domus Payment Solutions Ltd. and MSB registration number M22067268 among registrations revoked during the 2022–2023 Q4 period. This makes Domus’s appearance as the payee in a casino deposit flow a relevant compliance question for InstantBankPayment, Wise, and the upstream casino-payment gateways. MiFinity Rail: Galaktika N.V. Appears as Payee The MiFinity route produced a different payee result: Galaktika N.V. This is notable because Galaktika N.V. appears to be the operator associated with 1Go Casino in public casino-review listings. In other words, the MiFinity rail at least displayed a payee that appears directly connected to the casino operation. The contrast matters. In the tested 1Go cashier: the MiFinity rail showed Galaktika N.V.; the Pay by Bank / Wise rail showed Domus Payment Solutions; the Revolut / Yapily rail showed CAPITOLIO INC. This is a strong indicator of a multi-payee casino deposit structure. It raises the question of which entity is the true merchant of record for each rail, who performed the merchant due diligence, and whether the payment purpose was disclosed consistently to banks and regulated payment providers. Compliance Analysis 1. Merchant Opacity The most important issue is merchant opacity. The same casino cashier produced at least three different visible payees: CAPITOLIO INC. in the Revolut/Yapily rail; Domus Payment Solutions in the InstantBankPayment/Wise rail; Galaktika N.V. in the MiFinity rail. This makes it difficult for a user, bank, regulator, or payment-initiation provider to understand who is actually receiving the money and whether the payment is properly classified as a casino deposit. 2. Payment-Purpose Dilution The original economic purpose is clear at the beginning of the journey: the user is depositing money into a casino account. But by the time the user reaches the bank/open-banking interface, the visible payee may be a different company. This creates payment-purpose dilution. The central question is whether the regulated institutions in the chain saw the payment as a gambling transaction or merely as a transfer to a corporate beneficiary. 3. Open-Banking Misuse Risk Open banking was designed to enable efficient, user-authorised bank-account payments. In high-risk environments, however, it can become a chargeback-resistant casino deposit rail. Unlike card payments, account-to-account open-banking payments may offer fewer recovery options for consumers. If such payments are routed through intermediary merchants or opaque gateways, the consumer may struggle to understand whom they actually paid and on what legal basis. 4. Regulated Chokepoints The final Revolut screen shows Yapily Connect UAB as the authorised payment-initiation provider. Revolut appears as the user’s bank/open-banking interface. These are regulated chokepoints. This does not prove that Revolut or Yapily knowingly facilitated unlawful gambling. But it does mean that regulated entities appeared at the end of a payment chain that began inside an offshore casino cashier and passed through several intermediate gateways. That is precisely why regulators should examine whether existing merchant-monitoring, transaction-monitoring, and payment-purpose controls are sufficient. 5. Multi-Rail Resilience 1Go Casino appears to operate a resilient cashier architecture with multiple fallback rails: MiFinity, crypto, ByBit, Revolut, Pay by Bank with bank selection, and direct IBAN-based Pay by Bank. This is a common feature of offshore casino payment infrastructure. The cashier does not depend on one regulated acquiring channel. It can shift users between wallets, bank-account payments, crypto rails, and app-based payment flows. Conclusion The 1Go Casino review is not just another entry in FinTelegram’s Revolut Rail Atlas. It is a textbook example of how offshore casino payment infrastructure can turn a simple player deposit into a multi-layered, multi-payee, open-banking transaction that obscures the true economic purpose of the payment. The issue is not merely that 1Go Casino offers Revolut as a payment option. The issue is that a player-facing casino deposit is routed through a chain of gateways — BillBlend, SegoPay, Tryzto, InstantBankPayment, Yapily Connect UAB, and Revolut OBA — before landing on a payment-review screen where the visible beneficiary is not the casino brand, not the apparent Curaçao operator Galaktika N.V., but CAPITOLIO INC. This matters. Publicly available information indicates that CAPITOLIO INC. presents itself as a Canadian MSB and payment/digital-asset infrastructure provider. In the tested Revolut/Yapily flow, however, Capitolio appeared as the visible recipient of player funds originating from the 1Go Casino cashier. That makes Capitolio an apparent collection/payee entity in the casino deposit rail. Whether Capitolio acted as merchant of record, payment agent, settlement intermediary, crypto on/off-ramp provider, or processor for another upstream party requires clarification — but its appearance as the beneficiary is not a neutral technical detail. It is central to the compliance analysis. The same applies to Domus Payment Solutions, which appeared as the payee in the tested InstantBankPayment/Wise Pay by Bank route. Public information links Domus Payment Solutions to a Canadian payment and wallet platform, while FINTRAC-related notices indicate that its MSB registration was revoked in 2023. If a player starts inside the 1Go Casino cashier and ends up paying Domus Payment Solutions through a Pay by Bank flow, regulators should ask who onboarded Domus, who controls the merchant relationship, and whether the transaction was monitored as a gambling deposit or merely as an ordinary corporate transfer. This is the structural risk: by the time the transaction reaches the regulated banking interface, the visible payee may no longer be the casino brand. The bank may see CAPITOLIO INC. or Domus Payment Solutions. The player, however, knows the money was deposited into 1Go Casino. For regulators, banks, open-banking providers, and payment institutions, the question is no longer theoretical: Can their systems detect that these are casino deposits when the transaction has been laundered through gateway layers and re-labelled under non-casino payee names? If the answer is no, then open banking is being used not merely as a payment innovation, but as a high-risk offshore casino funding rail. FinTelegram will continue mapping these rails, identifying the regulated chokepoints, and exposing the payment agents, processors, gateways, and beneficiary entities that en Whistleblower Call FinTelegram invites players, former employees, payment insiders, compliance officers, PSP staff, and open-banking specialists to provide further information about: 1Go Casino, Galaktika N.V., CAPITOLIO INC., Domus Payment Solutions, BillBlend, Fin&Pay Partners OÜ, SegoPay, Tryzto, InstantBankPayment, Yapily Connect UAB, Revolut OBA, MiFinity, ByBit, and related casino payment flows. Relevant evidence includes screenshots, payment confirmations, URLs, gateway redirects, merchant descriptors, bank statements, GDPR responses, KYC files, onboarding documents, and internal compliance correspondence. Information can be submitted confidentially via Whistle42. Share Information via Whistle42

Coinbase recently laid off 14% of its workforce, pivoting aggressively toward an “AI-native” business model. This structural shift is echoing throughout the cyberfinance and fintech sectors as major players replace traditional roles with automated systems. As artificial intelligence fundamentally alters corporate structures, it raises critical questions about the future of financial regulatory compliance and systemic risk. Key Findings: Major Downsizing at Coinbase: In early May 2026, Coinbase cut approximately 700 roles (14% of its global workforce) to transition into an “AI-driven operating model,” actively targeting 50% AI-written code. A Broad Cyberfinance Trend: This is not an isolated event. Major players like Block (which cut 40% of its workforce earlier this year), PayPal, Gemini, and Crypto.com have all executed massive layoffs to replace back-office, support, and middle-management roles with AI. Radical Restructuring: Crypto and fintech firms are flattening hierarchies. Coinbase is reducing its management depth to just five layers below the C-suite and introducing “one-person teams” augmented by AI to handle product, design, and engineering. Compliance Transformation: AI is absorbing critical compliance functions, such as transaction monitoring, anti-money laundering (AML), and fraud detection. While this reduces operational costs, it creates new vulnerabilities surrounding “black-box” auditability, data privacy, and systemic regulatory risks. Analysis: The Paradigm Shift to AI-Native Operations Coinbase’s Structural Overhaul On May 5, 2026, Coinbase CEO Brian Armstrong declared on X that artificial intelligence is “materially changing how work is executed.” In laying off 14% of its staff, the US-based crypto exchange is not simply reacting to market volatility; it is executing a structural redesign. According to Armstrong’s public communications to employees, Coinbase is moving toward small, autonomous “AI-native pods.” The corporate hierarchy is being heavily flattened, requiring remaining managers to adopt a “player-coach” model as active individual contributors. Furthermore, the company is enforcing the adoption of AI tools like GitHub Copilot and Cursor, moving toward a framework where one person—heavily augmented by AI—can accomplish the work of entire departments. A Sector-Wide Trend in Cyberfinance The corporate restructuring driven by AI extends far beyond Coinbase, revealing a stark reality for the cyberfinance and fintech industries: human capital is increasingly being viewed as a bottleneck. Block: In February 2026, CEO Jack Dorsey announced the fintech giant would slash 40% of its workforce (roughly 4,000 roles), explicitly citing advancements in AI tools that can replace middle management. PayPal: CEO Enrique Lores has signaled plans to trim 20% of the company’s workforce over the next two to three years, setting up new AI transformation groups to replace traditional roles in customer support, fraud detection, and back-office functions. Crypto Exchanges: The broader digital asset space is mirroring this contraction. Recent months have seen Gemini slash 30% of its staff, Algorand cut 25%, and Crypto.com reduce its headcount by 12%, all pointing to AI-driven efficiency gains as a primary factor. Consequences for Cyberfinance Compliance As human personnel are aggressively phased out, the responsibility for regulatory compliance in cyberfinance is being handed over to algorithmic systems. This has profound consequences for how crypto exchanges and fintech platforms manage risk: Automated AML and Fraud Detection: Machine learning and Large Language Models (LLMs) are highly adept at identifying complex behavioral anomalies and scanning vast transaction networks faster than human analysts. AI can reduce false positives in transaction monitoring, making compliance workflows theoretically more efficient. The “Black Box” Dilemma: The biggest regulatory threat in an AI-native compliance model is explainability. Financial regulators require transparent audit trails. If an AI system incorrectly flags a legitimate transaction, or worse, fails to detect a sophisticated crypto-laundering chain, companies must be able to explain why the model made its decision. Without Explainable AI (XAI) frameworks, companies run the risk of failing regulatory audits. Systemic Vulnerabilities: When multiple financial institutions rely on similar foundational AI models to monitor compliance, a single algorithmic bias or blind spot could create a systemic failure, allowing organized cybercrime rings to exploit universal regulatory gaps undetected. Conclusion The wave of AI-driven layoffs in the spring of 2026 marks a permanent turning point for the cyberfinance industry. Companies like Coinbase, Block, and PayPal are proving that AI is no longer a supplementary tool, but a direct replacement for human labor. While this “leaner, faster” approach promises to lower overhead costs and boost short-term margins, the mass delegation of critical compliance and fraud-detection operations to artificial intelligence introduces unprecedented regulatory risks. Navigating the convergence of AI and cyberfinance will require strict new oversight to ensure these automated systems do not compromise the integrity of global financial markets. Call to Action Are you an insider at Coinbase, Block, PayPal, or another cyberfinance company undergoing an AI-driven restructuring? Do you have insights into how these automated systems are handling (or mishandling) AML, KYC, and regulatory compliance? We want to hear from you. Please report any potential issues, systemic risks, or internal documents regarding AI in the CyberFinance segment to FinTelegram safely and anonymously via our whistleblower platform: Whistle42. Your identity will be fully protected. Share Information via Whistle42

Turkish authorities have opened a money‑laundering investigation into companies owned by Cypriot‑Norwegian fintech entrepreneur Ozan Özerk, whose network includes payment and banking institutions previously tied to a global online fraud “Scam Empire” exposed by OCCRP. While Özerk tirelessly markets himself as a cross‑border payments visionary and compliance advocate, FinTelegram’s long‑running coverage and the latest OCCRP findings raise a sharper question: Is this public persona a reputational smokescreen for a payment architecture repeatedly surfacing in high‑risk, scam‑adjacent flows? All individuals and entities mentioned are presumed innocent until proven guilty; investigations described here are ongoing, and some parties deny or contest the allegations. Key findings Turkish prosecutors are investigating individuals and companies linked to Ozan Elektronik Para A.Ş. and Aveon Global Sigorta A.Ş., both majority‑owned by Ozan Özerk, on suspicion that they were used to inject criminal assets—primarily from illegal betting—into the financial system. Authorities have seized assets in the tens of millions of Turkish lira and arrested multiple executives, while appointing a trustee to take control of Ozan Elektronik Para A.Ş., signaling serious supervisory concern. OCCRP’s “Scam Empire” project showed that other Özerk‑owned entities, including Malta‑linked OpenPayd and Lithuania‑based European Merchant Bank (EMBank), processed payments connected to a massive online investment fraud scheme that defrauded at least 32,000 victims of about 275 million dollars. FinTelegram has for years flagged OpenPayd, LQDFX, EuroTrader, and related ventures in the Özerk environment as high‑risk rails for offshore brokers, scam operators, and aggressive investment schemes, well before mainstream investigative outlets joined the dots. OpenPayd has already been held liable by Malta’s Financial Arbiter for its role in an investor case where an elderly victim was manipulated into losses processed via OpenPayd’s virtual IBAN infrastructure. Parallel to these regulatory and investigative developments, Özerk has cultivated an intensive self‑branding strategy: a polished LinkedIn presence, a personal profile on OpenPayd’s site, and frequent articles on fintech, MiCA, DeFi, and cross‑border payments that position him as a compliance‑savvy innovator. In search results, Özerk increasingly appears not as the owner of entities named in fraud and laundering probes, but as a commentator on how to prevent exactly those abuses, a classic reputation‑management and search‑engine strategy. Quick reference table: Ozan Özerk ecosystem ElementDetailsPrincipalOzan Özerk (also: Ozan Ozerk), Cypriot‑Norwegian fintech entrepreneur and former medical doctor; founder or owner of multiple regulated fintechs across UK, EU, and Turkey.Key regulated entitiesOpenPayd (Banking‑as‑a‑Service / embedded finance, Malta‑linked), European Merchant Bank / EMBank (Lithuania), Ozan Elektronik Para A.Ş. (Turkish EMI), Aveon Global Sigorta A.Ş. (Turkish insurance firm).Investigative focusTurkish money‑laundering probe targeting Ozan Elektronik Para A.Ş. and Aveon Global Sigorta A.Ş. for allegedly introducing criminal proceeds, primarily from illegal betting and other suspect activities, into the financial system.Enforcement / supervisory actionsAsset seizures worth roughly 72 million TRY and earlier seizures of about 9.6 million USD; detention orders for multiple employees; arrests of executives; court‑appointed trustee at Ozan Elektronik Para A.Ş.; liability finding against OpenPayd by Malta’s Financial Arbiter.Scam‑related exposureOCCRP “Scam Empire” data linking OpenPayd and EMBank to payments later associated with online investment scams that defrauded at least 32,000 victims of about 275 million USD.High‑risk broker tiesLQDFX, an offshore broker founded by Özerk, repeatedly red‑listed by FinTelegram and warned about by regulators, facilitated via high‑risk PSPs including crypto processor Confirmo and voucher processor PayRedeem.Reputation narrativeSelf‑presentation as global fintech innovator, cross‑border payments expert, and compliance‑aware MD, amplified via LinkedIn posts, cross‑border payment market analyses, and articles on rails‑agnostic international payments and DLT.Risk themesHigh‑risk merchant exposure, offshore brokerage, illegal betting flows, AML/CTF weaknesses, regulatory arbitrage, and reputation‑washing through content marketing and thought‑leadership. Analysis of the OCCRP/Turkey investigations The OCCRP report marks a formal escalation from journalistic suspicion to prosecutorial action inside Turkey’s financial system. Turkish prosecutors allege that Ozan Elektronik Para A.Ş. was used to bring criminal assets, “primarily derived from illegal betting activities,” into the financial system, while Aveon Global Sigorta A.Ş. allegedly disguised illicit funds as insurance premiums. Even if Özerk himself has not been formally named as a suspect, the appointment of a trustee and the magnitude of asset seizures indicate that authorities view the corporate structures as systemically compromised risk channels rather than isolated incidents. The Turkish probe follows but is formally separate from OCCRP’s “Scam Empire” investigation, which showed how scam operators used payment institutions—including Özerk‑owned OpenPayd and EMBank—to channel funds from thousands of victims into sham investment platforms. OCCRP explicitly notes there is no proof that these institutions knew the funds were fraudulent, but in a risk‑based AML framework, repeated appearance in high‑risk flows is a pattern demanding remediation, not a coincidence to be explained away. Taken together, the OCCRP data and Turkish actions reveal a corporate network that has become a recurring conduit between unregulated online schemes and the regulated financial perimeter. From a compliance perspective, Turkey’s investigation is significant because it targets licensed firms—not only offshore shells—and uses traditional AML tools (asset freezes, trustees, arrests) against entities that marketed themselves as modern, tech‑driven fintechs. This challenges the assumption that a licence and a glossy fintech narrative suffice to neutralize concerns about underlying merchant profiles and transaction flows. FinTelegram’s earlier warnings and patterns in the Ozan ecosystem FinTelegram has documented Ozan‑linked structures for years: from LQDFX and EuroTrader to OpenPayd’s BaaS platform and the Lithuanian EMBank. Long before OCCRP’s “Scam Empire” publication, FinTelegram reports highlighted how these entities formed an expanding payment and brokerage stack servicing high‑risk online trading, gambling, and crypto business—including red‑listed offshore brokers and unlicensed schemes. A few recurring patterns stand out: Offshore brokerage plus regulated wrapper: LQDFX, founded by Özerk and operating from offshore jurisdictions, sat alongside EuroTrader, which obtained CySEC and later FCA licensing, giving the overall group a veneer of regulatory legitimacy while still serving speculative and high‑risk flows. High‑risk payment processors as rails: PSPs such as Confirmo, PayRedeem, Koinal, Bitpace and others appear in the orbit of Ozan‑linked ventures, offering card, voucher, and crypto rails that are attractive to gambling, betting, and aggressive “investment” offers. Gift card and voucher layer: Giftbull and similar gift‑card operations tied to Ozan’s environment through directors and holding structures add a pseudo‑cash layer capable of moving value into and out of regulated accounts. Partnerships with major brokers and platforms: Partnerships like eToro’s use of OpenPayd’s virtual IBAN infrastructure demonstrate how deeply embedded these rails have become in mainstream fintech ecosystems, not just in obscure boiler‑room circles. Seen against this background, the Turkish money‑laundering investigations look less like a local aberration and more like the first state‑level test of a corporate network that has long operated in the grey zone between mainstream fintech and high‑risk, occasionally fraudulent, online business models. Read our reports on Ozan Ozerk here. Reputation engineering and search‑engine strategy Parallel to the structural risk profile runs a highly curated reputation machine. Özerk’s LinkedIn profile, personal pages and corporate biographies present him as a serial fintech founder, embedded finance pioneer, and member of elite finance councils, with heavy emphasis on regulatory evolution, DeFi, MiCA, CBDCs, and instant payments. This is reinforced by frequent essays and market snapshots on cross‑border payments, rails‑agnostic future architectures, and blockchain‑enabled efficiency, often couched in the language of compliance, transparency, and financial inclusion. The recent LinkedIn article on the “snapshot of the cross‑border payments market in 2025” is a case in point. It details market‑size figures, structural frictions, AML/KYC constraints, and the promise of DLT to reduce costs and enhance transparency—precisely the issues at stake in the OCCRP and Turkish narratives, but presented as neutral thought‑leadership rather than as contextualized by the controversies around his own entities. Likewise, his article on the “rails‑agnostic future of international payments” frames him as an architect of safer, more efficient payment rails while investigative reporting documents how some of those rails have been used in large‑scale fraud and suspect flows. From a reputation‑management and SEO standpoint, this content strategy has obvious functions: It floods search results for “Ozan Özerk” and “cross‑border payments” with polished, high‑authority content, pushing critical coverage and investigative reports further down in ranking. It reframes the narrative from “owner of entities named in fraud and laundering probes” to “expert explaining how to fix exactly those problems,” a textbook credibility‑preemption tactic. It supplies conference organizers and media with ready‑made positioning, reinforcing the expert persona and insulating him from reputational damage in mainstream fintech circles. In short, in search results and professional networks, Özerk increasingly appears not as the owner of entities named in fraud and laundering investigations, but as a commentator on how to prevent the very abuses his companies are associated with. For a compliance‑literate audience, that inversion is precisely why independent investigative work and whistleblower input remain essential. Compliance and risk implications For regulators and financial institutions, the Ozan ecosystem illustrates how a single beneficial owner can span banks, payment institutions, e‑money issuers, insurance firms, offshore brokers, and crypto PSPs across multiple jurisdictions. When that web repeatedly touches fraud‑exposed flows and alleged illegal betting proceeds, supervision must shift from siloed entity‑level monitoring to group‑wide and ownership‑level risk assessment. Key implications include: Group‑wide AML assessment: Supervisors should treat OpenPayd, EMBank, Ozan Elektronik Para, Aveon Global Sigorta, and associated PSPs as a consolidated risk cluster, irrespective of formal separations or branding differences. Enhanced scrutiny of BaaS and embedded finance: Banking‑as‑a‑Service and virtual IBAN models like OpenPayd’s warrant deeper due diligence, as they grant high‑risk merchants quasi‑banking capabilities with limited transparency for downstream banks and regulators. Reputation vs. reality: Public thought‑leadership on compliance and cross‑border payments must be critically cross‑checked against SAR data, whistleblower submissions, enforcement actions, and investigative reporting rather than accepted at face value. Fit‑and‑proper considerations: Where the same UBO repeatedly surfaces around high‑risk schemes and enforcement actions, fit‑and‑proper tests for holding stakes and management roles in regulated entities become a central line of defence. For correspondent banks and payment partners, the presence of Özerk‑linked institutions in transaction chains should trigger enhanced due diligence: deeper merchant reviews, scrutiny of past complaints, exposure analysis to jurisdictions with lax gambling controls, and mapping of any overlaps with “Scam Empire”‑type operations. Call to players, insiders, and whistleblowers FinTelegram will continue to follow the OCCRP‑triggered investigations and the broader evolution of the Ozan payment empire across Malta, Lithuania, Turkey, and other hubs. The combination of high‑risk merchants, complex cross‑border payment stacks, and aggressive self‑promotion demands ongoing scrutiny and independent intelligence gathering. Players, former employees, compliance officers, PSP partners, and other insiders who have information about: payment flows through OpenPayd, EMBank, Ozan Elektronik Para, Aveon Global Sigorta, or associated PSPs linked to scams, illegal betting, or unlicensed brokers; internal pressure to on‑board or retain high‑risk merchants despite clear red flags; structures used to route or disguise cross‑border flows involving Ozan‑linked entities; are invited to share their information—confidentially and securely—via FinTelegram’s whistleblower platform Whistle42. Any concrete documentation (contracts, internal emails and chats, payment instructions, account statements, merchant lists, risk reviews, or screenshots) helps to map the true extent of the ecosystem and supports regulators and victims in holding the right actors accountable. Share Information via Whistle42

FinTelegram’s ongoing Rail Atlas investigation has identified a recurring pattern behind offshore casino payments targeting EU users: anonymous gateway layers route transactions into regulated Open Banking providers—including Yapily, Perspecteev (SaltEdge ecosystem), and now Powens—before reaching bank endpoints such as Revolut. This interim report shifts the focus from casino operators to the licensed infrastructure that executes the payments, raising key regulatory questions about transparency, merchant due diligence, and AML controls. Key Findings Multiple offshore casinos tested by FinTelegram show a consistent multi-layered payment architecture. Anonymous gateway domains such as Pagagate, Urbenics, and Supergateway act as intake and routing layers. A second layer of routing/payment orchestration includes entities such as Impaya, Aceiro, PayOp, and Paysolo/Pellopay. The final execution layer consistently involves regulated Open Banking providers, notably: Yapily (UK/LT regulated AISP/PISP) Perspecteev / SaltEdge ecosystem (Lithuania-linked Open Banking infrastructure) Powens (France, ACPR-regulated payment institution, CIB 16948) These providers initiate payments toward bank endpoints such as Revolut (oba.revolut.com). The structure suggests a systematic payment-routing model rather than isolated incidents. The setup creates a potential AML and regulatory visibility gap, where banks process payments without full upstream merchant context. Read our Revolut Rail Atlas reports here. Executive Summary FinTelegram’s Rail Atlas investigation has reached a critical phase. Across multiple independent cases—GoldenBet, Paysolo/Pellopay flows, Impaya/Aceiro routing layers, and now Luckzie—one pattern repeatedly emerges: Offshore casinos do not process payments directly.They rely on a layered infrastructure that ultimately depends on regulated Open Banking providers. This interim report identifies three such providers—Yapily, Perspecteev, and Powens—as key chokepoints within the Revolut payment rails ecosystem. While the upstream layers remain opaque and fragmented, the downstream Open Banking layer is licensed, supervised, and therefore within regulatory reach. The Standard Rail Atlas Model Based on multiple payment simulations and user-submitted evidence, FinTelegram defines the following canonical payment flow: Casino Front-End ↓Anonymous Gateway Layer(Pagagate / Urbenics / Supergateway) ↓Routing / Orchestration Layer(Impaya / Aceiro / PayOp / Paysolo / Pellopay) ↓Regulated Open Banking Provider(Yapily / Perspecteev / Powens) ↓Bank Endpoint(Revolut / EU Bank) This model explains how transactions originating from offshore casino environments are transformed into seemingly legitimate Open Banking payment requests. The Regulated Layer: Key Entities Yapily Yapily is a well-established Open Banking provider offering payment initiation and account access services across Europe. It has been observed in multiple casino payment flows, including: Paysolo / Pellopay routing stacks Bilderlings-based Open Banking flows (e.g., GoldenBet) Role in Rail Atlas:Payment initiation service provider (PISP), enabling bank connections and user authentication. Key Question:What level of merchant context is available to Yapily when initiating payments? Read our Yapily reports here. Perspecteev / SaltEdge Ecosystem Perspecteev operates within the SaltEdge Open Banking ecosystem and has been identified in earlier FinTelegram investigations involving casino payment flows. Role in Rail Atlas:Aggregation and payment initiation within Open Banking environments. Observation:Repeated presence in high-risk routing stacks suggests systematic use in certain gateway infrastructures. Key Question:How are high-risk merchant flows identified and filtered within the SaltEdge ecosystem? Read our Perpecteev reports here. Powens (Newly Identified) Powens is a French payment institution regulated by the ACPR (Autorité de Contrôle Prudentiel et de Résolution) under registration number CIB 16948. It provides Open Banking and Open Finance services, including: Payment initiation Account aggregation Financial data access Powens was identified in the Luckzie payment flow: Luckzie → Supergateway → PayOp → Powens → Revolut Significance:Powens represents the first major Western European regulated payment institution identified within the Rail Atlas. Key Question:Is Powens aware that its services are being invoked within casino deposit flows targeting EU users? Read our Powens reports here. The Unregulated / Grey Infrastructure Layer In contrast to the regulated entities, the upstream layers remain largely opaque: LayerEntitiesCharacteristicsAnonymous GatewaysPagagate, Urbenics, SupergatewayMinimal transparency, identical UI patterns, routing behaviorRouting LayerImpaya, Aceiro, PayOp, Paysolo/PellopayPayment orchestration, dynamic routing, fragmented oversight Key Insight: The unregulated layer obscures the origin of the transaction.The regulated layer executes it. This separation is central to understanding the compliance risks. Regulatory and Compliance Implications 1. PSD2 / Open Banking Transparency Gap Open Banking payments are user-authorized but often decoupled from full merchant visibility. Risk:Banks may approve payments based on authentication alone, without understanding that the transaction originates from an offshore casino. 2. AML / Transaction Monitoring Challenges Observed flows suggest that the merchant may appear as: PayOp / Transferop Powens payment request Other intermediary entities Rather than the actual casino operator. Potential Outcome: Transaction laundering through Open Banking rails. 3. Gambling Regulation Conflicts Jurisdictions such as Germany and the Netherlands impose strict rules on: Unlicensed gambling operators Payment facilitation for such operators Key Issue: Are regulated Open Banking providers indirectly facilitating payments that may be prohibited under national gambling laws? Accountability Framework The Rail Atlas identifies three levels of potential accountability: A. Open Banking Providers (Yapily, Powens, Perspecteev) Merchant due diligence procedures Use-case restrictions (e.g., gambling) Transaction monitoring and risk controls B. Banking Layer (e.g., Revolut) Visibility into upstream transaction context Classification of Open Banking payments Detection of repeated high-risk flows C. Regulators ACPR (France – Powens) Bank of Lithuania (Yapily, Perspecteev ecosystem links) FCA (UK oversight where applicable) Key Questions To Open Banking Providers Do you have visibility into the original merchant (casino operator)? Do you restrict or monitor gambling-related payment flows? What AML controls apply to payment initiation requests from third-party gateways? To Revolut and Other Banks What merchant information is visible at the point of authorization? Are Open Banking payments classified by risk category? Are repeated flows from specific providers monitored? Conclusion FinTelegram’s interim findings suggest that offshore casino payment processing is not random or fragmented. Instead, it relies on a structured, multi-layered system culminating in regulated Open Banking providers. The critical shift is this:The focus is no longer on the casinos themselves—but on the licensed infrastructure that enables their payment rails. This raises fundamental regulatory questions about transparency, due diligence, and the role of Open Banking providers within high-risk payment ecosystems. Whistle42 Call FinTelegram invites insiders, payment professionals, compliance officers, and affected players to submit confidential information via the Whistle42 platform. We are particularly interested in: Merchant onboarding documents Open Banking integration logs Payment-routing configurations AML alerts and internal risk assessments Additional casino payment flows involving Yapily, Powens, or Perspecteev Share Information via Whistle42

A forthcoming Court of Justice ruling in Case C-198/24, TQ v. Mr Green Limited, could become a defining moment for cross-border player restitution in Europe. The case sits at the intersection of illegal gambling, asset-freezing under the European Account Preservation Order regime, and Malta’s attempt to shield locally licensed operators from foreign judgments through Article 56A of its Gaming Act. Key findings Case C-198/24 concerns an Austrian player’s attempt to enforce final Austrian refund judgments against Malta-licensed operator Mr Green Limited through a European Account Preservation Order (EAPO). Austrian courts had already declared the gambling relationship unlawful and the refund judgments were final and enforceable by at least 13 April 2022, yet the claim remained unpaid. The referring Vienna court asked the CJEU to clarify when cross-border account-freezing is justified under the EAPO Regulation, particularly where an operator may have shifted assets after enforcement pressure. The case gained wider significance because the player identified accounts not only in Malta but also in Sweden, Luxembourg and Ireland, underscoring the pan-European payment footprint of gambling groups. Advocate General Emiliou delivered his opinion on 30 October 2025, and the CJEU calendar indicates delivery of judgment in Mr Green on 21 May 2026 before the Fourth Chamber. The dispute is unfolding against the background of Malta’s Article 56A, a provision the European Commission has challenged because it may obstruct the cross-border enforcement of judgments against Malta-licensed gambling operators. Quick overview ItemDetailsCase numberC-198/24, TQ v. Mr Green Limited.OpinionOpinion of Advocate GeneralCourtCourt of Justice of the European Union, Fourth Chamber; judgment listed for 21 May 2026 in the judicial calendar.Core issueWhether an EAPO can be used to preserve assets of a Malta-licensed online gambling operator facing enforcement of an Austrian refund judgment.ClaimantTQ, an Austrian player seeking repayment of gambling losses awarded by Austrian courts.RespondentMr Green Limited, a Malta-licensed online gambling operator.Relevant legislationEAPO Regulation; Malta Gaming Act Article 56A / Act XXI of 2023; EU judicial cooperation principles.Known accounts named in the EAPO requestMalta, Sweden, Luxembourg, and Ireland.Broader significanceThe ruling may affect player restitution, enforcement strategy, and risk exposure for gambling operators and their payment facilitators across the EU. Analysis of the case The legal importance of Mr Green does not lie only in the player’s underlying refund claim. The central issue before the CJEU is whether a successful claimant can use the EAPO framework to freeze funds across borders when there is evidence that an online gambling operator may dissipate, relocate, or reorganize assets to frustrate enforcement. The facts described in the referral are especially significant for compliance analysis. According to the summary of the case, the player argued that Mr Green had moved assets by terminating its relationship with Austrian third-party debtor Dimoco Europe GmbH after enforcement had been authorized, and warned that funds could similarly be transferred from other jurisdictions to Malta. That framing turns the case into more than a civil enforcement dispute; it becomes a test of whether payment and treasury arrangements can be used to hinder execution of final court judgments. The case also exposes the structural tension between Malta’s point-of-supply licensing model and the regulatory claims of other EU states. Malta’s defenders argue that Article 56A merely codifies public-policy limits on recognition of foreign judgments, while critics, including the European Commission, see it as a legal shield that weakens mutual trust and cross-border judicial cooperation. Even where the CJEU does not directly rule on Article 56A’s compatibility with EU law in this case, its interpretation of the EAPO regime may sharply limit the practical effectiveness of Malta’s defensive legislation. For FinTelegram’s readership, the most important point is this: if a gambling operator can continue to benefit from EU payment infrastructure while refusing to satisfy final judgments in favor of players, then payment routing, merchant acquiring, e-money relationships, and treasury concentration structures become compliance red flags. The Mr Green proceedings suggest that courts are increasingly willing to examine these operational facts, not just the formal licensing narrative presented by operators and regulators. Implications for the gambling industry A ruling favorable to the player would likely strengthen recovery strategies against operators that target consumers in jurisdictions where they lack the required local authorization. It could encourage more claimants and litigation funders to pursue cross-border preservation measures early, especially when account locations and payment flows can be mapped across several EU member states. Malta-licensed operators would face a more acute enforcement risk outside Malta, particularly if they rely on the assumption that domestic public-policy defenses will neutralize foreign judgments. In practice, that could increase pressure to settle player claims, review market-access strategies, and ring-fence exposure in jurisdictions where the legality of operations is disputed. The sector may also see a compliance spillover. Boards, MLROs, and legal teams could be forced to treat repeated non-payment of court-ordered player refunds as a governance and conduct issue rather than a routine litigation cost, especially where cross-border asset movement appears timed around enforcement events. Implications for payment facilitators Payment processors, e-money institutions, acquiring banks, and intermediary merchants should read Mr Green as a warning that transaction chains matter. Where a gambling operator is accused of operating illegally in one member state while using a multi-jurisdictional payment stack, facilitators may face heightened scrutiny over whether their services enable the continuation of unlawful offers or frustrate the enforcement of player claims. The reference to Dimoco Europe GmbH in the Austrian proceedings is particularly relevant because it highlights the role of third-party payment counterparties in the enforcement narrative. Once courts and regulators begin to connect unpaid judgments with shifting payment relationships or account structures, facilitators may have to justify their onboarding, monitoring, reserve, and termination decisions in far greater detail. For compliance teams, the message is clear: high-risk gambling merchants should be subject to closer jurisdictional screening, beneficial-ownership analysis, website and market-access reviews, and monitoring for litigation-related asset movements. Payment facilitators that ignore these signals may not only face reputational damage but also attract questions from banking partners, regulators, and law-enforcement agencies. Share Information Players, insiders, payment professionals, and former service providers with information about illegal online casinos, hidden processing chains, merchant entities, or judgment-evasion structures should submit material through FinTelegram’s whistleblower platform, Whistle42. Information on acquiring banks, PSPs, EMI partners, front merchants, affiliate funnels, and payout channels is particularly relevant for ongoing investigations into unlawful gambling operations and their facilitators. Share Information via Whistle42

FinTelegram’s Revolut Rail Atlas has identified another regulated Open Banking enabler inside an offshore casino cashier: Powens, a French ACPR-regulated payment institution. In a test of Luckzie Casino, Revolut appeared as a prominent payment option alongside cards and crypto. The observed flow moved from Luckzie to supergateway.net, then to PayOp, then to Powens, and finally to Revolut’s Open Banking API at oba.revolut.com. In a second simulation, Supergateway redirected into the previously identified Aceiro layer. This suggests that Luckzie uses a dynamic payment-routing stack capable of selecting different downstream Open Banking rails. Key Findings Luckzie Casino offers Revolut as a direct cashier option, alongside Visa/Mastercard and crypto, as shown in the uploaded cashier screenshot. The observed Revolut rail follows this path:Luckzie → supergateway.net → PayOp → Powens → oba.revolut.com Powens is a regulated French payment institution, registered with the ACPR under CIB 16948 and based at 84 rue Beaubourg, 75003 Paris. Powens describes its services as enabling account aggregation, transfer initiation, identity verification, and financial-profile verification. Powens says it connects to 1,800+ financial institutions and processed €1.4bn+ last year, presenting itself as a major European open-finance platform. PayOp is operated by Transferop Payment Gateway Ltd, a Canada-registered entity listed as a FINTRAC MSB under registration number M22769088. PayOp’s payer terms include a striking disclaimer stating that accepting payments through PayOp is not an indication of the legality of the goods or services supplied. A second Luckzie test reportedly routed Supergateway into Aceiro, a layer already identified in FinTelegram’s Impaya/Aceiro/Paysolo/Yapily rail analysis. The Luckzie Revolut Rail Map Luckzie Casino cashier ↓ Revolut payment option ↓ supergateway.net ↓ PayOp / Transferop Payment Gateway ↓ Powens Open Banking webview ↓ Revolut selected ↓ oba.revolut.com ↓ Revolut authorisation Second observed route: Luckzie Casino cashier ↓supergateway.net ↓Aceiro.online ↓Alternative downstream Open Banking stack This suggests that Supergateway may function as a routing decision layer, selecting between different downstream rails depending on geography, bank, transaction context, availability, risk parameters, or gateway configuration. Luckzie Casino: Offshore Operator, EU-Facing Cashier Luckzie presents itself as a modern online casino with casino, live casino, sports, promotions, bonuses, and multi-channel deposits. Public casino-review sources describe Luckzie as operating under offshore licensing frameworks, including Curacao or Anjouan references depending on the review source. For FinTelegram’s analysis, the key point is not the offshore license itself. The key point is that Luckzie appears accessible to EU users and offers EU-facing payment rails, including Revolut, cards, crypto, and Open Banking layers, while FinTelegram has not identified a relevant EU or UK online gambling license. That places Luckzie squarely inside the Rail Atlas risk category: offshore casino front-end, regulated payment rails downstream. The New Player In The Rail Atlas: Powens Powens is important because it adds another regulated Open Banking entity to FinTelegram’s Revolut Rail Atlas, alongside previously identified providers such as Yapily and Perspecteev/SaltEdge. Powens’ own terms state that its services allow account aggregation, initiation of transfers, document and asset aggregation, and verification of identity and financial profiles. Powens also states that it holds an ACPR payment-institution license under bank code 16948. Powens publicly describes itself as an Open Finance platform serving financial institutions, fintechs and software vendors, with 1,800+ financial institutions connected and more than €1.4bn transacted last year. In ordinary contexts, this is legitimate regulated infrastructure. The compliance issue arises when such infrastructure appears embedded in a casino deposit journey involving an offshore operator. PayOp’s Role: Payment Gateway Before Powens The screenshot above shows the PayOp and Powens logos together in the payment journey. Public PayOp materials identify the operator of payop.com as Transferop Payment Gateway Ltd, registered in Vancouver, Canada, and listed as a FINTRAC MSB. PayOp’s payer terms are notable. They state that the fact a person or entity accepts payments through PayOp is not an indication of the legality of the goods or services supplied, and advise users not to continue if they are in doubt about legality. From a compliance perspective, this is a defensive disclaimer. It does not answer the core Rail Atlas question: what merchant due diligence does PayOp perform when its infrastructure appears in an offshore casino payment flow? Compliance Analysis 1. Revolut As Default Casino Rail Luckzie’s cashier presents Revolut as a visible deposit method. That matters because the user does not first see “Open Banking,” “Powens,” or “PayOp” as the primary option. The player sees Revolut — a trusted banking brand — as the rail into the casino. This creates a consumer-perception issue: the transaction may feel like a normal bank payment, while the underlying context is an offshore casino deposit. 2. Supergateway As Routing Layer The presence of supergateway.net is highly relevant. The domain appears as a generic “payment processing” intermediary. In a second simulation, it reportedly redirected to Aceiro.online, a layer already found in FinTelegram’s prior casino-payment investigations. This suggests Supergateway may not be a single-purpose gateway but a routing switch that can send payments into different downstream rail stacks. Read our reports on Aceiro here. 3. Supergateway, Pagagate, Urbenics: Same Gateway Family? Anonymous payment gateway Pagagate FinTelegram observed that supergateway.net displays the same “Payment processing…” screen design and animated blue-dot loading interface as Pagagate and Urbenics. This strongly suggests that the domains may belong to the same gateway family or share the same underlying white-label payment-routing software. This does not by itself prove common ownership. However, in payment-rail investigations, identical UI behavior, redirect logic, loading screens, and downstream routing patterns are important technical indicators. In this case, the similarity supports the working hypothesis that Supergateway, Pagagate and Urbenics may form part of the same anonymous gateway layer feeding different regulated Open Banking stacks, including Powens, Yapily, Paysolo/Pellopay and Revolut. Read more about Pagagate and Impaya here. 4. Powens Adds A New Regulated Enabler To The Atlas Powens joins the list of regulated Open Banking providers appearing in casino payment journeys. It is ACPR-regulated, commercially established, and deeply integrated into European financial infrastructure. That does not imply wrongdoing by Powens. But it does create a clear regulatory question: Does Powens know that its Open Banking services are being invoked in casino deposit journeys such as Luckzie? 5. Open Banking Weakens Traditional Gambling Controls Traditional card payments may carry merchant category codes, chargeback rights, acquiring-bank monitoring, and gambling controls. Open Banking payments are different: they are typically account-to-account, user-authorised payments. The result is a familiar Rail Atlas problem: The bank may see an authorised Open Banking payment, but not necessarily the full upstream casino context. 6. PayOp’s Legality Disclaimer Is Not Enough PayOp’s terms disclaim that acceptance of payments through PayOp confirms legality. But for high-risk sectors such as online gambling, disclaimers cannot replace merchant due diligence, transaction monitoring, and licensing checks. Evidence & Confidence Table Entity / Rail ElementObserved RoleEvidence TypeJurisdictionConfidence GradeKey Compliance QuestionLuckzie CasinoCasino front-end / cashierUploaded screenshotOffshore / EU-facingConfirmedWhat license permits EU/UK targeting?RevolutVisible cashier option and bank endpointUploaded screenshotsEU / UKConfirmedDoes Revolut detect the casino origin?supergateway.netAnonymous gateway / routing layerUploaded screenshotUnknownCorroboratedWho operates it and what routing rules apply?PayOp / Transferop Payment Gateway LtdPayment gateway / beneficiary layerUploaded screenshot + public termsCanadaCorroboratedDoes PayOp knowingly support casino merchants?PowensOpen Banking / payment-initiation layerUploaded screenshots + public legal noticesFranceConfirmedWhat upstream merchant data is visible to Powens?Aceiro.onlineAlternative routing layer in second simulationFinTelegram observationUnknownIndicatedIs Aceiro selected by Supergateway routing logic? Open Questions To Luckzie Which legal entity operates Luckzie and its mirror domains, including luckzie9.io? What online gambling licences does Luckzie hold for EU, Dutch, German, Italian and UK players? Why is Revolut presented as a cashier deposit option? Who is the merchant of record for Revolut/Open Banking deposits? Open Questions To PayOp Does PayOp process or route payments for Luckzie or related casino brands? Why does the payment screen show Transferop Payment Gateway LTD as beneficiary? What merchant due diligence is performed for online gambling merchants? Does PayOp pass upstream casino merchant data to Powens or Revolut? Does PayOp consider offshore casino deposits within its acceptable-use policy? Open Questions To Powens Was Powens used in the Luckzie-to-Revolut Open Banking flow shown in the screenshots? Does Powens receive the original merchant name, i.e., Luckzie or the casino operator? Does Powens screen clients or payment flows for gambling-license compliance? Does Powens permit Open Banking payment initiation for offshore casino operators? What information is transmitted to Revolut when Powens initiates the authorisation? Open Questions To Revolut Does Revolut see Luckzie, PayOp, Transferop, Powens, or only the Open Banking authorisation request? Does Revolut classify these payments as gambling-related? Does Revolut monitor recurring traffic from Powens or PayOp into casino-linked contexts? Has Revolut blocked any flows involving Luckzie, Supergateway, PayOp, Powens or Aceiro? Conclusion Luckzie is another important node in FinTelegram’s Revolut Rail Atlas. The observed payment journey shows a casino cashier where Revolut is presented as a payment rail, followed by a chain involving Supergateway, PayOp, Powens and Revolut’s Open Banking API. This matters because Powens is a regulated French payment institution. The case therefore extends the Rail Atlas beyond Yapily and Perspecteev/SaltEdge and shows that multiple regulated Open Banking providers may appear in offshore casino payment journeys. The central question is now unavoidable: Are regulated Open Banking providers and downstream banks receiving enough upstream merchant information to identify and block illegal casino flows — or are anonymous gateways and payment processors converting gambling deposits into ordinary-looking Open Banking authorisations? Whistle42 Call FinTelegram invites affected players, payment insiders, compliance officers, casino affiliates, Powens or PayOp employees, and Revolut staff to submit information confidentially through Whistle42. We are especially interested in: merchant onboarding files Supergateway routing logs PayOp / Transferop settlement records Powens Open Banking logs Revolut authorisation records internal risk alerts screenshots of live casino cashier flows Share Information via Whistle42

FinTelegram’s Rail Atlas investigation into casino payment flows has taken a new turn. What began with alleged threats against a player has evolved into a pattern: intimidation, followed by silence, and accompanied by public mockery. With no response to formal inquiries but sarcastic engagement on LinkedIn, Impaya’s handling of the situation raises serious questions about compliance culture, accountability, and its role in high-risk payment infrastructures. Key Findings Phase 1 — Threats: A player raising concerns about casino-related payment flows was allegedly accused of “blackmail,” “extortion,” and “stalking,” and threatened with legal action Phase 2 — Exposure: FinTelegram published an evidence-based report on the incident and the broader payment ecosystem Phase 3 — Mockery: Sergejs Roslikovs responded publicly with “Thanks for the advertisement :)”, reinforced by Lana Suleymanova (“you are getting famous ”) Phase 4 — Silence: No response has been received to FinTelegram’s formal compliance inquiry Systemic context: Impaya appears in a multi-layer payment structure linked to offshore casino operations Read our reports on Impaya here. The Pattern: Threat → Exposure → Mockery → Silence This is no longer a single incident. It is a sequence. 1. Threats (Private Channel) A player contacts Impaya with: transaction evidence structured questions attempts to resolve the issue The reported response: criminal accusations lawsuit threats sarcastic tone No compliance engagement 2. Exposure (Public Reporting) FinTelegram publishes: documented communication payment-flow analysis compliance questions Evidence enters public domain 3. Mockery (Public Reaction) Instead of addressing the issues: CEO comment: “Thanks for the advertisement :)” COO reinforcement with emoji No denial. No clarification. No investigation. 4. Silence (Formal Channel) Formal inquiry sent to Impaya Detailed questions provided Opportunity to respond offered No response Why This Pattern Matters For regulated or payment-facing entities, this pattern is a red flag. A. Complaint Handling Failure Expected: acknowledge complaint escalate internally respond neutrally Observed: intimidation dismissal no follow-up B. Compliance Culture Signal Public behavior often reflects internal culture. When leadership responds with sarcasm instead of substance: compliance may not be prioritized risk awareness may be weak escalation processes may be missing C. Strategic Silence Silence after exposure is not neutral. It can indicate: avoidance of formal statements unwillingness to commit to a position reliance on ambiguity Rail Atlas Context: The System Behind The Behavior Impaya is not an isolated actor. It appears in a broader multi-layer payment ecosystem: Casino front-end→ Anonymous gateways (Pagagate / Urbenics)→ Impaya / Aceiro (routing layer)→ Paysolo / Pellopay (aggregation)→ Yapily Connect (Open Banking)→ Revolut OBA This structure is characterized by: multi-hop routing merchant opacity distributed responsibility In such systems, behavior becomes critical: If each layer deflects responsibility, no layer remains accountable. Behavior As A Risk Indicator FinTelegram’s position: In complex payment ecosystems, behavior is as important as infrastructure. The Impaya case suggests: complaints are not treated as compliance triggers scrutiny is met with resistance transparency is limited The Chargeback Problem The player was reportedly advised to “do a chargeback.” However: Open Banking payments typically do not support chargebacks This limits consumer remedies It shifts responsibility to payment providers If providers do not engage: the consumer is left without recourse Evidence & Confidence Table ElementRoleEvidenceConfidenceKey QuestionPlayer complaintTriggerScreenshots + videoConfirmedWhy no compliance escalation?Impaya responseThreat communicationDocumented messagesCorroboratedDoes Impaya stand by this?CEO / COO commentsPublic reactionLinkedInConfirmedWhy mock instead of respond?Formal inquiryOpportunity to respondFinTelegram recordConfirmedWhy silence?Payment roleRouting layerRail Atlas findingsIndicatedWhat is Impaya’s exact function? Open Questions To Impaya Does Impaya confirm sending the messages attributed to it? Why was a compliance complaint treated as a legal threat scenario? Why has Impaya not responded to FinTelegram’s formal inquiry? What is Impaya’s role in payment flows involving casino operators? How are complaints escalated internally? Does Impaya consider its LinkedIn response appropriate for a financial-services context? Conclusion The Impaya case has evolved. It now represents: a payment-flow question a compliance question a behavior question The pattern is clear: threats when questioned silence when challenged mockery when exposed In a regulated financial environment, that combination is not trivial. It is a signal. Whistle42 Call — Help Us Map The Pattern FinTelegram calls on: Impaya insiders payment partners compliance officers affected players to share information via Whistle42. Share Information via Whistle42

Instead of answering serious compliance questions, Impaya’s CEO Sergejs Roslikovs responded to FinTelegram’s investigation with sarcasm on LinkedIn — “Thanks for the advertisement :)”. His COO joined the tone, celebrating the attention. Meanwhile, Impaya has not answered FinTelegram’s formal inquiry. The contrast between public mockery and private silence raises critical questions about compliance culture, accountability, and the handling of alleged threats against a player. Key Findings CEO response via LinkedIn: Sergejs Roslikovs commented “Thanks for the advertisement :)” under FinTelegram’s report COO endorsement: Lana Suleymanova replied: “you are getting famous ” No formal response: Impaya has not responded to FinTelegram’s official inquiry Prior allegations: Evidence reviewed by FinTelegram showed a player was threatened with lawsuits and criminal accusations Public vs private behavior gap: Informal social-media response contrasts with absence of structured compliance reply Read the our LinkedIn report on Impaya here. From Threats To Mockery: The Escalation Pattern FinTelegram’s original report documented a disturbing sequence: A player raised concerns about casino-related payment flows The player provided transaction-related evidence The player received a response allegedly accusing them of: blackmail extortion stalking The response included legal threats and sarcasm Now, instead of addressing these concerns, Impaya’s leadership has shifted tone publicly: From private intimidation To public mockery Read our Impaya report here. LinkedIn Reaction: A Window Into Corporate Culture? The LinkedIn comments to our report are brief—but revealing. CEO: “Thanks for the advertisement ” COO: “you are getting famous ” There is: no denial no clarification no commitment to investigate no concern expressed about the player allegations For a company operating in the financial/payment sector, this absence is notable. The Silence That Matters: No Response To Formal Inquiry Parallel to the LinkedIn activity: FinTelegram sent a formal, structured inquiry to Impaya The inquiry included detailed compliance questions: role in payment flows links to Aceiro, Paysolo, Pellopay involvement in casino transactions complaint-handling procedures As of publication: No response has been received. Rail Atlas Context: Why This Is Not Just PR Impaya is not being questioned randomly. It appears in a broader Rail Atlas payment structure: Casino front-end→ Pagagate / Urbenics→ Impaya / Aceiro→ Paysolo / Pellopay→ Yapily Connect→ Revolut Open Banking This structure suggests: multi-layer payment routing fragmented responsibility reduced transparency for end users Compliance Analysis: What The Reaction Signals The combined behavior — threats + silence + mockery — raises key compliance questions: 1. Complaint Handling Breakdown No structured response to the player No evidence of escalation to compliance 2. Reputational Risk Blindness Public dismissal of a compliance investigation No effort to clarify facts 3. Potential Avoidance Strategy Ignore formal inquiry Engage only in informal public messaging A Simple Question Remains If nothing is wrong — why not answer? For a regulated or payment-facing entity, the expected response would be: “We deny the allegations” or “We are investigating” Instead: Silence + sarcasm Open Questions To Impaya Does Impaya stand by the messages sent to the player? Why was the complaint not handled via a compliance process? Why has Impaya not responded to FinTelegram’s formal inquiry? What is Impaya’s role in casino-related payment flows? Does Impaya operate or control Aceiro-related infrastructure? Conclusion This is no longer just a payment-flow story. It is a behavior story. A player raises concerns Evidence is provided Threats are allegedly issued A report is published The company responds with emojis The official inquiry goes unanswered That combination speaks louder than any press release. Whistle42 Call — We Need More Evidence FinTelegram calls on: current and former Impaya employees partners and payment agents merchants using Impaya infrastructure affected players to submit information via Whistle42. We are particularly interested in: internal communications merchant onboarding files payment-routing logs complaint-handling procedures relationships with Aceiro, Paysolo, Pellopay You can also share information via: comments under the FinTelegram report LinkedIn discussions Every detail helps map the rails. Share Information via Whistle42

A whistleblower has submitted a detailed report to FinTelegram concerning the crypto casino Crashino, alleging six-figure transaction activity without proper KYC/AML intervention, account closure, blockchain-traced funds, and post-dispute platform changes. FinTelegram’s preliminary review confirms that Crashino publicly identifies Igloo Ventures SRL as its operator and that Igloo Ventures has already been subject to regulatory action in Sweden and Australia. The most serious allegations remain under review. We invite affected players, insiders, payment providers, game providers, and compliance officers to submit further information via Whistle42. Key Findings Crashino’s public pages state that Crashino.com is owned and operated by Igloo Ventures SRL, registration number 3-102-880024, based in Costa Rica. Igloo Ventures has already attracted regulatory attention. Sweden’s gambling regulator, Spelinspektionen, prohibited Igloo Ventures SRL from providing gambling services in Sweden without the required licence. The decision took effect immediately on 12 May 2025. Australia’s ACMA also issued a formal warning. The Australian Communications and Media Authority issued a formal warning to Igloo Ventures SRL in relation to Lucky Block, finding alleged contraventions of Australia’s Interactive Gambling Act. The whistleblower alleges a six-figure crypto dispute. According to the report submitted to FinTelegram, the Crashino case involves high-value crypto activity, alleged lack of KYC/AML triggers, account closure, and blockchain tracing of funds across intermediary wallets. The technical and blockchain allegations remain under review. FinTelegram has not yet independently verified the full blockchain tracing, alleged platform changes, DMCA activity, or provider compliance communications. We are requesting supporting evidence. The Crashino Complaint: From Player Dispute To Network Question FinTelegram has received a whistleblower report concerning Crashino, a crypto casino operating at Crashino.com. According to the report, the case began as a player dispute but allegedly evolved into a broader investigation into the structure, infrastructure, and compliance controls behind the platform. The whistleblower claims that high-value transaction activity — allegedly exceeding six figures — was processed without meaningful KYC/AML verification being triggered. The report further alleges that the player’s account was later closed, that the operator failed to provide a meaningful response, and that blockchain tracing shows the movement of funds through several intermediary wallets toward infrastructure consistent with exchange-linked destinations. These are serious allegations. At this stage, FinTelegram treats them as credible investigative leads, not as established facts. What is already clear, however, is that Crashino is not an isolated brand. Crashino’s own public-facing materials identify Igloo Ventures SRL as the operator. Igloo Ventures has appeared in multiple offshore crypto-casino contexts and has already been the subject of enforcement attention in several jurisdictions. Read our reports on Igloo Ventures here. Sweden: Igloo Ventures Prohibited From Targeting Swedish Players The Swedish gambling regulator Spelinspektionen issued a prohibition decision against Igloo Ventures SRL on 12 May 2025. The regulator found that Igloo Ventures provided gambling services in Sweden without the necessary Swedish licence and that the decision should apply immediately. The Swedish decision is important because it confirms that Igloo Ventures was already on the radar of a European gambling regulator. The regulator’s decision also listed several Igloo Ventures-linked websites, including brands such as betiro.com, blockbet.gg, goldenpanda.com, instantcasino.com, luckyblock.com, luckypays.io, sambaslots.com, spinsino.com, winningz.com, wolfz.io, and others. This supports the whistleblower’s broader thesis: the issue may not be confined to one casino brand but may concern a wider multi-brand operating model. Australia: ACMA Warning Over Lucky Block Igloo Ventures has also been targeted by Australia’s communications and media regulator. The Australian Communications and Media Authority published a formal warning to Igloo Ventures SRL in relation to the Lucky Block service. The warning concerned alleged contraventions of Australia’s Interactive Gambling Act. Again, this does not prove the whistleblower’s Crashino allegations. But it does establish a regulatory context: Igloo Ventures-linked operations have already raised concerns in multiple jurisdictions. Payment Rails: Crypto-Only Cashier With an Embedded Fiat-to-Crypto Ramp In its review published on May 1, 2026, FinTelegram noted that Crashino presents itself as a crypto-only casino, with deposits apparently available only in cryptocurrencies. However, the Crashino cashier includes a dedicated “Buy Crypto” tab directly inside the deposit interface, allowing users to purchase cryptocurrency without leaving the casino cashier flow. The interface then routes the transaction through Changelly.com, and the subsequent redirect shown in the screenshots connects via Changelly’s API to MoonPay, where the user is prompted to sign in and complete the purchase through MoonPay’s fiat-payment infrastructure, including credit/debit card-supported rails. This means that while Crashino may technically receive deposits only in crypto, the cashier provides a deeply integrated fiat-to-crypto conversion pathway. From a compliance perspective, this functions as an indirect FIAT deposit function: the player starts the funding process inside Crashino, already pre-populated with a crypto wallet address, is routed via Changelly, and is ultimately directed to MoonPay to purchase the crypto with fiat payment methods. The relevant question is therefore not merely whether Crashino accepts bank cards directly, but whether the operator’s embedded on-ramp design enables fiat-funded casino deposits through third-party crypto-purchase providers while preserving the appearance of a crypto-only deposit model. Compliance Analysis: The Offshore Crypto-Casino Pattern The Crashino report fits a broader pattern seen in offshore iGaming networks: multi-brand casino structures, crypto-first payments, weakly visible operating entities, shifting licence disclosures, and fragmented accountability when player disputes arise. From a compliance perspective, the most important question is not only whether a player was treated unfairly. The deeper question is whether the operating model allows high-risk gambling flows to move through crypto and payment infrastructure without effective KYC, AML, source-of-funds checks, and dispute resolution. Where gambling operators accept high-value crypto deposits or withdrawals, compliance controls should be robust, documented, and capable of explaining: who the customer is; where funds came from; what thresholds trigger KYC or enhanced due diligence; how suspicious activity is identified; which entity is legally responsible; which regulator supervises the activity; which complaint channel is available to the player. If the whistleblower’s allegations are supported by evidence, the Crashino case could become another example of the offshore casino model in which the player sees a polished casino frontend, while the real accountability chain disappears behind crypto wallets, offshore entities, white-label infrastructure, and loosely supervised licensing claims. Call For Whistleblowers FinTelegram is investigating Crashino, Igloo Ventures SRL, and related offshore casino structures. We invite information from: affected players; former or current employees; affiliates; payment processors; crypto exchanges; game providers; compliance officers; licensing consultants; blockchain investigators; regulators and enforcement sources. Relevant information may include transaction hashes, wallet addresses, screenshots, account closure notices, KYC requests or missing KYC records, support communications, provider correspondence, payment records, affiliate materials, DMCA notices, and internal compliance documents. If you have information about Crashino, Igloo Ventures, Lucky Block, Betiro, Spinsino, Winningz, or related casino brands, please contact FinTelegram securely via our whistleblower platform Whistle42. Share Information via Whistle42

Israeli lawyer Moshe Strugano, long exposed by FinTelegram as one of the legal facilitators of the Israeli binary-options fraud industry, has reportedly been arrested in Greece at the request of U.S. authorities. According to Calcalist, the arrest relates to the U.S. insider-trading case over Ormat’s 2018 acquisition of U.S. Geothermal, in which Strugano allegedly made around $1.2 million in illicit profits. For FinTelegram readers, the case is not a surprise. Strugano’s name has appeared for years in the shadows of offshore companies, boiler-room schemes, legal opinions for scam operators, and now — allegedly — securities fraud. Key Findings Calcalist reports that Moshe Strugano was arrested in Greece at the request of U.S. authorities and later released under restrictive conditions, with a ban on leaving Greece. The Israeli outlet reports that extradition proceedings are expected. The U.S. SEC charged Strugano and Rinat Gazit in April 2022 with insider trading ahead of Ormat Technologies’ acquisition of U.S. Geothermal. The SEC alleges that Gazit, then Ormat’s head of M&A, tipped Strugano with material non-public information. The alleged profit was approximately $1.2 million. According to the SEC complaint, Strugano bought 740,650 U.S. Geothermal shares between December 2017 and January 2018 and sold them after the merger announcement. The DOJ/SDNY charged Strugano criminally with conspiracy to commit securities fraud and securities fraud, describing him as an Israeli lawyer specializing in the creation of offshore companies. The U.S. said in 2022 that it intended to seek his extradition. FinTelegram had already identified Strugano as a legal enabler of the binary-options scam industry, including legal-opinion work for the Yukom/BinaryBook ecosystem, Tradorax, GreyMountain Management, and other broker-scam structures. Report The Greek Arrest: A Long-Delayed Knock On The Door According to a new report by Israeli business daily Calcalist, lawyer Moshe Strugano was recently arrested in Greece at the request of U.S. authorities. The report states that he is suspected of insider trading in connection with Ormat Technologies’ 2018 acquisition of U.S. Geothermal, that he has been released under restrictive conditions, and that he may not leave Greece while extradition proceedings unfold. For ordinary readers, this may sound like a new scandal. For FinTelegram readers, it is merely the latest chapter in a long-running file. Strugano has been on our radar for years — not as a naïve lawyer caught in a misunderstanding, but as one of the professional service providers who helped give legal, corporate, and banking infrastructure to the toxic Israeli binary-options industry. The irony is almost cinematic: the lawyer who allegedly helped scammers dress fraud in legal clothing now faces a U.S. case alleging that he personally abused privileged information to enrich himself. To be clear: Strugano is presumed innocent unless and until convicted. But the publicly available U.S. charging documents and the Calcalist report paint a devastating picture. The Insider-Trading Case: “Peter Pan,” U.S. Geothermal, And A $1.2M Windfall The SEC case is unusually colorful. According to the SEC complaint, Rinat Gazit, then head of mergers and acquisitions at Ormat, had access to confidential information about Ormat’s planned acquisition of U.S. Geothermal. The SEC alleges that Gazit tipped her close friend Strugano before the public announcement. The alleged signal was almost absurdly theatrical. The SEC complaint claims that after Ormat’s board approved the transaction, Gazit sent Strugano a coded WhatsApp message about a “Peter Pan” show. Less than a minute later, Strugano allegedly tried to contact his broker and then placed orders to buy U.S. Geothermal shares. Between December 19, 2017 and January 18, 2018, Strugano allegedly accumulated 740,650 shares of U.S. Geothermal. When Ormat announced the transaction on January 24, 2018, U.S. Geothermal’s stock price jumped. Over the following weeks, Strugano allegedly sold the position and made more than $1.2 million in illegal profits. The SEC also alleges an attempted cover-up. Strugano allegedly told his broker to “delete all messages” concerning the trades, concealed his connection to Gazit when questioned by the Switzerland-based financial institution used for the trading, and later unfriended Gazit on Facebook to distance himself from her. That is not a compliance footnote. That is the anatomy of alleged insider trading: access, signal, execution, profit, concealment. The Criminal Case: DOJ Calls Him An Offshore-Company Lawyer The U.S. Department of Justice unsealed a parallel criminal indictment in April 2022. The DOJ described Strugano as “an Israeli lawyer specializing in the creation of offshore companies” and charged him with conspiracy to commit securities fraud and securities fraud. The DOJ also stated that the United States intended to seek his extradition. The maximum statutory penalties described by the DOJ are severe: one conspiracy count carrying up to five years in prison and two securities-fraud counts carrying maximum penalties of 20 and 25 years respectively. These are statutory maxima; any actual sentence would be determined by a court if there is a conviction. This is why the Greek development matters. A U.S. indictment can sit in the background for years when the defendant remains outside U.S. reach. A detention in Greece transforms the case from a paper indictment into a live extradition threat. FinTelegram’s Earlier Exposure: The Lawyer-To-Go For Binary Options Operators FinTelegram’s Strugano file did not begin with Ormat or U.S. Geothermal. It began with the global binary-options disaster — the fraud industry that siphoned hundreds of millions from retail victims through fake trading platforms, boiler rooms, offshore companies, and payment processors. In 2020, FinTelegram reported that Strugano was firmly anchored in the Israeli binary-options scene and had been one of the lawyers connected to the fraudulent Yukom network. Yukom was behind brands such as BinaryBook, BigOption, and BinaryOnline; former Yukom CEO Lee Elbaz was sentenced in the U.S. to 24 years in prison and ordered to pay $28 million in restitution. FinTelegram further reported that Strugano had provided “all-in-good-order” legal opinions for binary-options structures — opinions that were allegedly used to open bank accounts, support merchant relationships, and create a compliance façade for scam operators. In another report, FinTelegram noted that Strugano’s own website advertised services around offshore company formation, overseas bank accounts, online payments, trustee services, clearing, licensing, and ongoing counsel for Forex, Gaming, Binary Options, and Online Trading businesses. FinTelegram described this as precisely the toolbox needed by broker scams. The key allegation is not that Strugano merely had unpleasant clients. The allegation is that his legal opinions and offshore structuring work helped fraud operators obtain banking, payment, and corporate access that they otherwise might not have received. The Yukom Connection: Legal Opinions As Fraud Infrastructure The binary-options fraud model depended on more than boiler-room salespeople. It required a full infrastructure stack: offshore companies; nominee or front-man structures; bank accounts; merchant accounts; payment processors; legal opinions; KYC/AML comfort letters; and plausible deniability for operators and facilitators. FinTelegram’s earlier reporting placed Strugano in this infrastructure layer. In the Yukom/BinaryBook context, FinTelegram reported that Strugano provided legal opinions for WSB Investment Ltd, an entity tied to BinaryBook, and that those opinions were used in the broader structure enabling the scheme’s banking and payment channels. This is why professional enablers matter. Boiler rooms may make the fraudulent phone calls, but lawyers, trustees, company formation agents, payment consultants, and compliance letter-writers often build the rails that allow the scam to scale. The Strugano case is therefore not only a story about alleged insider trading. It is a story about the recurring role of legal professionals in high-risk financial crime ecosystems. Pattern Analysis: From Scam Enabler To Alleged Personal Market Abuse The Strugano pattern, viewed across the FinTelegram archive and U.S. enforcement files, is disturbing. First, he appears in the binary-options era as a legal-opinion and offshore-structuring figure. Then he appears in the U.S. insider-trading case as a lawyer allegedly using confidential M&A information for personal enrichment. The common denominator is not simply law. It is access: access to structures, access to bank channels, access to financial markets, access to non-public information. In the binary-options cases, the allegation is that legal opinions helped fraud operators look clean enough for banks and payment processors. In the Ormat/U.S. Geothermal case, the allegation is that confidential deal information was converted into trading profits. Different arena, same compliance smell: the abuse of professional trust. The SEC complaint’s alleged WhatsApp timeline is especially damaging. The supposed “Peter Pan” message, followed almost immediately by broker contact and stock-buying, reads like a textbook market-abuse case. The alleged instruction to “delete all messages” and the alleged attempt to distance himself from Gazit only deepen the red flags. Compliance Analysis: Why Banks, PSPs, And Law Firms Should Care The Strugano file should be required reading for banks, EMIs, PSPs, crypto exchanges, law firms, and compliance officers. First, legal opinions are not magic shields. A lawyer’s letter does not cleanse a fraudulent business model. If the underlying merchant is a scam, a polished opinion can become part of the fraud infrastructure. Second, offshore-company specialists are high-risk gatekeepers. When a lawyer markets company formation, trustee structures, overseas accounts, payments, clearing, licensing, and advice for Forex, gaming, binary options, and online trading, compliance teams should treat that profile as high risk — especially where retail-investor money, unregulated platforms, or opaque beneficial ownership are involved. Third, banks should not treat “client is a lawyer” as a risk mitigant. In the SEC case, the trading reportedly occurred through a Switzerland-based financial institution, and the bank’s compliance questions allegedly triggered false explanations about an “Asian friend” and no Ormat connection. Fourth, enforcement is increasingly cross-border. The SEC, DOJ, FBI, Israel Securities Authority, and Swiss FINMA were all referenced in connection with the U.S. case. Calcalist’s Greek arrest report now adds another jurisdictional layer: Greece as the potential extradition gateway. The Bigger Picture: Professional Enablers Are The Real Compliance Problem The binary-options industry did not grow into a global fraud machine because a few young salespeople lied on the phone. It grew because professional enablers built the roads: lawyers, payment processors, nominee directors, offshore agents, banks, compliance consultants, and call-center managers. Strugano’s name belongs in that broader professional-enabler discussion. FinTelegram has reported for years that he was not a marginal figure but a recurring provider of legal scaffolding for scam networks. Now, U.S. authorities allege that he crossed the line into direct market abuse for his own account. That makes the Greek arrest report explosive. It connects the old binary-options file with a fresh enforcement development. It also raises a question regulators should have asked years ago: how many fraud networks were enabled by legal opinions that should never have been accepted by banks, payment processors, or regulators in the first place? Conclusion Moshe Strugano’s reported arrest in Greece may become a turning point. For years, FinTelegram has warned that lawyers and other professional enablers were not innocent bystanders in the binary-options plague. They were part of the operating system. The U.S. insider-trading case now adds a new layer. According to the SEC and DOJ, Strugano was not merely advising high-risk clients; he allegedly used inside information for his own profit, traded through foreign banking channels, and attempted to conceal the misconduct. The Greek proceedings should be monitored closely. If extradition succeeds, Strugano may finally have to answer in a U.S. courtroom — not only as a lawyer with a controversial client list, but as a criminal defendant accused of securities fraud. For the victims of the binary-options industry, the case may not deliver direct compensation. But it does send a message: the age of untouchable professional enablers may be ending. Whistle42 Call For Information FinTelegram invites former clients, employees, bankers, payment processors, compliance officers, victims, and insiders with information about Moshe Strugano, his law firm, related offshore structures, legal opinions, trustee arrangements, banking relationships, or links to binary-options, Forex, CFD, crypto, or gambling operators to contact us through Whistle42. Share Information via Whistle42

Austrian outlet Trending Topics reports that notorious crypto exchange KuCoin EU has refilled key AML roles and may soon return to normal operations. From FinTelegram’s perspective, this reads like a highly favorable rehabilitation narrative that underplays the real issue: Austria’s FMA formally prohibited KuCoin EU Exchange GmbH from conducting new business after key AML and sanctions functions were no longer properly staffed. Key Findings Trending Topics frames KuCoin’s situation as a temporary staffing issue and emphasizes a possible return to normal operations. The FMA’s own publication is sharper: KuCoin EU was prohibited from new business because key AML, deputy AML, sanctions officer, and deputy sanctions functions were not suitably filled. FinTelegram previously reported that Oliver Stauber played a central role in KuCoin’s Austrian MiCA landing and raised questions about whether Vienna was becoming a regulatory entry point for globally challenged crypto exchanges. KuCoin’s history includes a U.S. guilty plea and a $297 million settlement, plus previous regulatory warnings and AML-related concerns. RatEx42’s DAREX classification remains highly relevant: KuCoin’s EU structure remains a Tier D — Material Regulatory Transition Exposure case until the FMA position is materially resolved. The New KuCoin Spin: Compliance Repair or Narrative Management? The Trending Topics article states that KuCoin EU has appointed Carmen Kleinhans as AMLO and two deputy AML officers, Klinger and Träxler, from Compliance Networks. It presents these appointments as a decisive step toward restoring normal operations and says the formal prerequisites for lifting the new-business ban have now been met, while acknowledging that the FMA has not yet issued an official decision. That is the optimistic version. The harder regulatory reality is this: the FMA did not merely observe a harmless personnel reshuffle. It determined that KuCoin EU Exchange GmbH no longer had suitable key function holders for AML, terrorist-financing prevention, and sanctions compliance, and therefore prohibited the company from entering new customer relationships or new contracts/products until legally compliant staffing is restored. FinTelegram’s View: Too Rosy, Too Convenient From FinTelegram’s perspective, the Trending Topics report is too soft and too close to KuCoin’s preferred narrative. It emphasizes “constructive dialogue,” “proactive suspension,” and “return to normal operations,” but gives insufficient weight to the structural question: how did a freshly MiCA-authorized CASP lose critical AML and sanctions functions so quickly after obtaining one of Europe’s most valuable crypto licenses? Read our KuCoin reports here. FinTelegram previously highlighted the role of Austrian lawyer Oliver Stauber, who became a central figure in KuCoin’s Austrian MiCA setup. FinTelegram also questioned whether the KuCoin licensing story reflected genuine regulatory rehabilitation or a sophisticated “Get the License” strategy using Austria as an EU gateway. Key Data Table Data PointDetailsBrandKuCoinEU EntityKuCoin EU Exchange GmbHMiCA domainhttps://www.kucoin.com/en-euJurisdictionAustriaRegulatorAustrian Financial Market Authority (FMA)MiCA StatusCASP authorization granted 27 Nov 2025, according to FMA background informationFMA MeasureProhibition on conducting new businessReasonMissing suitable AML, deputy AML, sanctions officer, and deputy sanctions function holdersCurrent ClaimKey compliance positions reportedly refilledFMA DecisionOfficial lifting of ban still outstandingRatEx42 DAREXTier D — Material Regulatory Transition Exposure Why This Still Matters For Merchants And Investors KuCoin’s case is a warning signal for the MiCA era. A license is not a shield. It is a continuing obligation. For merchants, counterparties, and investors, the lesson is clear: regulatory status must be monitored dynamically. A provider may obtain a MiCA license and still face operational restrictions if governance, AML, sanctions, or key-function requirements fail after authorization. That is exactly why RatEx42’s DAREX framework focuses on regulatory exposure and operational continuity sensitivity, not marketing claims. Conclusion KuCoin’s new AML appointments may eventually satisfy the FMA. But until the Austrian regulator formally lifts the restriction, the situation remains unresolved. The Trending Topics story may serve KuCoin’s rehabilitation narrative. FinTelegram’s position is more cautious: KuCoin’s Austrian MiCA story remains a stress test for Austria’s FMA, MiCA’s fit-and-proper standards, and the credibility of Europe’s new crypto licensing regime. Call For Information FinTelegram invites insiders, former employees, compliance officers, service providers, and counterparties with information about KuCoin EU, its AML remediation, Oliver Stauber’s role, or the FMA licensing process to submit information via Whistle42. Share Information via Whistle42