By Daiva Repečkaitė and Julian Bonnici
- Reporters spoke to 182 victims of multi-million euro investment scams that earned over €230 million in four years.
- Two networks: One Israeli-European, the other Georgian targeted victims across the globe, including Malta.
- Malta-registered companies among payment service providers and banks that enabled operations. One recently terminated relationships with alleged scam operators.
- Three victims of various scams launched cases with Malta’s financial arbiter.
Updated with a statement from Payhound Limited
A Maltese-registered company was key in transferring funds extracted from victims of a massive investment scam targeting victims across dozens of countries, including Malta.
A collaborative investigation by Swedish Television (SVT), OCCRP and its media partners, including Amphora Media and the Times of Malta, has revealed unprecedented insight into how these extensive investment scam networks operate – and how chilling, professionalised, and far-reaching the industry has become.
Reporters have contacted 166 victims of the two networks who say they’ve been scammed approx. €18 million by an Israeli-European network and a network in Georgia.
Financial records in the leak show that in four years, the two scam networks raked in a total of about €230 million from would-be investors.
People from every walk of life have fallen victim to these scams, which leads them to lose their savings and, in many cases, their mental health.
Victims include a Canadian crane operator living with a disability, a retired finance professor, a Swedish pensioner who needed money for dental procedures, and an Estonian lawyer who was targeted while in the hospital.
Far from dingy ‘boiler rooms’, leaked data and communication obtained by OCCRP’s partner Swedish Television (SVT) shows that investment scam call centres are based in slick office buildings, including in countries in the European Union, with marketing firms, payment service providers and high street banks enabling their operations.
One of these providers was the Malta-registered OpenPayd – another is Payhound.
OpenPayd acknowledged its relationship with entities linked to the scheme. However, it said it terminated its relationship with them, “all for reasons related to their failures to maintain adequate controls”- and stressed that it did not deal with individuals and only serviced corporate clients.
Update: After the publication of the articles, a representative of Payhound Limited contacted our partner, the Times of Malta, explaining that reporters’ questions were filtered into the recipient’s spam folder. The company added the following statement: “Payhound maintains the highest standards of compliance, adheres to industry best practice and has consistently met all applicable legal and regulatory requirements.”
How the scheme works
The scam centres see perpetrators pose as legitimate brokers and contact potential investors to encourage them to deposit funds on trading platforms such as Rivobanc and Stoxinvest. Most exist only as websites not linked to any corporate entity and are falsely located in financial centres like London and Zurich.
Scammers gain access to vast amounts of personal information from their victims’ computers via remote access software called Anydesk, which they ask them to install, supposedly to help them with transactions.
The software system they use can be manipulated to create illusory profits on traders’ initial investments, offering false claims about higher returns or blocked withdrawals — a technique to encourage them to send more.
The leaked records detail how “recovery agents” even contact existing victims, pretending to be from financial authorities. They promise to help recoup the money — for an upfront fee — only to scam them again.
In some cases, unsuspecting victims are convinced to transfer money to other victims, unwittingly aiding the scammers in layering and moving funds.
Leaked financial documents reveal Maltese-registered companies acting as crucial links in funnelling funds stolen from victims of the scams, with entities like OpenPayd acting as payment providers.
Victims were often led to believe that they were making payments to accounts they held at certain financial institutions that belonged to them when, in reality, they belonged to the scammers in question.
They argued that the financial institutions in question, like OpenPayd, failed to stop the payments while continuing to offer accounting facilities to the scheme’s beneficiaries.
Leaked spreadsheets, payroll data, and deposit databases show:
- Over 26,000 would-be investors from 34 countries were targeted, with the largest sums taken from Canada, Spain, Australia, the U.K., and South Africa.
- Between January 2021 and December 2024, this network received €230 million in payments.
- Only about 2% of deposits are ever returned, sometimes labelled as “loans” or “upselling”, to lure victims into investing more.
The impact is huge.
The OCCRP investigation revealed a disturbing snapshot of the emotional and financial harm inflicted by these networks.
Victims frequently express suicidal thoughts and describe being left penniless while scammers taunt them or subject them to verbal abuse, mocking them for “falling for” what is ultimately a well-coordinated fraud.
Malta’s fintech companies and neobanks play a role in transferring stolen funds.
Reporters found that scammers directed victims to open accounts with so-called neobanks – technology-driven banking companies that aim to disrupt the traditional banking sector.
The Malta-based OpenPayd Financial Services Malta Limited is not a traditional neobank – it does not target individuals. Its U.K. licence to provide e-money services was cancelled, but in Malta, it works as a financial institution licensed to offer e-money and payment services.
Reporters found that numerous scam victims, many in Spain and the U.K., transferred large amounts to the account of CurrencyRock UAB, a Lithuania-based company trading as Insirex.
Financial reports leaked from one of the scam centres show that payment service providers had separate tabs – CurrencyRock’s Insirex was one.
In some cases, OpenPayd did not execute transfers as intended but was indicated as the provider of choice for Insirex transfers. Leaked internal chats show the scam team exchanging instructions relating to Insirex transfers.
In filings to the Lithuanian registry, CurrencyRock claims to have only one employee, and its volume of paid taxes is low. However, the leak shows victims transferred thousands of euros at a time to the company, and in only three months, the company sent and received €2.5 million. Attempts to reach the declared owner by our Lithuanian partner, Siena, were unsuccessful.
From this account, held in OpenPayd, funds were transferred to a Malta-based Payhound Limited, which is licensed to provide nominee services and execute orders on behalf of clients.
The term ‘nominee services’ means that the company is holding money or investment in someone else’s name, separating the nominee’s and client’s money – effectively obscuring ownership.
Payhound Limited did not reply to reporters’ questions about whether CurrencyRock held an account with them and what actions are taken when a client company is suspected of scamming victims.
Blue Whale Tech Inc., a Canadian company running the Cratos cryptocurrency exchange, was another company used in the scheme with an OpenPayd account. Responding to reporters’ questions, a representative of Cratos said, “our clients are 100% individual clients who wish to purchase and/or sell digital currencies” and denied working with scamming enterprises. OpenPayd’s representative said that Blue Whale Tech’s account was terminated in 2023, also for the failures to maintain adequate controls.
In its reply, OpenPayd stressed that it did not deal with individuals and only serviced corporate clients.
“We have our own regulatory responsibilities to manage financial crime risks posed by Clients,” the company’s representative wrote. “We monitor all transactions to/from our Clients for fraud or other financial crime flags (e.g. sanction screening), including through a comprehensive Fraud Monitoring Programme designed to combat fraud from End Customers.”
Asked about the specific companies mentioned in the leak, OpenPayd representative wrote that Currency Rock and Blue Whale Tech Inc. “are no longer customers of OpenPayd. We terminated Blue Whale Tech Inc. […] in 2023 and CurrencyRock in 2024, all for reasons related to their failures to maintain adequate controls.”
Victims filed complaints against OpenPayd with Malta’s Financial Arbiter
In 2024 alone, three victims of various scams filed complaints before the Financial Arbiter in Malta after having studied the account numbers of their scammers and identifying OpenPayd as the service provider that opened these accounts.
In all cases, OpenPayd argued against any obligations to the victims because they did not have a business relationship with them. Instead, OpenPayd only had a business relationship with the alleged scammers.
In one case, which concerned Hasbix Analytics sro, OpenPayd declared to the Arbiter that the accused company had been added to OpenPayd’s Fraud Monitoring Programme.
“Hasbix was seemingly left operating without suspension under a ‘60-day grace period’ permitted by OpenPayd before the relationship and account of Hasbix with OpenPayd was eventually ‘fully terminated on 29 May 2024’ after ‘a 60-day notice for Hasbix to cease operations and stop any transactions on the account, in line with OpenPayd’s terms and conditions’,” according to the case documents.
“If the Client fails to improve their management of fraud and/or reduce its fraud rates within a reasonable period of time, we terminate the relationship,” the representative added before specifying that relationships with 21 clients were terminated due to fraud-related reasons over the past three years and that its monitoring system identified 0.07% of transactions on their platform as fraudulent.
In all three cases, the Financial Arbiter concluded that the victims were ineligible to seek justice in Malta by not individually being the financial service provider’s customers.
“I am concerned not only with the quantity but also with the quality of these fraud schemes,” Financial Arbiter Alfred Mifsud wrote in the institution’s newsletter.
“Get-rich-quick schemes are invariably too good to be true. They are carefully laid out to tempt vulnerable consumers to try their luck with a small sum. Once inside the scheme, it gets progressively more difficult to extricate themselves out, and they are quite often convinced to continue paying into the false scheme until, finally, the truth is exposed, with hurtful results – both financial and psycho-social.”
However, the legal loophole that left OpenPayd without responsibility for facilitating payments demanded from victims by alleged scammers may eventually be closed.
“The necessary changes to CAP 555 (Arbiter for Financial Services Act) will form part of Budget Measures Implementation Act,” financial arbiter Alfred Mifsud wrote in reply to the reporters’ questions, clarifying that “The aim is to render all victims of fraud as eligible customers of any licensed financial services provider involved in the suspected fraudulent payment transaction.”
The arbiter added, “A decision on case no. 155/2024 should be issued shortly being a case which for particular circumstances was not blocked by ineligibility criteria and proceeded to be adjudicated on merits.”
If you have been a victim of this or similar scams, please reach out to julian@amphora.media or daiva@amphora.media. You can consult a handbook of scams by the eSkills Malta Foundation here, or contact the Victim Support Agency.
Leave a Reply