Tag: cryptocurrency

  • Scam Empire: Multi-million Investment Scam Used Maltese Companies To Cash In

    Scam Empire: Multi-million Investment Scam Used Maltese Companies To Cash In

    By Daiva Repečkaitė and Julian Bonnici

    • Reporters spoke to 182 victims of multi-million euro investment scams that earned over €230 million in four years.
    • Two networks: One Israeli-European, the other Georgian targeted victims across the globe, including Malta.
    • Malta-registered companies among payment service providers and banks that enabled operations. One recently terminated relationships with alleged scam operators.
    • Three victims of various scams launched cases with Malta’s financial arbiter.

    Updated with a statement from Payhound Limited

    A Maltese-registered company was key in transferring funds extracted from victims of a massive investment scam targeting victims across dozens of countries, including Malta.

    A collaborative investigation by Swedish Television (SVT), OCCRP and its media partners, including Amphora Media and the Times of Malta, has revealed unprecedented insight into how these extensive investment scam networks operate – and how chilling, professionalised, and far-reaching the industry has become.

    Visit the project’s website

    Reporters have contacted 166 victims of the two networks who say they’ve been scammed approx. €18 million by an Israeli-European network and a network in Georgia.

    Financial records in the leak show that in four years, the two scam networks raked in a total of about €230 million from would-be investors.

    Illustration of a call centre, including headphones, a person smiling with a headset, and hands holding a phone with a message that reads "Payment successful"
    Credit: James O’Brien / OCCRP

    People from every walk of life have fallen victim to these scams, which leads them to lose their savings and, in many cases, their mental health.

    Victims include a Canadian crane operator living with a disability, a retired finance professor, a Swedish pensioner who needed money for dental procedures, and an Estonian lawyer who was targeted while in the hospital. 

    Far from dingy ‘boiler rooms’, leaked data and communication obtained by OCCRP’s partner Swedish Television (SVT) shows that investment scam call centres are based in slick office buildings, including in countries in the European Union, with marketing firms, payment service providers and high street banks enabling their operations.

    One of these providers was the Malta-registered OpenPayd – another is Payhound.

    OpenPayd acknowledged its relationship with entities linked to the scheme. However, it said it terminated its relationship with them, “all for reasons related to their failures to maintain adequate controls”- and stressed that it did not deal with individuals and only serviced corporate clients. 

    Update: After the publication of the articles, a representative of Payhound Limited contacted our partner, the Times of Malta, explaining that reporters’ questions were filtered into the recipient’s spam folder. The company added the following statement: “Payhound maintains the highest standards of compliance, adheres to industry best practice and has consistently met all applicable legal and regulatory requirements.”

    A headset with the word 'scam' written with its cable
    Credit: James O’Brien / OCCRP

    How the scheme works

    The scam centres see perpetrators pose as legitimate brokers and contact potential investors to encourage them to deposit funds on trading platforms such as Rivobanc and Stoxinvest. Most exist only as websites not linked to any corporate entity and are falsely located in financial centres like London and Zurich. 

    Scammers gain access to vast amounts of personal information from their victims’ computers via remote access software called Anydesk, which they ask them to install, supposedly to help them with transactions. 

    The software system they use can be manipulated to create illusory profits on traders’ initial investments, offering false claims about higher returns or blocked withdrawals — a technique to encourage them to send more.

    The leaked records detail how “recovery agents” even contact existing victims, pretending to be from financial authorities. They promise to help recoup the money — for an upfront fee — only to scam them again.

    In some cases, unsuspecting victims are convinced to transfer money to other victims, unwittingly aiding the scammers in layering and moving funds.

    Leaked financial documents reveal Maltese-registered companies acting as crucial links in funnelling funds stolen from victims of the scams, with entities like OpenPayd acting as payment providers.

    Victims were often led to believe that they were making payments to accounts they held at certain financial institutions that belonged to them when, in reality, they belonged to the scammers in question.

    They argued that the financial institutions in question, like OpenPayd, failed to stop the payments while continuing to offer accounting facilities to the scheme’s beneficiaries.

    Leaked spreadsheets, payroll data, and deposit databases show:

    • Over 26,000 would-be investors from 34 countries were targeted, with the largest sums taken from Canada, Spain, Australia, the U.K., and South Africa.
    • Between January 2021 and December 2024, this network received €230 million in payments.
    • Only about 2% of deposits are ever returned, sometimes labelled as “loans” or “upselling”, to lure victims into investing more.

    The impact is huge.

    The OCCRP investigation revealed a disturbing snapshot of the emotional and financial harm inflicted by these networks.

    Victims frequently express suicidal thoughts and describe being left penniless while scammers taunt them or subject them to verbal abuse, mocking them for “falling for” what is ultimately a well-coordinated fraud.

    An illustration of four individuals at computers
    Credit: James O’Brien / OCCRP

    Malta’s fintech companies and neobanks play a role in transferring stolen funds.

    Reporters found that scammers directed victims to open accounts with so-called neobanks – technology-driven banking companies that aim to disrupt the traditional banking sector.

    The Malta-based OpenPayd Financial Services Malta Limited is not a traditional neobank – it does not target individuals. Its U.K. licence to provide e-money services was cancelled, but in Malta, it works as a financial institution licensed to offer e-money and payment services. 

    Reporters found that numerous scam victims, many in Spain and the U.K., transferred large amounts to the account of CurrencyRock UAB, a Lithuania-based company trading as Insirex. 

    Financial reports leaked from one of the scam centres show that payment service providers had separate tabs – CurrencyRock’s Insirex was one.

    In some cases, OpenPayd did not execute transfers as intended but was indicated as the provider of choice for Insirex transfers. Leaked internal chats show the scam team exchanging instructions relating to Insirex transfers.

    In filings to the Lithuanian registry, CurrencyRock claims to have only one employee, and its volume of paid taxes is low. However, the leak shows victims transferred thousands of euros at a time to the company, and in only three months, the company sent and received €2.5 million. Attempts to reach the declared owner by our Lithuanian partner, Siena, were unsuccessful.

    From this account, held in OpenPayd, funds were transferred to a Malta-based Payhound Limited, which is licensed to provide nominee services and execute orders on behalf of clients

    The term ‘nominee services’ means that the company is holding money or investment in someone else’s name, separating the nominee’s and client’s money – effectively obscuring ownership.

    Payhound Limited did not reply to reporters’ questions about whether CurrencyRock held an account with them and what actions are taken when a client company is suspected of scamming victims.

    Blue Whale Tech Inc., a Canadian company running the Cratos cryptocurrency exchange, was another company used in the scheme with an OpenPayd account. Responding to reporters’ questions, a representative of Cratos said, “our clients are 100% individual clients who wish to purchase and/or sell digital currencies” and denied working with scamming enterprises. OpenPayd’s representative said that Blue Whale Tech’s account was terminated in 2023, also for the failures to maintain adequate controls.

    In its reply, OpenPayd stressed that it did not deal with individuals and only serviced corporate clients. 

    “We have our own regulatory responsibilities to manage financial crime risks posed by Clients,” the company’s representative wrote. “We monitor all transactions to/from our Clients for fraud or other financial crime flags (e.g. sanction screening), including through a comprehensive Fraud Monitoring Programme designed to combat fraud from End Customers.”

    Asked about the specific companies mentioned in the leak, OpenPayd representative wrote that Currency Rock and Blue Whale Tech Inc. “are no longer customers of OpenPayd. We terminated Blue Whale Tech Inc. […] in 2023 and CurrencyRock in 2024, all for reasons related to their failures to maintain adequate controls.”

    Euros

    Victims filed complaints against OpenPayd with Malta’s Financial Arbiter

    In 2024 alone, three victims of various scams filed complaints before the Financial Arbiter in Malta after having studied the account numbers of their scammers and identifying OpenPayd as the service provider that opened these accounts. 

    In all cases, OpenPayd argued against any obligations to the victims because they did not have a business relationship with them. Instead, OpenPayd only had a business relationship with the alleged scammers. 

    In one case, which concerned Hasbix Analytics sro, OpenPayd declared to the Arbiter that the accused company had been added to OpenPayd’s Fraud Monitoring Programme. 

    “Hasbix was seemingly left operating without suspension under a ‘60-day grace period’ permitted by OpenPayd before the relationship and account of Hasbix with OpenPayd was eventually ‘fully terminated on 29 May 2024’ after ‘a 60-day notice for Hasbix to cease operations and stop any transactions on the account, in line with OpenPayd’s terms and conditions’,” according to the case documents.

    “If the Client fails to improve their management of fraud and/or reduce its fraud rates within a reasonable period of time, we terminate the relationship,” the representative added before specifying that relationships with 21 clients were terminated due to fraud-related reasons over the past three years and that its monitoring system identified 0.07% of transactions on their platform as fraudulent.

    In all three cases, the Financial Arbiter concluded that the victims were ineligible to seek justice in Malta by not individually being the financial service provider’s customers. 

    “I am concerned not only with the quantity but also with the quality of these fraud schemes,” Financial Arbiter Alfred Mifsud wrote in the institution’s newsletter

    “Get-rich-quick schemes are invariably too good to be true. They are carefully laid out to tempt vulnerable consumers to try their luck with a small sum. Once inside the scheme, it gets progressively more difficult to extricate themselves out, and they are quite often convinced to continue paying into the false scheme until, finally, the truth is exposed, with hurtful results – both financial and psycho-social.”

    However, the legal loophole that left OpenPayd without responsibility for facilitating payments demanded from victims by alleged scammers may eventually be closed. 

    “The necessary changes to CAP 555 (Arbiter for Financial Services Act) will form part of Budget Measures Implementation Act,” financial arbiter Alfred Mifsud wrote in reply to the reporters’ questions, clarifying that “The aim is to render all victims of fraud as eligible customers of any licensed  financial services provider involved in the suspected fraudulent payment transaction.”

    The arbiter added, “A decision on case no. 155/2024 should be issued shortly being a case which for particular circumstances was not blocked by ineligibility criteria and proceeded to be adjudicated on merits.”

    If you have been a victim of this or similar scams, please reach out to julian@amphora.media or daiva@amphora.media. You can consult a handbook of scams by the eSkills Malta Foundation here, or contact the Victim Support Agency.

  • Alleged Illegal Betting Mogul Funneled Funds Through Binance Wallet In Malta

    Alleged Illegal Betting Mogul Funneled Funds Through Binance Wallet In Malta

    By Daiva Repečkaitė and Julian Bonnici

    • Halil Falyalı, a late Turkish Cypriot businessman allegedly behind an illegal betting empire, used Binance to move millions of funds.
    • Turkish financial crimes investigators’ report listed around 100 cryptocurrency wallets they said were used by the group to transfer the “revenues of crime.”
    • Over $29 million passed through Falyalı’s Binance Global accounts.
    • The account with Binance Global was opened when Binance was not licensed to operate as a financial service provider in Malta.
    • Falyalı’s widow says he declared crypto assets abroad worth €30 million, $10 million and £10 million in various cryptocurrencies.
    • Using blockchain records, reporters found that the known wallets of the network received more than €1.3 billion since 2018.

    Halil Falyalı, a late Turkish Cypriot businessman allegedly behind an illegal betting empire, is believed to have moved his money using the Malta-based cryptocurrency exchange Binance, a collaborative investigation by Amphora Media and Times of Malta has revealed.

    Falyalı, who was once indicted in absentia in the US in 2015 for allegedly laundering drug money, was murdered in 2022 when his car was ambushed by gunmen with automatic weapons.

    The workings of his alleged illegal gambling network and its links to Malta were recently revealed in a collaborative investigation between OCCRP, Amphora Media, Times of Malta and other media partners.

    A 2022 Turkish financial crimes investigators’ report listed around 100 cryptocurrency wallets they said were used by the group to transfer the “revenues of crime”.

    The report identified Binance TR – the Turkish branch of Binance – as one of the three crypto asset service providers used by the network. Using these providers, individuals within the network collected transfers from others and then forwarded them into accounts held by crypto asset service providers. Investigators noted that over $29 million passed through Falyalı’s Binance Global accounts.

    Using blockchain records, reporters found that the known wallets of the network received more than €1.3 billion since 2018.

    In December last year, Turkish prosecutors indicted more than 240 people, including Falyalı’s widow, on illegal gambling and money laundering charges. The posthumous indictment accused Falyalı of “establishing an organisation with the aim of committing crime.”

    Turkish investigators asked the Binance branch in Malta to identify the owner of an account central to the crypto transfers. Binance confirmed that the cryptocurrency wallet belonged to Halil Cahit/Djahit, a Cypriot citizen.

    Investigators were able to confirm that Djahit is an alias of Halil Falyalı. Halil Djahit was Falyalı’s name on his Greek Cypriot ID. Meanwhile, Falyalı submitted a copy of his Cypriot passport and a selfie to open his account. 

    After Falyalı’s death, investigators noted that his widow made a large withdrawal from his Binance account. In her testimony upon indictment, Özge Taşker Falyalı confirmed that she held a wallet at Binance Global under her maiden name – and that her husband had declared crypto assets abroad worth €30 million, $10 million and £10 million in various cryptocurrencies. She denied the charges against her.

    The report suggests that the account was opened with the Malta-based Binance Global on 26th November 2020 – when Binance was not licensed to operate as a financial service provider in Malta.

    Read more of the Betting on Billions investigation.

    Investigators also believe the detected transactions are only a fraction of the money movements within this network. 

    Cemil Önal, Falyalı’s longtime head of finance who is facing charges linked to illegal gambling and faces broader claims of being “one of the masterminds” of Falyalı’s murder, says that the network allegedly earned €75 million a month, while authorities have seized around €40 million in assets.

    Credit: Courtesy of Cemil Önal. Cemil Önal (left) with Özge Taşker Falyali (right).

    Speaking to our partners OCCRP, Önal claims that Falyalı’s network also used so-called cold wallets, devices for storing cryptocurrency keys offline, without connecting them to the internet. 

    Recipients of betting revenues would transfer their cryptocurrency assets into these wallets. These devices are then physically transported, and the money is cashed.

    In response to reporters’ questions about the alleged illegal betting tycoon’s accounts, a representative of Binance said, “Binance aims to set a high standard for compliance across the industry, proactively detecting and preventing illicit activity both on and off our platform. We work closely with law enforcement and industry partners to enhance security and regulatory compliance. This includes advanced AI-driven identity verification, ensuring a robust and effective Know Your Customer (KYC) process.”

    In 2023, Binance’s co-founder and, at the time, majority owner Changpeng Zhao pleaded guilty to failing to maintain an effective anti-money laundering programme in the US. In his plea, Zhao admitted telling employees that it was “better to ask for forgiveness than permission”.

    A base in Malta

    Binance moved to Malta in 2018, taking advantage of the welcoming environment for cryptocurrency companies at the time. 

    In 2018, Malta adopted an act which provided a grace period to cryptocurrency operators of 12 months to apply for an appropriate licence. Within months from opening, Binance signed an agreement with the Malta Stock Exchange “to launch a new digital exchange for security token trading”.

    However, the company never acquired the licence to operate in financial services, and in February 2020, the Malta Financial Services Authority (MFSA) issued a statement that “Binance is not authorised by the MFSA to operate in the cryptocurrency sphere”.

    Economy Minister Silvio Schembri with Binance’s Changpeng Zhao and others.

    A flurry of warnings to the public from regulatory authorities followed: in the UK, Poland, Germany and even the Cayman Islands, where its main holding was based. 

    Soon, Binance found itself in more trouble. In 2023, the US Commodity Futures Trading Commission charged the company and its founder, Zhao, for circumventing legally required compliance controls to maximise corporate profits. The company and its founder pleaded guilty to the US charges of anti-money laundering failings. 

    After pleading guilty, Zhang was sentenced to four months in prison, and Binance agreed to pay $2.85 billion for willfully evading US law and other violations. Zhao finished serving his sentence last September.

    Halil Falyal and Özge Taşker Falyalı

    Blockchain for betting revenues

    The northern part of Cyprus, where the Falyalı family resided, is occupied by Türkiye. Türkiye is working on cryptocurrency legislation of its own, and as it stands, Binance continues offering services there.

    Individuals who have made transfers identified in the financial investigators’ report were found to have accounts with Binance TR (registered as (BN Teknoloji A.Ş. and incorporated in 2019).

    For a time, Zhao was personally its shareholder, but the latest data shows that the shares are held by Binance’s holding company in Ireland.

    Türkiye banned cryptocurrencies as a payment method in 2021 but then adopted a programme to regulate and tax cryptocurrencies between 2024 and 2026. The country’s Revenue Administration considers cryptocurrencies to be assets, and as such, they can be inherited.

    Amphora Media collaborated with the Organised Crime and Corruption Reporting Project (OCCRP), Times of Malta, Follow the Money (Netherlands), Hetq (Armenia), Investigative Reporting Lab Macedonia, Belarusian Investigative Center and Shteg.org (Albania) on the research for this publication.