FinTelegram has received a victim-organized app list that changes the OpenPayd–Klickl case materially. The list identifies several dozen victim-app entries and at least 27 different app/front-end names allegedly used to lure victims into the same OpenPayd–Klickl payment rail. KXTRA and Peelhuntaicore were not isolated brands. They appear to be part of a disposable app-front-end layer feeding victim funds into OpenPayd Malta vIBANs / CFTEMTM1 and onward to Klickl Europe.
2-Minute Briefing
The OpenPayd–Klickl fraud rail was evidently fed by a whole factory of fake investment apps. A victim-organized list reviewed by FinTelegram identifies 46 victim-app entries and at least 27 distinct app/front-end names, including Peelhuntaicore, KXTRA, PHFINCORE, FinTechX, BMEBEX, MirrorTrd, SSGM Pro, YHT, KKRDE, kkr-am-pro, KzipPro, FD MIN, Quantanils, Phantom, Voya, SSIM INT, KIZ/Kl Zep variants, and others.
This changes the case. We are no longer looking at one scam app or one impersonation scheme. The evidence points to a multi-app fraud architecture: disposable app frontends, WhatsApp/Telegram grooming, fake dashboards, blocked withdrawals — and a stable payment backend.
The stable backend is the key. Previous OpenPayd payment summaries show victim Payins followed by immediate transfers to Klickl Europe Sp. z o.o. with the reference “Sweep to Primary Account.”
OpenPayd’s GDPR response to victims confirmed the vIBAN architecture: OpenPayd’s corporate client was Klickl Europe; the victim-facing IBAN was a named virtual IBAN linked to Klickl Europe’s payment account; funds credited to that account became the property of Klickl Europe.
Public warnings support the app-front-end pattern. Legitimate Peel Hunt warns that it does not use WhatsApp, downloadable apps or social-media channels for regulated investment activity and specifically names PEELHUNTAICORE and PHFINCORE as apps not associated with Peel Hunt. BaFin has warned about WhatsApp groups pushing alleged crypto trading through FintechX and FNTCX apps. Public scam reports also identify BMBEX/BMEBEX, MirrorTrd, SSGM Pro, and YHT as high-risk or scam-linked trading/app names.
The frontends changed. The rail stayed the same.
Key Findings
- The app list is “mindblowing” evidence of scale. The screenshot identifies dozens of victim-app entries and at least 27 distinct app/front-end names. This is not one rogue app. It is a repeatable app-front-end layer.
- Peelhuntaicore was only one face of the scheme. Seven listed victims are connected to Peelhuntaicore, but the list also includes KXTRA, PHFINCORE, FinTechX, BMEBEX, MirrorTrd, SSGM Pro, YHT and many more.
- The payment backend is the common denominator. Prior OpenPayd summaries show Payin → Transfer → Klickl Europe, often with “Sweep to Primary Account.” The app names changed; the OpenPayd–Klickl rail remained stable.
- The apps match known scam typologies. Peel Hunt publicly denies any link to Peelhuntaicore and PHFINCORE, while BaFin and public scam warnings identify similar WhatsApp/app crypto-trading schemes involving FintechX, FNTCX, BMEBEX, MirrorTrd, SSGM Pro and YHT.
- Klickl Europe cannot credibly be treated as a passive recipient. If dozens of app-front schemes funded Klickl Europe through OpenPayd vIBANs, Klickl should have merchant/customer data, wallet destinations, conversion records, ledger entries and transaction-monitoring alerts.
- OpenPayd must explain the vIBAN exposure. OpenPayd provided the vIBAN infrastructure. It must explain how many Klickl-linked vIBANs were issued, how many app-front complaints were received, and why repeated retail deposits did not stop the rail earlier.
- Regulators should treat this as a payment-enabled investment-fraud network. Disposable apps plus stable payment rails are not “weak compliance.” They are the operating model of modern cyber-enabled investment fraud.
Key Data Table
| Entity / App / Mechanism | Role | Evidence | Red Flag |
|---|---|---|---|
| OpenPayd Malta / CFTEMTM1 | vIBAN infrastructure / payment facilitator | OpenPayd files and GDPR response | Victim-facing vIBANs used for scam deposits |
| Klickl Europe Sp. z o.o. (part of Klickl Group) | Corporate client / sweep recipient | Payment summaries show transfers to Klickl Europe | Funds repeatedly swept to same Polish VASP |
| Peelhuntaicore | Fake Peel Hunt app frontend | Victim list; Peel Hunt warning | Legitimate Peel Hunt denies association |
| PHFINCORE | Fake Peel Hunt-related app frontend | Victim list; Peel Hunt warning | Named by Peel Hunt as not associated |
| KXTRA | Fake investment app frontend | Victim list; Humer file | Linked to KKR-style investment narrative |
| FinTechX / FintechX | App/frontend | Victim list; BaFin warning about FintechX/FNTCX in WhatsApp groups | German regulator warning pattern |
| BMEBEX / BMBEX | App/frontend | Victim list; public scam warnings | Identity/brand-shift pattern |
| MirrorTrd / Mirror Trade | App/frontend | Victim list; public warning reports | Trading-app scam warning |
| SSGM Pro | App/frontend | Victim list; public low-trust/scam-risk reports | Disposable app / download ecosystem |
| YHT | App/frontend | Multiple victims in list; public high-risk broker/app reports | Repeated victim count; fake investment pattern |
| Other listed apps | AbrI3, AGAMK, CSCpro, FD MIN, Gimch Elite, KIZ/Kl Zep variants, KR, KKRDE, kkr-am-pro, KzipPro, Phantom, Quantanils, SSIM INT, Voya, Y-Max 2.01 | Victim-organized app list | Requires further victim files and app screenshots |
Rail Map
Fake investment app frontend → WhatsApp / Telegram grooming → OpenPayd Malta named vIBAN / CFTEMTM1 → Payin → immediate Transfer → “Sweep to Primary Account” → Klickl Europe Sp. z o.o. → crypto/on-ramp or settlement layer → unknown operators
Short explanation: the apps appear to be the disposable victim interface. They create the fake balance, fake profits and fake withdrawal process. The rail is the money machine: OpenPayd vIBAN intake, Klickl Europe as recipient, and an unknown downstream crypto or settlement layer.
Read our Klickl Europe reports here.
FinTelegram Assessment
Established Facts
The victim-organized app list contains 46 victim-app entries and at least 27 distinct app/front-end names. Previous OpenPayd payment summaries show victim deposits being transferred to Klickl Europe with “Sweep to Primary Account.” OpenPayd’s GDPR response confirms that the relevant named vIBAN was linked to Klickl Europe’s payment account and that credited funds became Klickl Europe’s property.
Strong Inferences
The evidence points to a scalable fraud architecture: many frontends, one payment backend. KXTRA and Peelhuntaicore were not exceptions. They were part of a broader app-front layer feeding OpenPayd–Klickl rails.
Working Hypotheses
Klickl is a global crypto scheme controlled by Chinese nationals. Klickl Europe is the scheme’s Polish entity – registered as a VASP – that is used as payment facilitators for this vast scam network. The Polish Klickl entity is registered as a merchant at OpenPayd, a licensed EMI supervised by the MFSA in Malta.
So we are not dealing here merely with anonymous scammers, but also with specific registered and licensed payment processors, whose beneficial owners and executives can be held responsible for the victims’ losses (read our “Who is behind Klickl report here“). The same applies to the relevant regulators.
Klickl Europe was not merely an accidental recipient. It evidently acted as on-ramp, settlement layer, or merchant-account hub for operators behind multiple fake investment apps. Whether Klickl or related persons were closer to the fraud operators remains open — but the volume and repetition make ignorance hard to accept.
Open Questions
Who created or controlled the apps? Which merchants or customers did Klickl onboard? Were funds converted to crypto? Which wallets or exchanges received the money? What transaction-monitoring alerts did OpenPayd and Klickl generate? Why were the same rails active across so many app names?
Whistleblower / Victim Call
FinTelegram is collecting:
- OpenPayd GDPR / DSAR responses;
- OpenPayd payment-summary Excel files;
- app screenshots;
- app download links or APK files;
- WhatsApp / Telegram group screenshots;
- fake broker names and phone numbers;
- vIBANs and bank receipts;
- Klickl account references;
- wallet addresses and transaction hashes;
- police reports;
- BaFin / regulator complaints;
- emails or chats from Klickl or OpenPayd.
We are especially interested in Peelhuntaicore, PHFINCORE, KXTRA, FinTechX, BMEBEX, MirrorTrd, SSGM Pro, YHT, KKRDE, kkr-am-pro, KzipPro, FD MIN, Quantanils, Phantom, Voya, SSIM INT, and KIZ/Kl Zep variants.
