The KXTRA / KKR Global Investment scheme was not merely another fake trading-app scam. Based on victim files reviewed by FinTelegram, it appears to have been a fraud operation with a professional payment rail behind it.
The front end was familiar: Facebook bait, WhatsApp grooming, fake advisers, a slick app, and fabricated investment profits. The back end is more explosive: victims were pushed into OpenPayd-linked accounts that appeared to be held in their own names, while at least one OpenPayd-provided transaction file shows the money being swept immediately to Klickl Europe, a Polish crypto/on-ramp provider. On the payout side, a partial โwithdrawalโ allegedly came from TFG Technology Ltd, a short-lived UK company later dissolved after Companies House flagged incorporation information as misleading, false, or deceptive.
This is not a story about โweak compliance.โ This is a suspected fraud-facilitation rail. OpenPayd, Klickl Europe and TFG Technology were not names floating at the edge of the scam. Based on the evidence reviewed by FinTelegram, they appear inside the money trail.
If you lost money through KXTRA, KKR Global Investment, OpenPayd accounts, Klickl Europe, TFG Technology, Thunes, Banking Circle, or related crypto-payment channels, contact FinTelegram via Whistle42. Your documents may help expose the operators behind the machine.
2-Minute Briefing
The alleged KXTRA / KKR Global Investment scheme appears to have been a fraud operation dressed up as an investment app โ and supported by identifiable payment rails.
FinTelegram has reviewed victim files that point to the same disturbing architecture: victims were lured through social media and WhatsApp, shown fabricated investment profits in the KXTRA app, and instructed to transfer substantial funds into OpenPayd-linked accounts that appeared to be held in the victimsโ own names.
One victim file, reportedly provided by OpenPayd itself, shows incoming deposits being immediately swept onward to Klickl Europe Sp. z o.o., a Polish virtual-asset provider registered as a crypto/on-ramp operator.
The critical finding is brutal: the money did not simply disappear into cyberspace. It moved through identifiable payment infrastructure.
OpenPayd appears to have provided the victim-facing VIBAN collection layer.
Klickl Europe appears to have received the swept victim funds as the primary-account beneficiary.
TFG Technology Ltd appears on the payout side as the sender of at least one partial โwithdrawal.โ
This is the payment architecture that made the fraud executable.
A further layer emerges on the payout side. In one case, a partial โwithdrawalโ of approximately โฌ17,000 was allegedly paid from TFG Technology Ltd, a short-lived UK company later dissolved after UK Companies House flagged incorporation information as misleading, false, or deceptive. This fits the classic confidence-payout pattern used in investment scams: return a controlled amount, maintain the illusion of legitimacy, and push the victim toward further deposits or fees.
The emerging rail map is blunt:
- Victim โ OpenPayd victim-named VIBAN โ sweep to Klickl Europe โ suspected crypto/on-ramp settlement layer โ KXTRA operators
- TFG Technology โ Danish payment account โ partial victim payout
The fake KXTRA app was the theatre. The payment rail was the machine.
FinTelegram Finding
Based on the victim files reviewed, KXTRA was the fraud interface โ but OpenPayd, Klickl Europe and TFG Technology appear to have been part of the payment machinery that allowed the fraud to collect, move, convert, and partially recycle victim funds.
If these entities were merely abused by criminals, they must now prove it with records: onboarding files, account-control data, wallet destinations, suspicious-transaction reports, termination records, and communications with law enforcement.
Silence is no longer a neutral position.
Key Findings
1. KXTRA Was The Fraud Front-End
The victim files describe a familiar but highly effective fraud pattern: social-media targeting, WhatsApp grooming, fake investment advisers, a professional-looking app called KXTRA, and an alleged KKR Global Investment / KKR Globale Aktienstrategie narrative built around IPO and private-equity opportunities.
Victims were shown fabricated profits and pressured into moving larger sums through payment infrastructure that appeared legitimate.
The fraud did not rely only on persuasion. It relied on rails.
2. OpenPayd Was The Victim-Facing Collection Layer
One criminal complaint states that the victim was instructed to transfer funds to an OpenPayd virtual IBAN that appeared to be in the victimโs own name. The complaint lists four payments to OpenPayd Financial Service Malta totaling โฌ100,500 and identifies OpenPayd Malta and Klickl Europe, Warsaw, Poland, as involved payment service providers.
This makes OpenPayd central to the collection side of the alleged fraud.
The relevant question is no longer only whether OpenPayd had adequate AML procedures. The question is why its infrastructure was available as the victim-facing intake layer for a fraud scheme.
3. Victim-Named Accounts Created A False Sense Of Safety
The use of victim-named OpenPayd accounts or virtual IBANs is not a minor technicality. It is a critical element of the fraud psychology.
To the victim, the payment looked safer because the account appeared to be in their own name. But the evidence suggests that these accounts functioned as collection sub-accounts rather than real investment accounts controlled by the victims.
That is how a fake investment story becomes financially credible: the victim sees their own name, trusts the account, and sends more money.
4. OpenPaydโs Own File Allegedly Shows The Sweep To Klickl Europe
A second victim file, reportedly provided by OpenPayd, appears to reveal the internal mechanics. Incoming payments into a victim-named OpenPayd account were followed immediately by matching outgoing transfers to:
KLICKL EUROPE SPรลKA Z OGRANICZONฤ ODPOWIEDZIALNOลCIฤ
The transaction description reportedly states:
โTransfer to Klickl Europe – EUR/Sepaโ
The transaction reference reportedly states:
โSweep to Primary Accountโ
That phrase is explosive. It suggests that Klickl Europe was the primary-account beneficiary behind the victim-facing OpenPayd collection structure. In plain language: the victim-facing account was the intake point. Klickl Europe was the apparent receiver.
5. Klickl Europe Was Not A Random Receiver โ It Is A Polish Crypto-On-Ramp
Klickl Europe is not an ordinary commercial payee. It is registered in Poland as a virtual-asset business and appears to operate as a fiat/crypto exchange, brokerage, and account-maintenance provider.
That makes its role highly material.
The victim funds were not merely forwarded to some passive company. They were allegedly swept to a crypto/on-ramp provider. That raises a direct question: were the funds converted, transferred to wallets, settled to exchanges, or routed to the real KXTRA operators?
Klickl Europe should know.
6. OpenPayd โ Klickl Europe Looks Like A Structured Fraud Rail
The victim files point to the same payment architecture:
OpenPayd provided the victim-facing VIBAN/sub-account layer.
Klickl Europe received the swept funds as the apparent primary-account recipient.
This is not random payment noise. It is a structured rail. The central question for OpenPayd is whether it onboarded Klickl Europe as the master-account customer โ and whether it understood that large retail โinvestmentโ deposits were flowing through victim-named accounts and being swept into a Polish crypto-services provider.
The central question for Klickl Europe is even simpler:
Who was the real customer behind the KXTRA money?
7. TFG Technology Appears On The Payout Side
The criminal complaint states that one victim received only partial withdrawals, including approximately โฌ17,000 from TFG Technology Ltd via a Danish IBAN, while the full withdrawal was blocked.
This fits the classic confidence-payout pattern: send back a controlled amount to preserve the illusion of a real investment platform.
Fraudsters know that one partial payout can unlock much larger victim deposits. It tells the victim: โThe system works.โ It buys time. It deepens trust. It delays suspicion.
In this case, TFG Technology appears to have played that role.
8. TFG Technology Was A Short-Lived UK Entity With Severe Registry Red Flags
TFG Technology Ltd appears to have been incorporated shortly before the relevant payment events and later dissolved after UK Companies House flagged incorporation information as misleading, false, or deceptive.
In the context of the alleged KXTRA fraud, this makes TFG Technology look less like a legitimate investment counterparty and more like a high-risk payout vehicle.
A short-lived UK company.
A Danish payment account.
A partial withdrawal to a fraud victim.
A registry warning about false or deceptive incorporation information.
That is not normal commercial activity. That is a red-flag cluster.
9. Klickl Europe Should Know Where The Money Went Next
If Klickl Europe received the swept victim deposits, it should know the next destination: exchange accounts, wallets, merchants, counterparties, settlement partners, or internal ledgers.
Unless Klickl Europe itself operated the KXTRA scheme, it should be able to identify who stood behind the transactions.
Silence from Klickl would be a major compliance, governance, and potential criminal-facilitation red flag.
The question is no longer vague:
Who instructed Klickl Europe to receive the victim funds, and where did Klickl send them next?
10. This Was Not A Compliance Gap โ It Was A Fraud Rail
KXTRA appears to have been a fraud. Once that is established, the role of OpenPayd, Klickl Europe and TFG Technology cannot be reduced to soft language about โAML weaknessesโ or โcompliance gaps.โ
The evidence suggests that these entities formed part of the financial infrastructure that allowed the fraud to collect victim money, sweep it to a crypto/on-ramp layer, and pay back controlled amounts to preserve the illusion of legitimacy.
The real question is not whether compliance was imperfect.
The real question is whether the payment participants knowingly, recklessly, or blindly enabled a scam payment network.
KXTRA / KKR Scam โ Payment Rail & Entity Map
| Layer | Entity / Individual | Jurisdiction / Status | Apparent Role In The Rail | Evidence / Interpretation |
|---|---|---|---|---|
| Fraud Front-End | KXTRA App | App presented to victims; linked in complaint to โSales House Hendrix Bail, SRL,โ Moldova | Fake investment interface showing alleged IPO/private-equity profits | Victims were instructed to use KXTRA to follow the alleged investment strategy. The app allegedly showed fabricated gains. |
| Fraud Narrative | โKKR Global Investmentโ / โKKR Globale Aktienstrategieโ | Alleged brand/name used by fraudsters | False investment story used to create credibility | Victims were told they were participating in IPO/private-equity opportunities under a KKR-branded narrative. |
| Victim Acquisition | โJulia Hoffmann,โ โTill van Dorp,โ and other alleged advisers | Unknown / likely aliases | WhatsApp grooming, investment instructions, withdrawal obstruction | Complaint identifies these names as contacts used in the scam approach. |
| Collection Infrastructure | OpenPayd Financial Service Malta / OpenPayd Malta OpenPayd.com | Malta; regulated payment institution / EMI-type payment infrastructure | Victim-facing VIBAN / account layer used to receive deposits | Complaint lists four transfers totaling โฌ100,500 to OpenPayd Malta and describes the account as a virtual IBAN appearing in the victimโs own name. |
| Primary Sweep Recipient | Klickl Europe Sp. z o.o. Klickl.com | Poland; registered virtual-asset business / on-ramp provider | Apparent primary-account beneficiary receiving swept victim funds from OpenPayd | OpenPayd-provided Excel reportedly shows incoming victim payments immediately followed by โTransfer to Klickl Europe – EUR/Sepaโ with reference โSweep to Primary Account.โ The criminal complaint also names Klickl Europe in the payment structure. |
| Klickl Control Person | Michael Xu Zhao / Xu Zhao | Public Klickl CEO identity; Polish register UBO/director | Identified control person behind Klickl Europe | Polish register data identifies Xu Zhao as UBO/director/shareholder of Klickl Europe; public sources identify the Klickl founder/CEO as Michael Xu Zhao. |
| Crypto / On-Ramp Layer | Klickl Group / Klickl Europe | Poland / broader Klickl crypto-payment group | Suspected fiat-to-crypto conversion, wallet, settlement or onward-routing layer | Klickl Europeโs VASP/on-ramp profile fits the role suggested by the payment files: victim fiat funds swept from OpenPayd into a crypto-services provider. |
| Confidence Payout Layer | TFG Technology Ltd | United Kingdom; short-lived/dissolved company | Alleged partial payout vehicle | Complaint states that a partial withdrawal of about โฌ17,000 was received from TFG Technology Ltd via Danish IBAN DK8789000058970017. |
| TFG Control Person | Libo Wang | Chinese national / UK company director according to Companies House research | Founder/director/controller of TFG Technology Ltd | Relevant because TFG appears as payout sender and was reportedly dissolved after Companies House flagged false/misleading/deceptive incorporation information. |
| Payout Banking Infrastructure | Banking Circle Denmark / Danish IBAN rail | Denmark | Account/payment rail used for partial payout from TFG Technology | The Danish IBAN used by TFG suggests a Banking Circle-type payment infrastructure layer. Needs direct confirmation from Banking Circle or account records. |
| Regulatory Chokepoint | MFSA / Malta | Malta regulator | Relevant regulator for OpenPayd Malta | OpenPaydโs role as a regulated payment institution makes the victim-fund collection and Klickl sweep pattern a regulatory and potential law-enforcement issue. |
| Regulatory Chokepoint | Polish VASP Register / Polish authorities | Poland | Relevant authority for Klickl Europe | Klickl Europeโs apparent role as primary sweep recipient and crypto/on-ramp provider raises AML, fraud-facilitation and VASP-supervision questions. |
Read our OpenPayd reports here.
Beyond Compliance: Who Enabled The Fraud?
KXTRA was not a difficult case to understand.
It was not a licensed broker.
It was not a legitimate investment platform.
It was not a normal merchant.
It was a fraud interface.
That changes everything.
The question for OpenPayd, Klickl Europe and TFG Technology is not whether their compliance manuals looked acceptable on paper. The question is whether their accounts, VIBANs, sweeps, on-ramp services and payout channels enabled a fraud to operate at scale.
Victim money entered through OpenPayd. It was allegedly swept to Klickl Europe. A partial payout allegedly came back through TFG Technology.
That is not a random compliance mishap.
That is a functioning fraud rail.
The possible criminal-law questions are obvious:
- Did any payment participant know, suspect, or consciously ignore that KXTRA was fraudulent?
- Who controlled the accounts receiving victim funds?
- Who gave the instructions for the sweeps to Klickl Europe?
- Who instructed or funded the TFG Technology payout?
- Were the funds converted into crypto, moved to wallets, or settled to the real KXTRA operators?
- Did any regulated or semi-regulated actor profit from the flow?
- Were suspicious activity reports filed, or were the transactions allowed to continue despite obvious red flags?
If OpenPayd and Klickl Europe were merely abused by fraudsters, they should be able to explain the account structure, customer relationships, transaction monitoring, downstream beneficiaries, and termination actions.
If they cannot, the issue becomes much more serious than weak compliance.
It becomes suspected fraud facilitation.
Conclusion
KXTRA was the bait.
The payment rail was the weapon.
Victims were not merely deceived by fake app screens and WhatsApp manipulators. They were pushed into a financial pipeline that gave the scam credibility, scale and operational power: OpenPayd accounts for collection, Klickl Europe as the apparent sweep recipient and crypto/on-ramp layer, and TFG Technology as the suspected confidence-payout vehicle.
This is not a paperwork story.
It is not a soft AML story.
It is a suspected cross-border fraud-facilitation case.
OpenPayd must explain why its regulated infrastructure became the victim-facing collection layer. Klickl Europe must explain why victim funds were swept into its primary account and where the money went next. TFG Technologyโs role as a payout vehicle must be investigated. Regulators in Malta, Poland, Denmark and the United Kingdom should treat this as a payment-enabled fraud case, not as a clerical compliance failure.
The question is no longer whether KXTRA was a scam.
The question is who enabled it.
Who opened the accounts?
Who controlled the VIBANs?
Who ordered the sweeps?
Who converted the funds?
Who funded the payouts?
Who profited from the victimsโ losses?
If OpenPayd, Klickl Europe and TFG Technology were merely abused by criminals, they should disclose the records and help identify the operators.
If they cannot or will not, the suspicion deepens.
The fake KXTRA app was the theatre.
The real crime scene is the rail map.
FinTelegram will follow it.
Share Information
FinTelegram calls on all victims, whistleblowers, compliance insiders, payment employees, crypto-exchange staff, former Klickl or OpenPayd personnel, and law-enforcement contacts to come forward.
We are looking for:
- OpenPayd account statements
- Klickl Europe payment references
- KXTRA app screenshots
- WhatsApp chats
- TFG Technology payouts
- Thunes transactions
- Banking Circle IBANs
- Crypto wallet addresses
- DSAR responses
- Onboarding documents
- Internal compliance communications
If you have information about KXTRA, OpenPayd, Klickl Europe, TFG Technology, Banking Circle, Thunes, or related payment and crypto rails, contact FinTelegram via Whistle42.
This case is no longer only about one fake app.
It is about the payment infrastructure behind the fraud.
