One week after the EU’s MiCA transition deadline, FinTelegram’s fresh Betify review found Skrill and Neteller-labelled casino deposit routes still leading to Georgian payment gateway Nylo — where a €20 transaction becomes an “Exchange order” requiring consent to buy crypto and send it to a specified address. Nylo’s own legal documents now raise even deeper questions.
2-Minute Briefing

On 8 July 2026, FinTelegram re-tested the payment infrastructure of offshore casino Betify. The result is significant for Europe’s new MiCA enforcement environment. Inside Betify’s wallet, the player is offered familiar payment methods including Neteller and Skrill. But after selecting either method, the transaction is routed to app.nylo.pro, operated under the Nylo brand.
The Nylo screen does not merely show an ordinary casino deposit. It displays an “Exchange order.”
For a €20 Skrill or Neteller route, the user is required to acknowledge that they agree to buy crypto and send it to a specified address. A separate consent refers to the Terms of Use and Privacy Policy of an “Executing Service Provider.”
These are FinTelegram’s first-party test findings from 8 July 2026. The screenshots document the user journey but do not by themselves establish which entity ultimately executes the crypto exchange, which crypto asset is purchased, who controls the destination address, or whether the transaction was completed.
That timing matters. On 23 June 2026, ESMA stated that after the MiCA transitional period ended on 1 July 2026, unauthorised CASPs should immediately stop onboarding new EU clients, opening new client relationships, and engaging in marketing or solicitation, while taking steps to wind down EU activities. MiCA Article 59 provides that a person may not provide crypto-asset services within the Union unless authorised or otherwise entitled under the Regulation.
The Nylo case may therefore be more than another offshore-casino payment story.
It may be a case study in MiCA’s third-country enforcement problem.
Key Findings
1. Betify Still Routes Skrill and Neteller-Labelled Deposits Into Nylo Crypto Orders
FinTelegram’s 8 July test documented two separate €20 routes:
Betify Cashier → Neteller selection → Nylo “Exchange order” → consent to buy crypto → send to specified address
and:
Betify Cashier → Skrill selection → Nylo “Exchange order” → consent to buy crypto → send to specified address

The current Betify web presence identifies Fortuna Games N.V. as the licensed entity and the Cyprus-based Deltaprime Limited as an EEA representative or paying agent, depending on the page and domain presentation. We also found
FinTelegram previously documented Nylo appearing in Betify and other offshore-casino payment stacks and developed the working hypothesis that Nylo may represent an operational successor or migration layer following Lithuania’s utPay and Poland’s ChainValley. That earlier report explicitly stopped short of claiming proven common ownership between Nylo and the UTORG/ChainValley network.
The new development is different:
Nylo is still visible in the casino crypto-purchase rail after the 1 July 2026 MiCA transition deadline.
2. Nylo’s Checkout Says “Buy Crypto.” Its Terms Do Not
This is perhaps the most important new documentary finding. Nylo’s public Terms of Use describe a conventional-looking merchant-payment architecture. They define a “Payment Provider” as a bank, card issuer, electronic wallet provider, or similar financial service that transfers the user’s funds to Nylo’s account for settlement to the Merchant. A transaction is described as executed when the Payment Provider transfers funds to Nylo and Nylo settles them onward to the Merchant.
Nylo further states that:
- it acts as an intermediary between users and merchants;
- Payment Providers transfer money to Nylo;
- Nylo forwards funds to the Merchant;
- Nylo may briefly hold funds for settlement;
- merchants integrate Nylo through APIs, widgets, or white-label solutions;
- users transact with Nylo through merchant-integrated interfaces.
That is already more operationally substantive than the image of a passive software vendor. But the live Betify checkout introduces a second layer: “Exchange order” and “agreement to buy crypto and send it to a specified address.” Yet a text search of Nylo’s current Terms returned no reference to “crypto” and no reference to “virtual asset.”
This creates a fundamental classification question:
Is Nylo processing an ordinary merchant payment, facilitating a crypto purchase and transfer, orchestrating a third-party CASP transaction, or combining several of these functions?
That distinction is not cosmetic. It determines which regulatory perimeter may apply. The discrepancy becomes more significant because FinTelegram tested the legal links embedded in the checkout itself. The Terms of Use, Privacy Policy and AML/KYC Policy links presented on the Nylo exchange-order page led directly to Nylo’s own legal documents.
Accordingly, this is not merely a case where a Nylo-branded interface visibly hands the user off to separately identified crypto-provider terms. The user-facing legal framework points back to Nylo. That makes the central classification question even harder to avoid:
Why does a transaction governed through Nylo’s own legal-policy layer present itself as an “Exchange order” requiring the customer to buy crypto and send it to a specified address, while Nylo’s public Terms primarily describe payment intermediation and do not clearly set out the crypto-service layer?
3. Nylo Presented as the “Executing Service Provider”

The Neteller flow reviewed by FinTelegram contains a particularly important contractual element. Before proceeding with the €20 exchange order, the user is asked to confirm: “I read and agree to the Terms of Use and Privacy Policy of the Executing Service Provider.”
During the 8 July 2026 test, we followed the legal links presented in the Nylo checkout. The Terms of Use, Privacy Policy, and AML/KYC Policy links led directly to Nylo’s own legal documentation. This materially changes the regulatory picture.
The checkout does not merely use the Nylo domain while referring the user to clearly separate third-party crypto-provider terms. Instead, the legal-policy layer attached to the transaction points back to Nylo itself.
On the tested user journey, Nylo therefore appears to be presented as the contractual and compliance-facing service provider associated with the exchange order — and, in the Neteller consent language, with the “Executing Service Provider.” That creates a much sharper question:
If Nylo is the user-facing Executing Service Provider, what exactly is Nylo executing?
The same transaction screen states that the user agrees to: “buy crypto and send it to the specified address.“
Yet Nylo’s public Terms, as reviewed by FinTelegram, primarily describe a payment-intermediation model in which payment providers transfer funds to Nylo for settlement onward to merchants. The Terms do not clearly explain the crypto-purchase and crypto-transfer function visible in the live checkout.
This produces a significant documentary tension between:
- the live transaction flow, which presents an “Exchange order”;
- the user consent to buy crypto and send it to a specified address;
- the reference to an “Executing Service Provider”;
- and the fact that the associated Terms, Privacy and AML/KYC links lead to Nylo’s own policies.
4. Nylo Says It Performs No Direct User KYC — And Only Limited Monitoring

Nylo’s own KYC/AML Policy makes the case even more sensitive. The Georgian company states that it acts “solely as a technical intermediary”, does not conduct direct KYC/AML screening of users, and leaves identity verification and AML procedures to the Payment Provider chosen for the transaction. Nylo further says it applies only “limited transaction monitoring” on a risk-based basis.
This produces an obvious compliance question when the live checkout says the user is purchasing crypto and sending it onward:
Who performs crypto-specific customer due diligence, blockchain analytics, destination-wallet screening, sanctions screening, Travel Rule compliance, and transaction-purpose monitoring?
The fact that a payment originates through Skrill, Neteller, a bank, or another payment method does not by itself answer that question. A payment provider’s review of a fiat funding instrument is not automatically the same thing as the compliance framework required for the subsequent crypto exchange and transfer.
This report does not establish that Nylo is legally required to perform each of those functions itself. That depends on the precise allocation of roles between Nylo and any undisclosed executing provider.
But that allocation is exactly what remains opaque.
5. Nylo’s Own Terms Say It Generally Does Not Support Gambling Payments
The Betify evidence creates an additional documentary conflict. Nylo’s Terms list illicit gambling among prohibited activities. More importantly, they add that even legal, regulated gambling transactions might be allowed only if explicitly permitted by Nylo in compliance with law, while stating that Nylo generally does not support gambling payments.
Yet FinTelegram’s 8 July review showed Nylo order pages reached directly from the Betify casino cashier after selecting Neteller and Skrill-labelled deposit methods. This raises a straightforward merchant-compliance question:
Did Nylo knowingly approve Betify or a Betify-related merchant for gambling transactions?
The contradiction is particularly significant because Nylo’s Terms state that merchants may integrate Nylo through APIs, widgets and white-label solutions and that Nylo and the Merchant have a separate agreement governing the service. In other words, Nylo’s own contractual architecture contemplates a merchant relationship.
The Nylo Compliance Contradiction Matrix
| Nylo’s Public Position or Checkout Language | What FinTelegram Actually Found | Compliance Assessment |
|---|---|---|
| Nylo presents itself as a payment intermediary | The live Betify flow opens a Nylo-hosted “Exchange order” requiring the user to agree to buy crypto and send it to a specified address | This is not the visible footprint of a simple payment gateway. The transaction presents an explicit crypto-exchange and transfer layer that demands a clear regulatory explanation. |
| The user accepts the policies of the “Executing Service Provider” | FinTelegram tested the links embedded in the checkout. The Terms of Use, Privacy Policy and AML/KYC Policy lead directly to Nylo’s own legal documentation | Nylo is not merely an invisible technical pipe. It is the user-facing legal-policy endpoint attached to the “Executing Service Provider” consent. The obvious question is whether Nylo itself is the executing provider. |
| Nylo’s public Terms primarily describe merchant payment settlement | The live transaction is explicitly labelled “Exchange order” and requires consent to purchase crypto and send it onward | The public contractual narrative and the live product flow materially diverge. Nylo must explain what legal framework governs the crypto conversion and transfer actually shown to users. |
| No clear crypto-service role is set out in the reviewed public Terms | The checkout explicitly states that the customer agrees to buy crypto | A crypto transaction appears in the product layer without an equally clear explanation in the public legal layer. That is a major transparency and regulatory-perimeter red flag. |
| Nylo describes itself as “solely” or essentially a technical intermediary in its AML framework | Nylo’s own legal links govern the user-facing exchange-order journey, while the transaction is hosted on app.nylo.pro | The “technical intermediary” narrative becomes difficult to reconcile with Nylo’s central position in the contractual, interface and transaction architecture. |
| Nylo says it does not conduct direct KYC/AML screening of users | The tested flow involves the apparent purchase of crypto and onward transfer to a specified address | Who performs crypto-specific customer due diligence, sanctions screening, blockchain analytics, wallet-risk controls and Travel Rule compliance? The current user journey does not make that accountability transparent. |
| Nylo says it performs only limited transaction monitoring | The transaction originates from an offshore casino cashier and leads into a crypto-purchase-and-transfer flow | A high-risk gambling-to-crypto conversion path combined with limited monitoring raises serious questions about transaction-purpose detection, source-of-funds controls and destination-wallet screening. |
| Nylo’s Terms state that it generally does not support gambling payments | FinTelegram reached Nylo directly from the Betify casino cashier after selecting Neteller and Skrill-labelled deposit methods | This is a direct contradiction requiring explanation. Either Nylo knowingly approved a gambling merchant relationship, or its merchant-control framework failed to detect the nature of the transaction source. Neither scenario is trivial. |
| The transaction is framed through familiar payment brands such as Neteller and Skrill | The user is ultimately placed into a Nylo crypto exchange order | A user seeking to fund a casino account is routed into a crypto transaction. This raises acute questions about payment transparency, merchant classification and whether the user fully understands the economic and regulatory nature of the transaction. |
| Nylo refers to an “Executing Service Provider” | The legal links attached to that consent resolve to Nylo’s own policies | The stronger evidentiary reading is that Nylo is presented as the relevant executing or compliance-facing service provider. If another entity performs backend execution, that entity’s role and identity remain opaque. |
| Nylo is incorporated in Georgia and gives an address in the Kutaisi Free Zone | The National Bank of Georgia treats fiat-crypto exchange and crypto transfers for third parties as regulated VASP activities and has expressly warned that Free Industrial Zone status does not remove registration requirements | The Free Zone location is not a regulatory escape hatch. If Nylo performs regulated virtual-asset services, its Georgian VASP status becomes a central compliance question. |
| Nylo operates outside the EU | The tested flow is embedded in an EU-accessible casino journey, denominated in euros and available to users reaching the cashier from Europe | Being incorporated in Georgia does not neutralise MiCA. A third-country provider can still enter the EU regulatory perimeter where crypto services are actively distributed or solicited into the Union. |
| A reverse-solicitation theory could theoretically be invoked by a third-country provider | The user does not independently search for Nylo to purchase crypto; the user enters a casino cashier, selects a payment method and is routed into a Nylo exchange order | On the observed facts, a simplistic “own exclusive initiative” defence appears highly strained. The crypto relationship emerges from merchant-side routing, not from an independently initiated approach to Nylo. |
| Nylo’s public restricted-country framework does not amount to an EU-wide block | Major EU markets such as Germany, Austria and Italy were not identified in the reviewed prohibition list, while the live casino flow remained accessible | The absence of effective EU-wide exclusion is difficult to square with a third-country provider seeking to stay clearly outside MiCA’s authorisation perimeter. |
| Nylo’s relationship with the earlier utPay / ChainValley ecosystem remains unproven | FinTelegram has documented materially similar casino crypto-purchase flows, similar interface logic and a migration pattern from Lithuania to Poland and now Georgia | Common ownership is not established. But the operational pattern increasingly resembles regulatory displacement: the corporate shell moves jurisdiction while the high-risk casino-to-crypto function survives. |
Taken together, these are not minor drafting inconsistencies. They point to a deeper structural problem: Nylo’s live product architecture appears to perform — or at minimum orchestrate — a crypto exchange and transfer function that is far more substantial than the company’s public “technical intermediary” narrative suggests.
The central compliance question is no longer whether an unidentified third party sits somewhere behind Nylo. FinTelegram’s test shows that Nylo itself is the legal-policy endpoint of the exchange-order journey. The burden is therefore on Nylo to explain whether it is the executing provider, a crypto intermediary, an order router, an agent for another VASP, or merely the visible front end of an undisclosed backend structure.
6. Georgia’s VASP Rules Make the Free-Zone Address Highly Relevant
Nylo publicly identifies itself as:
Nylo LLC
Identification Number: 412790154
Registration Date: 18 February 2025
Address: Kutaisi, Georgia
Its more detailed legal policies give the registered address as 88 Avtomshenebeli St, Kutaisi Free Zone, Land Plot 01/298. This matters because the National Bank of Georgia defines virtual-asset services to include:
- exchange between convertible virtual assets and fiat currencies;
- transfer of convertible virtual assets;
- safekeeping or administration;
- trading-platform operation;
- and other specified activities.
The NBG says a person providing such services for the benefit of another is a VASP and must register with the National Bank. VASPs are also AML/CFT obliged persons.
The regulatory point becomes even sharper because, in October 2025, the NBG issued a public warning specifically addressing unregistered virtual-asset activity including activity conducted in Georgia’s Free Industrial Zones. It stated that providing virtual-asset services without NBG registration or another relevant financial-sector authorisation is prohibited and expressly said FIZ status does not remove the registration requirement.
That warning is unusually relevant to Nylo’s disclosed Kutaisi Free Zone address.
7. The MiCA Question: A Georgian Company Cannot Simply Treat the EU as an Offshore Market
MiCA Article 59 provides that crypto-asset services may not be provided within the Union unless the provider is authorised under MiCA or belongs to one of the specifically permitted categories operating under Article 60. A MiCA-authorised CASP must have a registered office in an EU Member State and effective management in the Union.
Nylo LLC publicly presents itself as a Georgian company. Its website materials reviewed for this report do not disclose an EU MiCA-authorised Nylo entity. Nylo’s public Terms instead choose Maltese law and exclusive Maltese courts for disputes — a contractual choice that does not by itself constitute regulatory authorisation.
The ESMA interim MiCA register page was last updated on 3 July 2026 and contains authorised CASPs as well as non-compliant entities reported by competent authorities. FinTelegram has not independently verified a MiCA authorisation for Nylo and does not assert in this report that none exists through another entity or service partner.
But if the Betify transaction constitutes a crypto-asset service provided to an EU client, the authorisation chain must be identified.
8. Reverse Solicitation Looks Like a Difficult Defence on These Facts
MiCA contains a narrow third-country exemption where an EU client approaches a third-country firm at the client’s own exclusive initiative.
ESMA’s official guidance says this concept must be interpreted narrowly. Solicitation is construed broadly and can occur through websites, applications, affiliate campaigns and other electronic channels. The analysis is factual, and contractual disclaimers cannot override contrary facts.
ESMA goes further: solicitation can occur through another person acting on behalf of or having close links with the third-country firm. Its guidelines specifically warn that an EU-regulated entity such as a payment service provider should not redirect clients to a third-country crypto provider where the redirection constitutes solicitation on that provider’s behalf.
The Betify fact pattern therefore deserves close regulatory scrutiny:
- The user enters a casino cashier.
- The user chooses a familiar payment method such as Skrill or Neteller.
- The casino flow routes the user to Nylo.
- Nylo presents an Exchange order.
- The user must consent to buying crypto.
- The crypto is to be sent to a specified address.
On those facts, the user does not appear to have independently searched for Nylo and exclusively initiated a relationship with a Georgian crypto provider.
The user appears to have initiated a casino deposit and then been routed into a crypto-purchase flow.
That does not automatically prove a MiCA breach. Among other things, the legal analysis depends on who actually provides the crypto service and whether the casino, merchant, payment provider or another party acts on behalf of the third-country provider.
But it creates a serious factual obstacle for a simplistic reverse-solicitation defence.
9. Nylo Does Not Geo-Block the EU as a Bloc
Nylo’s Terms contain an extensive list of prohibited jurisdictions. That list includes, among others, the Netherlands, United Kingdom and United States. However, major EU markets such as Germany, Austria and Italy are not included in the published prohibited-country list. This does not by itself prove active solicitation in those countries. But it is relevant when combined with:
- merchant-integrated access;
- actual routing from an EU-facing casino cashier;
- euro-denominated exchange orders;
- the absence of an EU-wide geoblock in the published country policy;
- and the narrow MiCA interpretation of reverse solicitation.
ESMA’s own guidance identifies geoblocking of EU access as one precautionary measure a third-country firm can use to avoid breaching MiCA’s authorisation perimeter where EU solicitation risks exist.
10. The utPay → ChainValley → Nylo Hypothesis Remains Open — But the Post-MiCA Pattern Strengthens
FinTelegram previously documented a possible migration sequence:
utPay / UAB Utrg — Lithuania
↓
ChainValley / Chain Valley Sp. z o.o. — Poland
↓
Nylo LLC — Georgia
The earlier investigation identified overlapping offshore-casino environments, similar app.[brand].pro checkout architecture, similar fiat-branded payment methods and the same underlying “buy crypto and send it onward” logic. It also identified a visible operational link between the UTORG environment and ChainValley, while treating the Nylo ownership link as unproven.
FinTelegram’s position remains evidence-based:
We have not established common beneficial ownership or corporate control between Nylo LLC and the UTORG/ChainValley network.
The 8 July evidence does, however, strengthen the operational-migration hypothesis.
The reason is timing.
After a Lithuanian crypto rail suspended services amid MiCA pressure and ChainValley became the subject of growing scrutiny, a newly registered Georgian Free Zone company is now visible in materially similar offshore-casino crypto-purchase flows — and remains active after the EU’s 1 July 2026 MiCA transition deadline.
That is not proof of common ownership.
But it is precisely the type of regulatory-arbitrage pattern that supervisors should investigate.
FinTelegram Assessment: MiCA’s Enforcement Battle Has Moved Offshore
The Nylo case illustrates a structural weakness in Europe’s new crypto regime.
MiCA can remove or constrain legacy EU VASPs that fail to obtain authorisation. ESMA has now told unauthorised CASPs to stop onboarding new EU clients and wind down their EU activity after the transition deadline.
But high-risk demand does not disappear.
The payment rail can move.
From Lithuania to Poland.
From Poland to Georgia.
From a clearly branded crypto provider to a payment gateway.
From a direct crypto purchase page to a casino cashier.
From a visible CASP relationship to an unidentified “Executing Service Provider.”
That is the real post-MiCA challenge.
MiCA enforcement cannot stop at the EU corporate border. Regulators must examine how third-country crypto services are distributed into the Union through merchant integrations, offshore casinos, payment gateways, wallet brands, affiliates and regulated payment chokepoints.
The Betify–Nylo flow is a near-perfect test case.
The player clicks Skrill or Neteller.
The player sees a €20 casino funding journey.
Nylo shows an Exchange order.
The user agrees to buy crypto and send it to a specified address.
And the ultimate regulatory chain remains unclear.
That is not a minor disclosure issue.
It goes to the heart of MiCA’s territorial perimeter, reverse solicitation, VASP registration, AML responsibility, merchant due diligence and payment transparency.
Compliance Questions for Nylo
FinTelegram invites Nylo to clarify:
- Is Nylo LLC registered with the National Bank of Georgia as a VASP? If yes, under what registration number and for which services?
- Does Nylo itself exchange fiat into crypto, transfer crypto, or arrange either service?
- Who is the “Executing Service Provider” referenced in the tested Neteller flow?
- Which entity performs KYC, sanctions screening, blockchain analytics, Travel Rule compliance and destination-wallet screening?
- Does Nylo knowingly provide services to Betify or a Betify-related merchant?
- How does the Betify integration comply with Nylo’s own statement that it generally does not support gambling payments?
- Which entity controls the destination crypto addresses used in the Betify exchange orders?
- Does Nylo have any corporate, beneficial ownership, technology, employee, merchant, wallet or infrastructure links with UAB Utrg, utPay, Utorg OÜ, UTORG, Chain Valley Sp. z o.o. or ChainValley?
- Under what legal basis are Nylo-integrated crypto-purchase flows made available to EU residents after 1 July 2026?
- Does Nylo rely on MiCA reverse solicitation? If so, how does it reconcile that position with direct merchant-side routing from a casino cashier?
Compliance Questions for Skrill and Neteller
The appearance of Skrill and Neteller branding in the reviewed flow does not by itself prove that the operators of those payment methods knowingly approved Betify, Nylo or the ultimate crypto beneficiary. FinTelegram’s screenshots document the user-facing route, not the underlying contractual relationships.
The relevant questions are therefore:
- Are these Nylo exchange-order flows authorised integrations?
- What merchant category and transaction purpose are visible upstream?
- Do compliance systems see the originating casino context?
- Do they see a gambling payment, a crypto purchase, or an ordinary wallet transaction?
- Who is the contractual merchant?
- Are EU country restrictions enforced?
- Is the destination of the purchased crypto known?
Evidence Status
| Finding | Status |
|---|---|
| Betify → Nylo routing on 8 July 2026 | Confirmed by FinTelegram test screenshots |
| €20 Neteller and Skrill-labelled flows | Confirmed by screenshots |
| Nylo “Exchange order” | Confirmed by screenshots |
| Consent to buy crypto and send onward | Confirmed by screenshots |
| Nylo LLC Georgian entity, reg. no. 412790154 | Confirmed by Nylo public materials |
| Kutaisi Free Zone address | Confirmed by Nylo legal policy |
| No “crypto” or “virtual asset” reference found in current Terms | Confirmed by document text search |
| No direct user KYC claimed by Nylo | Confirmed by Nylo AML Policy |
| Limited transaction monitoring claimed | Confirmed by Nylo AML Policy |
| Terms generally disclaim support for gambling payments | Confirmed by Nylo Terms |
| NBG VASP registration for Nylo | Not independently confirmed |
| MiCA authorisation for Nylo | Not independently confirmed |
| Identity of executing crypto provider | Unknown |
| Destination wallet controller | Unknown |
| Common ownership with ChainValley/UTORG | Unproven hypothesis |
| Operational similarity with prior rails | Observed / documented |
Whistleblower Call
FinTelegram is seeking information from payment-industry insiders, casino employees, compliance officers, former contractors, wallet providers and crypto infrastructure operators with knowledge of:
Nylo, app.nylo.pro, Betify, ChainValley, UAB Utrg, utPay, UTORG, destination wallet infrastructure, merchant onboarding files, settlement accounts, executing service providers, Skrill/Neteller integrations and post-MiCA migration strategies.
Particularly valuable are:
- merchant agreements;
- KYB files;
- wallet addresses;
- settlement statements;
- payment descriptors;
- internal compliance assessments;
- processor correspondence;
- Slack or Telegram communications;
- technical integration documents;
- and evidence identifying the “Executing Service Provider.”
Information can be submitted confidentially through Whistle42.




