FinTelegram has received another victim report involving a OpenPayd vIBAN, BIC CFTEMTM1, and crypto transfers into a suspected fake trading platform. The case differs from the OpenPayd/Klickl Europe files but confirms the same broader pattern: modern investment and romance scams depend on regulated or semi-regulated fiat-to-crypto payment rails. OpenPayd once again appears in the victim narrative as the payment facilitator.
2-Minute Briefing
FinTelegram has received another victim report placing an OpenPayd Malta IBAN directly inside the payment path of a crypto-investment scam. This is not just another romance-scam story. It is another case where scam operators appear to have used OpenPayd’s fiat-entry infrastructure to move victim money into crypto.
The victim was contacted through the dating app Bloom by a person using the name “Allen Wilson.” He allegedly posed as an experienced forex trader, groomed her via WhatsApp, sent step-by-step screenshots, pushed her into crypto trading, instructed her to use Crypto.com, guided her to create a Trust Wallet, and directed funds onward to the suspected fake trading platform Ubsdfx.com.
The reported loss is approximately €60,000, including borrowed funds, between 29 April 2025 and early June 2025. According to the victim, Austrian police conducted blockchain analysis and found that the money was distributed across multiple crypto exchanges and wallets.
A screenshot provided to FinTelegram shows a Crypto.com Cash Account deposit instruction using an OpenPayd Malta IBAN beginning MT58 CFTE…, with BIC/SWIFT CFTEMTM1. This is not an anonymous offshore bank detail. It is OpenPayd Malta’s payment infrastructure appearing in the victim’s fiat-to-crypto deposit path.
The Payment Rail
Victim → OpenPayd Malta IBAN / CFTEMTM1 → Crypto.com Cash Account → Trust Wallet → Ubsdfx.com → downstream wallets and exchanges
It is an OpenPayd rail case. Once again, OpenPayd infrastructure appears where victim money enters the crypto ecosystem.
Read our OpenPayd report on the KXTRA and Peel Hunt scam.
That is the central issue. Crypto scams are not powered only by fake dating profiles, WhatsApp scripts, fake trading dashboards, and blocked withdrawals. They need fiat-entry rails. They need IBANs. They need crypto-exchange funding routes. They need infrastructure that turns a victim’s bank transfer into movable crypto.
This case fits the pattern described by OCCRP’s Scam Empire reporting and reinforces FinTelegram’s previous coverage of OpenPayd and the corporate ecosystem of its founder Ozan Özerk. The question is no longer whether scammers use fake platforms. The question is why OpenPayd IBANs keep appearing in scam payment paths.
OpenPayd must explain how its Malta IBAN infrastructure was used in this case, what transaction-monitoring alerts were triggered, whether suspicious activity reports were filed, and how many similar crypto-scam complaints involve CFTEMTM1.
The fake romance profile was the bait.
The WhatsApp instructions were the script.
The OpenPayd IBAN was the fiat-entry rail.
Crypto.com and Trust Wallet became the bridge.
Ubsdfx.com was the fraud theatre.
Read our reports on Ozan Ozerk here.
What The Screenshot Shows
The uploaded screenshot appears to show a Crypto.com EUR deposit instruction. The visible fields include:
| Field | Visible Information |
|---|---|
| Account holder | Victim’s name |
| IBAN | MT58 CFTE 2800 4000 0000 0000 45 31340 (OpenPayd) |
| BIC/SWIFT | CFTEMTM1 |
| Bank address | Level 3, 137 Spinola Road, St Julian’s, Malta |
| Bank country | MT |
| Purpose | EUR deposits into Crypto.com Cash Account via SEPA |
The wording is important. The screenshot of the payment page says: “Please use the information below to transfer EUR deposits into your Crypto.com Cash Account directly through your bank via SEPA.”
That suggests the victim was instructed to deposit fiat into a crypto-exchange cash account using a Maltese named IBAN. The next steps, according to the victim, were Crypto.com → Trust Wallet → Ubsdfx.com.
What Is A vIBAN?
A virtual IBAN, or vIBAN, is a payment identifier that looks like a standard IBAN but is not necessarily a standalone bank account.
In a legitimate exchange setup, the vIBAN allows the payment provider or exchange to identify which customer made a deposit. The payer sees an IBAN assigned in their name, but the money is technically routed through a payment institution or master-account structure and then reconciled internally.
In the prior OpenPayd/Klickl Europe files, OpenPayd itself explained this model: a named virtual IBAN is a digital identifier linked to a main corporate account and used for reconciliation; it is not a standalone account. OpenPayd also stated in that GDPR response that the relevant vIBAN was linked to Klickl Europe’s corporate payment account.
In the present case, the screenshot does not show Klickl Europe. It appears to show a Crypto.com deposit rail using a Malta CFTE IBAN. The fraud risk is still clear: scammers can instruct victims to fund a real crypto-exchange account and then manipulate them into sending crypto onward to Trust Wallet or scam-controlled wallets.
This is the vIBAN-to-crypto trap:
Personal-looking IBAN → crypto exchange funding → self-custody wallet → fake trading platform → stolen funds
Key Data Table
| Category | Details |
|---|---|
| Case type | Romance / pig-butchering crypto-investment scam |
| Initial contact | Online dating app Bloom |
| Alleged scammer identity | “Allen Wilson,” allegedly American |
| Grooming channel | WhatsApp, with screenshot-based instructions |
| Fraud narrative | Forex / crypto trading with high-profit promise |
| Payment rail shown | Malta-based IBAN beginning MT58 CFTE… |
| BIC/SWIFT | CFTEMTM1 |
| Deposit context | Crypto.com Cash Account / SEPA EUR deposit |
| Crypto exchange layer | Crypto.com |
| Wallet layer | Trust Wallet |
| Scam destination | Ubsdfx.com |
| Reported loss | Approximately €60,000 |
| Timeframe | 29 April 2025 to approximately 4 June 2025 |
| Law enforcement | Austrian police complaint filed |
| Blockchain tracing | Victim says police analysis found funds distributed across multiple exchanges/wallets |
| OpenPayd relevance | Victim states she was guided to an OpenPayd bank account in Malta; screenshot shows CFTE Malta vIBAN/BIC structure consistent with OpenPayd-style rails |
| Klickl relevance | No evidence in this file so far; should not be presented as a Klickl case |
| Risk classification | High-risk vIBAN-enabled crypto scam rail |
Payment Rail Table
| Layer | Entity / Tool | Apparent Function | Risk Point |
|---|---|---|---|
| Victim acquisition | Bloom dating app | Romance-scam entry point | Social engineering and emotional dependency |
| Fraud grooming | “Allen Wilson” / WhatsApp | Step-by-step crypto instructions | Victim controlled through screenshots and trust manipulation |
| Fiat entry | OpenPayd Malta | SEPA deposit into crypto-exchange cash account | Personal-looking IBAN can create false confidence |
| Crypto exchange | Crypto.com | Fiat-to-crypto entry point | Legitimate exchange infrastructure used as entry rail |
| Wallet layer | Trust Wallet | Self-custody wallet created under scammer guidance | Once funds leave exchange, recovery becomes harder |
| Scam platform | Ubsdfx.com | Fake trading / forex-crypto platform | No withdrawal; funds allegedly dispersed |
| Downstream laundering | Multiple exchanges / wallets | Fragmentation of crypto proceeds | Police blockchain analysis reportedly found wide distribution |
FinTelegram Assessment
This case should be treated as a related vIBAN-enabled crypto scam rail, not as a Klickl Europe case.
The difference matters:
- In the KXTRA and Peel Hunt / Peelhuntaicore files, OpenPayd/Klickl evidence indicates that funds were linked to Klickl Europe’s corporate payment account.
- In the present Ubsdfx.com case, the screenshot points to Crypto.com funding through an OpenPayd Malta IBAN, followed by Trust Wallet and onward scam routing.
But the common pattern is obvious: scammers exploit payment and crypto infrastructure that appears legitimate to victims. The fraudsters do not need to operate the payment institution or the exchange. They need to weaponize the rails.
That is why OpenPayd remains relevant. FinTelegram has repeatedly reported on OpenPayd’s role in high-risk payment flows, and OCCRP’s Scam Empire investigation documented how global scam networks depend on payment providers, bank accounts, and intermediaries to collect and move victim funds. OCCRP reported that leaked data showed fraud payments running through dozens of companies, including two owned by Özerk, while noting there was no evidence those companies knew the payments derived from fraud.
This new case again raises the same core questions:
- How are fraud victims being instructed into Malta-based vIBAN rails?
- What monitoring is performed when large retail deposits enter crypto-exchange cash accounts?
- When victims report fraud, are funds frozen fast enough?
- Are payment facilitators and crypto exchanges preserving complete transaction trails for victims and law enforcement?
- How often does the same CFTE/OpenPayd-style infrastructure appear in crypto fraud cases?
Conclusion
This new case adds another layer to FinTelegram’s OpenPayd and vIBAN investigation. It is not currently a Klickl Europe case. It is a Crypto.com / Trust Wallet / Ubsdfx.com crypto-scam case using a Malta CFTE vIBAN-style fiat entry rail.
But the bigger pattern is the same.
Fake profiles lure victims.
WhatsApp scripts guide them.
vIBANs bring fiat into crypto.
Trust Wallet moves funds out.
Fake platforms show profits.
Withdrawals never happen.
The money disappears across wallets and exchanges.
OCCRP called it the Scam Empire. FinTelegram is following the rails.
And once again, OpenPayd-style infrastructure appears in the victim’s payment path.
Share Information
If you have any information about OpenPayd or its activities, please let us know. If you have been a victim of a scam and lost money to scammers via OpenPayd, please share this information with us. To do so, please use our Whistle42 whistleblower system.
