FinTelegram’s investigation has moved beyond the KXTRA investment scam. A new OpenPayd GDPR response confirms that victim deposits were routed through named virtual IBANs linked to Klickl Europe’s corporate account. One victim file concerns KXTRA / KKR Global Investment; another concerns fake Peel Hunt / Peelhuntaicore. Different scam brands, same suspected rail: OpenPayd vIBAN infrastructure feeding Klickl Europe.
2-Minute Briefing
FinTelegram’s OpenPayd–Klickl investigation has materially expanded. We are no longer looking only at the KXTRA / KKR Global Investment scam. New victim communication and OpenPayd GDPR material show that the same OpenPayd/Klickl Europe payment architecture also appears in a fake Peel Hunt / Peelhuntaicore investment scam.
This changes the case. A single scam frontend can be dismissed by payment processors as “merchant abuse.” Multiple fake investment frontends using the same underlying payment structure point to something more serious: a repeatable fraud-collection rail.
OpenPayd’s GDPR response confirms the mechanics. OpenPayd states that it provides services only to corporate clients, not individuals, and identifies Klickl Europe as the relevant corporate client. It says the victim-facing IBAN was not a standard IBAN, but a named virtual IBAN linked to Klickl Europe’s corporate payment account. It further states that funds sent to that vIBAN were received into Klickl Europe’s corporate payment account and, once credited, became the property of Klickl Europe.
That confirms the core FinTelegram thesis: OpenPayd provided the vIBAN collection infrastructure; Klickl Europe was the corporate account holder and recipient of the victim funds.
The new case is not KXTRA. The victim’s correspondence to OpenPayd was explicitly titled “Fraud via Peel Hunt / Peelhuntaicore.” In that message, she told OpenPayd that she had become a victim of investment fraud and demanded the return of the transfers.
That aligns with Peel Hunt’s own public fraud warning. The legitimate Peel Hunt states that it does not use WhatsApp, LinkedIn, downloadable applications or social-media channels for regulated investment activities, and it specifically identifies PEELHUNTAICORE as an app not associated with Peel Hunt.
The picture is now clearer:
- KXTRA / KKR Global Investment appears to be one fake investment frontend.
- Peel Hunt / Peelhuntaicore appears to be another.
- OpenPayd → Klickl Europe appears to be the common payment rail.
What OpenPayd Confirmed
OpenPayd’s GDPR response is the strongest document so far because it confirms the architecture from inside the payment provider’s own system.
1. OpenPayd’s client was Klickl Europe — not the victim
OpenPayd states that it only provides services to corporate clients and has no direct contractual relationship with individuals. It identifies the relevant OpenPayd client as Klickl Europe.
2. The IBAN was a named vIBAN, not a real personal account
OpenPayd states that the assigned IBAN was “not a standard IBAN,” but a named virtual IBAN linked to a main corporate account. It says the specific virtual IBAN was linked to the payment account belonging to Klickl Europe.
3. Klickl Europe provided victim data
OpenPayd says it received personal data from the sending bank and from Klickl Europe. From Klickl Europe, OpenPayd received the victim’s name, address and date of birth. It also states that the victim was onboarded onto the Klickl Europe platform and that a virtual IBAN was allocated in her name to receive payments made on her behalf to fund Klickl Europe’s account.
4. The funds became Klickl Europe’s property
OpenPayd states that the funds sent to the vIBAN were received into Klickl Europe’s corporate payment account and, once credited, became the property of Klickl Europe.
This is the key line. It places Klickl Europe squarely at the economic center of the victim-fund flow.
Read our OpenPayd reports here
What Is A vIBAN?
A virtual IBAN, or vIBAN, is a payment identifier that looks like a normal IBAN but is not a standalone bank account.
It is usually linked to a master account or corporate payment account. The corporate client uses the vIBAN to identify who sent a payment and to reconcile incoming funds quickly.
In this case, the practical effect was:
Victim sees a named IBAN → victim believes the payment is personalized → money is credited to Klickl Europe’s corporate account → Klickl reconciles the deposit internally
A vIBAN is therefore powerful in fraud cases because it can create a false sense of safety. The payer sees a name-linked IBAN and may believe they are funding “their own” account. In reality, the money can be routed into the corporate account of the platform client.
That is the vIBAN trap.
Scam Frontends Now Identified
| Scam Frontend | Impersonated / Claimed Brand | Victim-Acquisition Pattern | Payment Rail Identified | Current Evidence Status |
|---|---|---|---|---|
| KXTRA / KKR Global Investment | KKR-style IPO / private-equity investment narrative | Facebook advertising, WhatsApp grooming, fake advisers, KXTRA app, fake profits, blocked withdrawals | Victim transfers to OpenPayd Malta; Klickl Europe identified in payment structure | Austrian criminal complaint reviewed by FinTelegram. The complaint lists OpenPayd Malta payments and names Klickl Europe in the payment-provider section. |
| Peel Hunt / Peelhuntaicore | Impersonation of legitimate UK investment bank Peel Hunt | WhatsApp investment groups, fake app, alleged trading/investment activity, blocked access to funds | OpenPayd GDPR response confirms named vIBAN linked to Klickl Europe corporate account | OpenPayd GDPR response reviewed by FinTelegram; victim’s earlier email to OpenPayd was titled “Fraud via Peel Hunt / Peelhuntaicore.” Legitimate Peel Hunt publicly warns that PEELHUNTAICORE is not associated with Peel Hunt. |
Read our Klickl Europe reports here.
Payment Rail System — OpenPayd And Klickl Europe
| Layer | Entity / Mechanism | Role In The Rail | What The Evidence Shows |
|---|---|---|---|
| Fraud frontend | KXTRA / Peelhuntaicore | Fake investment apps and interfaces used to lure victims | Victim files now point to at least two different scam brands using the same OpenPayd/Klickl payment architecture. |
| Recruitment layer | Facebook / WhatsApp groups / fake advisers | Victim acquisition and psychological grooming | Both fraud types follow the social-media and WhatsApp investment-scam model. |
| Payment infrastructure provider | OpenPayd Financial Services Malta | Provides payment infrastructure and named vIBANs to corporate clients | OpenPayd confirms it provides services to corporate clients and does not provide direct services to individuals. |
| OpenPayd client | Klickl Europe | Corporate client and account holder | OpenPayd identifies Klickl Europe as its corporate client in the GDPR response. |
| Victim-facing identifier | Named virtual IBAN | Personalized payment identifier used to reconcile victim deposits | OpenPayd states the IBAN was not a standard IBAN but a named vIBAN linked to Klickl Europe’s payment account. |
| Economic recipient | Klickl Europe corporate payment account | Receives the credited victim funds | OpenPayd states that funds sent to the vIBAN were received into Klickl Europe’s corporate payment account and became Klickl Europe’s property once credited. |
| Data source | Klickl Europe | Provides victim data to OpenPayd | OpenPayd states it received the victim’s name, address and date of birth from Klickl Europe. |
| Infrastructure providers | Probanx / Bank of Lithuania | Processing infrastructure | OpenPayd says payments were processed through its infrastructure banking providers, including Probanx and the Bank of Lithuania. |
| Downstream layer | Klickl platform / wallets / exchanges / operators | Unknown onward use, conversion, transfer or settlement | OpenPayd says subsequent transfers, conversions or investments are outside its control and should be addressed to Klickl Europe. |
Revised Rail Map
Common Collection Rail
Victim → OpenPayd named vIBAN → Klickl Europe corporate payment account → Klickl platform credit / transfer / conversion / settlement → unknown downstream recipient
Scam Frontend Variants
KXTRA / KKR Global Investment → OpenPayd/Klickl vIBAN rail
Peel Hunt / Peelhuntaicore → OpenPayd/Klickl vIBAN rail
The frontends differ. The rail appears to be the same.
Why The Peel Hunt / Peelhuntaicore Case Matters

The legitimate Peel Hunt is a respected UK investment banking firm (website) specializing in mid and small-cap companies, listed on the London Stock Exchange, with offices at 100 Liverpool Street, London. The fraudulent Peel Hunt scam and the “PEELHUNTAICORE” and “PHFINCORE” apps have no connection to this licensed financial institution.
The Peel Hunt / Peelhuntaicore evidence changes the risk assessment.
If this were only KXTRA, OpenPayd and Klickl might attempt to frame the matter as an isolated merchant abuse case. But the Peelhuntaicore evidence indicates a second investment-fraud frontend feeding the same Klickl-linked vIBAN architecture.
That points to a repeatable collection system. It also puts Klickl Europe under even more pressure. If Klickl Europe received victim funds from different scam fronts, it must explain whether the same customer, wallet, merchant, exchange account, OTC desk or internal ledger was behind these flows.
The key question is no longer:
Was Klickl accidentally exposed to one scam?
The key question is:
How did multiple fake investment scams end up funding Klickl Europe’s corporate account through OpenPayd vIBANs?
FinTelegram Assessment
FinTelegram’s assessment is that Klickl Europe must be treated as a central evidence holder and potential fraud-rail participant.
There are three possible scenarios:
| Scenario | Interpretation | What Klickl Must Produce |
|---|---|---|
| Klickl was only an on-ramp | Klickl processed funds for fraud operators without operating the scam frontend | Customer identity, wallet addresses, exchange accounts, conversion records, SAR/STR filings, termination records |
| Klickl was a settlement intermediary | Klickl received funds and moved them onward for another processor, merchant or platform | Full counterparty chain, settlement instructions, ledger entries, contracts |
| Klickl was closer to the fraud operators | Klickl or related parties had operational knowledge of the scam network | Internal communications, onboarding files, platform links, beneficial-owner and transaction-control records |
Even the most favorable scenario for Klickl — “only an on-ramp” — still leaves Klickl with the critical data. If it received the funds, it should know where they went.
That data belongs in the hands of victims, law enforcement and regulators.
Call For Victims And Whistleblowers
FinTelegram is now collecting additional evidence on the broader OpenPayd / Klickl Europe vIBAN fraud rail.
We are especially interested in victims of:
- KXTRA
- KKR Global Investment
- Peelhuntaicore
- fake Peel Hunt / Peel Hunt Europe WhatsApp groups
- any other investment app or WhatsApp group where deposits were made to an OpenPayd / CFTE / Malta IBAN
- any payment file showing Klickl Europe
- any DSAR / GDPR response from OpenPayd
- any transaction reference such as “Sweep to Primary Account”
Victims should send:
- OpenPayd GDPR / DSAR responses;
- Summary of payments spreadsheets;
- assigned vIBANs;
- payment receipts;
- app screenshots;
- WhatsApp group screenshots;
- names and phone numbers of “advisers”;
- police reports;
- regulator complaints;
- crypto wallet addresses or transaction hashes;
- responses or non-responses from Klickl Europe.
If one victim collects documents for others, each victim should preferably give written consent or submit their own file directly via Whistle42.
Conclusion
This investigation is no longer about one fake app.
KXTRA was one frontend.
Peelhuntaicore was another.
The common denominator appears to be the OpenPayd/Klickl Europe vIBAN rail.
OpenPayd has now confirmed that the victim-facing IBAN was a named virtual IBAN linked to Klickl Europe’s corporate payment account. OpenPayd has also confirmed that funds credited through that vIBAN became the property of Klickl Europe.
That places Klickl at the center of the evidence.
If Klickl was merely the on-ramp, it must disclose the downstream data.
If Klickl was closer to the operators, regulators and law enforcement must act.
If OpenPayd enabled a repeatable vIBAN structure for multiple scam frontends, it must explain how that happened under its transaction-monitoring and financial-crime controls.
The victims want the data.
FinTelegram will keep following the rail.




