Gambling Compliance Illegal gambling Illegal Payment Services

Trueluck Casino Exposed: Gadzooks Limited, A Curaçao Share Shuffle, And The Larnaca Fiduciary Hub Behind The Third Pillar Of The Cyprus Casino Cluster!

June 13, 2026

10

Spread financial intelligence

How a Curaçao-linked casino environment, a Cyprus-facing payment vehicle, recurring fiduciary-service providers, and open-banking payment leads raise urgent questions for EU gambling, AML, and PSD2 supervisors.

2-Minutes Briefing

FinTelegram has reviewed Cyprus registry documents, whistleblower submissions, open-source casino disclosures, and correspondence concerning Trueluck Casino, Gadzooks Limited, and a recurring fiduciary-service structure in Larnaca, Cyprus.

The available records identify Gadzooks Limited — a Cyprus private company registered under HE 438503 — as a Cyprus-facing vehicle within the Luckywayz casino environment. Registry filings reviewed by FinTelegram show that Gadzooks was previously wholly owned by Luckywayz Limited B.V., a Curaçao entity, before a minority shareholding was transferred to Richard John Green, a UK national resident in Malta, on 31 May 2024.

The documents further show that Georgia Nikoletti, formally described in Cyprus registry filings as ΥΠΑΛΛΗΛΟΣ — employee — was appointed sole director of Gadzooks Limited on 10 October 2023. On the same date, P.Z.T. Services Ltd became corporate secretary, while the previous director and secretary were removed. This coordinated fiduciary handover mirrors patterns identified by FinTelegram in other casino-linked Cyprus structures.

The significance of this third instalment is not that one more offshore casino brand has surfaced. It is that the available registry pattern points to a recurring Larnaca-based fiduciary hub servicing multiple casino-linked Cyprus vehicles connected to offshore ownership structures, EU-facing payment flows, and open-banking payment rails.

Whistleblower material further alleges a three-layer payment architecture involving PAYTECH LTD as a possible routing/orchestration layer, Yapily / Yapily Connect UAB as an open-banking front-end, and ISX Financial EU PLC as a potential banking or EMI endpoint. FinTelegram has not independently verified the alleged PAYTECH or ISX links and treats them as investigative leads requiring confirmation through payment records, KYB files, settlement reports, or right-of-reply responses. The Yapily element is supported by correspondence reviewed by FinTelegram, but the precise merchant, platform, or partner relationship through which the transactions allegedly entered Yapily’s rails remains to be established.

FinTelegram makes no allegation of personal wrongdoing against registered directors, employees, lawyers, corporate-service providers, or named individuals. The issue is structural: whether Cyprus corporate-service infrastructure, Curaçao ownership, nominee-style directorships, and EU payment rails are being combined in a way that enables offshore casino operators to reach restricted EU markets while obscuring beneficial ownership, merchant responsibility, and consumer remedies.

Key Data Table: Trueluck / Gadzooks / Larnaca Fiduciary Hub

Category	Name / Identifier	Jurisdiction	Role in the case	Evidence status	Compliance relevance
Casino brand	Trueluck / Trueluck Casino	Online / offshore	Casino brand referenced in whistleblower material and public casino disclosures	Corroborated as a brand; operator attribution appears inconsistent across public sources	Possible EU-facing offshore gambling exposure
Cyprus vehicle	Gadzooks Limited	Cyprus	Cyprus-facing vehicle linked to Luckywayz casino environment and payment-agent disclosures	Registry-established / strong OSINT corroboration	Central corporate node in Part 3
Company number	HE 438503	Cyprus	Registration number of Gadzooks Limited	Registry-established	KYB / registry anchor
Former / majority shareholder	Luckywayz Limited B.V.	Curaçao	Curaçao casino entity previously holding 100% of Gadzooks; retained majority after share transfer	Registry-established in HE57 filing reviewed by FinTelegram	Offshore parent / ownership layer
Share transfer	100 of 900 ordinary shares transferred to Richard John Green	Cyprus / Malta / UK	Minority shareholding of approx. 11.1% transferred on 31 May 2024	Registry-established in HE57 filing reviewed by FinTelegram	Requires rationale, consideration, and relationship explanation
Minority shareholder	Richard John Green	UK national / Malta address	New minority shareholder of Gadzooks Limited	Registry-established; commercial role unknown	Open beneficial-interest question
Sole director	Georgia Nikoletti	Cyprus	Sole director of Gadzooks Limited; also appears in another pillar according to reviewed registry records	Registry-established in documents reviewed by FinTelegram	Recurring employee-director pattern
Corporate secretary	P.Z.T. Services Ltd	Cyprus	Appointed secretary of Gadzooks on 10 October 2023	Registry-established	Recurring fiduciary-service provider
Correspondence / filing agent	Potens Corporate Services Ltd	Cyprus	Correspondence agent for filings at Larnaca address	Registry-established in documents reviewed by FinTelegram	Administrative hub indicator
Previous secretary	Nexellence Fiduciary Services Ltd	Cyprus	Removed during 10 October 2023 handover	Registry-established	Shows coordinated fiduciary migration
Previous director	Afroditi Kittou	Cyprus	Removed during 10 October 2023 handover	Registry-established	Part of director replacement event
Alleged principal	Panayiotis / Panos Toulouras	Cyprus	Whistleblower alleges link to P.Z.T. / fiduciary hub	Unverified whistleblower lead	Must remain framed as allegation pending registry/UBO proof
Open-banking provider	Yapily / Yapily Connect UAB	UK / Lithuania / EEA	Alleged open-banking rails used in payment flow	Partially corroborated through correspondence on file	PSD2 / PIS / AIS monitoring question
Alleged routing layer	PAYTECH LTD / pay.tech	Cyprus or payment-tech environment	Alleged white-label routing/orchestration layer	Unverified whistleblower lead	Requires contracts, payment logs, KYB files
Alleged EMI endpoint	ISX Financial EU PLC	Cyprus / EU EMI environment	Alleged banking or EMI endpoint	Unverified whistleblower lead	Requires settlement and merchant-record verification

Methodology and Evidence Grading

This report draws on:

Cyprus registry documents reviewed by FinTelegram concerning Gadzooks Limited, P.Z.T. Services Ltd, Potens Corporate Services Ltd, and related filings;
Form HE4 and HE57 filings concerning director/secretary changes and share transfers;
Whistleblower submissions concerning Trueluck, payment flows, and customer complaints;
Correspondence reviewed by FinTelegram concerning Yapily’s handling of an affected player complaint;
Public casino-facing and open-source material concerning Trueluck, Luckywayz, Gadzooks, and related brand disclosures;
Prior FinTelegram reporting on the first two pillars of the Cyprus casino payment-tech cluster.

FinTelegram distinguishes between:

Registry-established facts — based on official corporate filings reviewed by FinTelegram;
Casino-facing evidence — based on website disclosures, casino terms, public brand pages, or payment-agent statements;
Correspondence on file — based on communications reviewed by FinTelegram;
Whistleblower leads — credible but not yet independently verified allegations;
Compliance analysis — FinTelegram’s interpretation of the risk implications.

No statement in this report should be read as an allegation of proven criminal conduct by any named person or entity.

Introduction: The Third Pillar Under Review

On 9 May 2026, FinTelegram reported how Dutch forensic action exposed the HolyLuck / InstantCasino cluster — a set of casino brands operating through shared infrastructure and linked to Dutch consumer losses. On 27 May 2026, FinTelegram identified the second pillar: Mega.bet, connected through Belize parent Global Nexus Ltd and Cyprus vehicle IMMIX Solutions Ltd, with a recurring fiduciary-service pattern. This third instalment concerns Trueluck Casino and Gadzooks Limited.

Read our HolyLuck reports here.

The documented overlaps now make coincidence increasingly difficult to maintain as the sole explanation. The available registry pattern points to a recurring Larnaca fiduciary hub in which Cyprus companies connected to offshore casino ownership structures are administered through overlapping secretarial, correspondence, and employee-director arrangements.

The central issue is not merely whether one casino brand is licensed or unlicensed. The issue is whether Cyprus-based corporate-service infrastructure is being used to create EU-facing companies that sit between offshore casino operators, European consumers, and regulated payment rails.

Trueluck Casino and Gadzooks Limited

Publicly available Trueluck operator attribution is not fully consistent across sources. Some sources and disclosures connect the environment to Luckywayz Limited B.V., while others refer to different operator entities or jurisdictions. This inconsistency is itself a compliance red flag, suggesting possible brand fragmentation, affiliate mirrors, operator rotation, or uneven disclosure standards.

FinTelegram therefore treats Gadzooks Limited as a Cyprus-facing vehicle linked to the Luckywayz / Trueluck casino environment, rather than asserting at this stage that Gadzooks is the definitive legal operator of Trueluck Casino in every context. That said, registry and payment-agent disclosures reviewed by FinTelegram establish a significant structural connection:

Gadzooks Limited is a Cyprus company registered under HE 438503;
The company was previously wholly owned by Luckywayz Limited B.V. of Curaçao;
On 31 May 2024, 100 of 900 ordinary shares were transferred to Richard John Green, a UK national registered with an address in Birgu, Malta;
After the transfer, Luckywayz retained approximately 88.9% of Gadzooks Limited;
Gadzooks appears in public casino-payment contexts as a Cyprus payment agent or payment-processing vehicle in the Luckywayz casino environment.

This structure creates an obvious question for banks, PSPs, EMIs, and open-banking providers: when onboarding or processing for Gadzooks Limited, did they treat it as an ordinary Cyprus company, or did they identify the underlying offshore casino exposure, Curaçao ownership, and restricted-market gambling risk?

The Share Shuffle: Curaçao Ownership and a Malta-Based UK Minority Shareholder

Form HE57, the share-transfer filing dated 31 May 2024 and reviewed by FinTelegram, records that Luckywayz Limited B.V. held all 900 ordinary shares of Gadzooks Limited. The filing documents the transfer of 100 ordinary shares — approximately 11.1% — to Richard John Green, a UK national described as a businessman with an address in Birgu, Malta.

The filing establishes a registry-confirmed structural link between a Curaçao casino entity and an EU-facing Cyprus company. What remains open is the commercial rationale for the minority stake:

What consideration was paid?
Why was the transfer made in May 2024?
Was the transfer connected to licensing, banking, payment onboarding, governance, or risk distribution?
Does Mr Green exercise any operational, advisory, or beneficial role?
Was the transfer disclosed to PSPs, banks, open-banking providers, or casino counterparties?

FinTelegram invites Mr Green and Gadzooks Limited to provide clarification.

The Officer Structure: Coordinated Fiduciary Handover

Form HE4 records that on 10 October 2023, Georgia Nikoletti was appointed sole director of Gadzooks Limited and P.Z.T. Services Ltd was appointed corporate secretary. The same filing records the simultaneous resignation of the previous secretary, Nexellence Fiduciary Services Ltd, and the previous director, Afroditi Kittou.

This was not a random administrative update. It was a coordinated fiduciary handover: director and secretary changed on the same day, with the company moving into the P.Z.T. orbit. A secretary’s certificate signed by P.Z.T. Services Ltd on 31 May 2024 confirms that the HE57 share transfer reflected the register maintained at the company’s registered office, placing P.Z.T. Services Ltd at the administrative centre of the ownership change.

Correspondence for the relevant filings was handled by Potens Corporate Services Ltd, Leoforos Archiepiskopou Makariou III 84, Shop/Office 1, Larnaca, the address that recurs throughout FinTelegram’s Cyprus casino payment-tech series.

The Nominee-Style Director Pattern

Across the three pillars investigated by FinTelegram, the registry record shows a recurring personnel and fiduciary-service pattern:

Georgia Nikoletti — registry occupation: ΥΠΑΛΛΗΛΟΣ, i.e., employee — appears as sole director of Gadzooks Limited and, according to documents reviewed by FinTelegram, also directs IMMIX Solutions Ltd, the Cyprus vehicle linked to the Mega.bet pillar.
Artem Rak appears as director of S.I.L.V.E.R Veil Group Ltd, the processing vehicle connected to the InstantCasino / HolyLuck pillar.
Secretarial and correspondence functions repeatedly involve P.Z.T. Services Ltd, Potens Corporate Services Ltd, or related Larnaca corporate-service infrastructure.
Ownership sits with offshore Curaçao or Belize structures.

To be clear: FinTelegram makes no allegation of personal wrongdoing against Ms Nikoletti, Mr Rak, or any individual employee.

The observation is structural. Where a sole director is formally described in registry filings as an employee, this raises the question whether such person can, in practice, exercise the independent oversight, mind-and-management, and fiduciary judgment that directorship under Cyprus company law presupposes.

The compliance consequences are serious. Beneficial-ownership registers are only as good as their inputs. When a registered director is an employee, the shareholder is an offshore company, and the actual commercial activity is high-risk gambling, KYB checks that stop at the face of the registry risk recording form rather than substance.

Under the EU AML framework, obliged entities must identify the natural persons who ultimately own or control the customer. A structure that results in no operational controller appearing in any EU registry should trigger enhanced due diligence, not routine onboarding.

The Larnaca Fiduciary Hub

The documented facts are narrower than the broadest whistleblower allegations, but they are significant. P.Z.T. Services Ltd, Potens Corporate Services Ltd, and multiple casino-linked Cyprus vehicles are associated through recurring filings, secretarial roles, correspondence roles, and the address at Leoforos Archiepiskopou Makariou III 84, Larnaca.

The coordinated migrations of secretarial control into P.Z.T. Services Ltd — from other fiduciary-service providers in multiple casino-linked vehicles — point to deliberate, centralised restructuring rather than random administrative movement.

FinTelegram therefore treats the Larnaca address and P.Z.T./Potens pattern as a fiduciary hub indicator.

It is not yet proof of ultimate control, beneficial ownership, or operational command. Those questions require access to UBO filings, client files, banking records, internal service agreements, and regulatory responses.

The Toulouras Lead: Person of Interest, Not Established Controller

Whistleblower submissions reviewed by FinTelegram identify Panayiotis / Panos Toulouras, a Cyprus attorney, as the alleged principal behind P.Z.T. Services Ltd and the wider Larnaca fiduciary hub. FinTelegram has not independently verified this allegation.

FinTelegram does not currently hold a registry document naming Mr Toulouras as owner, director, or controller of P.Z.T. Services Ltd. Nothing in this report should be read as asserting that Mr Toulouras controls P.Z.T. Services Ltd, Gadzooks Limited, or the casino-payment network.

What is documented is narrower: entities associated with the Larnaca hub and companies said by whistleblowers to be connected to Toulouras appear in the same geographic and fiduciary-service context. This creates a legitimate verification question that Cyprus authorities, with full registry, UBO, AML-supervision, and professional-conduct access, should be able to resolve.

Mr Toulouras is invited to respond. FinTelegram will publish any substantive reply.

The Payment Architecture: PAYTECH, Yapily, and ISX Financial

Whistleblower material describes a three-layer payment system allegedly moving EU consumer funds into the Trueluck / Gadzooks environment. Each layer carries a different evidentiary weight.

Layer A — PAYTECH LTD / pay.tech

Status: whistleblower lead — unverified

PAYTECH is described by whistleblowers as a white-label routing and smart-orchestration layer capable of connecting high-risk merchants to multiple payment providers, gateways, and settlement endpoints. FinTelegram has not independently verified a contractual relationship between PAYTECH LTD and Gadzooks Limited, Trueluck, Luckywayz, or the wider casino cluster.

The key questions are:

Did PAYTECH provide checkout, routing, orchestration, cascading, or merchant-technical services to any entity in the Trueluck / Luckywayz / Gadzooks environment?
What is PAYTECH’s regulatory status?
Which PSPs, EMIs, banks, PISPs, or acquirers did it connect to?
Did it process or route transactions for unlicensed-in-market casino operators?

PAYTECH is invited to clarify its role.

Layer B — Yapily / Yapily Connect UAB

Status: partially corroborated — correspondence on file

Whistleblower material and correspondence reviewed by FinTelegram indicate that open-banking rails associated with Yapily were involved in an affected player’s payment flow.

Yapily’s own position, as reflected in correspondence reviewed by FinTelegram, is that it is an API infrastructure provider facilitating Account Information Services and Payment Initiation Services. Yapily states that it does not open bank accounts, hold funds, control customer funds, intervene in payments, or determine the account information relating to a particular transaction.

That may accurately describe the payment-initiation plumbing. But it does not answer the core compliance question: through which merchant, platform, or partner relationship did the alleged Gadzooks / Trueluck payment flows enter Yapily’s rails, and what merchant-use-case monitoring was applied?

FinTelegram does not assert at this stage that Yapily directly onboarded Trueluck, Gadzooks, or Luckywayz as a merchant. The relevant question is broader and more precise:

How did a gambling-related payment flow connected to an offshore casino environment allegedly pass through regulated open-banking infrastructure, and what controls were applied at onboarding and during monitoring?

Layer C — ISX Financial EU PLC

Status: whistleblower lead — unverified

Whistleblower material alleges that ISX Financial EU PLC, an EU-licensed electronic money institution, may have acted as a banking or EMI endpoint in the payment architecture. FinTelegram has not independently verified this allegation.

The open questions are:

Did ISX Financial maintain accounts, settlement relationships, merchant relationships, or technical integrations connected to Gadzooks Limited, Luckywayz, Trueluck, PAYTECH, or related casino brands?
If so, what KYB was performed?
Was Luckywayz Limited B.V. identified as majority shareholder of Gadzooks?
What merchant category coding and transaction descriptors were used?
Were gambling-risk, Curaçao-ownership, and restricted-market indicators escalated?

ISX Financial is invited to respond.

Yapily’s Compliance Response: Denial, Closure, Acknowledgement, Silence

The sequence described in correspondence reviewed by FinTelegram is concerning.

According to the correspondence, when first contacted by an affected player about transactions linked to the Trueluck / Gadzooks environment, Yapily’s compliance function stated that it could not locate the transactions in its system and did not know who the payment operator was. In the same communication, the complaint was treated as closed, while the player was invited to provide further information and informed of escalation rights.

When the player later provided bank-certified transaction metadata explicitly identifying Yapily in the data-exchange chain, the company acknowledged activity and said the matter had been escalated for internal review.

According to the whistleblower, no substantive follow-up has since been received.

If accurately reflected by the correspondence reviewed by FinTelegram, the sequence is consistent with what consumers experience as a systemic compliance failure: initial denial, reversal under documentary pressure, internal escalation, and subsequent silence.

The issue is not whether Yapily held the funds. The issue is whether regulated open-banking infrastructure was used in a payment flow connected to an offshore casino environment, and whether Yapily’s onboarding, partner monitoring, transaction visibility, complaint handling, and suspicious-activity procedures were adequate.

Dutch Market and CRUKS: The Consumer-Protection Gap

Publicly available material and whistleblower submissions suggest that Trueluck appears to reach Dutch-speaking players. FinTelegram has also reviewed material suggesting that affected players in the Netherlands were able to deposit through payment methods presented in the casino environment.

The CRUKS point must be framed precisely.

CRUKS is the Dutch self-exclusion register within the Dutch licensed gambling perimeter. Offshore operators that do not hold a KSA licence are typically outside that protection architecture. That is precisely the problem.

If Trueluck or related domains reached Dutch consumers without a KSA licence and without CRUKS integration, then Dutch self-excluded players may have been exposed to a casino environment outside the very safeguards designed to protect them.

This is not merely a technical licensing issue. It is a consumer-protection failure created by cross-border regulatory arbitrage.

The relevant question for the Dutch Kansspelautoriteit is therefore not only whether Trueluck has a KSA licence. The question is whether the operator, affiliates, payment providers, and technical intermediaries enabled Dutch player acquisition, deposits, and losses despite the Dutch regulatory perimeter.

EU Regulatory Dimension: A Licensing-Circumvention Architecture?

The Curaçao → Cyprus → EU structure has the characteristics of a licensing-circumvention architecture.

National regimes such as the Dutch KSA / CRUKS framework regulate gambling access and consumer protection. Payment regulation captures the institutions that move money. AML regulation requires identification of ultimate beneficial owners, business purpose, source of funds, and suspicious activity.

The cluster’s architecture appears to split these responsibilities:

the offshore parent holds gambling rights or claims offshore licensing;
the Cyprus vehicle presents an EU-facing corporate layer;
the employee-director and fiduciary-service provider create a formal local governance structure;
the open-banking provider supplies payment-initiation infrastructure;
the gateway or orchestration layer may route transactions;
the EMI or banking endpoint may settle funds;
each layer can argue that compliance responsibility lies elsewhere.

EU law does not permit regulated firms to outsource responsibility into invisibility.

Yapily, as a regulated PISP or AIS/PIS provider, ISX Financial, if involved, as an EMI, and any payment-orchestration provider, if regulated or contractually responsible, each face independent obligations around onboarding, KYB, AML monitoring, suspicious-activity escalation, and use-case control.

Where the ultimate commercial activity is offshore-licensed casino gambling targeting restricted markets, every regulated institution in the chain faces the same question:

What did you know, what should your KYB have revealed, and what did you report?

Regulatory Questions Triggered by the Restructurings

The 10 October 2023 coordinated handover of Gadzooks Limited into the P.Z.T. orbit, and similar fiduciary migrations identified in other pillars, should have triggered enhanced scrutiny by every regulated institution dealing with these companies.

For banks, EMIs, PSPs, PISPs, auditors, and corporate-service providers, such a change is not routine when the customer is connected to offshore gambling activity.

Key questions include:

Was the director change reviewed as a material change in governance?
Was the secretary change reviewed as a change in control environment?
Was the offshore owner identified and risk-rated?
Were casino activities disclosed to banks and payment providers?
Were restricted-market risks identified?
Were Dutch, Belgian, Austrian, German, Italian, or other EU consumer flows detected?
Were SARs / STRs filed where required?

If the answer is “no,” the issue is not only the casino. It is the entire compliance chain.

Compliance Risk Assessment

Risk category	Rating	Indicators	Open questions
AML / beneficial ownership	High	Curaçao ownership, Cyprus vehicle, employee-director, recurring fiduciary hub	Who ultimately controls the structure and receives the proceeds?
Gambling regulation	High	Offshore licence environment, Dutch-facing signals, no apparent KSA licence	Which EU markets were targeted and by whom?
Payment services	High	Alleged open-banking payment flows, possible gateway/orchestration layer, potential EMI endpoint	Which entity was the merchant of record and which regulated firms processed the flows?
Consumer protection	High	Reported Dutch player exposure, CRUKS perimeter gap, refund/withdrawal complaints	What remedies exist for self-excluded or restricted-market players?
Corporate governance	High	Sole employee-director, offshore shareholder, fiduciary-service handover	Was there real mind and management in Cyprus?
Professional-services risk	Elevated	P.Z.T./Potens recurrence, Larnaca address, alleged attorney involvement	Who owns/controls the service providers and what due diligence was performed?
Yapily-specific issue	Elevated	Initial denial, later acknowledgement after bank metadata, alleged silence	What did Yapily’s internal review conclude?
PAYTECH / ISX leads	Unverified but significant	Whistleblower allegations	Require contracts, payment logs, settlement files, and right of reply

Key Questions for Regulators and Financial Institutions

Cyprus Registrar of Companies / CySEC / MOKAS

Who are the beneficial owners of P.Z.T. Services Ltd and Potens Corporate Services Ltd according to UBO filings?
What declared economic activity does Gadzooks Limited report?
Is the declared activity consistent with a Cyprus company acting as payment agent or payment vehicle for an offshore casino?
Have UBO filings for Gadzooks Limited, IMMIX Solutions Ltd, and S.I.L.V.E.R Veil Group Ltd been verified against economic substance?
Were the coordinated director/secretary changes reviewed by any AML supervisor?

Dutch Kansspelautoriteit (KSA)

What is the enforcement status of Trueluck, Luckywayz, Gadzooks-linked casino brands, and associated domains with respect to the Dutch market?
Has the KSA reviewed Dutch-language acquisition funnels, affiliate pages, and payment methods?
Have payment-blocking or affiliate-enforcement measures been initiated?
Have Dutch self-excluded players reported losses through these brands?

Yapily / Yapily Connect UAB

Through which merchant, platform, or partner relationship did the alleged Gadzooks / Trueluck payment flows enter Yapily’s rails?
What KYB and use-case review was performed?
Was the relevant payment flow classified as gambling-related?
What merchant category coding, descriptor, or payment-purpose data was available?
Why did the initial response reportedly state that no transactions could be found?
What was the outcome of the escalated internal investigation?
Were suspicious-activity reports filed?

ISX Financial EU PLC

Did ISX Financial provide accounts, settlement services, EMI services, or payment infrastructure to Gadzooks, Luckywayz, Trueluck, PAYTECH, or related entities?
What KYB was performed?
Was Luckywayz Limited B.V. identified as the majority shareholder of Gadzooks?
What merchant category coding and descriptors were used?
Were restricted-market gambling risks identified?

PAYTECH LTD

Does PAYTECH maintain any contractual or technical relationship with Gadzooks Limited, Trueluck, Luckywayz, or related casino brands?
What regulatory status does PAYTECH hold?
Did PAYTECH provide smart routing, checkout, cascading, provider-switching, or payment-orchestration services?
Which PSPs, EMIs, PISPs, banks, or acquirers were connected?

Cyprus Bar Association

What professional-conduct rules apply to attorneys who own, control, advise, or operate corporate-service providers administering high-risk offshore gambling vehicles?
How are conflicts, nominee-director arrangements, and AML obligations supervised?
Is there an obligation to re-evaluate client risk when a company moves into casino/payment activity after incorporation?

Call for Whistleblowers

FinTelegram seeks information from current and former insiders across all three pillars of this cluster, including:

employees, contractors, and former staff of P.Z.T. Services Ltd, Potens Corporate Services Ltd, Nexellence Fiduciary Services Ltd, Maricorp, Gadzooks Limited, IMMIX Solutions Ltd, S.I.L.V.E.R Veil Group Ltd, Luckywayz Limited B.V., or related entities;
persons asked to serve as directors, shareholders, secretaries, nominee officers, or signatories of client companies;
payment, PSP, EMI, open-banking, or compliance staff at PAYTECH, Yapily, ISX Financial, or any institution that processed flows for Gadzooks, IMMIX, S.I.L.V.E.R Veil, Trueluck, Mega.bet, HolyLuck, InstantCasino, or related brands;
affiliates or operators with knowledge of traffic routing, Dutch-language campaigns, mirror domains, withdrawal blocking, or player complaint handling.

FinTelegram is especially interested in:

internal contracts and service agreements;
KYB/KYC files;
beneficial-ownership records;
payment logs and settlement reports;
bank or EMI statements;
payment-session metadata;
Yapily / PISP transaction identifiers;
merchant category coding;
internal compliance escalations;
withdrawal-handling instructions;
affiliate traffic reports;
correspondence with regulators or payment providers.

Information can be shared securely and anonymously via Whistle42, FinTelegram’s whistleblower platform. FinTelegram protects its sources and treats whistleblowing on cross-border financial-crime and consumer-protection risks as public-interest reporting.

Persons and entities named in this report are invited to respond. Substantive replies, corrections, or clarifications will be published.

Share Information via Whistle42

Sources:

A. Corporate Registry Documents — Primary Sources

[01] | A — Corporate Registry | Cyprus Department of Registrar of Companies — company extract for Gadzooks Limited: company profile, status (Active), registered objects, registered office, officer listing as at date of extract | Cyprus Department of Registrar of Companies and Intellectual Property | Date of extract to be confirmed | Accessed via Cyprus Registrar of Companies;
[02] | A — Corporate Registry | Estonian e-Business Register entry for Kaspela Labyrinth OÜ (registry code 16837533) — cross-border network indicator | Estonian e-Business Register (RIK) | Date of extract to be confirmed | Accessed via Estonian e-Business Register; | Primary — registry/official document
[03] | A — Corporate Registry | Cyprus registry entries for P.Z.T. Services Ltd (HE 388858) and Potens Corporate Services Ltd — referenced as corporate secretary and correspondence agent respectively | Cyprus Department of Registrar of Companies and Intellectual Property

B. Statutory Filings and Corporate Documents — Primary Sources

[04] | B — Statutory Filing | Form HE57 (Share Transfer, Companies Law Cap. 113, s. 113A) for Gadzooks Limited (HE 438503) — transfer of 100 ordinary shares from Luckywayz Limited B.V. (Abraham de Veerstraat 9, Curaçao; 900/900 shares pre-transfer) to Richard John Green (occupation: επιχειρηματίας/businessman; UK national; address in Birgu, Malta); post-transfer ownership approx. 88.9% Luckywayz / 11.1% Green; correspondence agent Potens Corporate Services Ltd, Leoforos Archiepiskopou Makariou III 84, Shop 1, Larnaca; signed 25 June 2024 | Gadzooks Limited / Cyprus Registrar of Companies | Transfer dated 31 May 2024; filing signed 25 June 2024
[05] | B — Statutory Filing | Form HE4 (Notification of Change of Officers, Companies Law Cap. 113, s. 192) for Gadzooks Limited (HE 438503) — (i) appointment of Georgia Nikoletti (registry occupation: ΥΠΑΛΛΗΛΟΣ/employee) as sole director; (ii) appointment of P.Z.T. Services Ltd (HE 388858) as corporate secretary; (iii) simultaneous resignation of prior secretary Nexellence Fiduciary Services Ltd (HE 390100) and prior director Afroditi Kittou — all effective 10 October 2023; correspondence agent Potens Corporate Services Ltd; signed 19 October 2023 | Gadzooks Limited / Cyprus Registrar of Companies | Changes effective 10 October 2023; filing signed 19 October 2023 |
[06] | B — Statutory Filing | Secretary’s Certificate (Βεβαίωση Γραμματέα) for Gadzooks Limited (HE 438503) — confirms the HE57 share transfer of 31 May 2024 is fully reflected in the register maintained at the company’s registered office; signed by P.Z.T. Services Ltd as secretary | P.Z.T. Services Ltd (as secretary of Gadzooks Limited) | 31 May 2024

C. Website and Public-Facing Operator Statements — Secondary Sources

[07] | C — Website/Operator | Trueluck Casino website — public-facing casino offering; Dutch-language marketing to EU consumers; absence of KSA licence and CRUKS integration; operator infrastructure connecting to Luckywayz Limited B.V. | Trueluck Casino (trueluck.com)
[08] | C — Website/Operator | Luckywayz Limited B.V. — Curaçao-registered offshore entity, Abraham de Veerstraat 9, Curaçao; 100% pre-transfer and approx. 88.9% post-transfer owner of Gadzooks Limited; offshore iGaming licensing wrapper | Luckywayz Limited B.V. | As per Form HE57, 31 May 2024

D. Correspondence — Partially Corroborated

[09] | D — Correspondence | Yapily compliance email correspondence with affected player — sequence: (i) initial complaint regarding transactions linked to the Gadzooks/Trueluck structure; (ii) Yapily response denying knowledge of the transactions, stating it could not locate them in its system, declaring the complaint closed, and referencing the Financial Ombudsman Service; (iii) player submission of bank-certified transaction metadata explicitly identifying Yapily in the data-exchange chain; (iv) Yapily acknowledgement and statement of escalation for internal investigation; (v) subsequent non-response to follow-up communications; includes Yapily’s self-description as an API infrastructure platform facilitating AIS and PIS | Yapily / Yapily Connect UAB — compliance function;

E. Whistleblower Submissions — Evidentiary Leads

[10] | E — Whistleblower | Three-layer payment architecture submission — PAYTECH LTD (pay.tech) as white-label routing/orchestration hub; Yapily / Yapily Connect UAB as open-banking front-end; ISX Financial EU PLC as banking endpoint and fiat-crossing institution; alleged use of non-gambling retail descriptors; alleged targeting of Dutch and EU consumers without mandatory local licences
[11] | E — Whistleblower | Identification of Panayiotis (Panos) Toulouras, Cyprus attorney, as alleged principal behind P.Z.T. Services Ltd and the wider fiduciary hub at Leoforos Archiepiskopou Makariou III 84, Larnaca; alleged coordinated restructuring of multiple high-risk casino vehicles into the P.Z.T./Potens corporate-service environment
[12] | E — Whistleblower | Maricorp-to-P.Z.T. transfer of secretarial control at S.I.L.V.E.R Veil Group Ltd (Pillar 1 / InstantCasino) — alleged coordinated corporate restructuring mirroring the Nexellence-to-P.Z.T. handover at Gadzooks Limited

G. Regulatory and Legal Framework References

[13] | G — Regulatory/Legal | Directive (EU) 2015/2366 (PSD2) — framework governing payment initiation service providers (PISPs), including authorisation, merchant/partner onboarding obligations, ongoing monitoring, and suspicious transaction reporting interfaces with AML law | European Parliament and Council | 25 November 2015 | EUR-Lex: https://eur-lex.europa.eu/eli/dir/2015/2366/oj | Background — regulatory/legal framework
[14] | G — Regulatory/Legal | EU AML framework — Directive (EU) 2015/849 (AMLD4) as amended by Directive (EU) 2018/843 (AMLD5); Directive (EU) 2018/1673 (criminalisation of money laundering); 2024 AML Package: Regulation (EU) 2024/1624 (AMLR) and Directive (EU) 2024/1640 — obligations of obliged entities, including corporate-service providers, EMIs, and PISPs, to identify ultimate beneficial owners | European Parliament and Council | 2015–2024 | EUR-Lex (consolidated texts) | Background — regulatory/legal framework
[15] | G — Regulatory/Legal | Dutch gambling law — Wet op de kansspelen (Wok) as amended by the Wet kansspelen op afstand (remote gambling), in force 1 April 2021; KSA licensing requirements; CRUKS central self-exclusion register | Kingdom of the Netherlands / Kansspelautoriteit | In force 1 April 2021 | wetten.overheid.nl; kansspelautoriteit.nl | Background — regulatory/legal framework
[16] | G — Regulatory/Legal | Cyprus Companies Law, Cap. 113 — corporate governance framework; s. 192 (Form HE4 officer changes) and s. 113A (Form HE57 share transfers) as statutory filing requirements; director fiduciary duties | Republic of Cyprus | Cap. 113, as amended | Cyprus Registrar of Companies / CyLaw | Background — regulatory/legal framework