Key Points
- A whistleblower alleges that Xoala has blocked or withheld funds belonging to multiple cryptocurrency companies.
- The source claims that the restrictions may be connected to the MiCA transition and alleges that Xoala had prior knowledge of the relevant regulatory changes.
- FinTelegram has not independently verified the allegations and has not yet received sufficient evidence to establish deliberate misconduct.
- The complaint nevertheless emerges against a significant regulatory backdrop: on 17 June 2026, Sweden’s Finansinspektionen disclosed an ongoing investigation into Steven AB, the licensed electronic money institution behind Xoala’s European corporate payment setup.
- Xoala publicly operates through a multi-jurisdiction structure involving a Swedish EMI, a Polish VASP entity, and an Isle of Man digital-asset business.
- Xoala’s own website refers to MiCA compliance, while the public disclosure reviewed by FinTelegram identifies a Polish VASP registration but does not specify a MiCA CASP authorisation number.
- FinTelegram is inviting affected crypto companies, former employees, compliance officers, banking partners, and other insiders to provide evidence.
Xoala — Key Entities & Regulatory Footprint
| Category | Entity / Item | Key Data | Regulatory / Investigative Relevance |
|---|---|---|---|
| Brand | Xoala www.xoala.com | Shared fintech / payments / digital-assets brand | Publicly presents an integrated fiat-and-crypto offering, while services appear to be distributed across several legal entities and jurisdictions. |
| Core EU Payments Entity | Steven AB | Swedish company; company no. 559026-5673 | Central regulated entity behind Xoala corporate payment services. |
| Primary Licence | Steven AB – Electronic Money Institution | Supervised by Sweden’s Finansinspektionen; institution ID 48004 | Critical for customer accounts, e-money issuance, payments and safeguarding questions. |
| Current Regulatory Investigation | Finansinspektionen investigation into Steven AB | Publicly announced 17 June 2026; ongoing | FI is examining compliance with Sweden’s Electronic Money Act, including e-money issuance. No wrongdoing has yet been established. |
| EU Crypto Entity | Xoala Digital, Poland | Polish company; KRS 0001047696 | Presented by Xoala as an EU crypto-services entity. |
| Polish Crypto Registration | Xoala Digital | VASP register no. RDWW-872 | Legacy VASP registration should not be confused with a MiCA CASP authorisation. |
| MiCA Positioning | Xoala Digital Risk Disclosure | Xoala states that the business operates within the EU regulatory framework “including MiCA” and “within MiCA compliance” | Raises questions about the precise current MiCA legal basis and authorisation status. |
| MiCA CASP Licence | Not identified in reviewed public disclosure | No specific CASP licence number or granting EU authority identified in the Xoala disclosure reviewed by FinTelegram | Requires clarification from Xoala; absence of an identified licence is not proof of unauthorised activity. |
| Offshore / Non-EU Crypto Layer | Xoala IOM Limited (Isle of Man) Xoala Asia (Mauritius) Primewave Payments Limited (Canada) | Offshore entities | Xoala states that “Xoala Digital” is also a trading name of this entity, creating an important entity-perimeter question. Primewave Payments Limited, Vancouver, British Columbia, Canada, is a FINTRAC-registered MSB (Registration Number C100000799). |
| IOM Regulatory Status | Xoala IOM Limited | Described as registered as a Designated Business in the Isle of Man | Not equivalent to an EU MiCA CASP authorisation. |
| Key Entity Ambiguity | Poland vs Isle of Man | MiCA/EU disclosure refers to a Polish Xoala Digital entity; general legal disclosure links “Xoala Digital” to Xoala IOM Limited | Central transparency issue: which entity contracts with EU crypto customers and controls crypto-related services? |
| Corporate Terms Counterparty | Steven AB | Xoala Corporate Terms identify Steven AB as contractual party for relevant corporate accounts and payment services | Important for determining who legally owes customer balances and who may impose restrictions. |
| Crypto Service Scope | Xoala Digital | Publicly described as offering purchase, sale, custody and transfer of crypto-assets | Brings MiCA perimeter, custody, execution and entity-allocation questions into focus. |
| Potential Acquisition | FDCTech / Steven AB | Non-binding LOI announced in August 2025 for acquisition of 100% of Steven AB | Adds governance, disclosure and due-diligence questions. |
| Proposed Purchase Price | Steven AB acquisition | $6.75 million | Publicly announced transaction value. |
| Original Payment Schedule | FDCTech transaction | Five annual instalments of $1.35 million, reportedly beginning 13 June 2026 | Notable because FI announced its investigation four days later; no causal link has been established. |
| Transaction Status | FDCTech acquisition | Later SEC filing described the acquisition as “advancing” rather than clearly completed | Current ownership and transaction completion require clarification. |
The Whistleblower Allegation
FinTelegram has received a whistleblower submission alleging that Xoala may be withholding or restricting funds belonging to cryptocurrency companies. According to the source, multiple companies may have been affected. The whistleblower states:
“We have received information indicating that Xoala may be withholding funds belonging to cryptocurrency companies, potentially in connection with the implementation of MiCA regulations. It appears that funds belonging to multiple companies have been blocked, despite Xoala allegedly having prior knowledge of the upcoming regulatory changes and their effective date.”
The submission further raises concerns that the restrictions may have been imposed deliberately and with prior awareness of the regulatory transition. At this stage, FinTelegram has not independently verified:
- the number of affected companies;
- the aggregate amount of restricted funds;
- the duration of the alleged restrictions;
- whether the restrictions were imposed by Xoala itself, a banking partner, or a competent authority;
- whether individual anti-money laundering, sanctions, fraud, or source-of-funds concerns existed;
- or whether MiCA was explicitly cited as the basis for the restrictions.
The allegations therefore remain unproven. Nevertheless, the submission raises legitimate questions given Xoala’s explicit positioning at the intersection of regulated payments and digital assets.
A Regulated EMI at the Centre of the Structure
Xoala is not a single legal entity. Its own legal disclosure states that Xoala is a trading name shared by various regulated entities. For corporate payment services, Xoala’s published Corporate Terms identify Swedish company Steven AB as the contractual entity.
Steven AB, company number 559026-5673, is authorised as an electronic money institution and supervised by Sweden’s Finansinspektionen under institution number 48004. The Corporate Terms state that Steven AB operates under the Xoala trading name and provides corporate accounts and payment services.
Xoala separately states that customer funds falling within its safeguarding framework are segregated in accordance with the applicable Swedish electronic-money rules. This structure makes the whistleblower allegations particularly important. If corporate fiat balances were restricted, investigators would need to establish:
- whether the funds represented electronic money issued by Steven AB;
- whether they were held in safeguarding accounts;
- whether the restriction originated with Steven AB;
- whether a correspondent or safeguarding bank imposed the measure;
- and whether the customer retained an enforceable right to redeem the electronic money.
Swedish Finansinspektionen Is Investigating Steven AB
On 17 June 2026, Sweden’s Finansinspektionen publicly disclosed an ongoing investigation into Steven AB. The regulator said it is examining whether the electronic money institution complied with Sweden’s Electronic Money Act. The investigation includes, among other matters, Steven AB’s issuance of electronic money. The regulator has not published a finding of wrongdoing.
FinTelegram has found no public evidence establishing that the investigation is connected to the fund restrictions alleged by the whistleblower. That distinction is important.
However, the regulatory investigation materially increases the public-interest relevance of questions concerning customer funds, electronic money, account restrictions, redemption procedures, and customer protection within the Xoala structure.
The MiCA Dimension
Xoala actively presents itself as a digital-asset and fiat infrastructure provider. A dedicated disclosure on its website is titled: “Xoala Digital Risk Disclosure – (MiCA / EU).” The disclosure identifies Xoala Digital as a Polish limited liability company based in Łódź, registered under KRS number 0001047696.
According to Xoala, the company is entered in Poland’s Register of Virtual Currency Service Providers under registration number RDWW-872. The platform says that Xoala Digital provides services including:
- purchase of crypto-assets;
- sale of crypto-assets;
- custody;
- and transfer of supported digital assets.
The same disclosure states that:
“Xoala Digital operates under the regulatory framework of the European Union, including the Markets in Crypto-Assets Regulation (MiCA).”
Elsewhere, Xoala states that the company operates “within MiCA compliance.” This raises an obvious regulatory-status question. A legacy Polish VASP registration is not the same thing as a MiCA CASP authorisation.
In the public disclosure reviewed by FinTelegram, Xoala identifies its Polish VASP registration but does not specify a MiCA CASP licence number or identify the competent EU authority that allegedly granted such an authorisation. FinTelegram therefore invites Xoala to clarify:
- whether any Xoala entity currently holds a MiCA CASP authorisation;
- which authority issued it;
- the relevant authorisation number;
- and the legal basis on which the Polish entity currently serves EU crypto customers.
Which Xoala Entity Actually Provides the Crypto Service?
Xoala’s own public disclosures create a further transparency question. The dedicated MiCA/EU risk disclosure describes Xoala Digital as a Polish company. However, Xoala’s general legal disclosure states that: “Xoala Digital is a trading name of Xoala IOM Limited.”
Xoala IOM Limited is described as an Isle of Man company registered with the Isle of Man Financial Services Authority as a Designated Business. This creates a fundamental perimeter question:
Which entity is the actual contractual crypto service provider for an EU customer?
FinTelegram believes Xoala should clarify:
- whether EU customers contract with the Polish entity;
- whether they contract with Xoala IOM Limited;
- what role Steven AB plays in fiat settlement;
- which entity controls crypto-assets;
- which entity executes conversions;
- and which entity has authority to restrict customer access to funds.
These questions are directly relevant to the whistleblower allegation. A customer may perceive a single Xoala platform while legally interacting with several entities across different jurisdictions.
Account Restrictions Are Not Automatically Misconduct
FinTelegram stresses that account freezes or transaction restrictions imposed by an electronic money institution are not inherently unlawful. A regulated institution may be legally required to restrict activity because of:
- anti-money laundering concerns;
- sanctions;
- fraud suspicions;
- source-of-funds issues;
- regulatory instructions;
- law-enforcement requests;
- or incomplete customer due diligence.
Xoala’s Corporate Terms provide the company with substantial compliance and risk-management rights. The same Terms also state that electronic money may generally be redeemed at par value, subject to applicable law and to checks the company is required or permitted to perform.
The decisive question is therefore not simply whether funds were restricted. The real questions are:
- Why were they restricted?
- How long were they restricted?
- Were affected customers individually informed?
- Were redemption requests processed?
- Were customers given an orderly exit?
- Did Xoala continue accepting funds after deciding that a customer relationship could no longer continue?
The Core Whistleblower Hypothesis
The whistleblower submission becomes potentially serious if evidence establishes a recurring sequence such as:
- Xoala onboarded or continued servicing crypto companies;
- Xoala knew that upcoming MiCA-related changes would affect those companies;
- customer funds continued to be accepted;
- accounts were subsequently restricted;
- multiple companies were affected in a similar timeframe;
- funds were not returned or redeemed within a reasonable period;
- MiCA or regulatory transition issues were cited only after the funds had already been received.
FinTelegram currently has no evidence establishing that such a systematic pattern occurred. This is precisely why additional whistleblower evidence is required.
A Parallel Corporate Transaction
The case has another potentially relevant corporate dimension. In August 2025, US-listed FDCTech announced a non-binding letter of intent to acquire 100% of Steven AB, trading as Xoala, for a stated consideration of $6.75 million. The announced structure contemplated five annual instalments of $1.35 million beginning on 13 June 2026.
In an SEC annual filing submitted in April 2026, FDCTech continued to describe the Steven AB acquisition as “advancing,” rather than clearly completed. The timing is noteworthy but proves nothing:
- 13 June 2026 was the originally announced start date for the proposed annual acquisition payments;
- four days later, on 17 June 2026, Finansinspektionen publicly disclosed its investigation into Steven AB.
FinTelegram has no evidence that the transaction and the regulatory investigation are connected. Nevertheless, the situation raises legitimate questions about:
- the present ownership of Steven AB;
- the status of the acquisition;
- regulatory change-of-control procedures;
- disclosure of material customer disputes;
- and whether any alleged restricted-funds cases were known during due diligence.
Questions for Xoala and Steven AB
FinTelegram invites Xoala and Steven AB to answer the following questions:
- How many crypto-related corporate customers have had accounts restricted, suspended, or terminated since 1 January 2025?
- What is the aggregate amount of customer funds currently subject to restrictions?
- How many affected customers are crypto exchanges, VASPs, CASPs, payment processors, OTC brokers, or other digital-asset companies?
- Were any restrictions introduced because customers lacked a MiCA CASP authorisation?
- Were any restrictions connected to the end of national MiCA transitional arrangements?
- Did Xoala continue accepting customer funds after deciding that particular crypto businesses could no longer be serviced?
- What is the average duration of current crypto-related account restrictions?
- What is the longest current restriction?
- Which legal entity decides whether a customer account is frozen?
- Are restricted fiat balances legally represented by electronic money issued by Steven AB?
- Are those balances safeguarded?
- Can affected customers redeem the relevant electronic money at par value?
- Does any Xoala entity currently hold a MiCA CASP authorisation?
- If so, which entity, authority, and authorisation number?
- What precisely does Xoala mean when it states that Xoala Digital operates “within MiCA compliance”?
- Why does the MiCA/EU risk disclosure identify Xoala Digital as a Polish company while the general legal disclosure states that Xoala Digital is a trading name of Xoala IOM Limited?
- Which entity is the contractual crypto service provider for EU customers?
- Is the ongoing Finansinspektionen investigation connected in any way to customer funds, safeguarding, electronic-money redemption, crypto customers, or account restrictions?
- Has the proposed FDCTech acquisition of Steven AB been completed?
- Were material customer disputes, restricted balances, or the Finansinspektionen investigation disclosed during the acquisition process?
Preliminary FinTelegram Assessment
The whistleblower allegations are serious but remain unverified. There is currently insufficient evidence to conclude that Xoala deliberately trapped customer funds or systematically used MiCA as a pretext to block crypto companies. However, the allegations cannot be dismissed as an isolated complaint without further investigation.
Xoala operates a multi-jurisdiction structure combining regulated electronic money services and digital-asset activities. Its own public disclosures reference MiCA while raising questions about the precise legal entity and authorisation basis behind its EU crypto services.
Most importantly, the licensed Swedish EMI behind Xoala’s corporate payment infrastructure is currently subject to an ongoing Finansinspektionen investigation concerning compliance with electronic-money law. That does not prove the whistleblower allegations. It does make them worthy of serious investigation.
FinTelegram will continue reviewing the matter and invites additional evidence from affected companies, insiders, and regulatory sources.
Call for Evidence
FinTelegram is inviting information from:
- cryptocurrency companies whose Xoala accounts were restricted;
- former or current Xoala employees;
- compliance and AML officers;
- former executives;
- correspondent banks;
- safeguarding partners;
- crypto liquidity providers;
- OTC desks;
- CASPs and former VASPs;
- consultants involved in MiCA transition projects;
- and persons familiar with the Steven AB acquisition process.
Particularly relevant evidence includes:
- account statements;
- screenshots of inaccessible balances;
- freeze notices;
- termination letters;
- redemption requests;
- emails with Xoala compliance teams;
- MiCA-related communications;
- requests for CASP licences;
- internal policies;
- correspondence with banks;
- customer complaints;
- and evidence showing when Xoala became aware that a particular crypto customer might no longer satisfy regulatory requirements.
Sources may contact FinTelegram confidentially.




