A Maltese payment company features in a global investment scam money trail that has seen victims from all walks of life and dozens of countries, fall prey to professional fraudsters.  

An investigation by the Organised Crimes and Corruption Reporting Project and its media partners, including Times of Malta and Amphora Media, offers new insights into how these extensive fraud networks operate.  

OpenPayd - a Maltese licensed payment provider - is one of the many payment firms used by scammers to funnel money from would-be investors to fraudsters via sham financial trading platforms. 

In one case, a total of €2.5 million in small payments over a three-month period entered and rapidly exited the OpenPayd account of a suspected sham platform used by the scammers. 

Openpayd told reporters that “it monitors all transactions to/from its clients for fraud or other financial crime red flags, including through a comprehensive fraud monitoring programme designed to combat fraud from end customers”. 

Thousands of hours of leaked phone calls between scammers and their victims across dozens of countries, including a handful of people targeted in Malta, reveal how the fraudsters methodically promoted fake investment opportunities on these sham trading platforms. 

They would often ensnare victims using celebrity-based advertising on social media. Scammers then use specialist software to create illusory profits on the victims’ initial investment, a technique to encourage them to send more money.  

Victims spoke about how they emptied their savings accounts, took out bank loans, and borrowed from friends and family to pay voracious scammers, who would never take no for an answer.  

Internal chats show scammers gloating over clients’ distress and writing callous notes about them in their internal systems. 

In one case, as scammer using the alias Anthony left an expletive-laden comment to denigrate a target. 

“She is a f**kin b**ch // said that doesn’t want calls every month // thinks that I’m gonna trade for her like a slave // said that has investment plan for whole year and isn’t willing to invest more // … hope all her properties will f**kin burn down // dumb b**ch.” 

The leak reveals how fraud is enabled globally by multiple players in the international banking sector, as well as payment service providers like OpenPayd, which can be slow to stop the flow of fraudulent funds.  

As the secret source behind the leak put it in a statement explaining his motivation for sharing the data: “Fraudsters can operate almost openly, without anyone stopping them. Almost none of these crimes ever gets resolved because of the difficulties in investigating crimes across borders.”  

The Malta money trail 

CurrencyRock, a Lithuanian company which ran one of the apparent sham investment platforms called Insirex, held accounts at OpenPayd.

The account appears to have been used to funnel money from the victims to their scammers.  

Internal chats found in the leak indicate the scammers were acting in tandem with Insirex, coordinating and facilitating the transfer of victims’ funds to its OpenPayd accounts 

From there, funds were often transferred from CurrencyRock to another Malta-based company called Payhound. 

An account statement found in the leak shows how €2.5 million entered and rapidly exited CurrencyRock’s account within a three-month period between March and May 2024. 

Insirex.com, the CurrencyRock cryptocurrency trading platform, is no longer online. 

Attempts by reporters to reach CurrencyRock for comment were unsuccessful. 

Payhound said it maintains the highest standards of compliance, adheres to industry best practice and has consistently met all applicable legal and regulatory requirements

A Canadian cryptocurrency exchange featured in the leak, Blue Whale Tech, also held accounts with OpenPayd.  

In response to reporters’ questions, a representative of Blue Whale Tech denied working with scammers.  

“Our clients are 100% individual clients who wish to purchase and/or sell digital currencies,” the spokesperson said.  

OpenPayd in turn distanced itself from CurrencyRock, Blue Whale Tech and the scam victims when contacted by reporters.  

An OpenPayd spokesperson said the company terminated its relationship with CurrencyRock in 2024 and Blue Whale Tech in 2023 “for failing to maintain adequate controls”, the spokesperson said.  

The spokesperson argued that clients like CurrencyRock and Blue Whale Tech have their own regulatory responsibilities to manage the financial crime risks posed by their end customers.  

OpenPayd said its payment services are provided exclusively to corporate business customers, and not consumers or other individuals, like the suspected scam victims.  

A spokesperson for the MFSA, the financial regulator, declined to comment on specific cases when contacted about OpenPayd and Payhound. 

The spokesperson said should any issues or potential breaches arise during examinations of licensed entities,  appropriate regulatory and enforcement action is taken in accordance with its mandate.

"Additionally, the authority cooperates fully with both domestic and international supervisory, intelligence, law enforcement and judicial authorities in line with its obligations at law," the spokesperson added. 

Closing the loopholes

Various scam victims who sent money via the payment platform have however argued that OpenPayd has a responsibility to protect them from fraudulent activity.  

Three separate complaints were filed against OpenPayd in 2024 before the financial arbiter in Malta after victims studied the account numbers used by their scammers and identified OpenPayd as the account provider.  

The complaints were dismissed on technical grounds, as although the scam victims had sent money to OpenPayd, they fell outside the arbiter’s jurisdiction, as these victims were not considered to be OpenPayd clients.  

However, the legal loophole that let OpenPayd off the hook for facilitating potentially fraudulent payments may eventually be closed.  

Financial arbiter Alfred Mifsud confirmed to Times of Malta that legal changes in the pipeline are set to give the arbiter more teeth in such cases.  

Mifsud cited the three OpenPayd cases as an example of why these changes are needed.  

The arbiter said the aim is to ensure that any licensed financial service provider involved in the suspected fraudulent payment transaction will be answerable to him.  

Mifsud also made is clear in all three decisions that the dismissal on technical grounds in no way prevents the victims from pursuing their claims against OpenPayd before a competent court or tribunal. 

In a recent explainer on scams, the arbiter expressed his concern about both the quantity and the quality of fraud schemes.  

“Get-rich-quick schemes are invariably too good to be true. They are carefully laid out to tempt vulnerable consumers to try their luck with a small sum. 

“Once inside the scheme, it gets progressively more difficult to extricate themselves out, and they are quite often convinced to continue paying into the false scheme until, finally, the truth is exposed, with hurtful results – both financial and psycho-social,” the arbiter said.  

A €260 million industry 

Documents found in the leak appear to confirm the industrial scale of these fraud schemes. 

Spreadsheets and financial records obtained by Swedish Television (SVT) show that in four years, two scam networks, one based in Georgia and a larger Israeli/European operation, received over €260 million.  

According to spreadsheets maintained by financial managers of the Georgian operation, it received over €33 million from more than 6,179 “clients” between May 2022 and February 2025.  

The Israeli/European operation recorded much bigger numbers: It received €230 million from would-be investors between January 2021 and December 2024, according to transaction sheets containing records of deposits and withdrawals.  

This money came from over 26,000 people in 33 countries, with the most clients living in Canada, Spain, Australia, the UK, and South Africa.  

The hundreds of scammers working for these networks operate out of smart office buildings in major cities. They are assessed and rewarded for their work, and some live lavish lifestyles off the proceeds of their victims. 

But the trading platforms they promote are a sham.  

Most exist only as websites that are not linked to any corporate entity, and which falsely locate them in financial centres like London and Zurich.  

Internal communications and documents show how staff clock in and out of their workplaces, enjoy office parties, undergo performance reviews, and receive hefty bonuses linked to the amount of money they extract from their “clients.” 

A spreadsheet from a call centre in Georgia’s capital Tbilisi shows some high-performing staff made over €19,000 some months.   

These earnings afford them flashy lifestyle. In one case a scammer was rewarded with a Rolex watch after a particularly lucrative swindle.  

Tbilisi agents showed off Cartier jewellery on their social media accounts. 

Social media lures 

Reporters also found that both of the networks in the leak are fed by online marketers who ensnare victims by collecting their contact details through deceptive, often celebrity-based advertising on mainstream platforms like Facebook and Google, and selling them to the scammers.  

Once victims realise they’ve been scammed, they’re often passed on to other agents who impersonate law enforcement and tax authorities and trick them into paying even more, supposedly to release their lost funds. 

These online scams generate around $500 billion (€480 billion) annually,” said Jürgen Stock, the former Secretary General of Interpol, the world’s largest international police organisation. 

“At the moment, we assume that cybercrime can generate similar profits to the international drug trade. ... The laptop, so to speak, is now the sharpest sword in the arsenal of criminal groups”.  

Reporters talked to hundreds of people targeted by the Georgian and Israeli/European call centres, using information within the leak to find them. Nearly all — 166 clients of the Israeli/European operation and 40 clients of the Georgian operation — said they had been scammed. Their total confirmed losses exceeded € 17 million, and 65 victims told journalists that they had gone to the police. 

Some victims reported their losses to the police, others did not 

Experts told OCCRP that there were multiple challenges in investigating and prosecuting such cases, including the transnational nature of the scams, a lack of specialist knowledge in law enforcement and underreporting by victims.