Criminals Find Payment Solutions In Estonia-Licensed Crypto Exchanges

Share this post

  • Nine regulated crypto businesses provided payment pages for scam sites
  • Lithuanian and UK e-money institutions furnish the licensees with payment accounts

Holders of Estonia’s controversial cryptocurrency licences are being widely used by online investment scams to accept payments from victims, an investigation by VIXIO has found. 

Estonia’s financial intelligence unit (FIU) has licensed thousands of mainly offshore cryptocurrency exchange and wallet providers since 2017, prompting the unit to seek new powers from the government to stem the tide of licence applications.

The FIU warned last year that the licensees are being used in investment scams and to launder money, and that in 2019 just 32 of the some 2,000 licensed cryptocurrency firms were subject to inspections.

Despite the allegations thrown at the sector, which has also been spurned by Estonia’s banks, regulated e-money institutions in Lithuania and the UK have opened payment accounts for the licensees, including those which were used by scams to accept payments, according to Estonian licensing records.

Following a sign-up to investment scams, which are often found through ads featuring fake quotes from celebrities, victims are prompted to make a deposit to begin trading.

Estonian exchanges are often presented as an option through which a user can purchase cryptocurrency to fund their account in fiat currencies, a VIXIO review of dozens of websites found.

The user is then redirected to the licence holder’s payment page, where the cryptocurrency wallet address belonging to the scam is pre-filled as the destination.

VIXIO found nine Estonian exchanges being used to accept payments in this way.

It was not possible to determine the precise relationships between the Estonian entities and fraudulent websites.

Pradexx, an exchange and wallet licence holder, has acted as a payment provider for six scams subject to consumer warnings by regulators in Germany, Italy, Portugal and the UK. Its payment account is provided by Wallter UAB, a Lithuanian fintech, according to Estonian licence records.

On its website, Pradexx promotes itself as a “global leader in payment processing solutions” and says it offers conventional payment gateway services with more than 350 payment service providers.

Pradexx and Wallter did not respond to requests for comment. None of the other Estonian cryptocurrency exchanges identified and contacted by VIXIO responded to requests for comment.

Until legislative changes in 2020, a licence to operate a cryptocurrency business in Estonia required only a criminal record check, passport copy and anti-money laundering plan. Many licences are obtained through company service providers that offer off-the-shelf companies.

Victims of fraudulent websites AccepTrade and Profitstrade are presented with the option of making a deposit by Transcoin, an Estonian exchange that received its licence in July 2020. Its payment account is provided by Lithuanian e-money firm Paysera, according to Estonian records.

Aleksas Rozentalis, a media representative for Paysera, said the company has a strict policy on cryptocurrency businesses and during 2020 closed 719 private accounts “whose owners tried to buy or exchange cryptocurrencies and refused to open accounts for 83 companies that were involved in crypto activities”.

Paysera does not provide any payment acceptance services for Transcoin, Rozentalis added.

Users that open accounts with Dolce 500 and MDX 500, two websites subject to scam warnings by the UK Financial Conduct Authority, are directed to pay through Estonian licence holder BitTheBank.

BitTheBank’s payment account provider is listed as Wittix, another Lithuanian-regulated fintech.

A Wittix spokesperson said that it opened an account for the Estonian business “in order to deposit their share capital for the purpose of obtaining their licence” but that “the account was activated for this purpose only, and our compliance department closed the account before it became operative”.

The company cannot disclose why it closed the account due to confidentiality requirements and did not provide any payment processing for BitTheBank, the spokesperson added.

Bilderlings, an FCA-regulated e-money institution, provides payment accounts for Quamtor and Instacoins, two Estonian businesses that are facilitating crypto payments for EGM Finance and WorldMarkets respectively, two online trading websites subject to regulatory warnings in New Zealand and the UK.

Payment accounts for two more exchanges linked to fraudulent websites were provided by GlobalNetInt, also a Lithuanian e-money institution.

A spokesperson for Estonia’s FIU did not respond to a request for comment. The unit has repeatedly warned it lacks the resources to police the sector.

In 2020, the Estonian parliament passed legislation introducing a “fit and proper” check for new applicants and hiked the licence application fee. The FIU also revoked some 500 licences during the same year.

In response to questions from VIXIO, the Bank of Lithuania said that it has not specifically investigated its regulated firms’ relationships with Estonian virtual currency providers, but that “all financial institutions mentioned in your questions were assessed during on-site or off-site inspections or during their individual risk assessment in terms of the AML/CFT compliance with the Lithuanian laws”.

A spokesperson for the bank pointed to the 2020 inspection of Paysera, which found “significant” anti-money laundering shortcomings including poor application of due diligence on higher risk customers.

Regulated firms providing payment services for cryptocurrency businesses should assess such clients’ money laundering and terrorist financing controls and “take additional measures to reduce and manage ML/TF risks” if they are inadequate, the spokesperson added.

“Special attention should be paid when the activity that is carried out requires permits (licenses) and customers are unable to provide them as well as when a company operates in one jurisdiction and opens a payment account in another.”

Cryptocurrency exchanges are not the only area of the underregulated payments ecosystem — payment gateways also can attract fraudsters and facilitate crime, as reported.

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?