AirSoft In The Dock: Germany’s Case Against Shay Benhamou Targets The Software Layer Of Broker Fraud
Key Findings
- German prosecutors have brought four counts of commercial and organized fraud against former AirSoft CEO Shay Benhamou before the Bamberg Regional Court, with alleged investor losses exceeding €94 million.
- According to OCCRP, prosecutors claim AirSoft’s brokerage software was “central to the fraud,” that the company participated in scam revenues, and that AirSoft staff were operationally involved in certain cases.
- Scam-Or Project had already flagged AirSoft in its August 24, 2022 report as a venture of interest for German law enforcement and repeatedly linked the company to scam-enabling activities.
- The AirSoft case reflects a broader enforcement trend in which prosecutors increasingly focus on the technical infrastructure behind broker scams, not only the visible scam brands and boiler rooms.
- The same liability logic extends beyond broker fraud. In white-label casino and gaming structures, providers often control the licence umbrella, payment architecture, and compliance environment, making the defense of “we only provide technology” far less convincing.
A Case That Reaches Beyond One Former CEO
The criminal proceedings against former AirSoft CEO Shay Benhamou before the Bamberg Regional Court are not just another chapter in the legacy binary-options sector. The case goes directly to a much broader compliance issue: when does a white-label software provider stop being a neutral technology supplier and become a knowing enabler of cyber-enabled investment fraud?
According to OCCRP, opening arguments began on March 2, 2026, and the indictment concerns Benhamou’s role as CEO of Israel-based AirSoft from March 2015 through at least the end of June 2021. Prosecutors accuse him of four counts of commercial and organized fraud and allege investor losses of more than €94 million.
What makes the case strategically important is its focus. Rather than targeting only a scam brand or a boiler-room operator, the proceedings examine the software infrastructure behind fraudulent broker operations. That puts the liability of the platform layer itself under direct scrutiny.
Scam-Or Project Had Raised Concerns In 2022
Scam-Or Project had identified AirSoft as a high-risk white-label broker-platform provider long before the current German proceedings reached trial. In its August 24, 2022 report, Scam-Or Project described AirSoft as a venture of interest for German law enforcement because of alleged scam-facilitating activities. The report also noted that the company repeatedly surfaced in connection with broker scams and identified Shay Benhamou as its longtime CEO.
That earlier reporting now appears highly relevant. The current criminal case suggests that German authorities did not regard AirSoft as some marginal outside vendor, but rather as part of the infrastructure that enabled multiple fraudulent broker operations to scale across jurisdictions.
This aligns with a pattern Scam-Or Project has highlighted for years: in cyber-enabled investment fraud, the public-facing broker brand is often only the visible layer. The real operational continuity often sits deeper in the chain – with software providers, CRM operators, payment facilitators, and other infrastructure enablers.
The Legal Fault Line: Neutral Vendor Or Knowing Enabler?
As reported by OCCRP, the defense argues that the case raises a fundamental legal question: when can a software provider be held criminally liable for the misuse of its product by third parties?
In principle, that is a legitimate issue. A generic technology provider cannot automatically be responsible for every unlawful use of its software. But the AirSoft case does not appear to be about abstract software distribution.
OCCRP reports that prosecutors allege Benhamou “knowingly and willingly” provided a brokerage “all-in-one solution” that was “central to the fraud” carried out by criminal groups across several countries. Prosecutors further allege that AirSoft shared in scam revenues and that, in some cases, AirSoft employees were required to be operationally involved and in fact were involved.
That changes the legal analysis substantially. A provider stops looking like a neutral software vendor when several indicators appear together:
| Indicator | Why It Matters |
|---|---|
| Knowledge of criminal use | Suggests awareness rather than accidental association |
| Repeated servicing of fraudulent operators | Points to a pattern, not an isolated incident |
| Operational support | Shows practical involvement beyond software licensing |
| Continuing access to the environment | Indicates ongoing control or oversight |
| Platform customization | Suggests adaptation to client-specific fraudulent needs |
| Revenue participation | Connects the provider financially to the unlawful scheme |
Once these elements are present, the provider begins to resemble not a detached supplier, but an infrastructure partner in the offense.
Why The Software Was Central To The Fraud
In broker scams, the software is not a passive tool. It is the digital stage on which the deception is performed. Fake trading interfaces display manipulated balances, simulated trades, artificial profits, and fabricated account histories, all designed to persuade victims that a legitimate investment process is taking place.
Without that technological front end, the boiler-room pitch would be far less effective.
According to OCCRP, the AirSoft software was allegedly used across several fraudulent brands, including Huludox, Fibonetix, Nobeltrade, Tradecapital, and Forbslab. These brands were reportedly part of a broader network whose leaders were convicted by the Bamberg court in 2025 for scam operations conducted through call centers in Bulgaria, Serbia, Ukraine, Georgia, Israel, and Kosovo.
That is why the software-provider issue matters so much. If the platform was not merely sold and forgotten, but remained embedded in the operating model of known scam brands, then any liability assessment has to examine the provider’s actual function in the fraud chain, not just the formal wording of a contract.
A Broader Enforcement Pattern Is Emerging
The AirSoft case is not standing alone. It fits into a wider prosecutorial trend in which the infrastructure layer of online investment fraud is increasingly being examined under criminal law.
OCCRP notes that the Bamberg Regional Court had already heard another 2026 case involving software provider Mikheil Biniashvili and the Puma TS trading system. In that matter, prosecutors said the software was used by hundreds of scam brands, and Biniashvili received a seven-and-a-half-year prison sentence in a plea deal after being found to have knowingly profited from fraudulent operations.
This marks a major shift in enforcement. For years, prosecutors focused mainly on boiler-room managers, scam brands, and front-facing fraud actors. Now the investigations are moving upstream toward the technical infrastructure that made these operations scalable – software providers, platform operators, and back-office enablers.
The evolution of German-led investigations supports that trend. A coordinated action announced in 2023 had already identified at least 33,000 victims and estimated losses of €89 million, with arrests and searches across Bulgaria, Romania, and Israel (eurojust.europa.eu).
The message is getting harder to ignore: authorities are no longer content with dismantling only the visible scam brands while leaving the infrastructure layer untouched.
Why The Tradologic Comparison Matters
The AirSoft proceedings also invite comparison with Tradologic, another prominent software provider in the broker-scam ecosystem. Reports indicate that on September 8, 2023, Tradologic co-owner Ilan Tzorya received an eight-year prison sentence and former CEO Micha Golod received six years, although both verdicts remain under appeal and are therefore not yet final.
Even without finality, those rulings highlight an important point: European prosecutors and courts are increasingly willing to examine whether software providers behind fraudulent broker schemes were knowingly integrated into the criminal model.
That legal theory is not extreme. It reflects the operational reality of cyber-enabled investment fraud for years: the software environment was often not neutral infrastructure floating at arm’s length from the fraud, but an organized and monetized backbone of the deception.
Insider Evidence And Whistleblower Material Matter
For years, Scam-Or Project has received insider and whistleblower information indicating that major broker-platform providers such as AirSoft, PandaTS, Puma TS, and Tradologic were not blind to the nature of many of their clients.
On the contrary, the available information suggests that these providers often had detailed visibility into their clients’ operations and, in some cases, supported them with services that went beyond ordinary software licensing, including payment integrations and technical support.
From a legal perspective, this matters a great deal. Knowledge is rarely proven through one isolated email or a single public statement. More often, it is established through patterns:
- repeated servicing of notorious scam brands
- continuous back-office support
- privileged technical access
- participation in revenues
- absence of any meaningful compliance off-ramp despite obvious red flags
The more deeply integrated the provider is in the client’s operation, the harder it becomes to sustain a plausible-deniability defense. That is why insider evidence can become decisive in a case like Bamberg.
Relevance Beyond Binary Options: White-Label Casino And Gaming Hubs
The implications of the AirSoft case go well beyond the legacy broker-fraud sector. The same structural issues appear in white-label online gambling and casino models.
SOFTSWISS itself explains that in a white-label structure, the operator launches a brand under the provider’s existing licence and integrated platform, while “the legal accountability lies with the licence holder – the platform provider.” It also states that white-label systems usually include integrated payment methods, KYC/AML tools, CRM functions, technical maintenance, hosting, and compliance monitoring.
That is important because it shows how deeply the platform provider sits inside the operating model. A provider that supplies the licence umbrella, payment stack, compliance framework, and core backend cannot easily present itself as a detached software vendor. Its entire value proposition is based on integration and control.
SOFTSWISS also notes that local licensing regimes in Germany, the UK, Sweden, and the Netherlands do not allow this kind of white-label arrangement, and that the provider’s licence determines where the platform may legally operate.
That makes the comparison with illegal or unlicensed gambling especially relevant. If a white-label gaming hub knowingly provides infrastructure to operators targeting restricted jurisdictions, processes payments through centralized systems, and remains responsible for compliance monitoring under its licence umbrella, then the old formula – “we only provide technology” – becomes much harder to defend.
The front end may differ from a broker scam, but the liability logic looks strikingly similar: knowledge, control, operational involvement, and economic participation.
Where Hub Liability Should Begin
The real issue raised by the AirSoft case is not whether software developers should be criminalized for building technology. They should not.
The real issue is where legal responsibility begins when a provider knowingly services fraudulent or unlawful operators through an integrated white-label hub.
In practical compliance terms, that boundary should be assessed through several indicators:
- whether the provider knew or must have known of the unlawful business model
- whether it continued servicing the client despite clear red flags
- whether it retained privileged operational access
- whether it integrated or controlled payments, CRM tools, and other mission-critical systems
- whether it participated in the revenues generated by the unlawful conduct
Where those indicators are present, responsibility does not end with a software contract or licence agreement. At that point, the provider becomes part of the enabling infrastructure.
That is why the Bamberg proceedings deserve close attention far beyond the legacy binary-options segment.
Conclusion
The case against Shay Benhamou may become a landmark in the legal treatment of cybercrime infrastructure. It tests whether those who built, operated, and profited from the platforms behind fraudulent broker brands can still shield themselves behind the claim that they merely supplied neutral technology.
German prosecutors appear to be arguing that AirSoft crossed that line. If the court agrees, the implications could extend well beyond AirSoft – to PandaTS, Puma TS, Tradologic, and to white-label hub structures in adjacent sectors such as online gambling.
For Scam-Or Project readers, the lesson is simple: the visible scam brand is often only the surface. The real leverage points sit deeper in the stack – in the software providers, payment hubs, and compliance umbrellas that make fraud and unlawful cross-border operations scalable.
The era of plausible deniability for these infrastructure operators may be drawing to a close.
Call for Whistleblowers
Scam-Or Project continues to investigate the software, payment, and white-label infrastructure behind broker scams and illegal gambling operations. If you have information about AirSoft, Shay Benhamou, PandaTS, Puma TS, Tradologic, white-label casino hubs, integrated payment systems, or licence-umbrella structures used for unlawful cross-border operations, share it securely through the Scam-Or Project whistleblower section.
