Scam-Or Project has reviewed whistleblower materials indicating that Germany’s financial regulator BaFin may have registered a case involving Yapily Connect UAB, the Lithuanian-licensed division of UK-based open-banking group Yapily.

The allegations are significant: regulated “Pay by Bank” infrastructure was allegedly used to process deposits for offshore casino brands targeting German consumers without holding proper local licenses.

If the whistleblower file is authentic—and the reviewed materials strongly suggest that it is—it highlights a growing regulatory blind spot. Illegal gambling operators are no longer relying exclusively on questionable card acquirers or crypto payment workarounds. Increasingly, they appear to be using multi-layered open-banking systems hidden behind anonymous gateways, technical intermediaries, and mainstream banking interfaces.

Key Findings

Whistleblower complaint reportedly filed with BaFin

According to documents reviewed by Scam-Or Project, BaFin has allegedly received a whistleblower submission concerning Yapily Connect UAB and its potential role in facilitating deposits for offshore gambling platforms targeting Germany.

Seven casino brands identified

The whistleblower dossier names the following casino domains:

• betiro.com
• joocasino.com
• fonbet.com
• allspins1.co
• bullcasino.com
• jackpika.com
• theslotz1.co

According to the report, these operators allegedly used Yapily-linked payment flows while not appearing on Germany’s legal gambling whitelist maintained by Gemeinsame Glücksspielbehörde der Länder (GGL).

Core compliance concerns

The allegations focus on two major regulatory vulnerabilities:

Yapily’s public messaging creates additional pressure

Yapily continues publicly marketing open-banking services for iGaming companies and promotes Yapily Connect UAB as a way for firms to use open banking without securing their own AISP or PISP licenses.

At the same time, the company publicly states that it maintains “zero tolerance” toward compliance failures and financial crime exposure.

Yapily Connect UAB remains licensed

The Bank of Lithuania still lists Yapily Connect UAB as an active payment institution under authorization LB002045, permitted to provide:

• Payment initiation services
• Account information services

This pattern has surfaced before

Scam-Or Project has previously connected Yapily-linked infrastructure to:

• Contiant
• Klyme
• Winhero
• BetAlice
• Mega.bet
• LuckyWins

Repeated payment routes have also shown links to Revolut open-banking interfaces.

Confidential investigations remain invisible

BaFin handles whistleblower submissions confidentially. The absence of a public enforcement announcement does not necessarily mean the matter is inactive.

Compliance Analysis

1. The case has reportedly reached German regulators

Scam-Or Project reviewed materials that appear to originate from the same whistleblower who submitted the complaint to BaFin.

The complaint alleges that Yapily Connect UAB enabled payment initiation flows tied to offshore casino operators serving German consumers without proper authorization.

This is particularly important because Germany’s gambling framework is not unclear. Gemeinsame Glücksspielbehörde der Länder (GGL) maintains a public whitelist of authorized operators.

If the whistleblower evidence is accurate, this could indicate regulated payment infrastructure was used to move consumer funds toward gambling operators that should not have been operating in Germany.

2. Yapily’s own marketing raises uncomfortable questions

The contrast between public branding and alleged payment activity makes this case especially sensitive.

On its website, Yapily actively promotes services for gaming companies, including messaging designed to attract iGaming operators.

The company also promotes Yapily Connect UAB as a shortcut for firms seeking access to open banking infrastructure without securing their own licenses.

Separately, Yapily continues emphasizing its strict compliance standards.

That creates a central regulatory question:

If regulated infrastructure repeatedly appears in unlicensed gambling payment flows, how far can the licensed provider distance itself from the underlying merchants?

3. Yapily Connect UAB is an actively licensed institution

According to records from the Bank of Lithuania, Yapily Connect UAB remains fully authorized under license LB002045.

Its license has been active since 23 December 2020.

This matters because payment initiation providers are regulated financial participants—not passive software vendors.

Recent AML guidance suggests such firms face full compliance obligations.

The critical question becomes:

• What did Yapily know?
• What should it have known?
• How did it respond when repeated high-risk casino activity surfaced?

4. Scam-Or Project previously mapped similar structures

This case does not emerge in isolation.

Scam-Or Project previously reported that Contiant allegedly operated in front of Yapily’s regulated infrastructure.

This structure created separation between:

casino merchant → intermediary → licensed payment rail

The alleged Klyme case raised even more serious concerns after an internal email reportedly showed compliance staff discussing the whistleblower instead of freezing merchant activity.

Another investigation involving BetAlice identified the following route:

payment-gateway.io → puretransfer.io → mellifera.tech

with references to Paradis Tech Ltd, Yapily, and Wise.

More recently, Yapily links also surfaced in reports involving Mega.bet and LuckyWins, alongside recurring references to Revolut.

5. Why open-banking rails remain vulnerable

The broader issue is regulatory fragmentation.

Different regulators oversee different layers:

Meanwhile, banks and payment interfaces often sit further downstream.

Typical layered payment model

casino cashier
→ anonymous gateway
→ technical service provider
→ regulated PISP rail
→ bank consent screen
→ bank debit
→ offshore operator

This architecture makes accountability significantly harder.

6. What BaFin should examine

If BaFin decides to escalate the matter, investigators may need to review:

• Merchant onboarding documentation
• Due diligence files
• Periodic merchant reviews
• Risk scoring records
• Transaction monitoring alerts
• Internal escalation logs
• Relationships with Contiant, Klyme, and other intermediaries
• Cross-border service documentation
• Suspicious activity reporting records

Anything less may leave key questions unanswered.

7. This extends far beyond Yapily

This may become one of Europe’s first major tests involving modern gambling payment infrastructure.

Illegal gambling payments increasingly move through:

Scam-Or Project has previously documented similar patterns involving ChainValley and related structures.

The Yapily matter is especially important because it involves regulated fintech infrastructure that appears legitimate on the surface.

Conclusion

The whistleblower complaint involving Yapily could become a major regulatory test for European open-banking supervision.

The question is no longer whether offshore casinos are using modern payment systems—they clearly are.

The real issue is whether regulators are willing to acknowledge that licensed open-banking infrastructure may now be one of the preferred channels for illegal gambling payment flows.

If regulators fail to act despite repeated patterns, the market may interpret that as permission to continue building increasingly complex payment structures with minimal consequences.

Scam-Or Project Whistleblower Call

Scam-Or Project invites:

• whistleblowers
• compliance officers
• payment professionals
• bank employees
• former PSP staff
• affected players

to submit:

• internal documents
• screenshots
• transaction records
• merchant descriptors
• compliance reports

related to Yapily, Contiant, Klyme, Revolut open-banking flows, and offshore gambling payment networks via the Scam-Or Project whistleblower section.