RECAP: In our previous instalment we revealed an international syndicate running online trading ‘scams’ worldwide that had a prominent presence in South Africa. Now we turn to the “back office” running the special South African division – the lawyers, fixers and other service providers that make the whole thing tick.
What we have dubbed “Scam Empire” is a multinational syndicate operating some 79 seemingly fraudulent online trading platforms across the world, including in South Africa.
The “SA division” has been rapidly expanding with at least seven “brands” launched since 2023, including at least three since November and one as recently as January this year.
These make up the bulk of the “regulated” branch of Scam Empire – platforms operated by real companies sporting real financial service provider (FSP) licenses – which sets them slightly apart from the rest of the network.
The vast majority of trading platforms under the Scam Empire umbrella are unregulated and often have no actual legal entity underpinning them.
Despite their ‘legal’ status, these local companies are doing massive real damage to the lives of thousands of would-be ’traders’.
Like their counterparts in other parts of the world, investors are drawn in by a toxic mix of misleading or outright fake advertising that lures them in a web of harassment and manipulation by call centre agents.
In almost every case they end up losing all their money.
In Part One of this exposé we showed how this part of the scam operates and the scale of the losses suffered by its victims in a scheme whose tentacles reach practically every corner of the globe.
Our investigation is based on a monumental leak of data originally provided to Sveriges Television, the Swedish national broadcaster, to which amaBhungane has gained access as part of a global consortium of media organisations coordinated by the OCCRP.
The leak also contains masses of information on the creation of the online trading “brands”, the companies underpinning them as well as the people pulling the levers in the background.
Scam Empire’s first noticeable presence in South Africa, in around 2022, was an unregulated platform named InvestEFT, which has since disappeared without a trace after collecting several million from the public.
Things have shifted since then in South Africa, with a growing number of local platforms using FSP licenses issued by the Financial Sector Conduct Authority (FSCA).
Within the Scam Empire network these are referred to as the “regulated” brands.
Why some have gone the ‘legal’ route is not clear, but as we will show, the South African division appears to have played a disproportionate role in the overall syndicate, seemingly becoming a nexus for money flows of nominally unrelated operations around the world and possibly exploiting the cover provided by their veneer of respectability.
A first attempt at running a licensed trading “brand” in South Africa seems to have been a short-lived brand named SkyMT.
After that came the infinitely more successful Finbok, Finxocap and VP Trade all of which used the same FSP license.
Then, in November last year, two new brands named Tredomatix and FXSI were launched using a single license. Finally, in January this year, another named TradeFT emerged using yet another new license.

We pointed out in our previous instalment that three of these platforms supposedly belong to an unemployed Bulgarian man named Boris Kodzhov, while another one belongs to Romanian model Diana Gugles – both are either victims of identity theft or willing “sellers” of their identities.
The identities of the other platforms’ owners remain a mystery.
It is clear from the leak that this “regulated” division of Scam Empire relies on a small, consistent management team and a handful of professional service providers to tackle the unique problems of getting and sustaining licenses.
What also emerges is that the centrally managed Scam Empire system has crossed paths with other similar operations in South Africa, leading to some cooperation and later to bitter conflict.
Why bother?
Before we explore the colourful characters involved it is worth asking: why get a license at all?
In the course of our investigation two compelling answers have suggested themselves.
One is the veneer of legitimacy a FSP license provides.
A victim we spoke to who had lost something in the region of R1-million to the platform Finbok recalled that he had phoned the FSCA to check whether the platform was “legitimate”.
If he had not been told that their FSP license was in order he would likely not have invested.
An internal Scam Empire document for call centre agents suggested that agents use the platform’s exposure to regulatory sanction to reassure the potential “traders”.

There is, however, another important reason that is core to the functioning of the platforms – the constant hunt for new payment service providers (PSPs) to channel funds from depositors to the platforms.
As we will see, the need to accept high volumes of payments in various currencies makes getting diverse PSPs onboard a big part of the game.
Being ‘licensed’ makes it far more likely that even relatively scrupulous formal PSPs will accept your business. At least until accusations of fraud start rolling in, as they frequently have.
But all of that comes later, in Part Three of this exposé. For now, we turn to the evolution of Scam Empire in South Africa.
Taking off: SkyMT
Getting a new FSP license is not entirely painless, but there is another route – buy an existing one.
And what could be better than one that is going cheap because it has been rendered technically useless to those who own it?
In June 2022 the FSCA announced that it was investigating an FSP named Lehumo Securities following complaints from the public.
Lehumo was ordered to cease taking deposits, rendering its license inoperative but still technically ‘valid’. This valid FSP license is all anyone would see if they went as far as looking up the company on the FSCA website.
Within a year this beached FSP would be transformed into SkyMT, seemingly the first “regulated” operation set up by Scam Empire to specifically target South African investors.
It’s a convoluted story but foreshadows much of what the network has gotten up to since.
When the FSCA pounced in 2022 Lehumo was owned by South African Martin Maudi Lentsoane.
In early 2023 Lentsoane was approached to sell his company and its (still valid) FSP license. He then got a part-time job acting as the company’s “key individual” – the person meant to take responsibility for an FSP’s conduct.
The buyer and Lentsoane’s supposed new boss? Bulgarian Boris Kodzhov.
This is the Kodzhov who, as we revealed in Part One, is a former cleaner in the Bulgarian capital Sofia who lives off a government grant.
Lentsoane said that in hindsight it should have been a red flag that Kodzhov “bought” Lehumo despite its lame duck license.
He told us: “I explained the situation with the FSCA and disclosed the fact that the entity will not be able to operate until it is cleared of the ongoing investigation and the buyer was seemingly not concerned and they were willing to wait for the process to conclude.”
Another red flag: despite the mysterious Kodzhov making this seemingly quixotic investment, Lentsoane says he never once met him, not even on the video calls through which the deal was negotiated.
The mysterious Kodzhov did, however, have solid legal representation – an impressive-looking Israeli law firm named Porat Group.
According to Lentsoane, the video meetings were attended by the firm’s head of financial regulation David Woliner and senior associate Or Reizis.

The transaction moved ahead rapidly and a sales agreement was signed in February 2023, after which the company was renamed SkyMT.
In the agreement an “intermediary” named Clearsky Solutions, based in Hong Kong, was introduced. Clearsky would take a cut from the sale price.

Clearsky seems to be a related corporate services company for Porat Group, seemingly making Porat a one-stop-shop for a deal like the one between Lentsoane and (ostensibly) Kodzhov – a deal which appears to have involved installing a fake owner who would appoint a key individual who in turn (as we will see) had no idea what was going on.
In fact, amaBhungane is aware of at least one other case outside the ambit of Scam Empire where Porat allegedly organised the buyout of a FSP that had been immobilised by the FSCA, again on behalf of a mystery buyer.
This law firm will feature again in this story. In response to questions, Porat told us that it “does not provide ‘proxies to obscure real owners and/or managers’ or similar services, in any manner whatsoever”.
“However, we can confirm that Porat Group’s sole activity is providing legal advisory and legal documents drafting services”. Read their full response here.
Middlemen
Lentsoane claims that the deal to sell Lehumo/SkyMT was brought to his door by Myles Ndlovu, a man years earlier also implicated in an unrelated alleged pyramid scheme named Profit Trading.
Also involved was Simiso Ndlovu, apparently a family member.
It is unclear how Ndlovu came to be involved. Neither Myles nor Simiso Ndlovu responded to our questions, but it appears they stayed in the picture at SkyMT after it was bought from Lentsoane.
In May 2023 Kodzhov ostensibly signed a “shareholder proxy agreement” that effectively ceded control of SkyMT (formerly Lehumo) to Simiso – at least on paper.
This is the month the SkyMT trading platform went live, although Lentsoane told us he knew nothing about it.
However, the leak contains invoices and a spreadsheet showing monthly expenses tabulating his fees.

SkyMT raked in around R30-million from South African “traders” and refunded R3,6-million before it was discontinued. The level of refunds may seem high compared to the average of 3% Scam Empire platforms allow traders to recoup internationally, but the number is misleading.
Over 60% of the SkyMT refunds consisted of a single payment to a big investor who raised hell with a fraud complaint which, according to a leaked internal “monitoring” report, needed to be resolved with “extreme” urgency.
The ultimate demise of SkyMT at the end of 2023 had a proximate cause we will only deal with properly in Part Three, when we explore the shady financial machinations of the online trading business.
Suffice it to say that fraud allegations were making it hard to sustain a system for bringing in new money.
There were also larger forces at play.
Among the voluminous files in the Scam Empire leak, SkyMT takes its place alongside dozens of other centrally managed platforms, as is attested to by countless records of its transactions, chatroom discussions of its affairs and contracts signed by its “owner” and his apparent proxy Ndlovu.

But who really ran SkyMT during its roughly seven months of operations?
One clue lies in letters drafted on behalf of SkyMT dealing with complaints from traders and more specifically their author: a legal trouble-shooter calling himself “Paul van Rensburg”.
As we will see, “van Rensburg”, despite his South African name, is one part of a shadowy back office known as “Cyprus HQ” that took the lead in much of what follows and links back to the Israeli network that appears to call the shots.
Another clue is mystery investor Boris Kodzhov, who would soon reappear to provide a link between SkyMT and the next iteration of Scam Empire’s regulated division.
For that iteration we must visit Cape Town and introduce a key South African player.
Who serves who?
At the heart of the South African operation lies Astrix Data – a licensed FSP that spawned two so-called juristic representatives named Vector Financial Services and Libra Wealth – – “juristics” for short.
These juristics are companies that piggyback on another entity’s FSP license.
This is perfectly legal, but the actual owner of the license is meant to do a thorough due diligence before appointing a juristic, creating an element of outsourced regulatory oversight.
In this case all three entities are linked by a common director, Capetonian ex-banker Dustan Cornelissen, though as we’ll see, he claims he is just a service provider.
Vector and Libra were set up to use Astrix’s license to operate online trading platforms: Finbok and Finxocap in the case of Vector and VP Trade in the case of Libra.
The documents in the leak show that Vector in particular was to become a major presence in Scam Empire, leaving an outsized footprint of deals, payments and unanswered questions.
First off, the direct damage done.
Vector’s flagship platform Finbok launched in late 2023, some months after SkyMT.
By the end of 2024 this platform had collected deposits of over R210-million and returned about R20-million. As with SkyMT this number is misleading – roughly half of these returns went to only two people. One of these still lost most of their investment while pretty much everyone else also, at best, received only part of their investments back– often after vociferous threats and complaints.
Finxocap has been a more modest operation. Since February last year it has raked in deposits of R26-million and paid back around R1,6-million.
Over at Libra, its brand VP Trade, which largely targets South Americans, collected around R63-million and allowed withdrawals of R1-million.
As we pointed out in Part One and will show again below, claims that all these people are simply losing when they gamble on the markets falter in the face of signs that trades are manipulated, if not fictitious.
That aside, the leak’s voluminous documentation on Vector brings into the picture the public – and hidden – roleplayers who pull the levers.
Importantly, the two camps – those visible on the paperwork and those leaving no trace – have seemingly had a massive falling-out, leading to contradictory versions of who did what.
Let’s start with the man who set up Astrix, Vector and Libra – the ex-banker Cornelissen – and a colleague of his in Cyprus named Keith Ioakim.
The “compliance man”
Cornelissen, a former FNB staffer, has provided confusing and seemingly contradictory versions of his exact role at Astrix, Vector and Libra.
He created all three and has remained the director of the companies.
Throughout the leak it is his signature on every contract or agreement involving Vector or Libra and their trading platforms.
As readers may recall, however, Vector is supposedly owned by the unemployed Bulgarian Boris Kodzhov (who we saw above buying out SkyMT) while Libra is supposedly owned by Romanian model Diana Gugles. At least on paper.

Cornelissen only admits to ownership of Astrix, which he says was a mere service provider to Vector and Libra providing “compliance services to…keep them licensed and compliant”.
These services, however, extended to receiving deposits from “traders” before crediting them to trading accounts and paying out the meagre refunds and withdrawals that did occur.
In an initial response to questions, Cornelissen called Vector and Libra “my companies” and described Kodzhov and Gugles as “representatives appointed to manage the platforms ”. He simultaneously described it as a “co-operative structure” where Vector and Libra were “co-ops”.
Subsequently, however, in relation to the requirement that he perform a due diligence when appointing a juristic representative (specifically Vector) using Astrix’s FSP license, he replied that “I can’t exactly to a do a due diligence on myself”.
This particular claim becomes important a bit later on.
In response to follow-up questions Cornelissen seemed to change his tune.
Now Kodzhov and Gugles were unambiguously the ultimate beneficial owners (UBO) of Vector and Libra respectively and “were in administrative and financial control of and responsible for their respective platforms when the brands were launched,” whereas Cornelissen had initially told us that “only I have access to Libra’s bank account”.
Whatever the exact nature of Cornelissen’s role, it seems clear that he worked with a South African based in Cyprus named Keith Ioakim.
The Expat
Ioakim is an old hand in the online trading business and has been associated with several entities that have been mired in scandal and sanctioned in several countries. He told us that he himself had never been investigated or found guilty of anything. We have no evidence to the contrary.
Ioakim currently runs what seems to be a specialised company in Cyprus named Prorole Enterprises which, according to him, has as its niche “assisting firms to obtain South African FSCA licences”.
His two major South African clients have been Vector Financial Services and Libra Wealth.
In the leak there are several invoices from Prorole wherein Ioakim charges for “Provision of SA Directors and Key Individual, compliance, office rental space and PI [personal indemnity] cover as in accordance with the Consultancy Agreement”.
In response to questions both Ioakim and Cornelissen echoed each other, saying that the arrangement was that Prorole had the contract to provide all these services to Vector and Libra but outsourced it to Cornelissen’s Astrix. These companies would then pay Prorole which would pay Astrix.
The masses of invoices Ioakim sent Vector and Libra have a problem, however – one that leads us into the larger global Scam Empire.
While all the invoices are for services to the two South African companies, they are actually addressed to a bizarre array of other companies around the world.

These other companies are in fact conduits for money flowing from Scam Empire operations in other countries.
For instance, one of the companies paying Prorole was Greencode Connection in the UK. Bank statements in the leak show Greencode receiving constant inflows from another UK company named Purplesun which in turn received inflows from “traders” in Poland.
Another company invoiced by Prorole was Cyrestis, which was likewise fed by Purplesun.

This is another demonstration of the interrelationship of Scam Empire entities around the world, but the question arises: what was Prorole doing invoicing these companies?
According to Ioakim, he was simply told to address his Vector and Libra invoices to these entities because his clients were “part of a larger group of companies”.
Another noteworthy feature of these invoices is that they are all addressed to processing@backofficeteam.io.
This email address leads us back to the Israeli nexus: it belongs to Israeli Eduard Brovshtein – a man who in internal communications is known as “CFO”.
Ioakim told us that his contacts at the larger organisation were three characters who are all over the Scam Empire leak: Brovshtein, the mysterious “Paul van Rensburg” and an accountant named Hamza Javaid.
According to Ioakim, he was first introduced to the group by the aforementioned Israeli law firm Porat Group.
As we will see, these men have no kind words for Ioakim, which means he might conceivably be choosing to highlight them as scapegoats. All indications are, however, that they were central to at least the regulated division of Scam Empire.
Headquarters
Among Scam Empire’s meticulous records are expense reports for something called “CY HQ”.
These detail the staff complement and salaries of what looks like a small management team largely concerned with the regulated part of Scam Empire. We have thus far focused on South Africa, but the division has a growing presence in the Seychelles and the Comoros that we’ll get to soon.
In the documents, the aforementioned Hamza Javaid is (confusingly) also identified as “CFO” while “legal” falls under the purview of “Paul van Rensburg”. Javaid’s designation as “CFO” seemingly only relates to this smaller CY HQ, not the larger part of the scheme where Brovshtein is referred to as “CFO”.
Everyone in this HQ seems to have email address with the domain “nexushq.co” in addition to a plethora of other addresses linked to the platforms. While this implies a common employer there is an unaccountable unwillingness by all involved to say exactly who this may be.
Emails, screenshots of chatgroups and voluminous documentation, however, show that this “HQ”, alongside Brovshtein, ran the minutiae of the “regulated” platforms in South Africa and elsewhere.
One glaring red flag when it comes to HQ is that “Paul van Rensburg” does not exist.
Presented with evidence that his name is a pseudonym, “Paul” admitted that this is merely a “stage name” under which he does business.
This includes the fake name being listed as the contact person with authorities when complaints against the platforms arise, as well as when negotiating settlements with irate “traders” who allege foul play.

“Van Rensburg” is in reality an ex-South African named Gershon Bresler.
As we showed in Part One, the use of so-called stage names is commonplace in Scam Empire’s call centres – a practice that at least makes sense for a profession that often involves harassing and misleading people over the phone.
We asked Bresler why he used one, to which he replied that “the mere use of a “stage name” may serve various legitimate purposes and does not constitute an offense under the laws of any country”.
The fake name could however land him is serious trouble. Not only did he use it when talking down complainants and authorities – it also appears on the FAIS disclosure of Finbok, a mandatory declaration of a financial service provider’s key responsible individuals.

Victims of Finbok we spoke to recall being contacted by “Paul” when they threatened to take action against the platform. He would often offer them non-withdrawable “bonuses” to placate them and keep them on the platform.
In the chatgroups captured in the leak it can be seen how Bresler formulated documentation such as the legal fine print on the websites of the various platforms and organised the passports and other documents to appoint, among others, the “owners” of Vector and Libra.
Alongside Brovshtein and Javaid, Bresler helped set up platforms, as well as the all-important payment systems.
In the chatgroups Bresler had the username “PvanR” and display name “Poul”.
Javaid had the username “Max90289” and display name “Max56”.
Brovshtein was known as both “CFO” and “Michael_F”.
Some of these chats are illuminating.
For instance, they show how Brovshtein was not only processing@backofficeteam.io, receiving Vector and Libra invoices, but also finance@vfs-sa.com, a Vector email address.

He can also be seen directing staff dealing with not only the South African platforms but also two others we will touch on shortly.

Elsewhere Bresler is seen arranging for Cornelissen to sign some documents, only for Javaid to complain that “his highness works half day only”.

In a discussion about deploying a new payment service, Brovshtein tells a colleague to focus on Latin America and South Africa “as they have now traffic there”.

One exchange that seems to demonstrate that Libra’s putative owner Diana Gugles has little if any involvement in the company is when incorporation documents are ordered signed by someone else in her name, with the instruction to “sign on each document + add below the signature by hand ‘one hundred shares’”.

This instruction is carried out, as can be seen from the document itself, which is in the leak.

Throughout the leak there are documents authored by Javaid and Brovshtein dealing with the platform’s financial affairs and in particular the ever-present challenge of acquiring and maintaining payment systems to collect deposits.
Fire, brimstone and bad blood
We approached everyone mentioned above for comment. Both Brovshtein and Javaid essentially disregarded nearly all questions and instead railed against Keith Ioakim and Dustan Cornelissen.
Brovshtein threatened to sue journalists, saying “I vehemently deny your baseless allegations. I look forward to the moment they are published so that I can legally pursue each and every one of you personally. There is no country where you will be able to hide from my future lawsuits.”
More substantively, however, he claimed that the platforms were all under the control of Cornelissen and Ioakim but that Ioakim had in fact defrauded the company of $750 000 using fake paperwork.
Brovshtein also mistakenly assumed that Ioakim was our source and said that “without even realizing it, you are acting on behalf of Keith, who is doing everything he can to divert attention from the fact that he was caught stealing a massive sum from the company. He is trying to shift the “fire” away from himself.”
“Consider this a warning.”
Javaid repeated the claim that Ioakim wholly controlled Vector and Libra and that he had defrauded the companies.
In his defence, Ioakim told us “I want to make it clear that I did not steal any funds from Vector, Libra, or any other individual or organisation. This is a serious accusation, deeply offensive, and defamatory. I was never in control of any bank accounts for Libra, Vector, or Astrix. The only person with access to the SA bank accounts was Astrix Data, who acted solely on the instructions of representatives from Libra and Vector.”
“I have not received payments, neither personally nor corporately, other than those pertaining to the provision of my services.”
Javaid also shed partial light on what he claims is his true relationship with the platforms.
According to Javaid he is employed by a company that merely provided services to online trading platforms, including “developing financial strategies in alignment with the FinTech industry practice and requirements, providing regulatory compliance consulting, overseeing payment processing initiatives”.
While this does roughly correspond to what he can be seen doing in the leak, he did not address the fact that the regulated platforms he did work for are integrated with a vast international network of schemes that show all the hallmarks of being scams.
Javaid told us he had escalated Ioakim’s alleged misdeeds to the companies’ owners but would not confirm to us whether these owners are in fact Boris Kodzhov and Diana Gugles.
The biggest red flag,however, is that even when pointedly asked he refused to say who his employer or indeed the people who contracted them are. He did however admit that the “nexushq.co” email address he shares with Bresler was assigned by this mystery employer.
Bresler, apart from admitting that “Paul van Rensburg” is a fake name, likewise said he is a mere consultant, largely concerned with resolving client issues like complaints.
As supposed proof of his and Finbok’s legitimacy he provided a list of five refunds that had been given to traders. While he anonymised this list and provided only their numerical account numbers, the leak allows us to see the true state of affairs behind these refunds.
It was an ironic and ill-advised selection of examples.
Bresler for instance held up “trader 39740” – a man who lost the better part of a million rand and who told us unequivocally that he believes Finbok is a scam.
“Trader 61409”, the leaks show, had threatened to drag Finbok to the authorities and only then got a small refund that offset their losses, which ultimately came to R600 000.
Worst of all is trader 40354, who laid a lengthy complaint with the FAIS Ombud and lost both her pension and her daughter’s university fund.
All these examples involved clients who fought tooth and nail for their “refunds”.
We pointed this out to Bresler who responded that the latter client who took Finbok to the FAIS Ombud did ultimately get her refund. He also said that all of them knew what they were getting into.
“Individual confirmed they had read and fully understood the terms and recognized the inherent risks associated with trading in Contracts for Difference (CFDs), as documented by their subsequent signatures. Ultimately, they accepted negotiated resolutions to their complaints.”
He also suggested that clients are asserting that they have been defrauded only because third parties (like journalists) are contacting them and suggesting this was what happened.
“Given the inherent risks involved in trading CFDs, it is important to address cases in which external parties contact clients alleging fraudulent activity. Such communications may inadvertently cause clients to believe falsely that they have fallen victim to fraud.”
Complaints
The leak has revealed that the FSCA has been aware of complaints against Finbok in particular since at least late 2023, when it sent Astrix Data a letter demanding information on Vector and the trading platform.
In the leak there is both a draft and a final version of the response that was sent to the regulator.
One question was particularly telling and the answer may expose Cornelissen to serious legal risk.
The FSCA wanted to know what kind of due diligence had been done on Vector before it became a juristic representative using Astrix’s FSP license.
In the draft of the response, which clearly went through numerous hands, the initial plan was to say that a rigorous due diligence had in fact been carried out.
This was scrapped and in the final version Astrix instead said that no diligence was required because Astrix and Vector have the same owner.
Recall how Cornelissen also told us that he owned Vector but then turned around and instead said that the Bulgarian Kodzhov owned it. If the latter is true, then Cornelissen seemingly intentionally misled the regulator.
In June last year the FSCA issued a public statement that it was investigating Finbok, Vector and Astrix – an investigation it told us is ongoing.
New horizons
The pressure on Astrix, Vector, Libra and the associated brands Finbok, Finxocap and VP Trade (perhaps combined with the schism with Cornelissen) appears to have resulted in these platforms making a getaway.
In November last year all three were seemingly transplanted from their South African FSP license and reborn as products of a company in the Comoros named Nova Capital.
One Finbok user sent us a message they received at the time.

This has not affected the platform’s place in the Scam Empire administrative system – possibly a demonstration that Cornelissen and Ioakim are not in fact the controlling minds their former colleagues make them out to be.
These platforms, while still targeting South Africans, are now effectively out of authorities’ reach.
But Scam Empire has also seemingly been quick to replace its local footprint.
In November last year a new licensed FSP named Zivalea launched two platforms – Tredomatix and FXSI. Tellingly, the leak reveals that Tredomatix has the same exact staff complement as VP Trade.
The Tredomatix website was, however, recently taken down, which the company’s lawyers attribute to it having been too similar to other trading websites.
In January another new FSP named The Grand Trading launched TradeFT.
Again, there is no involvement from Cornelissen or Ioakim but the “nexushq” team is very much involved.
Bresler confirmed that he does work for TradeFT.
Up until now we have been mostly concerned with the core South African platforms within Scam Empire.
The Nexushq team has, however, been driving the establishment of platforms based in the Seychelles using a company named FXW Global.
One of these,SIFX, started up in November judging by records in the leak.
It has recently been placing seemingly AI-generated ads online.
Another platform is Nuvega, again based in the Seychelles. Apart from Javaid, Bresler and Brovshtein, the common thread seems to be Porat Group, which we will encounter again in our next instalment.
We will show that while setting up companies and fancy websites is all well and good, what really matters is the money and the people who move it.
Correction: 27 March 2025
A previous version of this story erroneously claimed that bank statements in the leak showed Prorole receiving constant inflows from another UK company named Purplesun. The story has been updated to note that it was Greencode, not Prorole, receiving said inflows.