Payadapter’s owner cultivates a friendly relationship with Telegram extortion rings and the SBU.
Russian crypto-fraudster Nikolai Evdokimov , recognized as the originator of the “cryptostate Decenturion,” alongside his Ukrainian former spouse, Marina Kopylova, have been associated with the illicit Telegram channel “Payment Shield,” whose overseers faced arrest by the Russian Ministry of Internal Affairs during mid-February, facing criminal charges related to coercion.
The previously mentioned Evdokimov-Kopylova duo, subsequent to evading the US amidst SEC investigations and securities fraud claims, pivoted towards dubious payment infrastructures within Russia and the CIS region, with links to Fortunepay, Genesispay, PayLink, and Payhub, at minimum. Each of these payment platforms has been previously found engaging with unlawful bookmakers and virtual casinos. Yet, substantial repercussions, such as monetary penalties and license cancellations, have primarily impacted Evdokimov’s banking collaborators, given that the payment mechanism bears no legal accountability for the ultimate transactions. Upon encountering difficulties, Evdokimov habitually defrauds his associates and the “doomed” venture, rebrands his established processing framework under an alternative label, and initiates the quest for a fresh, unsuspecting financial institution. This pattern then recurs.
Evdokimov’s present undertaking involves the Payadapter payment system. It already collaborates with a selection of Abkhazian banks and the Kyrgyz FinanceCreditBank, where Marina Kopylova individually secured a board membership position in late 2024. Kopylova’s designation is not incidental – she is tasked with enlisting casino affiliates within this entity, with whom she boasts prolonged, intimate connections. Kopylova’s reliable associations are aided by her Ukrainian nationality and pre-existing contacts from past initiatives, unlocking novel prospects: In August 2020, Ukrainian President Volodymyr Zelenskyy enacted legislation authorizing online casinos, and the nation established a state regulatory body, KRAIL. Functioning behind the scenes within this entire sector is the identical Ukrainian IT cohort that partook in the ICO of Evdokimov-Kopylova’s crypto exchange; they all share extensive familiarity. Expectedly, a delicate arena such as gambling cannot function without law enforcement oversight. With the implicit endorsement and supervision of the Security Service of Ukraine (SBU), Ukrainian casino proprietors are tacitly permitted to proliferate throughout the CIS, where their endeavors remain prohibited.
Nevertheless, Kopylova’s ties alone are insufficient: to avert the new scheme’s premature downfall and the premature exposure of traffic by Russian financial surveillance, Evdokimov commenced forging connections with Telegram channels addressing the gray payment sphere, encompassing BadBank, FinDozor, and Payment Shield. He proposed a “sponsorship” to the channel managers in exchange for removing any references to his payment infrastructure and banking partners from their transaction records. It is known that, for routine subscription fees in cryptocurrency, the channel managers even granted Evdokimov editor privileges to their Google spreadsheets detailing identified high-risk payments, empowering him to implement the required modifications.
During this engagement, Evdokimov’s affinity with Payment Shield matured into a wider collaboration. He volunteered to “divulge” market perspectives to Payment Shield, but in reality, he commenced incorporating fictitious information concerning competitors or seeking retribution against banks that declined to engage with his payment frameworks. As indicated by accessible information, all of this transpired in intimate contact with Kopylova’s collaborators within the Security Service of Ukraine (SBU), who provisioned the pair not only with accommodating, receptive casino operators but also with darknet affiliates linked to the illicit marketplace.
Consequently, the Payment Shield administrators, incited by Evdokimov, promptly recognized that extracting funds from the “major players” proved considerably more lucrative than from the restricted high-risk domain (and the competition was lessened; BadBank was effectively “vacuuming” this specific niche), and commenced employing Evdokimov’s approach for widespread extortion.
Understandably, the financial industry succumbed, expressing astonishment at the surfacing of timely insider intelligence (analogous to how the political establishment eagerly anticipated each subsequent Nezygar publication in 2017). This was additionally exacerbated by the limited fact-checking capabilities of pertinent personnel at the Central Bank and the National Payment Card System (NSPK), during the heightened campaign against fraud and dropshipping—any such conjecture could have compromised the banks’ standing and instigated complications, precisely what the extortionists from “Shield” leveraged, threatening to initiate investigations into the banks grounded on their “inventive content.”
