OSINT Investigation:
Pavel Kashuba
Former CFO and co-CEO of CoinsPaid linked to crypto payment processor facing money laundering allegations
Primary Jurisdictions
Estonia, Austria, Belarus, Ukraine
Investigation Period
2019 – Present
Methodology
Open-Source Intelligence
Intelligence Metrics
7
Primary Sources Analyzed
FinTelegram investigative reports and corroborating publications
Multiple
Allegations Documented
Money laundering, tax fraud, and compliance failure claims
4+
Jurisdictions
Estonia, Austria, Ukraine, and alleged Belarus connections
1
Primary Operating Entity
Dream Finance OÜ trading as CoinsPaid
9
Named Associates
Co-executives, board members, and whistleblowers identified
€2.23B
Reported Q3 2024 Volume
CoinsPaid processing volume per public claims
Pavel Kashuba (known internally as 'Pasha') served as CFO and co-CEO of CoinsPaid — operated through Dream Finance OÜ in Estonia — until his departure in May 2024, which coincided with publication of FinTelegram's investigative report citing whistleblower allegations of money laundering, tax fraud, and compliance failures. The entity's officially listed beneficial owners, Austrian Alexander Horst Riedinger and Ukrainian Maksim Krupyshev, are alleged by whistleblowers to obscure undisclosed Belarussian principals — claims that remain unverified and contested. Active corporate litigation in Vienna and Israel underscores the elevated reputational and legal exposure attaching to the subject's tenure.
Identity & Corporate Network Analysis
Identity Verification
Pavel Kashuba is identified in FinTelegram's investigative reporting as having concurrently held the titles of CFO and co-CEO at CoinsPaid, the trading name of Estonian-registered Dream Finance OÜ. He is known internally by the nickname 'Pasha'. No public LinkedIn profile or personal website was identified for him in the source material — an unusual gap for a senior finance executive at a payment processor reporting €2.23B in Q3 2024 volume.
Public reporting does not establish his nationality, year of birth, or prior career background with documentary certainty. His listing in the CoinsPaid 'key data' section of the FinTelegram report places him within the executive tier alongside CEO Maksim Krupyshev and registered UBO Alexander Horst Riedinger.
Corporate Network Mapping
CoinsPaid operates through Dream Finance OÜ in Estonia and is presented to counterparties via an Austrian-fronted ownership layer attributed to Riedinger. Whistleblower Frédéric Hubin — a former Estonian board member who resigned in April 2023 — alleges fraud and illegal gambling involvement and frames Riedinger's role as that of a frontman.
FinTelegram reporting alleges operational interlinkage with affiliate AlphaPo, including shared compliance and treasury personnel; Aliaksei Kuzniatsou is named as Head of Treasury for both. Co-founder Ivan Montik is also identified with SoftSwiss and Merkeleon, embedding the network within the iGaming software ecosystem. All operational interlinkage allegations are reported and contested.
Corporate Network
Entity Web — 8 Entities, 7 Relationships
Click any node to inspect · Drag to pan · Scroll to zoom · Edge colors: owns · manages · rebranded · affiliated
Beneficial Ownership & Control Analysis
Click on nodes or connection lines to reveal concealment tactics and red flags
Officially, CoinsPaid's beneficial owners are Alexander Horst Riedinger (Austria) and Maksim Krupyshev (Ukraine). Anonymous tip material referenced by FinTelegram and Medium author 'Shana Dovi' alleges that Riedinger is a frontman for undisclosed Belarussian principals — a claim that remains unverified and is denied by the company.
Within this structure, Pavel Kashuba's concurrent CFO and co-CEO roles concentrated finance and executive oversight in a single individual during the period to which the most serious allegations relate. Board responsibility in Estonia was further allocated to Svetlana Prussova, with compliance and operational functions handled by Hanna Drabysheuskaya, Maria Akulenko (former CLO), and Violaine Champetier de Ribes Christofle.
Systemic AML signals — to the extent supported by reported sources — include the alleged frontman UBO arrangement, the alleged sharing of compliance and treasury infrastructure with AlphaPo, the disputed loss figures from the July 2023 hack, and the multi-jurisdictional litigation footprint spanning Vienna and Israel. None of these signals constitutes a finding of misconduct against the subject personally.
Timeline of Disclosure Events
The temporal arc moves from the build-out of CoinsPaid through the 2023 security incident and whistleblower exit into the May 2024 publication phase and ongoing litigation.
Venture Timeline
Cumulative Financial Harm
Systematic Pattern
Documented pattern: serial venture launches followed by collapse, immediate rebranding, and withdrawal restrictions coinciding with recruitment slowdowns.
CoinsPaid (Dream Finance OÜ)
Active2019-2023
Genesis — Estonian Crypto Payments Build-Out
Scheme Premise
Crypto payment processing for merchants, with strong gambling-vertical penetration.
Collapse Signal
Whistleblower Frédéric Hubin resigns April 2023 alleging fraud and illegal gambling involvement.
Regulatory Actions (1)
Compliance scrutiny (reported)
July 2023 Hack & Disclosure Phase
Collapsed2023
$37M Hack and Loss-Figure Discrepancies
Scheme Premise
Continued processing growth despite security breach.
Collapse Signal
Hack publicly disclosed but loss figures allegedly inconsistent with internal records.
May 2024 Whistleblower Publication
Collapsed2024
Shana Dovi / FinTelegram Investigative Report
Scheme Premise
N/A
Collapse Signal
Investigative report alleges money laundering, tax fraud, and compliance failures; Pavel Kashuba departs as CFO and co-CEO.
Regulatory Actions (1)
Investigative report publication
Corporate War: Vienna & Israeli Courts
Rebranded2024-Present
Litigation Phase
Scheme Premise
N/A
Collapse Signal
Israeli court splits smear-campaign suit from underlying corporate dispute; Vienna proceedings continue.
Regulatory Actions (1)
Active proceedings
The Cycle Is Not Over
Latest scheme remains active. Zero successful prosecutions to date.
Build-Out Phase (2019–2022)
CoinsPaid is established as the trading name of Estonian Dream Finance OÜ, presenting Riedinger and Krupyshev as beneficial owners. Pavel Kashuba is positioned as CFO and co-CEO, concentrating finance and executive authority.
Disclosure Pressure (2023)
April 2023: Frédéric Hubin resigns from the Estonian board and later emerges as a public whistleblower alleging fraud and illegal gambling involvement.
July 2023: A reported $37M hack is publicly disclosed; whistleblower sources allege discrepancies between disclosed and internal loss figures.
Publication and Departure (2024)
May 2024: FinTelegram publishes its investigative report citing the Shana Dovi Medium piece; Pavel Kashuba departs as CFO and co-CEO in the same window.
Subsequent months: CoinsPaid characterises adverse coverage as part of an anonymous attack campaign and initiates litigation.
Litigation Phase (2024–Present)
Vienna Commercial Court proceedings continue; an Israeli court procedurally splits the smear-campaign suit from the underlying corporate dispute, signalling that the reputational and ownership claims will be adjudicated separately.
Reputation Engineering & Information Suppression
Public reporting describes a contested reputational environment in which CoinsPaid emphasises growth metrics — including €2.23B in Q3 2024 processing volume — while characterising adverse investigative coverage as part of an anonymous attack campaign. Independent verification of either narrative is limited.
For Pavel Kashuba specifically, the absence of a personal public profile (no LinkedIn or website cited in source material) constrains independent due diligence on his background and stands in contrast to other named executives whose profiles are linked in the reporting.
Reputation Manipulation Timeline
Click any node to inspect evidence — 2020–2025
Documented Litigation Around Reputational Claims
A smear-campaign suit forms part of the active litigation; an Israeli court has split this claim from the underlying corporate dispute, while Vienna proceedings continue. No DMCA or platform-takedown evidence specific to Pavel Kashuba was identified in the source material.
Lumen Database Notice #34628019
False DMCA ClaimEvidence of bad-faith copyright claim used to suppress investigative journalism
Active litigation across Vienna and Israel concerning corporate dispute and alleged smear campaign tied to whistleblower disclosures.
Investigative Analysis
Israeli court has procedurally separated the smear-campaign claim from the underlying corporate battle.
CoinsPaid alleges coordinated reputation harm via anonymous publications and Medium-hosted content authored under the byline 'Shana Dovi'.
Investigative Analysis
ALLEGED: attribution and coordination of the alleged campaign remain unverified in public sources.
Frédéric Hubin's published allegations frame the disputes as substantive compliance and fraud concerns rather than reputational warfare.
Investigative Analysis
Single-source insider testimony — corroboration through documentary evidence is limited in public reporting.
Source: Lumen Database (lumendatabase.org) - Public record of online content removal requests
Comparative Analysis: Structural Parallels
Compared with documented crypto and payment-sector cases such as Wirecard (where third-party acquirers obscured missing cash) and Bitzlato (where layered jurisdictions concealed Russian-linked operators), the CoinsPaid allegations track a recognisable typology of multi-jurisdictional structuring with disputed beneficial ownership. The key distinction is that, unlike those comparators, CoinsPaid allegations remain at the reported and alleged tier without confirmed enforcement findings.
Pavel Kashuba's position — concurrent CFO and co-CEO, exiting in the same window as the major disclosure event — fits a governance pattern observed in pre-enforcement cases, but does not, in itself, evidence personal misconduct.
| Scheme | |||||
|---|---|---|---|---|---|
CoinsPaid (Pavel Kashuba context) SUBJECTHIGH RISK | |||||
Wirecard AG COMPARATOREXTREME RISK | |||||
Bitzlato COMPARATOREXTREME RISK |
Pattern Dimensions
5 / 5
Subject scheme assessed across all 5 fraud dimensions identified in historical comparators.
Jurisdiction Stack
Estonia · Austria · Ukraine · alleged Belarus
Key operational signature distinguishing this subject scheme from single-cycle historical comparators.
Comparator Schemes
2 analysed
Historical comparators: Wirecard AG, Bitzlato.
“Independent reporting frames CoinsPaid — where Pavel Kashuba served as CFO and co-CEO until May 2024 — as a multi-jurisdictional crypto payment processor whose officially listed Austrian and Ukrainian beneficial owners are alleged by whistleblowers to obscure undisclosed Belarussian principals, with overlapping compliance and treasury infrastructure shared with affiliate AlphaPo. All allegations are unverified and contested by the company.”
Red Flag Catalog
Severity Distribution — 6 Red Flags Documented
Officially listed Austrian UBO alleged by whistleblowers to front undisclosed Belarussian principals.
The use of a nationally credentialed EU-based individual as the registered beneficial owner — while substantive control is alleged to rest elsewhere — is a recognised concealment pattern in cross-border financial services.
Documented Examples
- Alexander Horst Riedinger registered as UBO
- Whistleblower allegations of Belarussian shadow ownership
- Pavel Kashuba operated finance and executive roles within this structure
FATF Guidance on Beneficial Ownership
“Concealment of beneficial ownership through nominees, frontmen, or layered structures is a recognised typology requiring enhanced due diligence.”
CoinsPaid alleged to share compliance, treasury, and personnel with AlphaPo.
Operational interlinkage between ostensibly separate licensed entities undermines compliance segregation and increases AML risk.
Documented Examples
- Aliaksei Kuzniatsou heads treasury for both CoinsPaid and AlphaPo
- Allegations of shared compliance personnel
- Operational interlinkage cited in FinTelegram reporting
Pavel Kashuba's exit aligned with publication of whistleblower revelations in May 2024.
Senior executive departures concurrent with adverse disclosures warrant attention as a governance and continuity signal, though motive is not established.
Documented Examples
- May 2024 publication of Shana Dovi / FinTelegram report
- Departure from CFO and co-CEO roles in same period
- Frédéric Hubin earlier resignation (April 2023)
$37M July 2023 hack with alleged discrepancies between disclosed and actual losses.
Inconsistencies between publicly stated and internal loss figures, where alleged, raise concerns about transparency to counterparties and regulators.
Documented Examples
- July 2023 hack publicly disclosed at $37M
- Whistleblower allegations of discrepancy
- Subject held CFO role during disclosure period
Active Vienna and Israeli proceedings indicate escalating corporate dispute.
Parallel litigation across multiple jurisdictions, including a smear-campaign claim severed by an Israeli court, points to entrenched corporate conflict.
Documented Examples
- Vienna Commercial Court proceedings
- Israeli court splits smear claim
- Allegations of anonymous attack campaigns
No LinkedIn or personal website identified for Pavel Kashuba in source material.
The absence of a verifiable public professional profile for a senior finance executive at a high-volume payment processor limits independent due diligence.
Documented Examples
- FinTelegram reporting flags absence of public profile
- Internal nickname 'Pasha' is the only additional identifier
- Biographical detail not corroborated in public sources
Final Risk Assessment
Overall Classification
Risk Assessment Scorecard
Risk Vector Overview
Scores based on documented findings. Max = 100.
AML Risk
HIGHAllegations of money laundering, alleged Belarussian shadow ownership, and shared infrastructure with affiliated processor elevate AML exposure for the subject's tenure.
Allegation source
FinTelegram / Shana Dovi (May 2024)
Jurisdictions implicated
Estonia, Austria, alleged Belarus
Affiliate overlap
AlphaPo (shared compliance and treasury alleged)
Subject role during period
CFO and co-CEO
AML Risk Classification: HIGH. Reported allegations of money laundering and tax fraud, alleged Belarussian shadow ownership, and alleged shared compliance/treasury infrastructure with AlphaPo elevate AML exposure for the subject's tenure as CFO and co-CEO. All allegations are unverified and contested.
Reputational Exposure: Investigative coverage by FinTelegram and the Shana Dovi Medium piece, combined with active smear-campaign litigation, has materially damaged the public profile of the entity in the period spanning the subject's departure.
Governance Pattern: The coincidence of Pavel Kashuba's exit in May 2024 with publication of the whistleblower revelations is a notable governance signal, but no public enforcement action or court finding has been identified that names him personally.
The composite picture is one of high counterparty risk attaching to the CoinsPaid network during the subject's tenure, with significant intelligence gaps — particularly around Pavel Kashuba's biography, nationality, and post-departure activities — that warrant additional verification before any definitive risk conclusion is drawn.
Get Involved
Sign in to comment, reply and react
We moderate comments to keep this a respectful and safe place. We have a zero-tolerance approach to user-to-user personal abuse. Please follow the house rules.
COMMENT
Participate in discussion, add context, and respond to this report.
TIPS AND EVIDENCE
Submit verified tips, supporting evidence, or additional intelligence.
CORRECTIONS
Request factual corrections or submit verifiable updates for this report.
* This discussion is moderated. Keep comments factual, relevant, and constructive. All submissions are reviewed before publication.
No comments yet. Be the first to comment!