What I learned scraping 141 crypto cardholder agreements

On 3 February 2026, three unrelated crypto cards — CEX.IO Card, Trustee Plus, and IN1 — stopped processing payments on the same day. They had no parent in common. They were not hacked. None of the front-end brands had failed. The only thing they shared was a Polish payment-institution whose license had been revoked twelve days earlier by KNF.

That was the prompt to start a dataset. The question was simple: how many other crypto cards share an underlying issuer that almost no user has ever heard of? Answering it required reading roughly 141 cardholder agreements.

This post is about what that data collection actually looked like — the scraper choices, the failure modes, and what surprised me about the structure of "publicly available" legal documents on the web.

The architecture, in two paragraphs

Most crypto companies don't directly issue payment cards. They rent the right to issue cards from a principal member of Visa or Mastercard. That principal — usually a small or mid-size bank or e-money institution — is the BIN sponsor. The six digits at the start of the card number identify them. The brand on the front of the card is a separate company, the program manager, which contracts with both the sponsor and the user.

What I learned scraping 141 crypto cardholder agreements

Other newsrooms on this story

Related reading

The Great Crypto Re-Banking Has Begun

Why DeFi Keeps Losing Millions to Exploits - Decrypt

Dow Jones Top Financial Services Headlines at 12 AM ET: The Mysterious Crypto…

A $20 Billion Crypto Scam Market Faces a New Government Crackdown

B1ack's Stash Marketplace Gives Away 4.6 Million Stolen Credit Cards

Bankr Disables Transactions After Hacker Accessed 14 Crypto Wallets