Summary

  • Euro Crypt's clearest public proof of commercial activity is a 2023 customer contract described in a January 2026 Bulgarian court decision: BGN 24,000 a month before VAT for virtual infrastructure, 17 address blocks, a VLAN, dark fibre and 100 Mbps guaranteed internet, plus BGN 6,000 a month for two technical consultants.
  • The same decision records ten invoices totalling BGN 300,000 before VAT, all paid, and says a court-appointed technical and accounting examination found the services, staff and infrastructure consistent with the contracts. That is evidence of delivery to one customer, not evidence of a broad customer base.
  • Current routing measurements show AS25211 originating 35 IPv4 prefixes and no IPv6 prefixes, while the RIPE database records Euro Crypt as a Local Internet Registry with both IPv4 allocations and a /29 IPv6 allocation. Holding resources and originating them on one network are different facts.
  • Bulgaria's communications market grew in 2024, but its long tail came under pressure: the regulator counted 667 data-transfer and internet providers, down 36 in a year, while the three largest fixed-access providers increased their combined revenue share.
  • A Bulgarian financial-data service, drawing from filed accounts, reports that Euro Crypt's 2024 revenue fell 45.9%, profit fell 61.5% and EBITDA fell 47.4%. The public data do not reveal enough customer-level or cost detail to decide whether the decline was a contract timing effect or a deeper loss of demand.
  • The economic judgment is negative unless the company can show repeat customers buying an integrated, locally operated service. IPv4 scarcity can support pricing, but address custody alone is not a moat; without differentiated operations, Euro Crypt is an infrastructure price-taker with concentration and abuse-control risk.

The incentive is to sell relevance before the assets become overhead

Euro Crypt's management problem begins with a contradiction. The company controls scarce and operationally useful internet number resources, runs an autonomous network, and has at least one documented example of selling a sophisticated bundle. Yet none of those facts guarantees the scale required to absorb round-the-clock operations, hardware renewal, upstream connectivity, security work, regulatory reporting and customer support. A resource that looks valuable in a registry can still produce a poor return if utilisation is low, customers are concentrated or the service surrounding it is easy to replace.

The incentive, therefore, is not to become a miniature hyperscale cloud. That contest is already lost on capital intensity, software breadth, geographic reach and purchasing power. The rational objective is narrower: make local resource control, network configuration and accountable human support worth more to a defined class of customer than the sum of commodity alternatives. That means finding customers whose workload needs multiple public IPv4 blocks, controlled routing, a private or dedicated fibre path, reproducible test infrastructure and engineers who will intervene when the network is attacked or misconfigured.

This is a real niche. It is also a small one. Most small Bulgarian businesses do not need 17 routed /24-sized networks, 16 large virtual machines or a BGP-delivered circuit. Many can buy a virtual server, public address, managed database and backup from a large cloud or European host in minutes. Larger enterprises can buy managed infrastructure from operators with deeper balance sheets, multiple facilities and formal service organisations. Euro Crypt sits between those alternatives. It has to charge enough to cover the costs of being a network operator, but not so much that customers decompose the bundle and buy each part elsewhere.

Who pays is clear in the one contract the public record exposes: a software-infrastructure company using a complex environment to test systems before deployment at its own customers. Who benefits is also clear: the customer avoids building and staffing the entire test environment itself, while Euro Crypt earns recurring infrastructure and consulting revenue. Who carries the downside is less comfortable. Euro Crypt carries capacity, upstream, equipment and support obligations whether or not the next customer arrives. The customer can eventually redesign its test environment, move workloads, return address space or rebid connectivity. Scarcity helps the supplier only while the customer genuinely needs what is scarce.

That is why revenue growth and value creation must be separated. A three-year contract can lift revenue quickly. It creates value only if the price exceeds the full cost of equipment, facilities, fibre, transit, address administration, support labour, security and eventual replacement, after allowing for customer-acquisition risk and downtime liabilities. The available evidence establishes revenue and delivery. It does not establish the margin.

The legal company is small; the network footprint has a longer history

Bulgarian company information identifies Euro Crypt EOOD, company number 204715107, as an active Sofia-based single-member limited-liability company formed on 9 August 2017. It is classified under NACE 6209, other information-technology service activities. The same record says Strahil Sashev Ivanov became managing director and sole owner in February 2023, replacing Veselka Plamenova Todorova. Registered capital is BGN 2. That nominal capital says almost nothing about the market value of the company's resources or its ability to meet obligations; it does underline why current cash flow and supplier credit matter more than paid-in equity.

The corporate boundary must not be confused with every historical label attached to the network. The RIPE database record for AS25211 says the autonomous system was created in June 2015, more than two years before the present legal company was incorporated. Several IPv4 allocation names include dates from 2006 to 2009. Those labels describe the history or naming of number-resource records, not proof that the 2017 company operated in those earlier years. Transfers, renaming and changes in sponsorship can preserve old dates while control changes. Any valuation that credits the present company with two decades of operating history would therefore be careless.

The current boundary is firmer. RIPE lists "Euro Crypt" EOOD as a member operating a Local Internet Registry, with a Sofia contact address and Bulgaria as its service area. The organisation record identifies the Bulgarian company as ORG-CE81-RIPE and the organisation type as LIR. Its last-modified date in May 2026 shows that the record remains maintained. These facts support number-resource administration and a continuing membership footprint. They do not, on their own, prove a retail ISP, a public cloud, a data centre, national access coverage or any particular service level.

The distinction matters because a broad registered business purpose is not an operating map. Euro Crypt's corporate record permits trading, distribution, design, representation, consulting, marketing and other lawful activities. A permissive purpose clause is standard corporate architecture, not evidence that each activity occurs. The operating boundary visible in stronger evidence is narrower: number-resource administration, autonomous routing, virtual infrastructure, connectivity and technical consulting delivered in at least one enterprise engagement.

Control also appears concentrated. A sole owner-operator can make decisions quickly, preserve specialist knowledge and negotiate unusual packages without layers of approval. The same structure creates key-person risk. Network operations require credential custody, routing-policy knowledge, supplier contacts, billing continuity, abuse handling and emergency response. If those capabilities are held by one or two people rather than documented across a team, a small disruption can become a commercial outage. Public records do not show the governance arrangements, succession plan or operational delegation needed to judge that risk.

One contract proves a business model, but not a market

The most useful evidence does not come from promotional material. It comes from Decision 2633 of the Sofia City Administrative Court, dated 21 January 2026, in a tax dispute involving Euro Crypt's customer, Exquadro Bulgaria. Euro Crypt was not the party challenging the tax assessment, and the decision should not be read as a general certification of its business. It is valuable because the court describes contracts, invoices, bank payments, staff records and a court-appointed technical and accounting examination in unusual detail.

According to the decision, Euro Crypt and the customer signed two contracts on 20 February 2023. The telecommunications contract covered 16 virtual application servers, 17 Class C networks, a VLAN to the customer's office, dark fibre and 100 Mbps guaranteed optical internet delivered over a BGP session. The servers were described as having 12 CPU cores, 32 GB of RAM and 500 GB of SSD storage each. The bundle carried a final monthly price of BGN 24,000 before VAT and a 36-month term. At the fixed conversion rate later used for Bulgaria's euro adoption, that was about EUR 12,271 a month.

The consulting agreement added two specialists. The listed skills included DevOps work, container technology, VPS configuration and maintenance, DDoS support, and JavaScript application technologies. The monthly price was BGN 6,000 before VAT, or about EUR 3,068. Together, the two contracts therefore represented BGN 30,000 a month before VAT, roughly EUR 15,339. The court records ten invoices from March through December 2023 with a pre-VAT value of BGN 300,000 and says bank records showed BGN 360,000 including VAT had been paid, with no balance outstanding.

The commercial design is revealing. Euro Crypt was not merely renting a server or reselling bandwidth. It combined compute, public addressing, local connectivity and labour into one accountable service. The customer used the environment to simulate complex systems before introducing them into live enterprise settings. A court-appointed examination visited locations containing server and communications equipment, found that the listed addresses belonged to Euro Crypt in the RIPE database, and concluded that the company had the infrastructure and staff needed for the work. It also linked the services to the customer's subsequent business activity. The court ultimately cancelled the denial of BGN 60,000 in input VAT relating to all of Euro Crypt's invoices.

This establishes a credible operating model: managed test or staging infrastructure for a customer that values topology, address separation, dedicated access and technical help. It answers a question that a routing record cannot: somebody paid for a service built around the resources, and the service was examined rather than merely asserted.

It leaves the most important strategic questions open. The decision exposes one customer and ten months of invoices. It does not disclose how many other customers Euro Crypt had, whether the 36-month term ran to completion, whether the capacity was dedicated or shared, what hardware and facility costs sat underneath it, or whether the customer renewed. It also does not show that the same package is repeatable. A bespoke contract can be profitable; it can also absorb most of a small company's staff and create the appearance of scale that disappears when the term ends.

The number-resource footprint is substantial, but it is not the same as service scale

The network evidence confirms activity while warning against simple counts. A RIPEstat snapshot for AS25211 showed 35 originated IPv4 prefixes on 10 July 2026 and no IPv6 originations. Several entries are more-specific routes inside larger announced blocks, so adding every prefix size would double-count some address space. The right conclusion is that the network actively announces a meaningful set of IPv4 routes, not that each line represents a separate unencumbered asset.

The RIPE inverse search for Euro Crypt's organisation record returns a broader resource picture than AS25211 alone. It includes multiple IPv4 allocations and a 2a06:9f00::/29 IPv6 allocation. Some IPv4 records carry country codes outside Bulgaria, and some address space associated with the LIR is originated by networks other than AS25211 or is not visible in current global routing. This is normal enough in a business that makes assignments or sub-allocations, but it means three concepts must remain separate: the resource registered to the LIR, the address block assigned to a user, and the autonomous system currently announcing the route.

That separation is economically important. An LIR can create value by administering assignments, documenting contacts, maintaining route objects, supporting RPKI and helping customers obtain or use resources. A network can also sell transit or managed connectivity around those assignments. But the gross count of addresses says nothing about utilisation, contract duration, bad-debt risk, reclamation rights, support burden or abuse history. Nor does a registered allocation mean the company can sell it outright. RIPE policy and contractual conditions govern how addresses are assigned and transferred.

IPv4 scarcity does give the footprint option value. RIPE NCC says it has exhausted its free IPv4 pool; an eligible LIR that has never received an allocation can seek only one recovered /24 through a waiting list. A customer needing 17 /24-sized networks cannot reproduce the 2023 configuration by simply joining RIPE NCC and asking for new space. It must obtain addresses through a provider, use transferred space, redesign around address sharing, or move more of the architecture to IPv6. That constraint strengthens Euro Crypt's bargaining position where many distinct public IPv4 addresses are genuinely required.

The option decays if it is not paired with clean operations. Customers can use network address translation, consolidate workloads, rent smaller address quantities from hosting providers, purchase transferred resources or adopt IPv6. Cloud platforms increasingly charge separately for public IPv4, which makes scarcity visible but also encourages customers to remove unnecessary addresses. Euro Crypt earns value only when it can turn custody into a reliable service at a total price below those alternatives.

The IPv6 evidence is a strategic warning. The LIR record includes a large IPv6 allocation, yet AS25211 had no visible IPv6 originations in the snapshots reviewed. This does not prove that Euro Crypt provides no IPv6 through another network, and it does not prove the entire /29 is unused. It does mean the public routing footprint does not demonstrate a dual-stack offer on its own autonomous system. A resource holder whose commercial story rests heavily on scarce IPv4 risks defending yesterday's constraint instead of helping customers remove it.

The 2023 price can be rational only as an integrated service

The BGN 30,000 monthly contract is the closest available view of revenue economics. Its structure matters more than the headline. BGN 24,000 paid for infrastructure and telecommunications; BGN 6,000 paid for two part-time technical specialists. The consulting rate was built from 60 hours a month at BGN 40 for one specialist and 80 hours at BGN 45 for the other, according to the court's description. That labour revenue is not equivalent to recurring software revenue. It consumes skilled time as it is earned.

The infrastructure price is harder to parse. Sixteen machines at the stated configuration represented 192 CPU cores, 512 GB of RAM and 8 TB of SSD capacity in aggregate, before allowing for redundancy, snapshots or spare capacity. The customer also received 17 IPv4 networks, VLAN access, dark fibre and a guaranteed 100 Mbps link. The contract did not publish a separate price for the fibre route, bandwidth commitment, addresses, server capacity, setup work or service response. It therefore cannot be benchmarked honestly as if it were sixteen ordinary virtual servers.

Public cloud pricing still puts pressure on the package. Amazon Lightsail's published prices show how wide the compute range can be: a Linux bundle with 32 GB of memory, eight virtual CPUs and 640 GB of SSD can be priced around USD 380 a month, while a compute-optimised bundle with 32 GB, 16 virtual CPUs and 1.28 TB of SSD is around USD 840 in the displayed schedule. Sixteen instances across that broad bracket would cost roughly USD 6,080 to USD 13,440 a month before specialist support and any architecture needed to reproduce the dedicated link and large address footprint. These are not like-for-like quotes, but they reveal the negotiation problem. Euro Crypt's infrastructure fee sat inside the range of plausible compute-only alternatives while including components a basic cloud instance does not.

At the low end, substitution is harsher. Hetzner markets shared cloud servers from only a few euros a month. Most such instances are far smaller than the court-described servers, and a bargain virtual machine does not reproduce dark fibre, 17 routed networks or a local engineer. But customers rarely preserve an old architecture merely to make a supplier's comparison fair. They can ask whether all 16 machines need the specified capacity, whether every test environment needs a distinct /24, whether 100 Mbps dedicated access is still adequate, and whether managed cloud services could replace whole servers. The cheapest alternative is often redesign, not replication.

The contract's economic defence is convenience and control. One supplier delivered an environment that apparently matched the customer's enterprise-testing needs, connected it to the office and provided people who understood both infrastructure and code. Avoided integration cost can be material. The customer did not have to coordinate a cloud account, a Bulgarian carrier, an address provider, security support and independent consultants. If Euro Crypt resolved incidents quickly and maintained a stable test environment, the bundle may have saved more than the price difference.

That defence becomes weaker at renewal. Once the environment is documented, the customer knows its utilisation and can invite alternatives. Large clouds offer automation and managed services. Bulgarian operators offer fibre and enterprise connectivity. European hosts offer dedicated servers and address options. Independent consultants can operate any of them. Euro Crypt must show that the integrated service keeps reducing risk, not merely that it was convenient to install once.

The cost stack is heavier than the membership fee suggests

RIPE membership itself is not the main burden. The 2026 charging scheme sets the annual contribution at EUR 1,800 per LIR account, with additional charges for certain independent resources and AS assignments. That base fee is modest relative to a contract worth more than EUR 15,000 a month. It may encourage an unsophisticated observer to think address-holder economics are almost costless. The conclusion would be wrong.

The first cost bucket is compute. Sixteen large virtual machines require physical servers, memory, storage, hypervisor capacity and spare headroom. If Euro Crypt owned the equipment, capital had to be funded before revenue arrived and refreshed as hardware aged. If it leased bare metal or virtual capacity, a supplier captured part of the monthly price. Either model needs backup, monitoring, patching and recovery. The court records that the customer supplied equipment sufficient to use the service, but that does not remove the provider's infrastructure obligation.

The second bucket is the facility. Servers need rack space, power, cooling, fire protection, physical security and remote hands. The public record does not identify the facility or facilities used, so there is no basis for claiming geographic redundancy. A single-site deployment can be economical for a test environment, but it concentrates power, fibre and physical-access risk. A multi-site design costs more and requires replication or failover engineering.

The third bucket is network access. A guaranteed office circuit and dark fibre create recurring lease or maintenance costs unless the provider owns the route, which has not been established. Transit through an upstream, exchange-port charges, cross-connects, optics, routers and replacement spares add further expense. Traffic commitments can create step costs: capacity is bought in chunks before it is fully sold. Small operators usually pay more per unit than national carriers because they buy less equipment and bandwidth.

The fourth bucket is labour. The court says Euro Crypt had four employees until mid-September 2023 and two through the end of that year. Two consultants were specifically committed to the customer. Even if other staff covered network operations, the ratio implies limited redundancy. Paid engineering hours generate consulting revenue, but after-hours incidents, abuse complaints, supplier coordination and administrative work may not be separately billable. Hiring enough people for genuine 24-hour coverage would materially change the economics; relying on a few individuals lowers cost until an incident exposes the gap.

The fifth bucket is trust. Address assignments need accurate records, customer verification, abuse contacts and a process for complaints. RPKI needs maintenance. Security tooling, logs and backups need retention. Contracts need clear rights to suspend, remediate or reclaim resources. These costs rise with the number and risk of customers, not simply with bandwidth. A clean customer that uses 17 networks for enterprise testing may be supportable. A rotating set of hosting resellers or opaque foreign users can consume far more compliance effort per euro of revenue.

Finally, there is working capital. Suppliers may require monthly payment regardless of whether a customer pays on time. Hardware failures demand immediate replacement. Taxes and regulatory fees follow reported revenue. The 2023 customer paid all ten invoices described by the court, which is positive. The public record does not reveal payment terms with upstream and facility suppliers, cash reserves, debt or insurance. With nominal equity of BGN 2, resilience depends on accumulated earnings, owner support or supplier credit that cannot be observed here.

Upstream dependence makes network ownership less sovereign than it appears

An autonomous system provides routing control, not independence from the rest of the internet. Euro Crypt can decide what to originate and how to express routing policy, but it still needs other networks to carry traffic. The current evidence points to a network with several exchange or peer adjacencies and a much narrower route to full transit.

BGP.tools observed one IPv4 upstream, Evolink, alongside ten peers and one downstream in its July 2026 view. The RIPE aut-num object declares imports from Evolink and the B-IX route server and a customer policy for another autonomous system. RIPEstat's routing-consistency view found additional live adjacencies not written into the database. These sources use different methods and can disagree. They are best treated as a current topology signal, not a contractual map.

The economic conclusion is still robust. Peering with content and local networks can improve performance and reduce paid transit, but peers do not necessarily provide a full route to every destination under a service guarantee. If one supplier is the principal full-transit route, Euro Crypt faces price, capacity and outage dependence. A second independent transit provider would improve resilience but add a recurring commitment and operational complexity. The trade-off is familiar for small networks: the redundancy customers value is expensive precisely because it duplicates underused capacity.

Routing security is a relative strength. The snapshots reviewed showed almost all originated prefixes covered by valid RPKI authorisations and no invalid originations. A specific RIPEstat validation returned valid status for AS25211 and 78.159.136.0/24. This reduces one class of routing error; it does not prevent compromise, outages, abuse or bad customer configuration. One current BGP summary counted 34 valid originated prefixes out of 35, leaving one route without the same visible validation. Maintaining complete coverage is an operational task, not a one-time badge.

Public interconnection disclosure is limited. A PeeringDB API query for AS25211 returned no network record. That absence does not mean Euro Crypt has no peers: route collectors observe several. It means a prospective network partner cannot rely on PeeringDB for a current public policy, traffic profile, facility list or contact set. For a company selling control and responsiveness, weak public interconnection data increases diligence friction.

Supplier concentration extends below transit. The unknown facility owner controls power and physical access. The dark-fibre owner or lessor controls the local path. Hardware and software vendors affect replacement times and security patches. If Euro Crypt uses rented servers, that host becomes another economic claimant. The company creates value only in the layer it genuinely controls: design, integration, routing administration, customer knowledge and response. Calling the entire bundle proprietary would confuse coordination with ownership.

Customer concentration is the central financial risk

The 2023 court record describes BGN 300,000 of pre-VAT revenue from one customer over ten months. A Bulgarian financial-data service, drawing from filed accounts, reports a 45.9% decline in total revenue in 2024, together with a 61.5% fall in profit and a 47.4% fall in EBITDA. Because the exact annual totals and customer split are not exposed in the public summary, the concentration ratio cannot be calculated. The known contract was nevertheless operationally material: it combined 16 servers, 17 networks, dedicated connectivity and two named consulting roles for one customer while the court record describes a workforce of only two to four people during 2023.

There are benign explanations for the decline. The 2023 period may have included setup or unusual consulting work. Revenue recognition may have changed. The customer may have reduced usage while remaining under contract. Other business may have moved between companies controlled by the owner. A single year's percentage change can exaggerate movement from a small base. The reported decline is therefore a warning, not a diagnosis.

The less benign explanation is straightforward: a large contract did not recur at the same level, and there were too few replacements. That is the normal failure mode for a small infrastructure provider. Winning one complex customer validates capability, but serving that customer consumes the staff who would find and onboard the next one. When the engagement shrinks, the network and facility costs remain. Profit then falls faster than revenue because fixed cost has not moved, which is directionally consistent with the reported 2024 figures.

Concentration also changes bargaining power. A customer representing a large share of revenue can demand discounts, additional support or more flexible terms at renewal. The supplier knows that refusal creates an immediate utilisation gap. The customer knows that migration has a cost, especially where fibre and address renumbering are involved. The resulting negotiation is bilateral, not competitive in the ordinary retail sense. Euro Crypt's return depends on which switching cost is larger: the customer's cost of leaving or the provider's cost of losing the account.

The address component can strengthen retention, but it can also trap the supplier. If a customer uses provider-aggregatable addresses, moving may require renumbering systems and updating access controls. That creates friction. Yet a provider that relies too heavily on such friction risks underinvesting in service. Customers eventually redesign, particularly when cloud and IPv6 tools make renumbering easier. Durable retention should come from uptime, response and architecture knowledge, not merely from the pain of departure.

Evidence of diversification would materially improve the case. The useful measures are not social followers or a list of logos. They are recurring revenue by customer, renewal rates, gross margin by service, committed versus available capacity, support workload, bad debt, and the share of address space assigned under contracts with clear verification and reclamation rights. None is public. Until they are known, the prudent assumption is that concentration is high.

Bulgaria offers demand growth, but consolidation favours larger operators

Euro Crypt operates in a market that is growing in aggregate and tightening underneath. The Bulgarian Communications Regulation Commission's 2024 report put the total public electronic communications market at BGN 4.021 billion, up 5.7% from 2023. Data transfer and internet access generated BGN 2.176 billion, 54.1% of the market. Demand is not disappearing.

Scale is concentrating. The regulator counted 667 providers active in data transfer or internet access in 2024, 36 fewer than a year earlier; 621 provided retail services and 141 wholesale services. Vivacom and A1 together held 61.8% of fixed-internet revenue, while Yettel held another 3.4%. The revenue share of all other fixed providers fell by six percentage points in one year. Acquisitions strengthened the largest provider and removed independent alternatives.

This does not place Euro Crypt in direct retail competition with every national carrier. Its documented package was business infrastructure, not household broadband. It does establish the direction of supplier power. Large operators can bundle access, mobile service, security, cloud links and support across a broad customer base. They spread network operations and compliance costs over millions of subscriptions. They can acquire smaller networks when organic growth slows. A small provider must either own a local advantage the large operator cannot reproduce efficiently or accept lower margins.

The long tail is economically revealing. The regulator said 474 undertakings each reported less than BGN 100,000 of annual communications revenue in 2024; together they generated only BGN 20.081 million. Many registered providers are therefore tiny. Registration and resource access do not imply scale. Euro Crypt's known 2023 contract put it above that smallest revenue tier for the period described, but it remains exposed to the same fixed-cost logic.

The better demand pool is not generic internet access. It is Bulgarian and regional companies with awkward infrastructure requirements: software testing that needs many routable segments, migration environments, legacy applications tied to IPv4, controlled lab networks, local data-residency preferences, direct office connectivity, or incident support in Bulgarian. These customers can pay for engineering rather than capacity alone. Their number is limited, and each sale requires trust.

The realistic growth strategy is thus selective. Chasing household or undifferentiated VPS volume would force Euro Crypt into marketing, billing and support costs without matching the national operators' access network or the hosts' automation. Chasing large regulated enterprises would raise assurance and procurement requirements. The middle ground is a small set of technically complex business customers. That can produce a good owner-operated company. It is unlikely to produce cloud-scale economics, and it becomes fragile if any one customer dominates.

Competitors can replace components; Euro Crypt must defend the combination

The most dangerous competitive comparison is not one company offering the identical package. It is the customer's ability to assemble a substitute from several mature services. Compute can come from a hyperscale cloud, a European cloud, a dedicated-server host or owned hardware in a colocation facility. Connectivity can come from a national carrier or business fibre specialist. Public addresses can be rented with servers, transferred, obtained through another LIR or reduced through architecture changes. Engineers can be hired directly or contracted from a managed-service firm.

Each alternative has a different buyer. A cloud-first engineering team may value APIs, images, snapshots and rapid scaling more than local dark fibre. A bank contractor may value a physically connected test environment and known people. A hosting reseller may value address availability above compute quality. A small enterprise may value one invoice and one telephone number. Euro Crypt should price by avoided complexity and risk for the chosen customer, not by adding a markup to servers and bandwidth.

The company also competes against internalisation. The court decision said the customer used external specialists because subcontracting complex test infrastructure can be more economical than building it in-house. That calculation can reverse as usage becomes stable. A customer spending roughly EUR 184,000 a year before VAT on the combined 2023 package can justify assigning internal engineers to evaluate alternatives. Over a 36-month term, the nominal pre-VAT commitment would be BGN 1.08 million, about EUR 552,200, if pricing and service continued unchanged. At that scale, redesign and migration projects are financeable.

Euro Crypt can defend itself in four ways. First, it can document service quality: uptime, response times, recovery performance and clean routing. Second, it can make migration and hybrid use easy, so the customer keeps local connectivity and address services even when some compute moves elsewhere. Third, it can specialise in repeatable environments rather than rebuilding every contract from scratch. Fourth, it can price transparently enough that the customer sees the cost of addresses, fibre, compute and support, while preserving a premium for integration.

None of those defences works if strategy remains a list of services. Resource allocation is the test. A company choosing managed enterprise labs should invest in automation, templates, monitoring and account engineering. A company choosing address administration should invest in verification, abuse handling and routing security. A company choosing regional connectivity should buy resilient upstreams and facility diversity. Attempting all three with a very small team risks doing each below the standard set by specialist competitors.

The cold conclusion is that breadth is not differentiation. The 2023 package was valuable because the parts worked together for a particular customer. Euro Crypt needs evidence that it can reproduce that outcome with less incremental labour. Otherwise every new sale adds revenue and almost the same amount of bespoke cost, leaving growth without operating leverage.

Regulation turns small scale into a cost disadvantage

The regulatory burden depends on what Euro Crypt offers to whom. The court describes electronic communications, guaranteed internet, dark fibre and technical services, but a single private contract does not establish the full classification of the company's current public offering. The Bulgarian regulator says providers of public electronic communications networks or services must notify it, submit annual reports and comply with general requirements. For gross electronic-communications revenue above the applicable threshold, the 2026 guidance describes an annual regulatory fee calculated as a percentage of revenue after specified deductions.

The fee percentage is not the main issue. Reporting, security, lawful process, customer records and service obligations consume management time. A national carrier spreads that effort across a large revenue base. A company with two to four employees cannot. Outsourcing compliance reduces specialist hiring but adds cash cost and does not transfer ultimate responsibility.

European cyber rules raise the stakes. The NIS2 Directive covers public electronic communications, cloud, data-centre and managed-service categories under different scope rules and requires risk management and incident reporting for covered organisations. Euro Crypt's precise status cannot be inferred from a court description or RIPE membership. That is itself a management obligation: define the service accurately, determine which rules apply, document controls and keep the answer current as the offer changes.

The euro changeover removes one minor source of uncertainty. Bulgaria adopted the euro on 1 January 2026 at EUR 1 to BGN 1.95583. Euro Crypt's upstream, equipment and membership costs were already likely to have substantial euro exposure, while its 2023 contract was denominated in lev at a fixed exchange rate. Adoption simplifies comparison and billing but does not create margin. It makes the price gap with European alternatives more visible.

Geopolitical exposure enters through customers and address use rather than through the company's Sofia registration alone. RIPE records associated with the LIR contain assignments carrying country codes beyond Bulgaria, while routing can be originated by other networks. Country fields are operational metadata and do not prove physical location or commercial control. They do signal that verification cannot stop at a Bulgarian invoice address. Sanctions screening, beneficial-owner checks, acceptable-use terms and rapid response to credible abuse reports are part of protecting resource value.

The business has a choice. It can treat compliance as overhead and minimise it, improving short-term margin while increasing tail risk. Or it can sell clean administration and accountable operations as part of the product. For enterprise customers, the latter can be differentiating. For opaque, price-sensitive address users, it may lose sales. Losing those sales can still be value-creating if their expected support, reputation and termination costs exceed their revenue.

Third-party abuse reporting is a risk signal, not a verdict

Address providers inherit the behaviour of users they do not fully control. That creates a difficult analytical boundary: malicious activity observed on an address may implicate an end user, a reseller, an origin network or a compromised host, while the registered LIR may have had limited visibility. Treating every observation as the resource holder's conduct is inaccurate. Ignoring repeated observations is commercially naive.

A November 2025 Recorded Future report on abuse-heavy hosting infrastructure included a figure described as an IP sub-allocation from Euro Crypt to DripHosting routed through Railnet. The report's principal allegations concern Railnet and its upstream, not Euro Crypt. It does not establish that Euro Crypt operated the downstream service, knew of malicious activity or violated law. It is therefore not evidence of culpability.

It is still economically relevant. A resource holder that assigns addresses to a reseller may be several contractual steps from the workload. Each step weakens customer knowledge and slows remediation. If complaints accumulate, address reputation can deteriorate, routes can be filtered, counterparties can terminate service and staff time can be consumed by investigation. Scarce IPv4 space earns a premium only while it remains usable and accepted.

The appropriate response is not a public claim of innocence or guilt. It is a control framework proportionate to the business: identify the direct customer and beneficial owner, understand the intended use, prohibit unauthorised reassignment, maintain accurate abuse contacts, set response deadlines, preserve relevant logs, and retain contractual rights to suspend or reclaim space. Higher-risk resellers should pay enough to cover that work and the expected loss. If the market will not bear the risk-adjusted price, the customer is not attractive.

Other public signals are mixed. Routing collectors show an active Bulgarian network, mostly valid RPKI coverage and several observed peers. The company has no current PeeringDB network record, and repeated requests to the domain shown in RIPE contact data did not produce an accessible service page from the observation point used for this review. A website timeout is not proof that a business is offline; network filtering, maintenance or geography can explain it. It does suggest weak public discoverability when combined with the absence of a detailed interconnection profile.

That matters because good customers perform diligence too. An enterprise buyer wants a clear service description, security contacts, incident process, facility and upstream explanation, references and contractual support levels. A low-profile operator can win through referrals, but silence raises the buyer's cost of proving continuity. Euro Crypt's strongest public evidence is a court decision generated by someone else's tax dispute. The company would be better served by publishing verifiable operating facts itself.

Three strategic paths exist, and only one supports durable value

The first path is to maximise address yield. Euro Crypt could assign or sub-allocate scarce IPv4 space widely, pair it with minimal hosting or routing, and treat each block as a rent-producing resource. This can generate cash with limited compute investment. It also attracts price-sensitive and potentially opaque customers, increases abuse-management load and makes revenue vulnerable to transfer prices, policy changes and IPv6 adoption. The company becomes a resource intermediary. Its advantage lasts only as long as scarcity and reputation do.

The second path is to imitate a broad cloud or host. It could sell virtual machines, storage, connectivity, DDoS assistance and consulting to many smaller customers. This expands the addressable market but moves directly into automated, capital-intensive competition. The public record does not show the software platform, support team, facility breadth or marketing reach needed to win that contest. Small scale would turn supplier discounts, hardware utilisation and support efficiency against it.

The third path is a focused managed-infrastructure business for complex local customers. It would use the LIR footprint and network as inputs, not as the product. The product would be a controlled environment connected to the customer's operations, designed and supported by engineers who can work across routing, virtualisation and applications. The 2023 contract proves that at least one customer bought this proposition. It also supplies the clearest route to differentiation.

That path requires discipline. Euro Crypt should standardise the repeatable parts of the 2023 deployment, offer dual-stack designs, document service levels, disclose enough topology for diligence, and build a second layer of operational coverage. It should avoid customers whose main attraction is anonymous address supply. It should measure gross margin after all facility, transit, hardware and labour costs, not celebrate contract value. It should target a small number of customers, but not so few that one renewal determines the year.

Capital allocation follows from the choice. Spending on generic branding without operational evidence would be marketing. Buying more servers without contracted demand would be speculation. Acquiring more IPv4 merely because it is scarce would concentrate the same risk. The higher-return investments are likely to be automation, resilient connectivity, routing-security completeness, customer verification, staff redundancy and a repeatable reference architecture. These reduce the cost and risk of each additional contract.

The owner must also decide what not to do. A two-to-four-person organisation cannot credibly promise every combination of cloud, carrier, security and software work. It can coordinate specialists, but coordination margins disappear when every engagement is unique. The company should reject work that does not reuse its network and operating knowledge, even if it adds revenue. Revenue bought with unrepeatable labour is employment, not scale.

The facts that would change the judgment are measurable

The negative judgment is not permanent. It would improve first with proof of demand diversification: several unrelated customers, no single one responsible for an excessive share of recurring revenue, and renewals after the initial installation period. Named customers are not required publicly; audited concentration bands and recurring-revenue figures would be enough.

Second, the judgment would improve with service-level evidence. Multi-year uptime, incident response, recovery tests, RPKI coverage, abuse-response times and facility redundancy would show that the operating layer deserves a premium. A second full-transit path or a clearly explained resilience design would reduce supplier dependence. Visible IPv6 originations and customer adoption would show that the company is helping customers modernise rather than monetising IPv4 scarcity alone.

Third, margin evidence would matter. The key figure is gross profit after facility, upstream, hardware depreciation or rent, address administration and directly attributable engineering. A high accounting margin created by underpaying the owner or deferring hardware replacement is not durable. Cash conversion, capital expenditure and supplier commitments are needed to test quality.

Fourth, the status of the 2023 contract would change the interpretation of the 2024 decline. If the customer completed the 36-month term, renewed, expanded or provided a reference, the reported revenue drop may reflect accounting timing or other work ending. If the contract shrank or ended early, the concentration thesis strengthens. The court decision establishes invoices through December 2023, not performance through the stated term.

Fifth, clean customer and address governance would reduce the risk signalled by third-party reporting. Euro Crypt should be able to show that assignments are tied to verified counterparties, reassignment is controlled, complaints are tracked, risky users are removed and route authorisations stay current. This need not expose customer data. It requires evidence that scarce resources are protected as long-lived commercial assets.

Finally, staffing continuity matters. Two or four capable people can operate a niche business, but only with documentation, automation, on-call coverage and access controls that survive absence or departure. A clear operating model would turn small size into efficiency. Without it, small size is merely fragility.

The conclusion: a proven niche, but not yet a proven return

Euro Crypt has more substance than a bare membership record suggests. The court evidence shows a customer paying BGN 30,000 a month before VAT for an integrated environment; bank records showed payment; technical examination found real infrastructure, address resources and staff. Current routing shows an active autonomous network with dozens of IPv4 prefixes and mostly sound route authorisation. These are meaningful facts.

They do not answer the value question in the company's favour. One visible customer is concentration, not a franchise. IPv4 scarcity is pricing support, not permanent differentiation. An autonomous system is control, not independence. A bundled contract creates revenue, not necessarily margin. The 2024 declines reported from filed accounts are too large to dismiss, even though their cause remains uncertain.

Euro Crypt can earn above-commodity returns only by selling an operating outcome that larger clouds and carriers do not assemble efficiently for the same customer: local, address-rich, connected infrastructure with accountable technical support. That opportunity exists, and the 2023 engagement demonstrates it. But the burden of proof now shifts from capability to repetition.

Until Euro Crypt shows diversified renewals, full-cost margins, resilient suppliers and disciplined address governance, the correct judgment is that it remains an infrastructure price-taker with a useful niche rather than a differentiated platform. Management should optimise for profitable relevance, not apparent scale. Anything broader would spend scarce capital to compete on terms set by much larger suppliers.