Exhibit 10.35

CERTAIN IDENTIFIED INFORMATION HAS BEEN EXCLUDED FROM THIS EXHIBIT BECAUSE IT IS BOTH (I) NOT MATERIAL AND (II) WOULD BE COMPETITIVELY HARMFUL IF PUBLICLY DISCLOSED. THE REDACTED TERMS HAVE BEEN MARKED WITH THREE ASTERISKS [***].

SOLIDUS LICENSE AGREEMENT

This Solidus License Agreement (the “License Agreement”) is entered into on October 1st 2020 (the “Effective Date”), by and between Solidus Labs, Inc., a company incorporated under the laws of the State of New York, having its principal place of business at 26 Broadway, 8th Floor, New York, NY 10004 (the “Company” or “Solidus”) and B1 (Gibraltar) Limited, a company incorporated under the laws of Gibraltar, having its principal place of business at Suite 23, Portland House, Glacis Road, Gibraltar (the “Customer”) (each, as a “Party”, and collectively as the “Parties”).

WHEREAS	Solidus is the developer and provider of several products for various financial service providers, including exchanges, broker dealers, regulators, hedge funds or other market participant. Said products may, inter alia, assist Customer with the onboarding of clients to Customer’s services, assist Customer with gaining insights with respect to its trading systems, monitor suspicious activities, identify market manipulations (e.g. spoofing and wash trading) and manage trading alerts. The Company’s web-platform or on-prem software, including any software code, algorithms, utility, application software interfaces, tools, reports, analytics capabilities, on-prem software installations, Service Update and Documentation shall be collectively referred to herein as the “Platform” or the “Product”. All service packages provided by Solidus to its customers are generally described in Solidus’ Proposal attached hereto as Exhibit A (the “Proposal”). The service package(s) that were selected by the Customer and specified in Exhibit B (the “Purchase Order”) shall be referred to herein as the “Services”. This License Agreement and the Purchase Order and any applicable exhibits, schedules and other attachments shall collectively be referred to herein as the “Agreement”; and
WHEREAS	The Customer wishes to access and use the Platform and the Services; and
WHEREAS	The Company agrees to grant the Customer the right and license to remotely access and use the Platform and/or install on-prem versions of the Product (as clarified in the Purchase Order), and to provide the Services to the Customer, all subject to the terms of this Agreement;
NOW, THEREFORE, the Parties desire to set forth herein their agreements with respect thereto and agree as follows:

1. Platform License Grant.

1.1. SaaS License. The Company hereby grants to Customer and any entity that directly or indirectly controls, is controlled by or is under common control of the Customer (an “Affiliate”), and Customer hereby accepts, a royalty free, worldwide, limited, non-exclusive, non-sublicensable, non-transferable and revocable (upon expiration or termination of this Agreement) license (the “License”) to access and use the Company Intellectual Property for the Customer’s internal business purposes, including to access and use the Platform (and its Services) during the Term (as defined below), all in accordance with and subject to the terms set forth in this Agreement. Access to the Platform will be granted online by remote means on a Software-as-a-Service (SaaS) basis. “Company Intellectual Property” means all Intellectual Property Rights (as defined in Section 10.1) required to receive, enjoy and onwards provide the benefit of the Platform (and the Services) in accordance with this Agreement.

1.2. On-Prem License. In the event Customer’s service package includes the installation of a proprietary on-prem software of the Company on the Customer’s systems, the Company hereby grants to Customer and its Affiliates, and Customer hereby accepts, a royalty free, worldwide, limited, non-exclusive, non-sublicensable, non-transferable and revocable (upon expiration or termination of this Agreement) license to install copies of the on-prem installation on the Customer’s or its Affiliate’s systems, solely to enable the operation of the Product. The Customer shall comply with the installation instructions provided by the Company in the Documentation or otherwise.

1.3. Updates. The terms and conditions of this Agreement apply to any update, upgrade, new version and/or additional features (each, an “Update”) that may be released by the Company in respect of the Services during the Term at no additional cost (“Service Updates”). Updates that include elements of the Platform or services that are sold separately and that the Customer has not ordered, or that may be added to the Services (“Additional Updates”) may be subject to payment of additional fees and may include a separate agreement. If an Additional Update includes a separate agreement, its terms and conditions will apply in addition to those of this Agreement, unless such separate agreement explicitly provides that its terms and conditions prevail over this Agreement. Customer hereby agrees to install any Service Updates that may be provided by the Company from time to time, and acknowledges that Customer’s failure to install said Service Updates may affect the operation of the Product.

1.4. Documentation. Company may make available certain Documentation (which shall be considered part of the Company’s Confidential Information (as defined below)) to Customer to be used by Customer and its Affiliates for their internal business purposes and solely in connection with Customer’s and its Affiliates’ use of the Platform and Services during the Term. “Documentation” means Company’s standard user documentation, whether in hard copy, or in any electronic form or other media, describing the use, features and operation of the Platform.

1

1.5. Service Level. The Platform and Services will be available [***] (the “Service Level”), excluding Planned Maintenance. The Company shall ensure that the Platform and the Services meet or exceed the Service Level at all times during the Term. The Company shall implement monitoring and reporting tools and procedures to monitor its performance against the Service Level.

1.6. Service Credits. [***]

[***]

Service Credits shall be the sole remedy for Services down time; provided, however, Service Credits shall not be the sole remedy in the event that there is a material breach by the Company of the Service Level. Where the same accumulation of Service down time gives rise to both Service Credits and other losses suffered by the Customer, the Customer shall not be compensated more than once for the same failure. The Service Credits shall supersede the Service credits described in the Proposal.

1.7. Service Level Performance. Upon Customer’s reasonable request, the Company shall provide the Customer with reasonable documentation used by the Company in calculating the Service Level Availability and applied credits as set out in Section 1.6 above.

1.8. Material Changes. If any change in the Company’s business procedures or strategy or any occurrence of a Service Update could materially affect Customer’s use of, or ability to access the Platform or Services (collectively, a “Material Change”), Company shall (a) provide Customer with at least thirty (30) days’ prior written notice of such Material Change; (b) provide Customer with the opportunity to provide comments on the modification of the Platform or Service and take such comments into consideration; and (c) use all reasonable endeavours to ensure that no Material Change results in a deterioration of the use of the Platform or Services (of whatever nature), including the removal of a core functionality without replacing that functionality with an alternative functionality that achieves the same or an improved outcome.

2. Maintenance and Support. The Company will provide to Customer support and maintenance services with respect to the Platform, in accordance with the standard service levels provided to its general customers as described in the Proposal. Unless otherwise agreed in writing between the Company and the Customer, (a) Customer will be notified of planned downtime events for maintenance (“Planned Maintenance”), at least [***] calendar days prior to the event. Reasonable efforts will be made to limit the effect of such maintenance on the Platform and Services and in any case, such planned maintenance will not exceed [***] in any calendar month; and (b) unplanned emergency maintenance will be performed as soon as is practical, and reasonable efforts would be made to notify the Customer of such activities. In both events, reasonable efforts will be made to limit the effect of such maintenance on the Platform and Services. Company will use commercially reasonable efforts to schedule planned downtime for maintenance of the Service or Platform outside of business hours Hong Kong Time. This Section 2 shall supersede the notice period for impending downtime and the timing for scheduled maintenance as described in the Proposal.

3. Fees; Payment Terms.

3.1. The consideration payable for the Platform and the Services shall be set forth in the Purchase Order (the “Fees”). Unless otherwise specified in the Purchase Order, (i) Customer will pay all amounts due under this Agreement in U.S. Dollars currency; (ii) set-up fees (if applicable) will be paid in advance, no later than three (3) days following the Effective Date; (iii) subscription fees will be charged on a semi-annual basis and due fifteen (15) days from the date of an invoice for the relevant period; (iv) all other amounts invoiced hereunder are due and payable within thirty (30) days of the date of the invoice.

3.2. [***]

3.3. Notwithstanding anything to the contrary herein, all Fees and other amounts paid by the Customer to the Company under this Agreement are non-refundable. Any amount not paid when due shall accrue interest on a daily basis until paid in full at the lesser of: (i) the rate of [***] or (ii) the highest amount permitted by applicable laws, regulations, statutes, codes of practice, governmental orders or guidance or orders of any other competent regulatory authority in any jurisdiction, including all laws and regulations related to the processing of personal data and privacy in any relevant jurisdiction including any amended or superseding regulations to those set out here (the “Data Protection Laws”), which are applicable to any activities under this Agreement

2

(collectively, “Applicable Laws”). All amounts payable under this Agreement are exclusive of all sales, use, value-added, withholding, and other direct or indirect taxes, charges, levies and duties (“Taxes”). All Taxes of any kind payable with respect to Customer’s use of the Platform and Services under this Agreement, other than taxes based on Company’s income, gross receipts or payroll, shall be borne and paid by Customer. The Company will use commercially reasonable efforts to include on its invoices to the Customer any Taxes that the Company is responsible for collecting and remitting on the applicable invoice. Notwithstanding anything to the contrary herein, the Customer shall be entitled to deduct and withhold from the Fees such amounts as the Customer is required to deduct and withhold with respect to the making of such payment under applicable tax laws. To the extent that amounts are so withheld and paid over to the appropriate tax authority by the Customer, the Customer shall immediately provide the Company with proof of such withholding tax payment, and, accordingly, such withheld amounts shall be treated for all purposes of this Agreement as having been paid to the Company.

4. Account. An account will be created in connection with Customer’s use of the Platform and Services (the “Account”), to be accessed and/or used solely by Customer’s or its Affiliates’ employees or service providers who are explicitly authorized by Customer to use the Platform (each, a “Permitted User”). Customer hereby acknowledges and agrees: (i) to keep, and ensure that the Permitted Users keep the Account login details and passwords secured at all times, and otherwise comply with the terms of this Agreement; (ii) to remain solely responsible and liable for the activities of Permitted Users in the Account and for any breach of this Agreement by a Permitted User; and (iii) to promptly notify Company in writing if Customer becomes aware of any unauthorized access or use of the Account or the Platform.

5. Prohibited Uses. Customer and/or its Permitted Users may only access the Platform via the Account. Except as expressly permitted herein or except with the prior written consent of Company, Customer must not, and shall not allow any Permitted User or any other third party to, directly or indirectly: (i) modify, incorporate into or with other software, or create a derivative work of any part of the Platform; (ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share Customer’s rights under this Agreement with or to anyone else (other than to the Customer’s Affiliates); (iii) copy, distribute or reproduce the Platform for the benefit of third parties; (iv) disclose the results of any testing or benchmarking of the Platform to any third party (other than to the Customer’s Affiliates and the GFSC) for, or use such results for, Customer’s own competing software development activities, or use the Platform in order to build or support, and/or assist a third party in building or supporting, products or services which are competitive to Company’s business; (v) modify disassemble, decompile, reverse engineer, revise or enhance the Platform or attempt to discover the Platform’s source code or the underlying ideas or algorithms of the Platform. For the avoidance of doubt, such restriction shall also apply to any on-prem software installations; (vi) remove or otherwise modify any of the Company’s trademarks, logos, copyrights, notices or other proprietary notices or indicia, if any, fixed, incorporated, included or attached to the Platform nor copy any local software

installations; (vii) use the Platform for any purpose other than for the purpose for which the Platform is designated for or other than in compliance with the terms of this Agreement; (ix) circumvent, disable or otherwise interfere with security-related features of the Platform or features that enforce limitations on the use of the Platform; (x) use the Platform without receiving all applicable consents for the collection and processing of personally identifiable information as required under any Applicable Laws; (xi) integrate the Platform (or any part thereof) into Customer’s hardware or systems other than as instructed by the Company; (xii) ship, transfer, or export the Platform into any country, or make available or use the Platform in any manner, prohibited by Applicable Laws (including without limitation export control laws, as applicable); (xiii) violate or abuse log-in and/or password protections governing access to the Platform; and/or (xviii) deliberately access, store, distribute, or transmit during the course of its use of the Platform any malicious code (i.e., software viruses, Trojan horses, worms, malware or other computer instructions, devices, or techniques that erase data or programming, infect, disrupt, damage, disable, or shut down a computer system or any component of such computer system), or unlawful, threatening, obscene or infringing material.

6. Excess Usage Activity. There is no maximum usage limit on the Customer’s access or use of the Platform or the Services. Additional Updates (such as the market surveillance product) may contain certain maximum usage limits on the Customer’s activities (such as onboarding of client, trading activities, etc.) which shall be expressly set out in a separate proposal or purchase order (“Excess Usage Activity”). In the event it comes to the Company’s attention that Excess Usage Activity had occurred, the Customer shall immediately pay for the excess use in accordance with such separate proposal or purchase order.

7. Customer Data; Analytics Information.

7.1. Customer Data. The operation of the Platform and the provision of the Services require the Company to monitor, analyze and process certain anonymous and non-identifiable Customer data, including without limitation any data that is provided by or made available by the Customer to the Company. Additionally, the Customer may request the Company to monitor, analyze and process onboarding data and other personally identifiable information of Customer’s clients or users, in which case, a separate data processing agreement will be entered into between the Company and the Customer. All types of Customer’s data are collectively referred to herein as the “Customer Data”. Personally identifiable information or confidential information contained in the Customer Data will remain on Customer’s premises or systems, unless the Customer requests the Company to store or keep it (e.g. in the event Customer requests to keep it on Company’s servers). Until such time as Customer Data is deleted in accordance with Section 7.5, keep all Customer Data secure from unauthorised access or modification while they are under the Company’s control or in its possession.

3

7.2. Processing of Customer Data. Customer shall upload to the Platform, transmit, or make accessible to Company the Customer Data in near real time. The Customer agrees that the Company will collect, monitor, store, analyze, process and use the Customer Data, on the Customer’s behalf, in order to provide the Services (including verification of Permitted Users) and to produce data and information by the Company to the Customer as part of, in response to, or as the output of analyzing, processing or using the Customer Data (the “Service Results”). As between Company and Customer, the Intellectual Property Rights (as such term is defined below) and all other right, title and interest of any nature in and to the Customer Data and Service Results, which may be stored on the Company’s database, are and shall remain the exclusive property of Customer and its licensors. The Company shall be considered granted a limited, non-revocable, non-exclusive, non-transferable, non-sub-licensable, royalty-free and fully paid up license to use the Customer Data, and Service Results for the sole purpose of providing the Services to the Customer. For the avoidance of doubt, the Company shall not be responsible for any failure or delay that is attributable to Customer’s late delivery of the Customer Data. Except as set forth herein, nothing in this Agreement shall be construed as transferring any right, title or interests in the Customer Data to the Company or any third party.

7.3. [***]

7.4. Access of Customer Data. During the Term, the Company shall ensure that the Customer, its Affiliates and any Permitted Users can, via the Platform, access, download, copy and edit (including delete) all copies of Customer Data and Service Results, (or, where the Customer, its Affiliates or its Permitted User (as the case may be) cannot perform such actions, the Company shall undertake to perform such actions on behalf of the Customer upon receipt of a written request). Upon termination or expiration of this Agreement for any reason, the Company shall (at no cost to the Customer, its Affiliates or its Permitted Users) provide Customer with a copy of any Customer Data or Service Results stored on the systems of the Company (or otherwise under its control) in such form as the Customer may specify (acting reasonably).

7.5. Deletion of Customer Data and Service Results. [***]

7.6. Security. The Company will: (i) maintain appropriate administrative, technical and physical safeguards to protect the security, confidentiality and integrity of the Services and any Customer Data and Service Results stored on, or accessible via the Platform or processed or transmitted by the Company. [***]

7.6.1. Penetration Testing. [***]

8. Warranties

8.1. Customer Warranties. Customer represents and warrants that if it elects to transfer or make available to the Company any personally identifiable information, it will (as a controller of the data) provide clear instructions to the Company regarding its processing in a separate data processing agreement.

8.2. Company Warranties. Company represents and warrants that: (i) the Platform and Services will be performed in accordance with Applicable Laws, the terms of this Agreement and those set forth in the Purchase Order, including the Service Level; (ii) the Platform and the Services will be fit for purpose; (iii) the Company will take all reasonable steps to ensure all data collected while providing the Services to the Customer (including the Customer Data) are kept secure and confidential (and the integrity and availability of such data is otherwise not compromised), including without limitation implementing all measures required: (a) by this Agreement (including Exhibit C); and (b) under Applicable Laws, to protect data collected by or on behalf of the Company when providing the

4

Services; (iv) the Company shall notify the Customer [***] in writing if it becomes aware of, or suspects the occurrence of, any data breach in relation to the Customer Data and give the Customer, its Affiliates and its Permitted Users such information, assistance and co-operation as they reasonably require to enable it to address such data breach; (v) the Company shall at all times comply with the Data Protection Laws when processing Personal Data (if any) in connection with this Agreement; and (vi) without prejudice to the rights and obligations of the parties under this Agreement, the Company shall notify the Customer without delay if any changes to the systems or processes employed by the Company to deliver the Services would cause the Company to fail the Customer’s security assessment as conducted prior to entering this Agreement.

9. Mutual Warranties. Each Party represents and warrants (a) that it is duly organized, validly existing and in good standing under the laws of its jurisdiction of incorporation or organization; (b) that the execution and performance of this Agreement will not conflict with any obligations it has towards third parties, or violate any provision of any Applicable Laws; (c) that it has all necessary licenses, permits, authorisations, necessary approvals and registrations required to perform its obligations under this Agreement; (d) it will not during the Term enter into any other agreements, relationships or commitments to any other person which would cause it to breach this Agreement; and (e) that it will comply with all Applicable Laws that may govern its performance under this Agreement and its use or provision of the Services, including, without limitation, the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act, and any applicable anti-bribery laws and laws governing transactions with government and public entities. Without prejudice to its obligations under this Agreement, each Party shall notify the other Party in writing as soon as possible after it becomes aware of any event or development (including, but not limited to, in relation to changes in Applicable Laws) that may have a material impact on its ability to perform its obligations under this Agreement effectively or in accordance with Applicable Laws.

10. Ownership.

Without prejudice to the Company’s rights under other Sections of this Agreement:

10.1. The Platform. The Platform is not for sale and is and shall remain Company’s sole property. All right, title, and interest, including any Intellectual Property Rights evidenced by or embodied in, attached, connected, and/or related to the Platform and/or the Services and any and all derivative works, improvements, enhancements, updated and upgrades thereof or thereto are and shall remain owned solely by the Company or its licensors. This Agreement does not convey to Customer any interest in or to the Platform but only, as aforesaid, a limited revocable (upon termination or expiration of this Agreement) right to use the Platform, in accordance with the terms of this Agreement, and nothing herein constitutes a waiver of the Company’s Intellectual Property Rights under any law. “Intellectual Property Rights” means: (i) patents and patent applications throughout the world, including all reissues, divisions, continuations,

continuations-in-part, extensions, renewals, and re-examinations of any of the foregoing, all whether or not registered or capable of being registered; (ii) common law and statutory trade secrets and all other confidential or proprietary or useful information that has independent value, and all know-how, in each case whether or not reduced to a writing or other tangible form; (iii) all copyrights, whether arising under statutory or common law, whether registered or not; (iv) all trademarks, trade names, corporate names, company names, trade styles, service marks, certification marks, collective marks, logos, and other source of business identifiers, whether registered or not; (v) moral rights in those jurisdictions where such rights are recognized; (vi) any rights in source code, object code, mask works, databases, algorithms, formulae and processes; and (vii) all other intellectual property and proprietary rights, and all rights corresponding to the foregoing throughout the world.

10.2. Feedback. If Customer contacts Company with feedback data (e.g., questions, comments, suggestions or the like) regarding the Services and/or Platform (collectively, “Feedback”), such Feedback shall be deemed non-confidential, and the Company shall have a non-exclusive, royalty-free, worldwide, perpetual license to use or incorporate such Feedback into the Platform and/or other current or future products or services of the Company (without the Customer’s approval and without further compensation to the Customer). Feedback does not include any Customer Data or Service Results or any output resulting from the use of the Services, or otherwise relating to the arrangements envisaged under this Agreement, which can be linked to the Customer, its Affiliates or any Permitted User.

10.3. Pre-Existing Intellectual Property. Company acknowledges that the Customer may provide the Company with certain of Customer’s Pre-Existing Technology for incorporating into the Platform or Services. For the avoidance of doubt, each Party retains all right, title, and interest in and to its Pre-Existing Technology and all Intellectual Property therein. The Customer owns all rights, title and interests in any modification, improvement or derivative work of the Customer’s Pre-Existing Technology. “Technology” means technology or other material (including, without limitation, know-how, inventions, approaches, software, hardware, designs, concepts, techniques, processes, data, tools, templates, methodologies, algorithms, documentation and any other knowledge or Intellectual Property). “Pre-Existing Technology” means a Party’s Technology that (A) exists prior to the Effective Date, or (B) is adopted or developed independently by a Party, at any time, without any use of, or reference to, the other Party’s Confidential Information or other information obtained in connection with this Agreement.

5

11. Third Party Components. The Platform is based on software developed and owned by the Company and/or its licensors, and may use or include third party software, files and components that are subject to open source and third party license terms. [***] (“Third Party Components”). The Customer’s right to use such Third Party Components as part of, or in connection with, the Platform is subject to any applicable acknowledgements and license terms attached to such Third Party Components contained therein or related thereto. [***] Such Third Party Components are provided on an “AS IS” basis without any warranty of any kind and shall be subject to any and all limitations and conditions required by such third parties. [***] Under no circumstances shall the Platform or any portion thereof (except for the Third Party Components contained therein) be deemed “open source” or “publicly available” software. The Company shall in no event provide any Third Party Components that is licensed on terms that may require the Customer, its Affiliates or any Permitted Users – when using the Platform in accordance with the terms of this Agreement—to disclose or make publicly available any Customer Data or the source code thereof.

12. Confidentiality. Each Party may have access to certain non-public and/or proprietary information of the other Party, in any form or media, including (without limitation) confidential trade secrets and other information related to the products, software, technology, data, know-how, business, market opportunities, Affiliates or customers of the other Party, whether written, oral, electronic or other, and any other information that a reasonable person or entity should have reason to believe is proprietary, confidential, or competitively sensitive (the “Confidential Information”). Each Party shall make reasonable effort, at least as protective as those taken to protect its own confidential information, but in no event less than reasonable care, to protect the other Party’s Confidential Information from disclosure to a third party. Neither Party shall use or disclose the Confidential Information of the other Party except as expressly permitted under this Agreement or by Applicable Laws. For the avoidance of doubt, a recipient Party may disclose the other Party’s Confidential Information to its Affiliates, Permitted Users, officers, employees, services providers or advisors solely on a “need to know” basis, and provided that they are bound by similar nondisclosure obligations as those of this Agreement. All right, title and interest in and to Confidential Information are and shall remain the sole and exclusive property of its disclosing Party. The receiving Party shall (i) at all times during and after the Term maintain the confidentiality of the Confidential Information; and (ii) immediately on request of the disclosing Party and in accordance with such request either: (a) return to the disclosing Party all of the Confidential Information in its possession; or (b) destroy all of the Confidential Information in its possession, except to the extent the receiving Party is required to retain copies of such Confidential Information for the purposes

of compliance with Applicable Laws. The receiving Party may disclose Confidential Information to the limited extent required to comply with the order of a court or other governmental body, or with Applicable Laws, or at the request of or as required by a governmental or regulatory authority, provided that, to the extent permitted by law, the receiving Party first gives written notice to the disclosing Party and reasonably cooperates (at the disclosing Party’s expense) with the disclosing Party’s efforts to obtain a protective order or protect the confidential nature of such information.

13. Reference Customer or Company. Company may not identify Customer as a user of the Platform and/or the Services or use Customer’s trademark and/or logo (i) in sales presentations, promotional/marketing materials, and press releases, or (ii) in order to develop a brief customer profile for use by Company on Company’s website or social media accounts for promotional purposes, unless such use is approved in advance in writing by the Customer. The Customer may reference the Company as its market surveillance provider to the Customer’s regulators, customers and potential customers and other governmental or self-regulatory agencies, as well as in its marketing materials as reasonably required by the Customer in connection with its business, and otherwise only with the written consent of the Company.

14. Subcontractors. As at the date of this Agreement, the Company subcontracts its hosting services [***]. The Company shall not change or replace the foregoing subcontractor or appoint any new subcontractors to provide a material portion of the Services without the Customer’s prior written consent (not to be unreasonably withheld or delayed). The Company shall ensure the suitability of any subcontractor and any part of the Services performed by a subcontractor meet the requirements of this Agreement. The Company shall ensure that all subcontractors shall comply with the terms of this Agreement as if they were a party to it. The Company shall remain liable for the performance of its obligations regardless of any sub-contracting and shall be liable for the acts and omissions of its sub-contractors as if those were the Company’s own acts or omissions. [***]

15. LIMITED WARRANTIES.

15.1. The Company represents and warrants that the Platform shall substantially perform in conformance with its Documentation. The foregoing warranty shall not apply if the failure of the Platform results from or is otherwise attributable to: (i) the Customer instructing the repair, maintenance or modification of the Platform by persons other than the Company or its subcontractors as set out in Section 14; (ii) negligence, abuse or misuse of the Platform by the Customer; (iii) use of the Platform other than in

6

accordance with the Documentation and/or the Company’s instructions by the Customer; (iv) the combination by the Customer of the Platform with equipment or software not authorized or provided by the Company or otherwise approved by the Company in the Documentation; (v) any downtime, defect or error caused by or attributable to any third party software, technology or system that, despite best efforts to prevent such occurrence, is beyond the control of the Company, and/or (vi) during any evaluation or testing period during the implementation stage.

15.2. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE PLATFORM (INCLUDING ANY REPORTS GENERATED IN OR VIA THE PLATFORM) AND SERVICES ARE PROVIDED ON AN “AS IS” BASIS. OTHER THAN AS EXPLICITLY STATED IN THIS AGREEMENT, THE COMPANY DOES NOT WARRANT THAT THE PLATFORM (INCLUDING THE REPORTS) AND/OR THE SERVICES WILL INCREASE THE CUSTOMER’S REVENUES OR MEET CUSTOMER’S REQUIREMENTS, THAT THE PLATFORM’S OPERATION AND THE SERVICES WILL BE SECURED AT ALL TIMES, UNINTERRUPTED, ERROR-FREE, FALSE-POSITIVES FREE, FREE OF VIRUSES, BUGS, WORMS, OTHER HARMFUL COMPONENTS OR OTHER SOFTWARE LIMITATIONS. WITHOUT DEROGATING FROM THE FOREGOING, COMPANY SHALL NOT BE RESPONSIBLE FOR CUSTOMER’S DETERMINATION WHETHER TO ACT ON THE BASIS OF ANY REPORTS AND FOR ANY OUTCOMES OF SUCH DECISION.

15.3. OTHER THAN EXPLICITLY STATED IN THIS AGREEMENT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE COMPANY EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES AND ALL IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INTERFERENCE, NON-INFRINGEMENT AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES IN CERTAIN CIRCUMSTANCES. ACCORDINGLY, SOME OF THE LIMITATIONS SET FORTH ABOVE MAY NOT APPLY.

15.4. COMPANY SHALL NOT BE RESPONSIBLE FOR UNAUTHORIZED ACCESS TO OR ALTERATIONS OF THE CUSTOMER DATA, TO THE EXTENT THAT SUCH ACCESS OR ALTERATION IS NOT DUE TO COMPANY’S WILLFUL MISCONDUCT OR GROSS NEGLIGENCE.

16. LIMITATION OF LIABILITY.

16.1. This Section 16 sets out the entire liability of each Party (including any liability for the acts or omissions of its employees, agents, representatives or contractors) to the other Party in respect of any breach of this Agreement and any representation, statement or tortious act or omission including negligence arising under or in connection with this Agreement.

16.2. EXCEPT FOR LIABILITY ARISING FROM A PARTY’S BREACH OF OBLIGATIONS UNDER SECTIONS 12 (CONFIDENTIALITY) OR 17 (COMPANY’S INDEMNIFICATION) OR A PARTY’S GROSS NEGLIGENCE OR WILFUL MISCONDUCT, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY WHETHER UNDER CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, FOR ANY LOSS OR DAMAGE, INCLUDING, WITHOUT LIMITATION, INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES OF ANY KIND (INCLUDING BUT NOT LIMITED TO, ANY LOSS OR DAMAGE TO BUSINESS EARNINGS, LOST PROFITS OR GOODWILL AND LOST OR DAMAGED DATA OR DOCUMENTATION), SUFFERED BY ANY PERSON, ARISING FROM, RELATED TO, AND/OR CONNECTED TO, THIS AGREEMENT, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

16.3. EXCEPT FOR LIABILITY ARISING FROM A PARTY’S BREACH OF OBLIGATIONS UNDER SECTIONS 12 (CONFIDENTIALITY) OR 17 (COMPANY’S INDEMNIFICATION) OR A PARTY’S GROSS NEGLIGENCE OR WILFUL MISCONDUCT, WITHOUT LIMITING THE GENERALITY OF THE FOREGOING AND TO THE MAXIMUM EXTENT LEGALLY PERMISSIBLE, IN NO EVENT SHALL EITHER PARTY’S TOTAL AGGREGATE LIABILITY TO THE OTHER PARTY AND ANY THIRD PARTY FOR ALL DAMAGES OR LOSSES WHATSOEVER ARISING HEREUNDER OR IN CONNECTION WITH THIS AGREEMENT EXCEED, IN THE AGGREGATE, [***] NOTWITHSTANDING THE IMMEDIATELY FOREGOING SENTENCE, A PARTY’S LIABILITY ARISING FROM THE BREACH OF ITS OBLIGATIONS UNDER SECTIONS 20 (DATA PROTECTION AND SECURITY) OR A SECURITY INCIDENT UNDER SECTION 12 OF EXHIBIT C (SECURITY INCIDENT), SHALL IN NO EVENT EXCEED [***]

7

INASMUCH AS SOME JURISDICTIONS DO NOT ALLOW EXCLUSIONS OR LIMITATIONS AS SET FORTH HEREIN, THE FULL EXTENT OF THE ABOVE EXCLUSIONS AND LIMITATIONS MAY NOT APPLY. THE LIMITS AND EXCLUSIONS OF LIABILITY SET FORTH IN THIS SECTION 16 DO NOT APPLY TO EITHER PARTY’S LIABILITY FOR (1) ANY DEATH OR PERSONAL INJURY RESULTING FROM ITS NEGLIGENCE (2) FRAUD, OR (3) ANY OTHER LIABILITY TO THE EXTENT SUCH LIABILITY CANNOT BE EXCLUDED UNDER APPLICABLE LAWS.

17. Company’s Indemnification.

17.1. Company agrees to indemnify and hold harmless (including payment of reasonable attorneys’ fees and court costs), the Customer, its Affiliates, its Permitted Users, officers, directors, employees, attorneys, accountants and agents from and against any loss, liability, damage, cause of action or costs from, or on account of, or related to any third party action or suit brought against the Customer alleging that the Platform or the Company’s Intellectual Property Rights infringe Intellectual Property Rights held by any third party (“IP Infringement Claim”); provided that, (i) the Customer notifies the Company promptly in writing of such matter; and (ii) if the matter has become the subject of proceedings or if claim letters (or other correspondence) were received by the Customer, its Affiliates or any Permitted User, the Customer grants the Company authority to handle the defense or settlement of any such claim, suit or proceeding and provides the Company with all reasonable information and assistance, at Company’s expense. For the avoidance of doubt, the Company will not be bound by any settlement that the Customer enters into without the Company’s prior written consent.

17.2. If the Platform becomes, or in the Company’s opinion is likely to become, the subject of an IP Infringement Claim, then the Company may, at its sole option and expense (a) procure for the Customer the right to continue using the Platform; (b) replace or modify the Platform to avoid the IP Infringement Claim, without prejudice to its obligations under this Agreement; or (c) if options (a) and (b) cannot accomplished despite the Company’s reasonable efforts, without prejudice to the other rights and remedies available to the parties under this Agreement, then the Company may discontinue providing the Platform (and related Services) by giving the Customer at least 50 days’ prior written notice and provide the Customer a prorated refund based on the remainder of the applicable Platform subscription (license) term.

17.3. Notwithstanding the foregoing, the Company shall have no responsibility for any IP Infringement Claim to the extent resulting from or based on: (i) modifications to the Platform made by the Customer, its Affiliate or any Permitted User; (ii) the Customer’s, its Affiliate’s or any Permitted User’s (as applicable) failure to use updated or modified versions or patches or other Service Updates provided by the Company specifically to avoid such infringement; or (iii) the combination or use of the Platform by the Customer its Affiliate or any Permitted User with equipment, devices or software not supplied or authorized by the Company, or not in accordance with the Company’s instructions.

17.4. THE FOREGOING TERMS STATE THE COMPANY’S SOLE AND EXCLUSIVE LIABILITY AND THE CUSTOMER’S SOLE AND EXCLUSIVE REMEDY FOR ANY CLAIMS OF INTELLECTUAL PROPERTY INFRINGEMENT OR MISAPPROPRIATION.

18. Responsibility for Regulatory Compliance.

18.1.1. In no event shall a Party purport to represent or otherwise act on behalf of (in any capacity) the other Party during any engagement with any regulator, court, or other governmental or quasi-governmental authority. In the event of any regulatory or other similar investigation or enquiry into the business or operations of the Customer or any Affiliate, and where that investigation or enquiry in any way concerns the provision of the Services, the Company shall provide all reasonable assistance as the Customer may reasonably request to assist with that investigation and/or the Company’s responses to that investigation or enquiry. The Customer shall be responsible for all reasonable costs incurred by the Company with respect to such assistance.

18.2. Audit.

18.2.1. The Company will use commercially reasonable efforts to cooperate with any audit initiated by a regulatory or similar government department or agency with authority over the Customer, to the extent necessary to allow the Customer to discharge any mandatory obligation under Applicable Laws. The Customer shall be responsible for all reasonable costs incurred by the Company with respect to such audit.

18.2.2. [***]

18.2.3. [***]

8

18.2.4. [***]

19. Term and Termination.

19.1. This Agreement shall enter into force and effect on the Effective Date and shall remain in full force and effect for two (2) years (the “Initial Term”). Thereafter, this Agreement shall be renewed automatically for successive one (1) year terms (each, a “Renewal Term”), unless either Party provides to the other Party at least sixty (60) days prior written notice of its intent not to renew this Agreement. The Initial Term, together with any applicable Renewal Terms, shall be referred to herein as the “Term”.

19.2. Either Party may terminate this Agreement with immediate effect if the other Party materially breaches this Agreement and such breach remains uncured fifty (50) days after having received written notice by the other Party thereof. The written notice will give full details of the material breach, state that the other Party must remedy the material breach and failure to do so within fifty (50) days following receipt of the written notice may give rise to termination under Section 19.2.

19.3. The Customer may terminate this Agreement with immediate effect if the Customer identifies any material and fundamental failures in the Platform against the Customer’s security requirements upon receiving the results of the Company’s penetration testing on the Platform as set out in Section 7.6.1 and the Company fails to cure such material and fundamental failure for thirty (30) days after having received written notice by the Customer thereof. The written notice will give details of the material and fundamental failure, state that the Company must remedy the material and fundamental failure and failure to do so within thirty (30) days following receipt of the written notice may give rise to termination under this Section 19.3. Upon termination of this Agreement under this Section 19.3, the Company shall not be required to provide any refund to the Customer.

19.4. In the event that: (i) either Party becomes liquidated, dissolved, bankrupt or insolvent, whether voluntarily or involuntarily, or shall take any action to be so declared, (ii) the Gibraltar Financial Services Commission (the “GFSC”) has required the Customer to terminate this Agreement (as demonstrated by sufficient and authentic evidence), (iii) the other Party assigns or transfers this Agreement or any of its rights or obligations under this Agreement, without prior written approval (not to be unreasonably withheld), except as permitted under Section 22 below, (iv) it or its legal counsel has reasonably determined that its continued performance hereunder will or is likely to violate Applicable Laws, including but not limited to economic and trade sanctions, either Party shall have the right to immediately terminate

this Agreement. In the event either Party terminates this Agreement pursuant to the prior sentence, it will, to the extent permitted by law, give the other Party as much notice as practicable.

19.5. Upon termination or expiration of this Agreement: (i) Company will cease from providing the Services hereunder, the licenses granted under this Agreement shall expire, and Customer shall discontinue all further use of the Platform; (ii) Customer shall upon written request from the Company permanently delete all copies of the Documentation in Customer’s or any of its representatives’ possession or control; (iii) the Company shall upon written request from the Customer destroy all Customer Data and Service Results in its possession or control (other than data that the recipient is required to retain by law, regulation or governmental order); (iv) the receiving Party shall immediately return and/or permanently delete (as instructed by the disclosing Party) the Confidential Information, other than data that the recipient is required to retain by law, regulation or governmental order; and (v) any sums paid by the Customer until the date of termination are non-refundable, and Customer shall not be relieved of its duty to discharge in full all due sums owed by the Customer to Company under this Agreement until the date of termination or expiration hereof, which sums shall become immediately due and payable on the date of termination or expiration of the Agreement. The provisions of this Agreement that, by their nature and content, must survive the termination of this Agreement in order to achieve the fundamental purposes of this Agreement shall so survive. Termination of this Agreement shall not limit either Party from pursuing any other remedies available to it under Applicable Law. Termination of this Agreement does not affect a Party’s accrued rights and obligations at the effective date of termination.

19.6. Subject to payment of the Company’s then-current professional fees, the Company shall during the Transition Period (i) continue to provide the Services to the Customer without interruption or adverse effect as requested by the Customer; (ii) as soon as possible and within the first fourteen (14) days of the Transition Period cooperate with the Customer to develop and provide a transition plan in accordance with the exit strategy phase of the Customer’s outsourcing policy for an orderly transition on termination that includes, among other things, a transition timeline and particulars of the resources to be assigned to implement the transition plan; and (iii) cooperate with the Customer and the Customer’s replacement service provider to provide termination assistance services and facilitate an orderly transition of Services following the termination of this Agreement. “Transition Period” means the period beginning upon a notice of termination or expiration of this Agreement, and ending at a time agreed between the parties.

9

20. Data Protection And Security.

20.1. For the purposes of this Section 20, the terms “personal data”, “process”, “processing”, “data controller”, “data subject” and “personal data breach” shall have the meaning given to them in the General Data Protection Regulation (EU) 2016/679 (the “GDPR”).

20.2. The parties acknowledge and agree that each Party may process personal data (in connection with the arrangements envisaged in this Agreement and the Purchase Order (in this Section 20, the “Relevant Data”).

20.3. Each Party agrees that it shall comply (and ensure that each of its subcontractors complies) with any applicable data protection laws when carrying out any processing.

20.4. The Company shall: (i) (except as required by Applicable Laws) only process the Relevant Data as reasonably necessary to provide the Service and otherwise perform its obligations under the Agreement and the Purchase Order; (ii) notify the Customer as soon as possible, and in any case within forty eight (48) hours, in writing if it becomes aware of, or suspects the occurrence of, any personal data breach in relation to the Relevant Data and give the Customer, its Affiliates and any Permitted Users such information, assistance and co-operation as they reasonably require to enable it to address a personal data breach, including mitigating any adverse consequences for data subjects; (iii) notify the Customer in writing if it receives any communication from a data subject, the office of a supervisory authority, or another data protection authority seeking to exercise its rights under, or alleging or proposing to investigate an allegation of breach of, Applicable Laws (including applicable Data Protection Laws) in relation to the Relevant Data and give the Customer, its Affiliates and any Permitted Users such information, assistance and co-operation as they reasonably require to enable the Customer, its Affiliates and any Permitted Users to comply with their obligations under Applicable Laws (including data protection laws) to respond to such a communication; (iv) not make any public announcement about an actual or suspected personal data breach, any actual or threatened investigation by a supervisory authority, any communication received from a supervisory authority or data subject or any actual or suspected breach of Applicable Laws (including data protection laws), without the prior written consent of the other Party, excluding notices to applicable authorities and/or data subject as required by Applicable Laws; and (v) at all times keep all Relevant Data secure by implementing appropriate technical and organisational security measures.

21. Business Continuity And Disaster Recovery.

21.1. For the Term, the Company shall maintain business continuity and disaster recovery plans in respect of the Services and the arrangements envisaged under this Agreement (“Business Continuity Plans”). [***] The Company shall ensure that its Business Continuity Plans are comprehensive, adequate and designed to maintain and restore any affected operations

with as little impact as practically possible (including in relation to the Services), and that they meet the requirements of Applicable Laws and regulatory authorities. The Company shall test the adequacy of its Business Continuity Plan (at least annually) and, on reasonable written request of the Customer, the Company shall advise the Customer of the outcome of such tests. The Company shall ensure that its personnel, and shall use its commercially reasonable efforts to ensure that its contractors, comply with the Business Continuity Plans, if activated. [***]

21.2. Following the occurrence of a disaster or the occurrence of an event beyond a Party’s reasonable control, which may include without limitation denial-of-service attacks, strikes, shortages, riots, insurrection, fires, flood, storm, explosions, acts of God, war, terrorism, governmental action, labor conditions, earthquakes and material shortages (a “Force Majeure Event”): (i) the Company shall implement the Business Continuity Plans if and as applicable and shall continue to provide the Services to the extent it is not affected by the disaster or Force Majeure Event in accordance with the provisions of this Agreement and the Purchase Order; (ii) in respect of the relevant Service which is affected by the disaster or Force Majeure Event, the Company shall continue to provide such Service in accordance with this Agreement and the Purchase Order to the extent reasonably practicable and otherwise recover such Service in accordance with the applicable Business Continuity Plans; and (iii) each relevant Affiliate shall comply with all reasonable obligations given to it in the event the Company has provided written notice of any such obligations and those obligations are equally applicable to (and carried out by) the Company’s Affiliates also affected by the disaster or Force Majeure Event.

22. Miscellaneous. This Agreement represents the complete agreement concerning the subject matter hereof and supersedes any prior agreements, proposals and understandings about the same subject. This Agreement may be amended only by a written agreement executed by both Parties. The failure of either Party to enforce any rights granted hereunder or to take action against the other Party in the event of any breach hereunder shall not be deemed a waiver by that Party as to subsequent enforcement of rights or subsequent actions in the event of future breaches. All rights and remedies of the parties under this Agreement are cumulative and the exercise of one remedy will not exclude election of other remedies. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. Neither Party may assign its rights or obligations under this Agreement, in whole or in part, without the prior written consent of the other Party not to be unreasonably withheld. Notwithstanding

10

the foregoing, either Party may assign this Agreement without the consent of the other to any of its Affiliates or in connection with any merger (by operation of law or otherwise), consolidation, reorganization, change in control or sale of all or substantially all of its assets related to this Agreement or similar transaction. Any notice, consent, or other communication intended to have legal effect hereunder will be in writing, and will be given personally, email or sent via overnight delivery requiring signature upon receipt to the relevant Party at the address for such Party indicated on the Purchase Order (or such other address as provided by that Party). Notices will be deemed given when delivered or refused. Operational communications, such as changing a Party’s notice address, may be given via email with not less than ten (10) days’ prior written notice of change of notice address. This Agreement shall be governed by and construed under the laws of the State of New York, without reference to principles and laws relating to the conflict of laws. The competent federal or state courts located in New York shall have the exclusive jurisdiction with respect to any

dispute and action arising under or in relation to this Agreement. This Agreement does not, and shall not be construed to create any relationship, partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between the Parties. Either Party will not be liable for any delay or failure to provide the Services or perform any of its obligations under this Agreement resulting from circumstances or causes beyond the reasonable control of the Company (i.e., Force Majeure Events), provided that the affected Party takes commercially reasonable steps to mitigate the effect of such event and resume performance. This Agreement may be executed in electronic counterparts, each of which counterpart, when so executed and delivered, shall be deemed to be an original and all of which counterparts, taken together, shall constitute but one and the same instrument.

* * * * * * * *

IN WITNESS HEREOF, the Parties have executed this Agreement by their duly authorized representatives, rendering this Agreement effective as of the Effective Date.

Company		Customer
Solidus Labs, Inc.		B1 (Gibraltar) Limited
By:	/s/ Asaf Meir	By:	/s/ Maxim Nam-Storm
Name: Asaf Meir		Name: MAXIM NAM-STORM
Title: CEO		Title: Director
Signature: Asaf Meir		Signature: MAXIM NAM-STORM

11

EXHIBIT A

SOLIDUS’ PROPOSAL

12

BUSINESS PROPOSAL

SOLIDUS LABS

• Prepared For: [***]

• Date: September 16th, 2020

• Version: V6

• Pricing & Terms Expire On: September 30, 2020

CONFIDENTIALITY

This Proposal and all information contained herein, as well as information gathered in, subsequent meetings or conversations related to this project, is confidential and the exclusive property of Solidus Labs Inc., and is to be used solely for the process of selecting a vendor for this particular project.

EXECUTIVE SUMMARY & INTRODUCTION

The financial and reputational damage caused when market manipulation is exposed can be irreparable. Solidus Labs keeps your business in touch with all suspicious accounts’ transactional and trading activity at all times.

Dear [***]

Thank you for allowing Solidus Labs the opportunity to submit a proposal for addressing your current compliance requirements. We appreciate your consideration, and believe that we are uniquely qualified to provide you with the most robust and efficient solution in the marketplace.

Founded by experienced Goldman Sachs FinTech engineers, Solidus Labs brings 30 years of finance and compliance experience into its crypto-native solutions. The firm’s award-winning market surveillance products have been developed in close collaboration with regulators, SRO’s, and FIs around the world in order to detect, investigate and prevent market abuse, manipulation and insider trading in digital assets.

With an install base at more than 30 global sites, we continuously invest in research and development. Solidus Labs is a stable, scalable, and extensible compliance cloud platform. Battle-tested with numerous crypto market participants, including exchanges, regulators, broker-dealers, OTC desks, and asset management firms.

Due to Solidus’ modular approach we can offer an initial monitoring solution that addresses immediate compliance requirements, and empowers you to add functionalities as your business grows. Below you will find additional details relating to the proposed solution.

Our company culture and products attract the industry’s top talent, to form a team of experienced professionals dedicated to customer success., We stand ready to provide expert support and services to our client base during and after the platform implementation.

We look forward to working with you and the entire block.one team!

Sincerely,

Asaf Meir - CEO - Solidus Labs.

The Solidus Labs Difference

Accomplish more with Solidus - by partnering with Solidus Labs, our clients are assured of a solution that leverages their existing policies to improve processes and procedures and introduce best practices. With Solidus Labs, you can:

• Reduce the risk of regulatory breaches, reputational damage, and financial penalties

• Detect and prevent regulatory violations using a single, web-based application

• Implement automated pre-approval and review processes across your organization

• Save time and resources by streamlining compliance processes and workflows

• Achieve a paperless compliance process

• Evaluate, track, and log accounts and user activities and risk levels

• Create a user-friendly compliance management system for all end-users

Why Choose Solidus Labs:

Crypto Native - Solidus Labs was built from the ground up for the unique challenges of digital assets and the ever-evolving regulatory landscape. Solidus Labs’ “crypto-native” approach, combined with traditional surveillance experience offers a superior solution for this asset class, significantly reducing the need for expensive adaptations, calibration and maintenance, and much more effectively and precisely detecting market abuse in digital assets.

Deep Integration - Fully integrate trading systems, open-order systems, KYC/AML process, point solutions, KYT/Blockchain analytics feeds, and research systems.

Entrepreneurial Spirit - We combine the experience and capabilities of a larger company with the agility and flexibility of a smaller enterprise - continuously investing in and developing our software.

Evolving Software - Continuous releases/updates each quarter, delivering a comprehensive, user-defined roadmap.

Behavioral based detection models - Best practices from conventional asset surveillance, including a rule-based detection layer, commonly known alerts and workflows, have been considered against the unique challenges posed by digital assets, and ultimately augmented with machine learning, cloud, crypto-native infrastructure and other state-of-the-art technologies to build a solution tailored for digital assets.

Completely Configurable and Hierarchical - Solidus Labs provides the highest level of configurability - apply different rule sets by region, jurisdiction, job function, and more.

Robust Case Management - A suite with near limitless management information availability, both data driven and graphical. Solidus Labs is considered to have the most flexible, elegant, and comprehensive case management in the market.

Hosting Agnostic – Solidus Labs can host in either Asia, EU or US, or we can provide a client-hosted option.

[***]

• [***]

• [***]

• [***]

• [***]

• [***]

Product Pricing

Licensed Software Modules	Client’s Needs: *custom work for B1 use-cases	Annual License Fee
Crypto Native Alerts Behavioral-based accounts alerts. Transaction monitoring.	Deposits and withdrawals data ingestion Wallet monitoring alerts Transaction Monitoring alerts: Account Takeovers Irregular activity Rapid Movement Funds Structuring Dormant Accounts, Customer Profile deviation	[***]
Third Party Integrations Integrate internal existing processes or different point-solutions to have a broader picture at Solidus Labs	Chainalysis integration Thresholds configuration on Chainalysis Real-time deposit withdrawal alerts from Chainalysis output [***] [***] Workflow support for transaction approval and blocking Field state change made available via Solidus API [***] Additional data enrichment on Single Customer View - customer segmentation, account information	[***]
Unified Case Management Investigate, collaborate, escalate, resolve, and move between cases easily	Entire Module Case Management Approval and False Positive workflow Single Customer View Transaction history and trends Role management and access control Ability to view eKYC documents [***] Custom workflow support for customer profile management - flagging and monitoring Customer blacklist management Role management support for elevated permissions on transactions (funding, releasing) FATCA/CRS questionnaire integration in Solidus Dashboard User Generated Reports - Daily Case Report, Weekly Productivity Report, and Monthly Summary Report	[***]
Market Surveillance (MS) Trade Surveillance for Market Abuse, Manipulation and Insider Trading. *Up to [***] per year;	NA	NA
Client Onboarding Client onboarding workflows integration and management; *Up to [***]	NA	NA
Total License & Features Fees:		[***]

*Additional Events Volume Fee

Market Surveillance (MS) - [***]

Volume Discount - [***]

Example:

• [***]

• [***]

• [***]

Redacted text

Client Onboarding - [***]

Volume Discount - [***]

[***]

• [***]

• [***]

• [***]

Redacted text

Payment Schedule

Solidus Cloud Platform	Annual Fee	Invoice Schedule	Comments
Year 1	[***]	Contract effective date will be the license effective date : 10/01/2020. Amount due:	[***]
		%50 of annual fee + Implementation Fee + %50 of annual SLA Fee
		03/01/2021 50% of annual fee + %50 of annual SLA Fee
Year 2	[***]	09/01/2021: 50% of annual fee + %50 of annual SLA Fee
		03/01/2022 50% of annual fee + %50 of annual SLA Fee
Additional Trading Activities	Volume	Annual Fee	Comments
Year 1	NA	NA
Year 2	TBD	TBD
[***]
Support & SLA	Plan	Annual Fee	Comments
Year 1	Standard	[***]
Year 2	Standard	[***]
Fee Schedule	Platform Fee	SLA Fee	Total
Year 1	[***]	[***]	[***]
Year 2	[***]	[***]	[***]

Suggested Schedule Statement Of Work. Additional Discovery and Scoping is Needed. Dedicated account resources: 2 engineers, 1 support engineer, 1 account manager.

Onboarding Steps	Details	Timeline
1) Phase 1 Requirement Analysis and Documentation
(i) Phase 1 kickoff	Block.One and Solidus Labs teams assigned to the project kick off phase 1
(ii) Transaction Monitoring	Client payment transfer activity schemas, sample files, API specs are discussed and documented
(iii) Chainalysis Alerts Workflow	Alerting scope, thresholds and workflow is discussed and documented. Mechanism of API calls and output are agreed.
(iv) Roles and Responsibilities	User Roles, hierarchies and permissions are discussed and documented. Additional customizations to support specific workflows are documented.	Day 30
(v) Case Management	Solidus Labs out of the box features case management features are discussed for phase 1 - user generated reports, single customer view.
(vi) Phase 1 Scope Agreement	Overall Phase 1 scope is reviewed and agreed with Block.One.
2) Development and Data Integration
(i) Transaction Monitoring Integration	Client: Map payment transfer (fiat deposit/withdrawal) data to Solidus provided schema; Set up automated data transfer process; Solidus: Set up data transfer API accounts; Set up data ingestion process; Jointly: Resolve field mapping and validation issues; test data integration;
(ii) Chainalysis API Integrations	Setup API calls and integration with case management and custom workflow.
(iii) Roles and Responsibilities	Implement and customize additional roles and hierarchies in the Dashboard.	Day 60
(iv) Case Management	Showcase transaction data on UGR and Single customer view. Adjustments and customizations based on the data if necessary.
(v) Model Validation	Setup Transaction Monitoring models and parameters for Block.One transactions data.
3) Environment setup and QA/UAT
(i) Transaction Monitoring	Set up Payment transfer data processing capacity; Set up Transaction Monitoring Case Management workflow; UAT test, train, and tune Transaction Monitoring alert typologies;	Day 90
(ii) Environment Set up	Set up Production environment in client’s geographical region; Create Users and team in Dashboard;

(iii) User Training	Training for user of Solidus Labs Dashboard
(iv) Alerts and Workflow Testing	Solidus Labs performs QA and sets up Block.One users for UAT testing. Adjustments and fixes are made per testing results.
4) Production Implementation
(i) Transaction Monitoring	Phased activation of Transaction Monitoring alert typologies;	Day 120
5) First Quarterly Business Review (QBR)	1. Review SOW performance 2. Collect end-user feedback 3. Define account KPIs for next Q	Post Implementation
Interphase	Time allowance in order to assess any gaps, spillover, unexpected incoming work, bugs, stability, code quality and testing.	30 days
Onboarding Steps	Details	Timeline
1) Phase 2 Requirement Analysis and Documentation
(i) Phase 2 kickoff	Block.One and Solidus Labs teams assigned to the project kick off phase 2
(ii) PII Handling and Update Workflow	Block.One requirements for PII handling and updates are discussed and documented
(iii) [***] Alerts Workflow	Alerting scope, thresholds and workflow is discussed and documented. Mechanism of API calls and output are agreed.
(iv) Custom Workflow	Custom workflow with field status change is discussed and documented.
(v) Customer Profile Update workflow	Customer profile update requirements are discusses - customer segmentation, riskscore,peergrouping,blacklist,flagging
[***]	[***]	Day 30
(vii) Roles and Responsibilities	User Roles, hierarchies and permissions are discussed and documented. Additional customizations to support specific workflow is documented.
(viiii) Case Management Customizations	Additional state transitions and approval layers are discussed and documented - funding, releasing transactions
(ix) FATCA/CRS Questionnaire	FATCA/CRS questionnaire review functionality is documented.

(x) Phase 2 Scope Agreement	Overall Phase 2 scope is reviewed and agreed with Block.One.
2) Development and Data Integration
(i) [***] Integration and Alerting	Solidus: Integrate with [***] using client keys; Ingest output into internal schema; configure alerts and setup thresholds.
(ii) Custom Workflow Support	Solidus: Implement custom workflow in the Dashboard. Customer profile and case management. FATCA/CRS and document review. Blocking, funding, blacklist management. Block.One: provide API endpoints for fetching and updating customer profile and PII storage and update	Day 60
(iii) Roles and Responsibilities	Implement and customize additional roles and hierarchies in the Dashboard.
[***]	[***]
3) Environment setup and QA/UAT
(i) [***] Integration	Setup API call capacity; Setup Case Management workflow; UAT test, train, and tune alert typologies and thresholds;
(ii) Environment Setup	Set up additional services in Production environment; Create Users and team in and permissions setup for the new workflow in Dashboard;	Day 90
(iii) User Training	Training for user of Solidus Labs Dashboard
(iv) Alerts and Workflow Testing	Solidus Labs performs QA and sets up Block.One users for UAT testing. Adjustments and fixes are made per testing results.
4) Production Implementation
(i) Go-live	Activation of new alerts and workflow into production	Day 120
5) First Quarterly Business Review (QBR)	1. Review SOW performance 2. Collect end-user feedback 3. Define account KPIs for next Q	Post Implementation

Support & Service Level Agreement Fee

Support & SLA Criteria	Standard	Standard Plus	Premium	Premium Plus
Hour xDays	9 x 5	12 x 5	12 x 7	24 x 7
Time Zones	EST / GMT /HKT	EST / GMT /HKT	EST / GMT / HKT	EST / GMT / HKT
Focal point	Desk Support	Desk Support	Desk Support	Account Manager
Email Support	X	X	X	X
Phone Support			X	X
Language	English	English	English	English
	Severity 1: < 3 hrs.	Severity 1: < 2 hrs.	Severity 1: < 2 hrs.	Severity 1: < 1 hrs.
Guaranteed	Severity 2: < 10hrs.	Severity 2: <5 hrs.	Severity 2: <5hrs.	Severity 2: < 3hrs.
Response Times	Severity 3: < 36 hrs.	Severity 3: < 24 hrs.	Severity 3: < 24 hrs.	Severity 3: < 12 hrs.
	Severity 4: None	Severity 4: None	Severity 4: None	Severity 4: None
Guaranteed Service Level	[***]	[***]	[***]	[***]
% of Platform Fee*	[***]	[***]	[***]	[***]
Selected Option	[***]	[***]	[***]	[***]

Service Level Availability (SLA); Credits

Solidus Labs will use commercially reasonable efforts to strive to maintain Services Availability 24 hours a day, 7 days a week, other than downtime for scheduled maintenance or critical bug fixes. Solidus Labs will strive to give Customer advance notice of any impending downtime 48 hours in advance or, if not possible, as much advance notice as possible, and will strive to perform scheduled maintenance during non-peak hours based on EST - Eastern Standard Time. Solidus Labs cannot and will not be responsible or liable in any manner for any downtime or disruptions or difficulties in accessing the Services that are caused or initiated by its hosting provider or by any other third party, including internet service providers, internet network providers, or cellular networks. Credits will be applied to Service downtime (yearly accumulation ). Any planned downtime or downtime resulting from an Error or Customer maintenance request will not be taken into account for downtime calculation. Credits will be applied against future payments and are the sole remedy for Services downtime.

Annual Accumulation of Service Down Time	Applied Credits	Calculated SLA
[***]	[***]	[***]
[***]	[***]	[***]
[***]	[***]	[***]
[***]	[***]	[***]
[***]	[***]	[***]
[***]	[***]	[***]

SEVERITY DEFINITIONS:

Severity 1: Production server or other mission-critical system(s) are down and no workaround is immediately available. Substantial loss of service. All users/customers cannot use the system and require Solidus to have dedicated resources available to work on the issue on an ongoing basis during contractual hours.

Severity 2: Major functionality is severely impaired. Operations can continue in a restricted fashion, although long-term productivity might be adversely affected. A large number of users/customers are affected. A temporary workaround is available.

Severity 3: Partial, non-critical loss of functionality of the software. Impaired operations of some flows, but allows the user to continue using the software. Main workflow and service to users and customers are not affected.

Severity 4: General usage questions. Cosmetic issues, including errors in the documentation.

EXHIBIT B

SOLIDUS PURCHASE ORDER

This Purchase Order (this “Purchase Order”) is made as of October1st 2020 (the “Effective Date”) by and between Solidus Labs, Inc., a New York corporation having its place of business at 26 Broadway, 8th Floor, New York, NY 10004, on behalf of itself and its affiliates (“Solidus”) and B1 (Gibraltar) Limited, a private corporation limited by shares having its place of business at Suite 23, Portland House, Glacis Road, Gibraltar (“Customer”), pursuant to that Solidus License Agreement dated October 1st 2020 (“Agreement”).

Terms not defined herein shall have the meaning ascribed thereto in the Agreement.

The Parties agree as follows:

1. Platform: As described in Exhibit A (Proposal).

2. Number of Login Credentials: 5

3. Purchase Order Term:

4. Pricing:

• License fee shall be [***]

• The pricing model specified in Exhibit A (the Proposal) shall apply.

5. Payment terms: The License Fee and SLA Fee for Year 1 shall be invoiced in two equal installments on a semi-annual basis commencing on October 1, 2020 and due within thirty (15) days from the invoice date, and the License Fee and SLA Fee for Year 2 shall be invoiced in two equal installments on a semi-annual basis commencing on October 1, 2021 and due within thirty (15) days from the invoice date. The Implementation Fee will be added to the first invoice for Year 1.

6. Support and maintenance: As described and outlined in Exhibit A.

In the event of any conflicting provisions between this Purchase Order and the Agreement (including Exhibit A), the provisions of this Purchase Order shall prevail.    

Solidus Labs, Inc.		B1 (Gibraltar) Limited
By:	/s/ Asaf Meir	By:	/s/ Maxim Nam-Storm
Name:	Asaf Meir	Name:	MAXIM NAM-STORM
Title:	CEO	Title:	Director
Date:	25 September 2020	Date:	25 September 2020

13

EXHIBIT C

INFORMATION SCHEDULE

1. DEFINITIONS

1.1 For the purposes of this Exhibit and unless the context provides otherwise, capitalized terms used shall have the meanings given below:

“Access” means with respect to the Company Personnel, actual access to any Customer premises, systems, Customer Data or other information, property or assets of Customer or its Affiliates, whether by physical presence or by any electronic means;

“Company Personnel” means all officers, employees, staff, other workers, agents, contractors and consultants of the Company or any Permitted Sub-Contractor who are engaged in the provision of the Service from time to time;

“Customer Confidential Information” means the Confidential Information belonging to the Customer or its Affiliates;    

[***]

“Permitted Sub-Contractor” means any subcontractor (including an Affiliate of Company) to whom the Company is permitted to subcontract any material part of the Service in accordance with this Agreement; and

“Security Incident” shall mean any actual, suspected or threatened incident of accidental, unauthorized or unlawful access to, acquisition, processing, use or disclosure of or any theft, loss of or damage to or alteration or destruction of Customer Data or other information belonging to any other person in connection with the Agreement.

2. PERMITTED PURPOSE & GENERAL SECURITY OBLIGATIONS

2.1 The Company has implemented and shall maintain a written information security program that includes policies and procedures that contain administrative, technical, and physical safeguards that are appropriate to its size and complexity, the nature and scope of its activities, and the sensitivity of Customer Data and shall otherwise comply in all respects with the Customer’s information security requirements set forth in this Exhibit. Such safeguards shall be reasonably designed to (i) ensure the security and confidentiality of Customer Data; (ii) protect against any anticipated threats or hazards to the security or integrity of Customer Data; and (iii) protect against unauthorized access to or use of Customer Data that could result in substantial harm or inconvenience to any person. Except as expressly authorized under the Agreement, the Company shall only Access, collect, use, store, and transmit the Customer Data as permitted under Applicable Law for the purpose of providing the Service (“Permitted Purpose”).

2.2 At all times, the Company shall, and shall cause the Company Personnel to, perform the Service and operate and maintain the Company Service delivery facilities and systems with the highest level of care, skill and diligence in accordance with: (i) best industry practice; (ii) all Applicable Laws; (iii) the terms of the Agreement including the security requirements set out or referred to in this Exhibit; and (iv) the controls set forth in the Company’s Statement on Standards for Attestation Engagements (SSAE) No. 18 audit reports for Reporting on Controls at a Service Organization, Service Organization Controls (SOC) Type 1, 2, or 3 audit reports (together the “Security Standards”).

2.3 The Company shall obtain SOC Type 1 certification by no later than [***] and SOC Type 2 certification by [***] and promptly provide the Customer with a copy of each certification upon receipt.

3. SECURITY REVIEW PROCESS

Upon the Customer’s request, to confirm the Company’s compliance with the Agreement and Security Standards, the Company shall promptly and accurately complete a written information security questionnaire provided by the Customer, or a third party on the Customer’s behalf, regarding the Company’s business practices and information technology environment in relation to the Service being provided by the Company pursuant to the Agreement and the Company shall fully cooperate with such inquiries. The Company shall, provide evidence of an industry standard review process satisfactory to the Customer (such as the SFG Shared Assessment SIG, Cloud Security Alliance CAIQ, SSAE 18 SOC).

14

4. SYSTEM, INFRASTRUCTURE & PHYSICAL SECURITY

4.1 The Company shall provide and shall procure that any Permitted Sub-Contractors shall provide a secure environment implementing security measures meeting or exceeding the Security Standards.

4.2 The Company and any Permitted Sub-Contractor must ensure and demonstrate separation between customers to the Customer’s satisfaction and must encrypt stored and transmitted Customer Data. The key should be specific to the Customer, and must not be known to or shared with other customers or tenants or any other third parties.

5. ACCESS CONTROLS; AUTHENTICATION & ENCRYPTION

5.1 The Company shall restrict Access to only Company Personnel with a “need-to-know” for a Permitted Purpose and shall not, and shall ensure that the Company Personnel do not, Access, use, modify, copy, delete, distribute, publish, communicate, restore or store Customer Data in the Company’s possession or control (or in possession of any Affiliate of the Company or any Company Personnel), or attempt to do or allow any entity or individual to do any of the foregoing, except as expressly authorized in this Agreement or in writing by the Customer. The Company will regularly review (at least once every ninety (90) days) the list of Company Personnel with Access and remove accounts for which Access is no longer necessary. The Customer reserves the right to refuse any of the Company Personnel Access, which shall only be given to the extent necessary for such individual to perform his or her role as part of the Service.

5.2 The Company shall prohibit and prevent any person who does not have the specific authorization by the Customer from carrying out any of the acts specified in paragraph 5.1.

5.3 The Company shall use Multi-Factor Authentication, or such other type of authentication satisfactory to the Customer, to protect against unauthorized access to any of its systems on which Customer Data is located or stored.    

5.4 The Company shall implement controls, including encryption, or such other type of controls satisfactory to the Customer, to protect Customer Data held or transmitted by the Company both in transit over external networks and at rest.

6. COMPANY PERSONNEL; SECURITY AWARENESS TRAINING

6.1 Company Personnel shall be qualified to perform their duties and to oversee the Company’s compliance with the Security Standards and other obligations set forth in this Exhibit.

6.2 The Company shall have designated a qualified individual responsible for overseeing and implementing its information security program and enforcing its policies and procedures thereunder.

6.3 The Company shall ensure that all Company Personnel receive up to date security awareness training appropriate to their job function and that annual security awareness training is performed requiring Company Personnel to acknowledge that they have read and understood the Company’s security standards and procedures.

7. REQUIRED BACKGROUND CHECKS

The Company shall ensure that all Company Personnel who have access to the Customer Data, have passed background verification checks (including cyber security, criminal and financial reviews) and, in respect of Permitted Sub-Contractor personnel, the Company shall either obtain certification from the Permitted Sub-Contractor that a background verification check (including a cyber security, criminal and financial background review) for an individual who will have Access, has been satisfactorily completed by a reputable search firm or that the Company will require that such checks be conducted for any such individual prior to Access being provided.

8. EXCHANGE OF INFORMATION

8.1 The Company shall have policies, procedures and controls in place to protect Customer Data and information exchanged through any communication channel to ensure compliance with the Security Standards.

8.2 [***]

15

8.3 Without prejudice to paragraph 8.2, the Company shall ensure that all electronic messaging systems enforce adequate safeguards to protect emails in transit and storage. Cryptographic solutions must be in place to guarantee the confidentiality and integrity of data sent by email.    

9. RISK ASSESSMENT; TESTING

9.1 [***]

9.2 The Company shall regularly test its security systems and processes to ensure they meet the requirements of the Security Standards and will provide summary evidence of such testing to the Customer upon request.

9.3 In addition, scanning of the Company’s service delivery facilities and systems will be performed to verify that no security weaknesses are introduced by any changes to systems or system configurations and any identified vulnerabilities managed.

9.4 The Company shall design and implement information safeguards to control the risks identified through the risk assessment and shall evaluate and adjust its information security program and the Security Standards in light of the results of testing.

10. MEDIA STORAGE & INFORMATION BACK-UP

10.1 Customer Data may not be stored on portable devices including laptops, Personal Digital Assistants, smartphones, MP3 devices, and USB devices unless the Customer Data on the portable device is encrypted and secured from unauthorized access. Customer Data, if stored in non-electronic formats, must be stored in locked cabinets with appropriate physical security access controls.

10.2 The Company shall regularly and securely back-up Customer Data in accordance with a defined back-up policy and shall store all back-ups of Customer Data and information in a secure offsite location with suitable environmental controls including fire and flood protection.

11. MONITORING

11.1 The Company shall have procedures in place for monitoring the processing of Customer Data and information at the Company’s service delivery facilities and systems and shall report all suspicious activity to the Customer promptly including through the use of automated reporting processes, as set forth in the Security Standards.

11.2 Without prejudice to the generality of paragraph 11.1, the Company shall implement detection, prevention, and recovery controls to protect against malicious software, which is no less than current industry best practice and perform appropriate Company Personnel training on the prevention and detection of malicious software.

12. SECURITY INCIDENTS

12.1 The Company shall have documented procedures in place for the management of a Security Incident. In the event of a Security Incident the Company shall (without prejudice to the Customer’s other rights and remedies): (A) notify the Customer [***] of all Security Incidents in accordance with paragraph 12.2, and in each case such notice shall include details of the circumstances of the Security Incident, including: (i) the timing and nature of the Security Incident; (ii) the information, the subject of the Security Incident and the extent to which is was compromised; (iii) when the Security Incident was discovered; (B) take all steps necessary to investigate and remedy the circumstances that led to the Security Incident as well as to cure the Security Incident itself, such steps to include consultation with the Customer’s internal security team; and (C) fully cooperate with the Customer with respect to the Customer’s (or Customer’s representative’s) investigation of the Security Incident and the Customer’s actions in response to the consequences thereof, including, as applicable, providing notices of such Security Incident to affected persons.

12.2 The Company’s notice in accordance with clause 12.1 shall be given to the Customer by email at [***]

16

13. AUDIT

13.1 The Company shall periodically conduct site audits of the information technology and information security controls for all facilities and systems used in complying with its obligations under the Agreement, including obtaining a network-level vulnerability assessment performed by a recognized third-party audit firm based on recognized industry best practices. Upon the Customer’s written request, the Company shall make available to the Customer for review all of the following, as applicable: the Company’s Statement on Standards for Attestation Engagements (SSAE) No. 18 audit reports for Reporting on Controls at a Service Organization, Service Organization Controls (SOC) Type 1, 2, or 3 audit reports. The Company will promptly address any exceptions noted on the SOC reports, or other audit reports, with the development and implementation of a corrective action plan by the Company’s management.

13.2 Notwithstanding the provisions of paragraph 13.1, the Customer shall be entitled to carry out such regular security audits as may be required in order to ensure that the Company maintains a system of information technology and information security controls in compliance with the principles and practices of the Security Standards generally.    

14. RETENTION & DISPOSAL

14.1 The Company shall retain Customer Data only for the purpose of, and only as long as is necessary for, the Permitted Purpose. The Company shall promptly (but within no more than 72 hours after the Customer’s request) return to the Customer and permanently and securely delete all Customer Data upon and in accordance with the Customer’s notice requiring return and/or deletion of the Customer Data.

14.2 If The Company is required by law to retain archival copies of Customer Data for regulatory purposes, this archived Customer Data must be encrypted where the system hosting or storing the encrypted file(s) does not have access to a copy of the key(s) used for encryption.    

15. SUBCONTRACTING

The Company is only permitted to subcontract to Permitted Sub-Contractors. Accordingly, the Company shall not use subcontractors in connection complying with its obligations under this Agreement (including its provision of the Service) without the Customer’s prior written approval. The Company shall ensure that any Permitted SubContractors and their personnel comply with this Agreement and the Security Standards, and the Company agrees that: (a) it is responsible and liable for the acts and omissions of any Permitted Sub-Contractors as if they were acts or omissions of the Company; and (b) it shall remain solely liable to Customer for the performance of the Company’s obligations under this Agreement, notwithstanding any use of Permitted Sub-Contractors.

17