Bitcoin Forum

Economy => Scam Accusations => Topic started by: foxymethoxy on September 19, 2025, 11:09:18 AM


Title: Winna is not provably fair (Server hash issues, lack of client seed agency)
Post by: foxymethoxy on September 19, 2025, 11:09:18 AM
Good evening Bitcointalk, as normal avenues have failed and the transcripts and conversations I've seen by Winna admins have been uninspiring, I am here to first lodge a complaint in our venerable community. Although you have seen better days, I believe this is a fitting place to post this accusation, as I have seen Bennett post here in reply to various topics, so he may well see mine, and perhaps then I will get a real answer or admittal.

My credibility: Some people in sections of the gambling community more adjacent to Stake may know me better as Ruby, of SealStats/formerly StakeStats. I have a background in cryptography and am sometimes sought out for my knowledge on this particular subject. I have received bug bounties from websites for pointing out issues similar to this in the past. I do not work off of feelings or off of belief, I make conclusions from facts. The fact of the matter is that I can't verify or substantiate Winna's claims to being provably fair.

If you cannot give me a good answer to this post, Bennett, you are not going to be able to brush it off this time; everyone else who has tried to fight you was not well informed enough to make a good point.

Core accusation: Winna does not provide an appropriate platform for provable fairness, and the scheme is not provably committed.
I am not accusing them of actually displacing or replacing bets, but I am accusing them of creating an environment where it is easily possible for them to do so.

I will try to explain what exactly is required in a provably fair system as well, so that if you correct your lossy algorithm, then maybe it can actually be provably fair, and not effectively 'trust me bro'.


How does Winna's provable fairness work?

Like other sites, an active server and client seed are used during bet generation, starting with a 0 nonce (number only used once) which iterates up with each non-zero bet.
   - It is important to note that the nonce does not increase on zero bets, ...but a bet result is given, in the api as well, not just in the UI. The result is different eery time. This implies that there is a calculation happening even[/b] without all the necessary parts of a provable bet[/b].

   - On any other site, zero bets and non-zero bets are identical, and both should iterate a nonce up, as the entropy is consumed. Whether psychology permits it or not, it should not matter if there is a value or not to the bet, in whether it's valid or skipped.

There is no mention of a cursor value, (aka round), which is the final part of the bet calculation in several games (notably card games, and multi-step games like tower or mines).  There are no formulas available to reverse or manually verify any bets. However, it is important to note that for the most part, these appear to be 1:1 Stake-style (hmac client:nonce:round) construction style algorithms, as they are in fact repeatable through typical verifiers. This is rather unusual, since it implies they do not realize what is actually important in a provable committment scheme, aka, the server seed provision as a hash to the player.

How is the server seeed handled?

Code:
ACTIVE CLIENT
e5ddc392815068901e5357368ec017d0
Code:
PREVIOUS CLIENT
e5ddc392815068901e5357368ec017d0

Code:
ACTIVE SERVER
a3d6af6b3b90ddfcc781a468891209ccf72d1903e55883f70d3aea8a80846343
Code:
UNHASHED SERVER
f6e72b075f6536f4b1f053ad8d19eafe


Here is a sample of some seeds which I just rotated. Note: You cannot rotate a seed at 0 nonce. You must make at least one bet; that is, a wager bet, as remember: zero bets do not iterate nonce up.

What is interesting to note is that the unhashed server seed is a 32 byte string
Code:
f6e72b075f6536f4b1f053ad8d19eafe
, which appears to be an MD5 hash. This is rather strange, it would be better and more appropriate to do the standard thing and use a SHA256/512 hash as the server seed. --- I wonder why they are generating such small values, and assigning them with client seeds that are pre-paired?

There is no way to enter in my own client seed- so I am stuck with a similarly weak MD5 hash, just 32 bytes of weak entropy..

So, regardless of that, what kind of algorithm has been used to hash the server seed, so that we can prove it's the same one they gave us beforehand?

Erm, well, about that...
I can't figure it out.
When asked, no one else could either. I even held a challenge in our discord, and prize was up to around $500 by the end, to just match the damn hash with a real algorithm. One guy tried so damn hard I gave him a consolation prize. I tried as str, I tried as bytes... I tried a lot of different ways. I gave it to a professional, who also couldn't do it. So what is the damn hash algorithm? Why should we trust Winna if we can't even trust the hash?

So far, I know that it's not any of these:
Code:
sha1:    				no match
sha224:    			no match
sha256:    			no match
sha384:    			no match
sha512:    			no match
sha3_224:    			no match
sha3_256:    			no match
sha3_384:    			no match
sha3_512:    			no match
md5:    				no match
blake2b:    			no match
blake2s:    			no match
shake_128_32:    		no match
shake_256_64:    		no match
ripemd160:    			no match
md4:    				no match
md2:    				no match
sha256_sha256:    		no match
sha256_sha512:    		no match
sha512_sha256:    		no match
sha3_384_sha3_224:    	no match
sha3_256_sha3_512:    	no match
sha3_512_sha3_256:    	no match
sha256_ripemd160:    	no match
md5_sha256:    		no match
sha256_md5:    		no match
sha1_sha256:    		no match
sha256_sha1:    		no match
sha512_sha3_512:    	no match
sha3_512_sha512:    	no match
blake2b_sha256:    		no match
sha256_blake2b:    		no match
sha256_sha3_256:    	no match
sha3_256_sha256:    	no match
sha256_sha3_512:    	no match
sha3_512_sha256:    	no match
sha256_sha3_224:    	no match
sha3_224_sha256:    	no match
sha256_sha3_384:    	no match
sha3_384_sha256:    	no match
sha256_blake2s:    		no match
blake2s_sha256:    		no match
sha256_md4:    		no match
md4_sha256:    		no match
pbkdf2_sha256_1000:    	no match
pbkdf2_sha512_1000:    	no match
pbkdf2_sha256_10000:     no match
pbkdf2_sha512_10000:     no match
CODE USED:


Code:
import hashlib
import Crypto.Hash.RIPEMD160 as ripemd

def detectHashAlgo(hexStr):
    b = bytes.fromhex(hexStr)
    hashes = {}

    # single hash funcs
    hashes['sha1'] = hashlib.sha1(b).hexdigest()
    hashes['sha224'] = hashlib.sha224(b).hexdigest()
    hashes['sha256'] = hashlib.sha256(b).hexdigest()
    hashes['sha384'] = hashlib.sha384(b).hexdigest()
    hashes['sha512'] = hashlib.sha512(b).hexdigest()
    hashes['sha3_224'] = hashlib.sha3_224(b).hexdigest()
    hashes['sha3_256'] = hashlib.sha3_256(b).hexdigest()
    hashes['sha3_384'] = hashlib.sha3_384(b).hexdigest()
    hashes['sha3_512'] = hashlib.sha3_512(b).hexdigest()
    hashes['md5'] = hashlib.md5(b).hexdigest()
    hashes['blake2b'] = hashlib.blake2b(b).hexdigest()
    hashes['blake2s'] = hashlib.blake2s(b).hexdigest()
    hashes['shake_128_32'] = hashlib.shake_128(b).hexdigest(32)
    hashes['shake_256_64'] = hashlib.shake_256(b).hexdigest(64)
    # extra algos
    try:
        hashes['ripemd160'] = ripemd.new(b).hexdigest()
    except Exception:
        hashes['ripemd160'] = None
    try:
        hashes['md4'] = hashlib.new('md4', b).hexdigest()
    except Exception:
        hashes['md4'] = None
    try:
        hashes['md2'] = hashlib.new('md2', b).hexdigest()
    except Exception:
        hashes['md2'] = None

    # combos
    hashes['sha256_sha256'] = hashlib.sha256(hashlib.sha256(b).digest()).hexdigest()
    hashes['sha256_sha512'] = hashlib.sha512(hashlib.sha256(b).digest()).hexdigest()
    hashes['sha512_sha256'] = hashlib.sha256(hashlib.sha512(b).digest()).hexdigest()
    hashes['sha3_384_sha3_224'] = hashlib.sha3_224(hashlib.sha3_384(b).digest()).hexdigest()
    hashes['sha3_256_sha3_512'] = hashlib.sha3_512(hashlib.sha3_256(b).digest()).hexdigest()
    hashes['sha3_512_sha3_256'] = hashlib.sha3_256(hashlib.sha3_512(b).digest()).hexdigest()
    hashes['sha256_ripemd160'] = None
    try:
        hashes['sha256_ripemd160'] = ripemd.new(hashlib.sha256(b).digest()).hexdigest()
    except Exception:
        pass
    hashes['md5_sha256'] = hashlib.sha256(hashlib.md5(b).digest()).hexdigest()
    hashes['sha256_md5'] = hashlib.md5(hashlib.sha256(b).digest()).hexdigest()
    hashes['sha1_sha256'] = hashlib.sha256(hashlib.sha1(b).digest()).hexdigest()
    hashes['sha256_sha1'] = hashlib.sha1(hashlib.sha256(b).digest()).hexdigest()
    hashes['sha512_sha3_512'] = hashlib.sha3_512(hashlib.sha512(b).digest()).hexdigest()
    hashes['sha3_512_sha512'] = hashlib.sha512(hashlib.sha3_512(b).digest()).hexdigest()
    hashes['blake2b_sha256'] = hashlib.sha256(hashlib.blake2b(b).digest()).hexdigest()
    hashes['sha256_blake2b'] = hashlib.blake2b(hashlib.sha256(b).digest()).hexdigest()
    hashes['sha256_sha3_256'] = hashlib.sha3_256(hashlib.sha256(b).digest()).hexdigest()
    hashes['sha3_256_sha256'] = hashlib.sha256(hashlib.sha3_256(b).digest()).hexdigest()
    hashes['sha256_sha3_512'] = hashlib.sha3_512(hashlib.sha256(b).digest()).hexdigest()
    hashes['sha3_512_sha256'] = hashlib.sha256(hashlib.sha3_512(b).digest()).hexdigest()
    hashes['sha256_sha3_224'] = hashlib.sha3_224(hashlib.sha256(b).digest()).hexdigest()
    hashes['sha3_224_sha256'] = hashlib.sha256(hashlib.sha3_224(b).digest()).hexdigest()
    hashes['sha256_sha3_384'] = hashlib.sha3_384(hashlib.sha256(b).digest()).hexdigest()
    hashes['sha3_384_sha256'] = hashlib.sha256(hashlib.sha3_384(b).digest()).hexdigest()
    hashes['sha256_blake2s'] = hashlib.blake2s(hashlib.sha256(b).digest()).hexdigest()
    hashes['blake2s_sha256'] = hashlib.sha256(hashlib.blake2s(b).digest()).hexdigest()
    hashes['sha256_md4'] = None
    try:
        hashes['sha256_md4'] = hashlib.new('md4', hashlib.sha256(b).digest()).hexdigest()
    except Exception:
        pass
    hashes['md4_sha256'] = None
    try:
        hashes['md4_sha256'] = hashlib.sha256(hashlib.new('md4', b).digest()).hexdigest()
    except Exception:
        pass

    # PBKDF2 combos
    try:
        hashes['pbkdf2_sha256_1000'] = hashlib.pbkdf2_hmac('sha256', b, b'salt', 1000).hex()
        hashes['pbkdf2_sha512_1000'] = hashlib.pbkdf2_hmac('sha512', b, b'salt', 1000).hex()
        hashes['pbkdf2_sha256_10000'] = hashlib.pbkdf2_hmac('sha256', b, b'salt', 10000).hex()
        hashes['pbkdf2_sha512_10000'] = hashlib.pbkdf2_hmac('sha512', b, b'salt', 10000).hex()
    except Exception:
        hashes['pbkdf2_sha256_1000'] = None
        hashes['pbkdf2_sha512_1000'] = None
        hashes['pbkdf2_sha256_10000'] = None
        hashes['pbkdf2_sha512_10000'] = None

    for algo, h in hashes.items():
        print(f'{algo}: {h}')
    for algo, h in hashes.items():
        if h == 'a3d6af6b3b90ddfcc781a468891209ccf72d1903e55883f70d3aea8a80846343':
            print(algo)
        else:
            print(f'{algo}: no match')

detectHashAlgo('e5ddc392815068901e5357368ec017d0')



This is a small portion and, in my opinion, the most obvious few flaws visible in Winna's claim to being provably fair. YES, Bennett, picking your own client seed DOES MATTER, it is the only thing that makes this fair at all!

As a short summary:

-- Winna's server seed hashing implementation is not provable, or provably fair.
-- Winna's zero-bet nonce disuse is suspicious and the code being used in the backend should be audited by a third party, as all steps are not externally repeatable.
-- Winna not allowing you to pick your own client seed is a clear violation of standard provable fairness practices.
-- Despite these issues, they still claim their system is fair, and provable. They are either ignorant or malicious; and when in doubt as far as casinos go, they should be assumed malicious.
-- Winna's laggy originals imply excessive processing in the backend, or highly unoptimized code.
-- Winna has ties to a recent rug, Heybets, which is clear from even minor snooping in the DNS and page designs/structure.
-- Some questionable affiliate practices which are not the core of this complaint.

I hope that a satisfactory answer can be given on this matter, because I would be happy to change my opinion on what appears to me to be very clever fraud. I'm sorry it took me so long to get this out, as I was planning on posting it months ago, at this point.

If you need someone to fix your system since apparently it's either broken and vibecoded or intentionally malicious. If the former, then I offer my services at cost, and you will never have this issue again. Feel free to contact me directly at ruby@stakestats.net, if you want to make this a professional discussion. If it was just broken, then I expect a bounty.

Additional seed pairs, tested from multiple different users as sources of different account generation:
https://docs.google.com/spreadsheets/d/10Bb7O0FUZoOi_npKMAdJqQQOSpsk98prA_c153LMEoc/edit?usp=sharing

I hope I am mistaken and simply overlooked something critical, but I await a reply from Winna. Thank you.

Title: Re: Winna is not provably fair (Server hash issues, lack of client seed agency)
Post by: foxymethoxy on September 26, 2025, 11:20:03 AM
Bumping.

Title: Re: Winna is not provably fair (Server hash issues, lack of client seed agency)
Post by: foxymethoxy on October 01, 2025, 08:27:47 AM
Quote from: SupItsJTTV on September 30, 2025, 07:02:53 AM
Hey just out of pure curiosity - would you mind checking over the shuffle house games? Something tells me ... I have a hunch.

Hi, Shuffle uses the same system as Stake. The games are 1:1. You can even verify Shuffle's games with Stake's verifiers. This includes waifu tower = dragon tower.

They also show the next hashed server seed, etc. Their system is provably fair and is actually kind of unoriginal. Winna's games are the same functions, except the server seed's fairness cannot be verified.

Additionally,

An update on this: I was able to get contact with one of their staff. I will update this further when I receive another reply to my answer for them.

Title: Re: Winna is not provably fair (Server hash issues, lack of client seed agency)
Post by: probablyfair on October 15, 2025, 12:07:11 AM
Based on direct UI observations, network artifacts, and local cryptographic tests, Winna’s current "provably fair" implementation appears non‑verifiable. Server seed hashes shown to users cannot be
reproduced from the later‑revealed server seeds with standard or common composite hashing/HMAC constructions, and $0 bets produce changing results without incrementing the nonce, implying additional hidden entropy that is not part of the public commitment. Found this in my browser network requests: https://winna.com/locales/en/fairness.json which mentions "our github" for open verification code, but no public repository could be found. Will do more investigation later, and in the meantime it would be nice if Winna could shed some light on the matter.

Title: Re: Winna is not provably fair (Server hash issues, lack of client seed agency)
Post by: SupItsJTTV on October 16, 2025, 06:17:47 PM
Quote from: probablyfair on October 15, 2025, 12:07:11 AM
Based on direct UI observations, network artifacts, and local cryptographic tests, Winna’s current "provably fair" implementation appears non‑verifiable. Server seed hashes shown to users cannot be
reproduced from the later‑revealed server seeds with standard or common composite hashing/HMAC constructions, and $0 bets produce changing results without incrementing the nonce, implying additional hidden entropy that is not part of the public commitment. Found this in my browser network requests: https://winna.com/locales/en/fairness.json which mentions "our github" for open verification code, but no public repository could be found. Will do more investigation later, and in the meantime it would be nice if Winna could shed some light on the matter.

I've got information that several casino's are being operated by shuffle / affiliates / employees and theyre outright straight scams.

Specifically to Winna, a link posted in their official telegram to Rewards.vip - a direct copycat of my own Leaderboards.vip - and in the discord is none other than fred from btcs, and Calum Anderson.

Additionally, last year after having the playShuffle reddit and several users banned, I was approached and low-balled by this group attempting to acquire r/StakeAccountExchange and at the time was getting like 90k views a month. Lets just say i quietly took Terry's $500 and never looked back knowing what I know.

Edit: Also, looking back at several defunct operations such as LFG.BET reeks of similar rug pulling, payout delaying fuckery.

Title: Re: Winna is not provably fair (Server hash issues, lack of client seed agency)
Post by: Huntersavv on November 02, 2025, 10:47:06 PM
Any update on this???

Title: Re: Winna is not provably fair (Server hash issues, lack of client seed agency)
Post by: logfiles on November 03, 2025, 11:36:33 PM
Quote from: Huntersavv on November 02, 2025, 10:47:06 PM
Any update on this???
I really wonder what is wrong with you.

Why do you create a scam accusation and then later alter/edit out the original post?
What exactly is your end game? Are you a troll of sorts?

Case 1: https://bitcointalk.org/index.php?topic=5563072
Archive: https://ninjastic.space/post/65949880

Case 2: https://bitcointalk.org/index.php?topic=5564316
archive: https://ninjastic.space/post/66000631

Title: Re: Winna is not provably fair (Server hash issues, lack of client seed agency)
Post by: Shishir99 on November 04, 2025, 09:46:35 AM
There is a reason why you are not getting any attention here, and that is, people do not understand how it works. I do not know either. There are only a few people who know coding, and only a few of them know how it is supposed to work and how it is working right now. So, you have to find someone who understands this and helps you support your claims. I don't see enough interest in this thread just because of that.

I hope you understand why you are not getting enough attention. Also, you said that you did not accuse them of changing the bet result or something similar, but they may have had a chance. I don't know how concerning it is.

Title: Re: Winna is not provably fair (Server hash issues, lack of client seed agency)
Post by: Zwei on November 05, 2025, 08:42:09 PM
Quote from: Shishir99 on November 04, 2025, 09:46:35 AM
I don't know how concerning it is.
it is very very concerning.

i don't understand all of the technical details, but i do understand how a provably fair system should work, and i can say with certainty that winna does not have a true provably fair system.
just the fact that players can't input their own client seed, and that they don't disclose what algorithm they use to generate the hashed server seed (they call it a "special algorithm"), is enough for me that would not place a single bet there.

and their "fairness" documentation is a joke, fancy words without providing any technical details.

https://talkimg.com/images/2025/11/05/U6fzD5.png

compare that to what stake have, and you will see what i'm talking about: https://stake.com/provably-fair/overview


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines