Winna is not provably fair (Server hash issues, lack of client seed agency)

[foxymethoxy]

Good evening Bitcointalk, as normal avenues have failed and the transcripts and conversations I've seen by Winna admins have been uninspiring, I am here to first lodge a complaint in our venerable community. Although you have seen better days, I believe this is a fitting place to post this accusation, as I have seen Bennett post here in reply to various topics, so he may well see mine, and perhaps then I will get a real answer or admittal.

My credibility: Some people in sections of the gambling community more adjacent to Stake may know me better as Ruby, of SealStats/formerly StakeStats. I have a background in cryptography and am sometimes sought out for my knowledge on this particular subject. I have received bug bounties from websites for pointing out issues similar to this in the past. I do not work off of feelings or off of belief, I make conclusions from facts. The fact of the matter is that I can't verify or substantiate Winna's claims to being provably fair.

If you cannot give me a good answer to this post, Bennett, you are not going to be able to brush it off this time; everyone else who has tried to fight you was not well informed enough to make a good point.

Core accusation: Winna does not provide an appropriate platform for provable fairness, and the scheme is not provably committed.
I am not accusing them of actually displacing or replacing bets, but I am accusing them of creating an environment where it is easily possible for them to do so.

I will try to explain what exactly is required in a provably fair system as well, so that if you correct your lossy algorithm, then maybe it can actually be provably fair, and not effectively 'trust me bro'.


How does Winna's provable fairness work?

Like other sites, an active server and client seed are used during bet generation, starting with a 0 nonce (number only used once) which iterates up with each non-zero bet.
   - It is important to note that the nonce does not increase on zero bets, ...but a bet result is given, in the api as well, not just in the UI. The result is different eery time. This implies that there is a calculation happening even[/b] without all the necessary parts of a provable bet[/b].

   - On any other site, zero bets and non-zero bets are identical, and both should iterate a nonce up, as the entropy is consumed. Whether psychology permits it or not, it should not matter if there is a value or not to the bet, in whether it's valid or skipped.

There is no mention of a cursor value, (aka round), which is the final part of the bet calculation in several games (notably card games, and multi-step games like tower or mines).  There are no formulas available to reverse or manually verify any bets. However, it is important to note that for the most part, these appear to be 1:1 Stake-style (hmac client:nonce:round) construction style algorithms, as they are in fact repeatable through typical verifiers. This is rather unusual, since it implies they do not realize what is actually important in a provable committment scheme, aka, the server seed provision as a hash to the player.

How is the server seeed handled?

Code:

ACTIVE CLIENT
e5ddc392815068901e5357368ec017d0

Code:

PREVIOUS CLIENT
e5ddc392815068901e5357368ec017d0

Code:

ACTIVE SERVER
a3d6af6b3b90ddfcc781a468891209ccf72d1903e55883f70d3aea8a80846343

Code:

UNHASHED SERVER
f6e72b075f6536f4b1f053ad8d19eafe

Here is a sample of some seeds which I just rotated. Note: You cannot rotate a seed at 0 nonce. You must make at least one bet; that is, a wager bet, as remember: zero bets do not iterate nonce up.

What is interesting to note is that the unhashed server seed is a 32 byte string

Code:

f6e72b075f6536f4b1f053ad8d19eafe

, which appears to be an MD5 hash. This is rather strange, it would be better and more appropriate to do the standard thing and use a SHA256/512 hash as the server seed. --- I wonder why they are generating such small values, and assigning them with client seeds that are pre-paired?

There is no way to enter in my own client seed- so I am stuck with a similarly weak MD5 hash, just 32 bytes of weak entropy..

So, regardless of that, what kind of algorithm has been used to hash the server seed, so that we can prove it's the same one they gave us beforehand?

Erm, well, about that...
I can't figure it out.
When asked, no one else could either. I even held a challenge in our discord, and prize was up to around $500 by the end, to just match the damn hash with a real algorithm. One guy tried so damn hard I gave him a consolation prize. I tried as str, I tried as bytes... I tried a lot of different ways. I gave it to a professional, who also couldn't do it. So what is the damn hash algorithm? Why should we trust Winna if we can't even trust the hash?

So far, I know that it's not any of these:

Code:

sha1:    				no match
sha224:    			no match
sha256:    			no match
sha384:    			no match
sha512:    			no match
sha3_224:    			no match
sha3_256:    			no match
sha3_384:    			no match
sha3_512:    			no match
md5:    				no match
blake2b:    			no match
blake2s:    			no match
shake_128_32:    		no match
shake_256_64:    		no match
ripemd160:    			no match
md4:    				no match
md2:    				no match
sha256_sha256:    		no match
sha256_sha512:    		no match
sha512_sha256:    		no match
sha3_384_sha3_224:    	no match
sha3_256_sha3_512:    	no match
sha3_512_sha3_256:    	no match
sha256_ripemd160:    	no match
md5_sha256:    		no match
sha256_md5:    		no match
sha1_sha256:    		no match
sha256_sha1:    		no match
sha512_sha3_512:    	no match
sha3_512_sha512:    	no match
blake2b_sha256:    		no match
sha256_blake2b:    		no match
sha256_sha3_256:    	no match
sha3_256_sha256:    	no match
sha256_sha3_512:    	no match
sha3_512_sha256:    	no match
sha256_sha3_224:    	no match
sha3_224_sha256:    	no match
sha256_sha3_384:    	no match
sha3_384_sha256:    	no match
sha256_blake2s:    		no match
blake2s_sha256:    		no match
sha256_md4:    		no match
md4_sha256:    		no match
pbkdf2_sha256_1000:    	no match
pbkdf2_sha512_1000:    	no match
pbkdf2_sha256_10000:     no match
pbkdf2_sha512_10000:     no match 

CODE USED:

Code:

import hashlib
import Crypto.Hash.RIPEMD160 as ripemd

def detectHashAlgo(hexStr):
    b = bytes.fromhex(hexStr)
    hashes = {}

    # single hash funcs
    hashes['sha1'] = hashlib.sha1(b).hexdigest()
    hashes['sha224'] = hashlib.sha224(b).hexdigest()
    hashes['sha256'] = hashlib.sha256(b).hexdigest()
    hashes['sha384'] = hashlib.sha384(b).hexdigest()
    hashes['sha512'] = hashlib.sha512(b).hexdigest()
    hashes['sha3_224'] = hashlib.sha3_224(b).hexdigest()
    hashes['sha3_256'] = hashlib.sha3_256(b).hexdigest()
    hashes['sha3_384'] = hashlib.sha3_384(b).hexdigest()
    hashes['sha3_512'] = hashlib.sha3_512(b).hexdigest()
    hashes['md5'] = hashlib.md5(b).hexdigest()
    hashes['blake2b'] = hashlib.blake2b(b).hexdigest()
    hashes['blake2s'] = hashlib.blake2s(b).hexdigest()
    hashes['shake_128_32'] = hashlib.shake_128(b).hexdigest(32)
    hashes['shake_256_64'] = hashlib.shake_256(b).hexdigest(64)
    # extra algos
    try:
        hashes['ripemd160'] = ripemd.new(b).hexdigest()
    except Exception:
        hashes['ripemd160'] = None
    try:
        hashes['md4'] = hashlib.new('md4', b).hexdigest()
    except Exception:
        hashes['md4'] = None
    try:
        hashes['md2'] = hashlib.new('md2', b).hexdigest()
    except Exception:
        hashes['md2'] = None

    # combos
    hashes['sha256_sha256'] = hashlib.sha256(hashlib.sha256(b).digest()).hexdigest()
    hashes['sha256_sha512'] = hashlib.sha512(hashlib.sha256(b).digest()).hexdigest()
    hashes['sha512_sha256'] = hashlib.sha256(hashlib.sha512(b).digest()).hexdigest()
    hashes['sha3_384_sha3_224'] = hashlib.sha3_224(hashlib.sha3_384(b).digest()).hexdigest()
    hashes['sha3_256_sha3_512'] = hashlib.sha3_512(hashlib.sha3_256(b).digest()).hexdigest()
    hashes['sha3_512_sha3_256'] = hashlib.sha3_256(hashlib.sha3_512(b).digest()).hexdigest()
    hashes['sha256_ripemd160'] = None
    try:
        hashes['sha256_ripemd160'] = ripemd.new(hashlib.sha256(b).digest()).hexdigest()
    except Exception:
        pass
    hashes['md5_sha256'] = hashlib.sha256(hashlib.md5(b).digest()).hexdigest()
    hashes['sha256_md5'] = hashlib.md5(hashlib.sha256(b).digest()).hexdigest()
    hashes['sha1_sha256'] = hashlib.sha256(hashlib.sha1(b).digest()).hexdigest()
    hashes['sha256_sha1'] = hashlib.sha1(hashlib.sha256(b).digest()).hexdigest()
    hashes['sha512_sha3_512'] = hashlib.sha3_512(hashlib.sha512(b).digest()).hexdigest()
    hashes['sha3_512_sha512'] = hashlib.sha512(hashlib.sha3_512(b).digest()).hexdigest()
    hashes['blake2b_sha256'] = hashlib.sha256(hashlib.blake2b(b).digest()).hexdigest()
    hashes['sha256_blake2b'] = hashlib.blake2b(hashlib.sha256(b).digest()).hexdigest()
    hashes['sha256_sha3_256'] = hashlib.sha3_256(hashlib.sha256(b).digest()).hexdigest()
    hashes['sha3_256_sha256'] = hashlib.sha256(hashlib.sha3_256(b).digest()).hexdigest()
    hashes['sha256_sha3_512'] = hashlib.sha3_512(hashlib.sha256(b).digest()).hexdigest()
    hashes['sha3_512_sha256'] = hashlib.sha256(hashlib.sha3_512(b).digest()).hexdigest()
    hashes['sha256_sha3_224'] = hashlib.sha3_224(hashlib.sha256(b).digest()).hexdigest()
    hashes['sha3_224_sha256'] = hashlib.sha256(hashlib.sha3_224(b).digest()).hexdigest()
    hashes['sha256_sha3_384'] = hashlib.sha3_384(hashlib.sha256(b).digest()).hexdigest()
    hashes['sha3_384_sha256'] = hashlib.sha256(hashlib.sha3_384(b).digest()).hexdigest()
    hashes['sha256_blake2s'] = hashlib.blake2s(hashlib.sha256(b).digest()).hexdigest()
    hashes['blake2s_sha256'] = hashlib.sha256(hashlib.blake2s(b).digest()).hexdigest()
    hashes['sha256_md4'] = None
    try:
        hashes['sha256_md4'] = hashlib.new('md4', hashlib.sha256(b).digest()).hexdigest()
    except Exception:
        pass
    hashes['md4_sha256'] = None
    try:
        hashes['md4_sha256'] = hashlib.sha256(hashlib.new('md4', b).digest()).hexdigest()
    except Exception:
        pass

    # PBKDF2 combos
    try:
        hashes['pbkdf2_sha256_1000'] = hashlib.pbkdf2_hmac('sha256', b, b'salt', 1000).hex()
        hashes['pbkdf2_sha512_1000'] = hashlib.pbkdf2_hmac('sha512', b, b'salt', 1000).hex()
        hashes['pbkdf2_sha256_10000'] = hashlib.pbkdf2_hmac('sha256', b, b'salt', 10000).hex()
        hashes['pbkdf2_sha512_10000'] = hashlib.pbkdf2_hmac('sha512', b, b'salt', 10000).hex()
    except Exception:
        hashes['pbkdf2_sha256_1000'] = None
        hashes['pbkdf2_sha512_1000'] = None
        hashes['pbkdf2_sha256_10000'] = None
        hashes['pbkdf2_sha512_10000'] = None

    for algo, h in hashes.items():
        print(f'{algo}: {h}')
    for algo, h in hashes.items():
        if h == 'a3d6af6b3b90ddfcc781a468891209ccf72d1903e55883f70d3aea8a80846343':
            print(algo)
        else:
            print(f'{algo}: no match')

detectHashAlgo('e5ddc392815068901e5357368ec017d0')

This is a small portion and, in my opinion, the most obvious few flaws visible in Winna's claim to being provably fair. YES, Bennett, picking your own client seed DOES MATTER, it is the only thing that makes this fair at all!

As a short summary:

-- Winna's server seed hashing implementation is not provable, or provably fair.
-- Winna's zero-bet nonce disuse is suspicious and the code being used in the backend should be audited by a third party, as all steps are not externally repeatable.
-- Winna not allowing you to pick your own client seed is a clear violation of standard provable fairness practices.
-- Despite these issues, they still claim their system is fair, and provable. They are either ignorant or malicious; and when in doubt as far as casinos go, they should be assumed malicious.
-- Winna's laggy originals imply excessive processing in the backend, or highly unoptimized code.
-- Winna has ties to a recent rug, Heybets, which is clear from even minor snooping in the DNS and page designs/structure.
-- Some questionable affiliate practices which are not the core of this complaint.

I hope that a satisfactory answer can be given on this matter, because I would be happy to change my opinion on what appears to me to be very clever fraud. I'm sorry it took me so long to get this out, as I was planning on posting it months ago, at this point.

If you need someone to fix your system since apparently it's either broken and vibecoded or intentionally malicious. If the former, then I offer my services at cost, and you will never have this issue again. Feel free to contact me directly at ruby@stakestats.net, if you want to make this a professional discussion. If it was just broken, then I expect a bounty.

Additional seed pairs, tested from multiple different users as sources of different account generation:
https://docs.google.com/spreadsheets/d/10Bb7O0FUZoOi_npKMAdJqQQOSpsk98prA_c153LMEoc/edit?usp=sharing

I hope I am mistaken and simply overlooked something critical, but I await a reply from Winna. Thank you.

[foxymethoxy]

Bumping.

[foxymethoxy]

Hey just out of pure curiosity - would you mind checking over the shuffle house games? Something tells me ... I have a hunch.

Hi, Shuffle uses the same system as Stake. The games are 1:1. You can even verify Shuffle's games with Stake's verifiers. This includes waifu tower = dragon tower.

They also show the next hashed server seed, etc. Their system is provably fair and is actually kind of unoriginal. Winna's games are the same functions, except the server seed's fairness cannot be verified.

Additionally,

An update on this: I was able to get contact with one of their staff. I will update this further when I receive another reply to my answer for them.

[probablyfair]

Based on direct UI observations, network artifacts, and local cryptographic tests, Winna’s current "provably fair" implementation appears non‑verifiable. Server seed hashes shown to users cannot be
reproduced from the later‑revealed server seeds with standard or common composite hashing/HMAC constructions, and $0 bets produce changing results without incrementing the nonce, implying additional hidden entropy that is not part of the public commitment. Found this in my browser network requests: https://winna.com/locales/en/fairness.json which mentions "our github" for open verification code, but no public repository could be found. Will do more investigation later, and in the meantime it would be nice if Winna could shed some light on the matter.

[SupItsJTTV]

Based on direct UI observations, network artifacts, and local cryptographic tests, Winna’s current "provably fair" implementation appears non‑verifiable. Server seed hashes shown to users cannot be
reproduced from the later‑revealed server seeds with standard or common composite hashing/HMAC constructions, and $0 bets produce changing results without incrementing the nonce, implying additional hidden entropy that is not part of the public commitment. Found this in my browser network requests: https://winna.com/locales/en/fairness.json which mentions "our github" for open verification code, but no public repository could be found. Will do more investigation later, and in the meantime it would be nice if Winna could shed some light on the matter.

I've got information that several casino's are being operated by shuffle / affiliates / employees and theyre outright straight scams.

Specifically to Winna, a link posted in their official telegram to Rewards.vip - a direct copycat of my own Leaderboards.vip - and in the discord is none other than fred from btcs, and Calum Anderson.

Additionally, last year after having the playShuffle reddit and several users banned, I was approached and low-balled by this group attempting to acquire r/StakeAccountExchange and at the time was getting like 90k views a month. Lets just say i quietly took Terry's $500 and never looked back knowing what I know.

Edit: Also, looking back at several defunct operations such as LFG.BET reeks of similar rug pulling, payout delaying fuckery.

[Huntersavv]

Any update on this???

[logfiles]

Any update on this???

I really wonder what is wrong with you.

Why do you create a scam accusation and then later alter/edit out the original post?
What exactly is your end game? Are you a troll of sorts?

Case 1: https://bitcointalk.org/index.php?topic=5563072
Archive: https://ninjastic.space/post/65949880

Case 2: https://bitcointalk.org/index.php?topic=5564316
archive: https://ninjastic.space/post/66000631

[Shishir99]

There is a reason why you are not getting any attention here, and that is, people do not understand how it works. I do not know either. There are only a few people who know coding, and only a few of them know how it is supposed to work and how it is working right now. So, you have to find someone who understands this and helps you support your claims. I don't see enough interest in this thread just because of that.

I hope you understand why you are not getting enough attention. Also, you said that you did not accuse them of changing the bet result or something similar, but they may have had a chance. I don't know how concerning it is.

[Zwei]

I don't know how concerning it is.

it is very very concerning.

i don't understand all of the technical details, but i do understand how a provably fair system should work, and i can say with certainty that winna does not have a true provably fair system.
just the fact that players can't input their own client seed, and that they don't disclose what algorithm they use to generate the hashed server seed (they call it a "special algorithm"), is enough for me that would not place a single bet there.

and their "fairness" documentation is a joke, fancy words without providing any technical details.



compare that to what stake have, and you will see what i'm talking about: https://stake.com/provably-fair/overview

[NearYou]

Before anyone asks — I’m not the OP.
I only made an account there after seeing this thread.

I’ve been in iGaming dev for 12 years.
I know how these systems are supposed to work and I know exactly how they get rigged.

So here’s the quick version, no fluff:
   1.   Is Winna a scam?
Yes. Not “maybe,” not “feels like.” Yes.
   2.   Do they manipulate their in-house games?
Yes. The outcomes are not purely driven by the provably fair chain.
   3.   Should you trust “provably fair” by default?
No.
“Provably fair” only proves the result matches the seed they chose, not that the seed wasn’t selected to make you lose.

And here’s the real kicker:

Provably fair does NOT guarantee randomness.
It only guarantees that the final output matches the inputs.
If the inputs are manipulated, the fairness verification means nothing.

These guys are using the old cheap operator tricks:
   •   Skipping nonces when the seed leads to a high payout run.
   •   Dynamic loss trigger when payout exceeds a threshold.
   •   Static loss blocks to quietly raise effective house edge.
   •   Old “Heybets” code still in the backend, not even clean refactored.

This isn’t even high-effort fraud.
This is bargain-bin scam toolkit stuff.

If anyone wants the technical breakdown (code-level: nonce stepping, seed commit mismatches, and payout curve deviation analysis), I can write it in dev terms so another engineer could verify independently.

But for the average player:

Just understand this:

You are not losing because you are “unlucky.”
You are losing because the game is deciding when you are allowed to win.

Play wherever you want — your money, your risk.
But don’t walk in thinking this is “fair” crypto gambling.

This one is just a dressed-up house-favored loop with PR buzzwords.


Look — “provably fair” is not some magical trust system.
It’s just a deterministic RNG pipeline with public verification.

The problem is, most players think provably fair means unriggable.
It doesn’t.

Here’s how these cheap casino stacks actually play the game:

server_seed (committed: hash shown to player)
+ client_seed (player-chosen or browser-generated)
+ nonce (round index)
→ RNG output → game result

If every input is honest and the nonce increments strictly 0,1,2,3,4…,
That’s how Stake, Rollbit, BC.Game (in-house games, not provider slots) handle it.

The Scam Variant (What Winna / cheap shops do)
If the house controls:
   •   the server seed
   •   when the server seed rotates
   •   whether the client seed is actually used (spoiler: sometimes fake)
   •   and the nonce progression

Simulate next N outcomes privately.
Take the one that benefits the house.
Publish only that outcome.

And the user? Guess what — the verification still passes.

Because the proof only checks:
“Does the published result match the published seed?”

It does not check whether the seed was chosen after simulating outcomes.

That is the entire exploit.


Nonce Skipping (The Classic)
Proper systems increment nonce like:

0 → 1 → 2 → 3 → 4 → ...

Shady systems do:

Simulate nonce 12: win? → discard
Simulate nonce 13: win? → discard
Simulate nonce 14: loss? → publish

To the player:
Nonce = 14, result = loss, verifier says “Yep looks valid.”

To reality:
They just skipped two winning rolls you were never allowed to see.


-/ NearYou

[VeniVidiV]

Glad I found this thread.  Thank you to everyone who posted insight. 


I wonder why Winna has never addressed this?   Very shady.   Too many good casinos out there that are provably fair.  Avoid Winna.

[noviesol]

I think the information is too difficult for the average person to understand.

However, I find it concerning, as I lost a significant amount on their original games approx USD 15,000. Hopefully, someone reputable can address this and clarify or verify the information.

[VeniVidiV]

I think the information is too difficult for the average person to understand.

However, I find it concerning, as I lost a significant amount on their original games approx USD 15,000. Hopefully, someone reputable can address this and clarify or verify the information.

Im willing to bet that during your play on their originals you experienced random moments of drastic lag

[noviesol]

I think the information is too difficult for the average person to understand.

However, I find it concerning, as I lost a significant amount on their original games approx USD 15,000. Hopefully, someone reputable can address this and clarify or verify the information.

Im willing to bet that during your play on their originals you experienced random moments of drastic lag

I did experience random lags during play. But is this a sign of the game being rigged? I thought it was because I was using a VPN