Official Statement: Addressing Claims About KasyNoir

[Kasynoir]

In recent days, some unclear claims have been made on this forum about our brand KasyNoir. I’m here to provide full transparency and clarify everything.

KasyNoir operates as a white-label platform developed by the provider Sirplay. For those who may not be familiar with Sirplay, here is a brief explanation: Sirplay is a long-standing iGaming software provider, founded in 2005, offering white-label and turnkey casino and sportsbook platforms, including games, payment solutions, and full operational support.


https://talkimg.com/images/2026/04/04/UYTP22.jpeg

For those who would like more information, you can visit the official website: https://sirplay.com/


Sirplay operates with all its partners in the same way: platforms are built on a shared base structure, meaning many websites may have a similar default layout, with differences mainly in branding such as colors, logos, and domain names.

Additionally, Sirplay provides access to its master license. Because this license is owned and managed by Sirplay directly, multiple legitimate websites — including KasyNoir — will naturally display the same license number at the bottom of their pages.

However, I want to make one thing absolutely clear: even though we share the same master license number, KasyNoir has no correlation or connection whatsoever with these other websites. We operate completely independently and distance ourselves entirely from what other platforms do or how they run their businesses. Our only focus is maintaining the high standards and integrity of KasyNoir.

To put an end to any false claims, you will find screenshots attached below, taken directly from the official registry. These clearly prove that KasyNoir operates legally under the Anjouan license held by Sirplay.

https://talkimg.com/images/2026/04/04/UYTtOq.jpeg

https://talkimg.com/images/2026/04/04/UYTFCj.jpeg

At the end of the day, we are KasyNoir, plain and simple. We chose to address these rumors head-on because we have absolutely nothing to hide. Transparency is a core value for our brand, and we wanted to share all the facts openly so our community can feel completely safe and confident.

When you play on KasyNoir, you are dealing with a dedicated, professional team that puts your security first. You can rest easy knowing you are in safe hands.

Thank you for your time. If anyone has further questions, please feel free to ask.

[WeLiveCrypto]

Sirplay operates with all its partners in the same way: platforms are built on a shared base structure, meaning many websites may have a similar default layout, with differences mainly in branding such as colors, logos, and domain names.

We believe that reviewing some of their client casino websites that are currently operational and exhibit minimal red flags would enable us to analyze the coding structure and verify your claim. We attempted to locate a list of their clients or a portfolio on their website; however, we were unable to find any such information. You may contact with them to obtain a list of their existing clients, which would enable us to review and assess the codebase.

[Kasynoir]

Sirplay operates with all its partners in the same way: platforms are built on a shared base structure, meaning many websites may have a similar default layout, with differences mainly in branding such as colors, logos, and domain names.

We believe that reviewing some of their client casino websites that are currently operational and exhibit minimal red flags would enable us to analyze the coding structure and verify your claim. We attempted to locate a list of their clients or a portfolio on their website; however, we were unable to find any such information. You may contact with them to obtain a list of their existing clients, which would enable us to review and assess the codebase.

Thank you for your response.
Sirplay is our legitimate white-label provider, and shared base structures across their client sites is completely standard industry practice.
Regarding client lists: I will contact Sirplay to request official portfolio examples or case studies of their active clients. Will update this thread with their response.
In the meantime, Sirplay's official site (sirplay.com) explains their white-label setup clearly

[JollyGood]

I had a look at your feedback after reading the posts you made here. Keeping everything else aside, can you comment on the specific allegation of you using outdated software. When was the last update/patch and when was the last security audit that provided a report stating there were no issues with regards to the software source code and server settings?

At the end of the day, we are KasyNoir, plain and simple. We chose to address these rumors head-on because we have absolutely nothing to hide. Transparency is a core value for our brand, and we wanted to share all the facts openly so our community can feel completely safe and confident.

When you play on KasyNoir, you are dealing with a dedicated, professional team that puts your security first. You can rest easy knowing you are in safe hands.

Thank you for your time. If anyone has further questions, please feel free to ask.

[albon]

I had a look at your feedback after reading the posts you made here. Keeping everything else aside, can you comment on the specific allegation of you using outdated software. When was the last update/patch and when was the last security audit that provided a report stating there were no issues with regards to the software source code and server settings?

Yeah, JollyGood has a point here...

What I've found in my investigation thread --> https://bitcointalk.org/index.php?topic=5579073.0

Clearly shows that they are recycling HashKeys across multiple sites which major red flag that they are indeed using outdated/leaked cloned software.

So if you @OP have a security audit or a recent update, please show us verifiable proof not just marketing talk and meaningless words.
_____________

BTW, Nice screenshots @OP. But, Anjouan license doesn’t really mean much it’s just a basic license, not a real security audit.

[Shishir99]

If you put your feet in KasyNoir shoes, you will realize that they wanted to do everything cheap, got a white-label solution from Sirplay, and now they got fucked up. A lot of businesses want to get started with cheap options, and I don't think that's a problem until they fall into something like this. I am not sure if I am missing something. Did they actually scam anyone? I am not a tech guy, so I am not sure how that hash system works, whether there is a way to manipulate bets, whether it can be used to scam players, or whether the other mentioned sites scammed anyone. However, all I can say is that there are other casinos that operate multiple casinos as well. They use the same layout, but they are operating fine without having a red tag on their profile. So why so harsh on KasyNoir only? Why not others?

[albon]

I am not a tech guy, [...]

If you're tech-ignorant as you claimed you should have remained silent instead of not taking our investigation seriously which showed real risks for any player using their new platforms.

Do we need victims before pointing out the red flags?? Here, We verify before we trust and we won't wait too long for them to rob the community before taking steps against them

Our analysis is about code and security not on the "cheap business" excuse you presenting.. If the hashkeys Identical everywhere, it’s definitely risky

[Kasynoir]

I can see you are losing sleep over this. You are so obsessed with us that you are trying to smear my brand, but listen to me carefully: you will not succeed. Believe me, I am fully prepared to take legal action if necessary. You left us a negative review on Trustpilot with unfounded accusations; you complained that the anti-money laundering page had errors, I had it fixed, and then you complained that it was corrected. It is still not clear what exactly you want us to do.

https://talkimg.com/images/2026/04/05/UYEndT.png

You parade around as the champion of justice, claiming to help expose scam sites, yet you yourself promote unlicensed sites. Ah, but maybe you can do that because you're a 'veteran' and therefore you're allowed to
You even threatened to leave @TheAndy500 negative feedback if he didn't stop the campaigns.

https://talkimg.com/images/2026/04/05/UYECzl.jpeg

https://talkimg.com/images/2026/04/05/UYEQh1.jpeg

I'm not the only site in here operating this way with a rented sub-license.

https://talkimg.com/images/2026/04/05/UYEmmW.png

https://talkimg.com/images/2026/04/05/UYEGlm.jpeg

My question now is: why discredit months of hard work to get online by making accusations based on baseless assumptions? Is this how this forum works? Are veterans allowed to just belittle the newcomers?

I’ve said from the very beginning that I am ready to clear things up by contacting Sirplay, and if necessary, show you all the data you need, because I am completely transparent about everything. But apparently, my transparency and honesty are too inconvenient in here.

From this moment on, in my thread, I will only reply to people who want to interact professionally and without throwing accusations. If anyone needs more data, I am willing to show it if it helps you feel confident in our operations.

[yahoo62278]

I can see you are losing sleep over this. You are so obsessed with us that you are trying to smear my brand, but listen to me carefully: you will not succeed. Believe me, I am fully prepared to take legal action if necessary. You left us a negative review on Trustpilot with unfounded accusations; you complained that the anti-money laundering page had errors, I had it fixed, and then you complained that it was corrected. It is still not clear what exactly you want us to do.

https://talkimg.com/images/2026/04/05/UYEndT.png

You parade around as the champion of justice, claiming to help expose scam sites, yet you yourself promote unlicensed sites. Ah, but maybe you can do that because you're a 'veteran' and therefore you're allowed to
You even threatened to leave @TheAndy500 negative feedback if he didn't stop the campaigns.

https://talkimg.com/images/2026/04/05/UYECzl.jpeg

https://talkimg.com/images/2026/04/05/UYEQh1.jpeg

I'm not the only site in here operating this way with a rented sub-license.

https://talkimg.com/images/2026/04/05/UYEmmW.png

https://talkimg.com/images/2026/04/05/UYEGlm.jpeg

My question now is: why discredit months of hard work to get online by making accusations based on baseless assumptions? Is this how this forum works? Are veterans allowed to just belittle the newcomers?

I’ve said from the very beginning that I am ready to clear things up by contacting Sirplay, and if necessary, show you all the data you need, because I am completely transparent about everything. But apparently, my transparency and honesty are too inconvenient in here.

From this moment on, in my thread, I will only reply to people who want to interact professionally and without throwing accusations. If anyone needs more data, I am willing to show it if it helps you feel confident in our operations.

As a business you should be ready to answer any and all claims whether they be good or bad on your brand. That's a way to start to build trust in the community. You cannot just say I will only deal with those that act professionally, or only answer the good things you read, or whatever. You have to answer it all and prove whomever is saying the bad wrong.

[Kasynoir]

I can see you are losing sleep over this. You are so obsessed with us that you are trying to smear my brand, but listen to me carefully: you will not succeed. Believe me, I am fully prepared to take legal action if necessary. You left us a negative review on Trustpilot with unfounded accusations; you complained that the anti-money laundering page had errors, I had it fixed, and then you complained that it was corrected. It is still not clear what exactly you want us to do.

https://talkimg.com/images/2026/04/05/UYEndT.png

You parade around as the champion of justice, claiming to help expose scam sites, yet you yourself promote unlicensed sites. Ah, but maybe you can do that because you're a 'veteran' and therefore you're allowed to
You even threatened to leave @TheAndy500 negative feedback if he didn't stop the campaigns.

https://talkimg.com/images/2026/04/05/UYECzl.jpeg

https://talkimg.com/images/2026/04/05/UYEQh1.jpeg

I'm not the only site in here operating this way with a rented sub-license.

https://talkimg.com/images/2026/04/05/UYEmmW.png

https://talkimg.com/images/2026/04/05/UYEGlm.jpeg

My question now is: why discredit months of hard work to get online by making accusations based on baseless assumptions? Is this how this forum works? Are veterans allowed to just belittle the newcomers?

I’ve said from the very beginning that I am ready to clear things up by contacting Sirplay, and if necessary, show you all the data you need, because I am completely transparent about everything. But apparently, my transparency and honesty are too inconvenient in here.

From this moment on, in my thread, I will only reply to people who want to interact professionally and without throwing accusations. If anyone needs more data, I am willing to show it if it helps you feel confident in our operations.

As a business you should be ready to answer any and all claims whether they be good or bad on your brand. That's a way to start to build trust in the community. You cannot just say I will only deal with those that act professionally, or only answer the good things you read, or whatever. You have to answer it all and prove whomever is saying the bad wrong.

You are absolutely right, but since I joined this forum, I have only received negative comments from people who attack me and refuse to listen even when I show them the data. This makes me think they are just here to discredit other people's hard work.

If this thread was created to build trust, then give me the opportunity to do so—something no one has given me so far. I will be more than happy to answer any questions you might have.
I even received an unwarranted negative feedback, despite not having scammed a single person.

I had a look at your feedback after reading the posts you made here. Keeping everything else aside, can you comment on the specific allegation of you using outdated software. When was the last update/patch and when was the last security audit that provided a report stating there were no issues with regards to the software source code and server settings?

At the end of the day, we are KasyNoir, plain and simple. We chose to address these rumors head-on because we have absolutely nothing to hide. Transparency is a core value for our brand, and we wanted to share all the facts openly so our community can feel completely safe and confident.

When you play on KasyNoir, you are dealing with a dedicated, professional team that puts your security first. You can rest easy knowing you are in safe hands.

Thank you for your time. If anyone has further questions, please feel free to ask.

Thank you for your question.

The allegation that our platform is using outdated software is inaccurate. Kasynoir operates on a Sirplay white-label skin, and Sirplay is a well-established provider in the iGaming industry.

All core software, server-side infrastructure, updates, patches, and related security checks are handled directly by Sirplay’s technical team, which performs regular monthly reviews and additional interventions whenever necessary. Our role at Kasynoir is focused on site management, content, and operational handling.

In fact, just a few days ago we were informed that our anti-money laundering page required adjustments, and we acted promptly to update it.

If needed, I will be happy to contact Sirplay directly and provide more detailed information regarding updates, maintenance, and security procedures.

[albon]

Believe me, I am fully prepared to take legal action if necessary.

You're threatening me with legal action for disclosing public HashKey matches on a Bitcoin forum? That's honestly funny. It just shows you don’t have an answer to the security issues I found.

you complained that the anti-money laundering page had errors, I had it fixed, and then you complained that it was corrected. It is still not clear what exactly you want us to do.

These aren’t just “errors” like you said, this is a big mess.. You changed a law that expired 20 years ago, after I pointed it out, to a 2018 law. Also, in addition to the Italian fragments in your code and legal pages across all your "clones" is looks like it’s coming from a leaked/nulled script.

You parade around as the champion of justice, claiming to help expose scam sites, yet you yourself promote unlicensed sites. Ah, but maybe you can do that because you're a 'veteran' and therefore you're allowed to

Changing the topic to my signature won’t fix your code.

Also, don't try to Distract members by attacking me personally; it won't help. Even if I'm not an experienced user and I'm a beginner, the match between the hash key (2e35f242a46d67eeb74aabc37d5e5d05) is unerring. Data is data, it doesn’t care who I am.

Stop spreading nonsense and answer the question: Why does your "professional" site use the same security keys as so many sites?

You even threatened to leave @TheAndy500 negative feedback if he didn't stop the campaigns.

This is clearly false, and I challenge you in front of everyone right now to provide me with a screenshot of me threatening him. You can't, because it never happened. Making things up like this just shows you’re desperate

This screenshot shows, there was never any threat. In fact, even he agrees that it's "stupid" for an operator not to know they are using a shared license until a forum member points it out.

I’ve said from the very beginning that I am ready to clear things up by contacting Sirplay, and if necessary, show you all the data you need, because I am completely transparent about everything. But apparently, my transparency and honesty are too inconvenient in here.

You completely ignored the main point in your long rant: Why does your site share the EXACT same HashKey (2e35f242a46d67eeb74aabc37d5e5d05) with several other clone sites?

If you want to be "transparent," stop the drama and explain the shared HashKey match.

The community doesn't need your legal threats; it needs a secure platform. Can you explain the HashKey match, yes or no?

From this moment on, in my thread, I will only reply to people who want to interact professionally and without throwing accusations. If anyone needs more data, I am willing to show it if it helps you feel confident in our operations.

Translation: "I will only reply to people who don't ask about my Identical HashKeys and 20-year-old AML laws.  

As a business you should be ready to answer any and all claims whether they be good or bad on your brand. That's a way to start to build trust in the community. You cannot just say I will only deal with those that act professionally, or only answer the good things you read, or whatever. You have to answer it all and prove whomever is saying the bad wrong.

Exactly as yahoo62278 said. Being professional means answering tough questions and providing proof that your platform is secure.

If you want to build confidence @OP, stop the censorship and answer the community.

You are absolutely right, but since I joined this forum, I have only received negative comments from people who attack me and refuse to listen even when I show them the data. This makes me think they are just here to discredit other people's hard work.

If this thread was created to build trust, then give me the opportunity to do so—something no one has given me so far.

The opportunity is here: Stop the emotional appeals and answer the Technical Evidence you've been avoiding.

Thank you for your question.

The allegation that our platform is using outdated software is inaccurate. Kasynoir operates on a Sirplay white-label skin, and Sirplay is a well-established provider in the iGaming industry.

All core software, server-side infrastructure, updates, patches, and related security checks are handled directly by Sirplay’s technical team, which performs regular monthly reviews and additional interventions whenever necessary. Our role at Kasynoir is focused on site management, content, and operational handling.

In fact, just a few days ago we were informed that our anti-money laundering page required adjustments, and we acted promptly to update it.

If needed, I will be happy to contact Sirplay directly and provide more detailed information regarding updates, maintenance, and security procedures.

By saying you're just using a white-label and don’t control the infrastructure, you basically proved my point.

If Sirplay is really running things, then explain why the same HashKey is being used (2e35f242a46d67eeb74aabc37d5e5d05) across multiple sites. Even white-label setups are supposed to have their own keys.

Italian words like "effettuate" and outdated laws on a live site just look like copy-paste.

If one of the other sites using the same HashKey gets hacked, how can you say users’ funds and KYC data are safe??

Don’t hide behind your provider.. Identical HashKey = Shared Vulnerability. Explain the HashKey or people will keep flagging this.

This is already obvious.. A real provider wouldn’t leave this on a live site.

[Kasynoir]

Believe me, I am fully prepared to take legal action if necessary.

You're threatening me with legal action for disclosing public HashKey matches on a Bitcoin forum? That's honestly funny. It just shows you don’t have an answer to the security issues I found.

you complained that the anti-money laundering page had errors, I had it fixed, and then you complained that it was corrected. It is still not clear what exactly you want us to do.

These aren’t just “errors” like you said, this is a big mess.. You changed a law that expired 20 years ago, after I pointed it out, to a 2018 law. Also, in addition to the Italian fragments in your code and legal pages across all your "clones" is looks like it’s coming from a leaked/nulled script.

You parade around as the champion of justice, claiming to help expose scam sites, yet you yourself promote unlicensed sites. Ah, but maybe you can do that because you're a 'veteran' and therefore you're allowed to

Changing the topic to my signature won’t fix your code.

Also, don't try to Distract members by attacking me personally; it won't help. Even if I'm not an experienced user and I'm a beginner, the match between the hash key (2e35f242a46d67eeb74aabc37d5e5d05) is unerring. Data is data, it doesn’t care who I am.

Stop spreading nonsense and answer the question: Why does your "professional" site use the same security keys as so many sites?

You even threatened to leave @TheAndy500 negative feedback if he didn't stop the campaigns.

This is clearly false, and I challenge you in front of everyone right now to provide me with a screenshot of me threatening him. You can't, because it never happened. Making things up like this just shows you’re desperate

This screenshot shows, there was never any threat. In fact, even he agrees that it's "stupid" for an operator not to know they are using a shared license until a forum member points it out.

https://www.talkimg.com/images/2026/04/05/UYIrfC.jpeg

I’ve said from the very beginning that I am ready to clear things up by contacting Sirplay, and if necessary, show you all the data you need, because I am completely transparent about everything. But apparently, my transparency and honesty are too inconvenient in here.

You completely ignored the main point in your long rant: Why does your site share the EXACT same HashKey (2e35f242a46d67eeb74aabc37d5e5d05) with several other clone sites?

If you want to be "transparent," stop the drama and explain the shared HashKey match.

The community doesn't need your legal threats; it needs a secure platform. Can you explain the HashKey match, yes or no?

From this moment on, in my thread, I will only reply to people who want to interact professionally and without throwing accusations. If anyone needs more data, I am willing to show it if it helps you feel confident in our operations.

Translation: "I will only reply to people who don't ask about my Identical HashKeys and 20-year-old AML laws.  

As a business you should be ready to answer any and all claims whether they be good or bad on your brand. That's a way to start to build trust in the community. You cannot just say I will only deal with those that act professionally, or only answer the good things you read, or whatever. You have to answer it all and prove whomever is saying the bad wrong.

Exactly as yahoo62278 said. Being professional means answering tough questions and providing proof that your platform is secure.

If you want to build confidence @OP, stop the censorship and answer the community.

You are absolutely right, but since I joined this forum, I have only received negative comments from people who attack me and refuse to listen even when I show them the data. This makes me think they are just here to discredit other people's hard work.

If this thread was created to build trust, then give me the opportunity to do so—something no one has given me so far.

The opportunity is here: Stop the emotional appeals and answer the Technical Evidence you've been avoiding.

Thank you for your question.

The allegation that our platform is using outdated software is inaccurate. Kasynoir operates on a Sirplay white-label skin, and Sirplay is a well-established provider in the iGaming industry.

All core software, server-side infrastructure, updates, patches, and related security checks are handled directly by Sirplay’s technical team, which performs regular monthly reviews and additional interventions whenever necessary. Our role at Kasynoir is focused on site management, content, and operational handling.

In fact, just a few days ago we were informed that our anti-money laundering page required adjustments, and we acted promptly to update it.

If needed, I will be happy to contact Sirplay directly and provide more detailed information regarding updates, maintenance, and security procedures.

By saying you're just using a white-label and don’t control the infrastructure, you basically proved my point.

If Sirplay is really running things, then explain why the same HashKey is being used (2e35f242a46d67eeb74aabc37d5e5d05) across multiple sites. Even white-label setups are supposed to have their own keys.

Italian words like "effettuate" and outdated laws on a live site just look like copy-paste.

If one of the other sites using the same HashKey gets hacked, how can you say users’ funds and KYC data are safe??

Don’t hide behind your provider.. Identical HashKey = Shared Vulnerability. Explain the HashKey or people will keep flagging this.

This is already obvious.. A real provider wouldn’t leave this on a live site.

You see it as a threat, I see it as protection to defend my brand from untrue accusations. This should make you realize that I am not a scam, since I am here defending months of work. Kasynoir would move forward in any case, with or without Bitcointalk, but precisely because of my seriousness, I am here replying to all your accusations.




As I have always said, Sirplay uses a standard base skin for all its clients, so it can happen that some copy-paste errors slip through. As operators, we trusted them regarding the anti-money laundering terms, and when you pointed out the error, we promptly contacted Sirplay to correct it.

I want to reiterate that we at Kasynoir have absolutely nothing to do with the other sites you call clones. Tell me what I can do to prove to you that we are completely unrelated to Niagarajackpot and Mybitcoin.casino.


You found a shared HashKey (2e35f242a46d67eeb74aabc37d5e5d05) across multiple sites. Yes, data is data. But your interpretation of that data is wrong. Kasynoir, like those other sites, operates on a White Label infrastructure provided and hosted by Sirplay.
In a centralized B2B White Label setup, the core server infrastructure, firewalls, and backend software are shared across the provider’s network to maintain unified security and compliance updates. This naturally results in shared server-side signatures, SSL environments, or HashKeys across all clients hosted on that specific cluster.
It is not a "scam network"; it is simply how B2B platform hosting works. We are independent business owners utilizing the same software provider. If you want further technical validation, I invite you to ask Sirplay how their server architecture is set up.
I am attaching a screenshot directly from Sirplay, stating that the HashKey is an internal key managed by them for communication between the backend and frontend. If he thinks the site is so insecure, why doesn’t he try to breach it? It is an encrypted key.
If these answers are still not exhaustive, I am ready to get even more detailed technical responses on Tuesday.

https://talkimg.com/images/2026/04/05/UYsusa.png


Another important point: I never said I didn't know we were using a shared license. In fact, I have always stated that Sirplay offers a sub-license service, which means the license can be sub-leased to multiple operators.
I have consistently explained that we are completely unrelated to who else the license is sub-leased to, because it is not our job to know. We are Kasynoir, and that is it. The rest is none of our business.
As for the screenshot where I claim you threatened him with negative feedback if he didn't stop the campaigns, I am attaching a piece of what he wrote to me as proof.

https://talkimg.com/images/2026/04/05/UYsw7o.png

I hope this fully clarifies the situation. Should you need any further, more precise details, please feel free to ask, and I will do everything I can to provide them

[JollyGood]

My question now is: why discredit months of hard work to get online by making accusations based on baseless assumptions? Is this how this forum works? Are veterans allowed to just belittle the newcomers?

I’ve said from the very beginning that I am ready to clear things up by contacting Sirplay, and if necessary, show you all the data you need, because I am completely transparent about everything. But apparently, my transparency and honesty are too inconvenient in here.

From this moment on, in my thread, I will only reply to people who want to interact professionally and without throwing accusations. If anyone needs more data, I am willing to show it if it helps you feel confident in our operations.

As a business you should be ready to answer any and all claims whether they be good or bad on your brand. That's a way to start to build trust in the community. You cannot just say I will only deal with those that act professionally, or only answer the good things you read, or whatever. You have to answer it all and prove whomever is saying the bad wrong.

That is the best advice he could have been given and it seems as though he has taken it with appreciation. His interaction in the thread is essential regardless of the questions he is being asked. I am glad he is answering them.

Thank you for your question.

The allegation that our platform is using outdated software is inaccurate. Kasynoir operates on a Sirplay white-label skin, and Sirplay is a well-established provider in the iGaming industry.

All core software, server-side infrastructure, updates, patches, and related security checks are handled directly by Sirplay’s technical team, which performs regular monthly reviews and additional interventions whenever necessary. Our role at Kasynoir is focused on site management, content, and operational handling.

In fact, just a few days ago we were informed that our anti-money laundering page required adjustments, and we acted promptly to update it.

If needed, I will be happy to contact Sirplay directly and provide more detailed information regarding updates, maintenance, and security procedures.

First of all thank you for understanding that forum members here are not utilising their time to attack you, there is a genuine concern on part of albon and he did nothing wrong by bringing this to attention of members.

From what you have posted, I completely understand Sirplay is the white label provider and Kasynoir is running on their software. Having said that, I do understand that the manner in which white label projects operate does include the business owner to focus on content, management and customer related issues whereas the core software, server related issues, security checks, updates and patches are handled by the provider.

If (as you stated) Sirplay have run a recent security audit on the Kasynoir website, have they given you the report? If so, is it possible to make it public? If not, then maybe Sirplay should consider providing two reports: one containing sensitive data that should not be published and the other serves more akin to how VPNs show transparency reports stateing the audit was completed. If that is something that interests you, you should discuss it with Sirplay. As for questions including the HashKey, they will remain.

[Sirplay]

@albon, @Zwei — thank you both, actually.
@Zwei found exactly what is there to find, and described it correctly: these are white-label operators running on the Sirplay platform, all covered under license ALSI-202504036-FI2 issued to Sirplay Sudamerica EIRL by the Anjouan Gaming Authority. This is publicly verifiable at anjouangaming.com/public-register/verify-a-licence in about 15 seconds.
This is not a secret. It is not a vulnerability. It is how white-label iGaming works — the same way that hundreds of licensed operators across Betsoft, Pragmatic Play, or any major platform provider share infrastructure, SDK identifiers, and asset delivery systems. The Sirplay footer link is there because regulatory transparency requires disclosing the software provider. Hiding it would be the compliance failure, not showing it.
One license covering multiple branded operators is standard ALSI B2C licensing — the domains are explicitly listed in the public register entry. Anyone can verify which domains are covered.
What @Zwei actually identified is: a legitimate, licensed, transparently operating white-label gaming network. His own conclusion — "sirplay provides a service where they add the domain of their clients under theirs" — is the accurate description of the business model.
The "amateur" characterization is opinion and we respect it. Players should always do due diligence before depositing anywhere. We'd only note that verifiable regulatory licensing, a publicly listed company, and full footer transparency are typically considered signs of legitimacy, not the opposite.
The license is real. The register is public. The architecture is standard.

We appreciate the forum's role in consumer protection and take all serious allegations seriously. However, the claims in this post contain fundamental factual errors that we are obligated to correct publicly.
We are Sirplay.
The S3 bucket sirplay-amazon, the shared asset infrastructure, and the platform engine referenced in this post belong to Sirplay Sudamerica EIRL — the original developer and licensor of the Sirplay betting platform. The allegation that our infrastructure hosts a "leaked or stolen copy" of our own software is, with respect, logically impossible.
Licensing is valid and verifiable.
All domains referenced operate under license ALSI-202504036-FI2, issued by the Anjouan Gaming Authority (administered by Anjouan Licensing Services Inc.), valid April 2025 through April 2026. This license is publicly verifiable at anjouangaming.com/public-register/verify-a-licence. We encourage anyone with doubts to verify it directly with the authority.
The technical "evidence" is misinterpreted.
The HASHKEY_CRYPTO identifier cited as proof of fraud is a shared SDK constant, present across all licensed Sirplay operators by design — identical to how all WordPress sites share a recognizable code structure. Its presence across multiple domains proves only that they share the same licensed platform, which is accurate and expected in a white-label architecture.
On the abuse reports filed.
We have formally notified AWS Trust & Safety and Cloudflare of the inaccuracies in the complaints filed against our infrastructure, with full supporting documentation. We expect resolution in the ordinary course.
We have no interest in engaging in forum disputes. Our focus is operating a compliant, licensed platform. If any community member has experienced a genuine issue with a Sirplay-powered operator, we invite contact through the official regulatory channel: the Anjouan Gaming Authority's Third-Party Complaint Policy at anjouangaming.com/regulatory-framework/third-party-complaint-policy/.

P.S.
Multiple domains under a single Anjouan license are not only permitted but explicitly structured into the fee schedule — additional domains beyond the base two are registered with the Authority at an annual fee per domain. All three active domains listed in our license entry were declared to and approved by the Anjouan Gaming Authority. This is compliance, not concealment.

To address your points directly:
On the S3 configuration: The bucket in question serves static assets — images, scripts, and brand resources intended for public consumption by end users of our licensed platforms. Public Read access on a static asset delivery bucket is the correct and intentional configuration, not a misconfiguration. There is no personal data, credentials, or sensitive information stored in this bucket. There is consequently no data breach under Art. 33 GDPR, as the definition of a personal data breach under Art. 4(12) does not extend to publicly accessible static assets.
On your claim of responsible disclosure: Legitimate security research follows established responsible disclosure protocols — ISO/IEC 29147, CERT/CC guidelines, or equivalent frameworks — which require private notification to the affected party prior to any public disclosure or third-party reporting. Your approach — simultaneous public posting on BitcoinTalk, reports to AWS, and reports to Cloudflare — does not conform to any recognized responsible disclosure standard. It is coordinated public pressure, not security research.
On MGA: Sirplay Sudamerica EIRL operates under license ALSI-202504036-FI2 issued by the Anjouan Gaming Authority. The MGA has no jurisdictional authority over our operations.
On GDPR: We are the data controller for our platforms and maintain GDPR-compliant data processing practices. A public S3 bucket containing static game assets does not constitute a GDPR incident. Should you wish to file a formal GDPR complaint, the relevant supervisory authority for your jurisdiction is available to receive it — we welcome any regulatory review of our actual data processing practices.
We note that your initial report characterized our infrastructure as a "fraudulent Clone Scam network" — a characterization we have formally rebutted with primary evidence to both AWS and Cloudflare. The pivot to a security vulnerability narrative following that rebuttal is noted.
We consider this matter addressed. Further communication on this topic should be directed to our legal representatives.
We warm suggest to not got further in your "analysis" or we will consider legal action

Guess who is the scammer here?
https://drive.google.com/file/d/1bZLTdt9wK8OJoG1eh82LFklQLONOL5R_/view?usp=sharing

[albon]

[.....]

Attempting to link my name to "hacked images" or any illegal activity is a cheap attempt at defamation and a distraction from the root of the problem.

I work in technical investigation / I look into technical issues my work is strictly based on monitoring what you yourselves have left exposed to the public.

Instead of throwing around legal threats with no real basis, you should have thanked the person who alerted you to your vulnerabilities before actual malicious actors exploited them.

As for your attempt to twist the idea of “Responsible Disclosure,' I have breached no protocol; I identified a suspicious network, and my ethical duty toward the crypto community is immediate public warning, not secret negotiations with entities that lack transparency.

Regarding the extortion nonsense, let’s be real: I’m a researcher, not a charity. When someone experienced finds your backend exposed for the world to see, discussing a Bug Bounty is the industry standard. I offered to review everything and help fix it for your mess, under a standard NDA agreement. If you think getting paid for security work is 'pressure,' you don’t seem to understand how this field works. Your system has a problem, and I offered to fix it. If you ignore it and things get worse, that’s your responsibility.


This screenshot shows the publicly accessible XML directory of their S3 bucket: https://sirplay-amazon.s3-eu-west-3.amazonaws.com/




As you can see, it exposes internal platform paths, not just 'static assets' as they claim. This is a text-book case of a security misconfiguration.

To any developer or security professional reading this: Does a folder named '/core/' or '/platform/contexts/' look like a public image gallery?

Instead of wasting time on legal threats that won't hide the facts, I suggest you close your bucket and fix your leaks. My investigation is done, the evidence is public, and the community can now judge your 'transparency' for themselves."

----------------------------------

UPDATE:

The company claims this was just a "public image bucket." If so, why did they panic and lock it immediately after my post? (See AccessDenied screenshot).



Closing the bucket is a clear admission of guilt. They aren’t protecting images; they are hiding the sensitive data I uncovered:

1. My logs prove they were hosting and distributing Android APKs (software packages).



2. I found a .vcf file (private contact card). There is no reason for private contacts to be in a "public image" folder.



3. The core/ and platform/ directories reveal their internal backend structure.

You don't lock the door unless you've been caught hiding something you shouldn't have.

[Sirplay]

You correctly identified that ListBucket was publicly enabled. It has been fixed within hours of your report.
This is what legitimate responsible disclosure looks like when it works: a finding is identified, reported, and remediated. We have no issue acknowledging a real misconfiguration when one exists.
What it does not look like is publishing a public post on BitcoinTalk before contacting us, filing abuse reports with AWS and Cloudflare before contacting us, and following up with a demand for 2,400 BTC. That sequence is not responsible disclosure. That is what makes the legal matter entirely separate from the technical one — and why the technical matter being resolved changes nothing about the legal matter.
— Sirplay Sudamerica EIRL

[albon]

You correctly identified that ListBucket was publicly enabled. It has been fixed within hours of your report.
This is what legitimate responsible disclosure looks like when it works: a finding is identified, reported, and remediated. We have no issue acknowledging a real misconfiguration when one exists.
What it does not look like is publishing a public post on BitcoinTalk before contacting us, filing abuse reports with AWS and Cloudflare before contacting us, and following up with a demand for 2,400 BTC. That sequence is not responsible disclosure. That is what makes the legal matter entirely separate from the technical one — and why the technical matter being resolved changes nothing about the legal matter.
— Sirplay Sudamerica EIRL

Your admission of the 'misconfiguration' is the only factual part of your response... Everything else is a clumsy attempt at damage control.

2,400 BTC LOL. Using such a comical number only highlights your desperation to smear a researcher who exposed your incompetence.

I have a duty to the crypto community. When I find Android APKs, Private Contacts (.vcf), and Backend Paths exposed on a public S3 bucket, immediate public warning is the only ethical choice.

You didn't 'fix' it because of a report, you panicked and locked it because the evidence became public. Even then, your fix was incomplete locking the 'list' while the 'files' remained accessible.  

Stop hiding behind legal fantasies and start securing your users' data.

[VIDEO EVIDENCE - WATCH HERE]

Investigation Closed. The community can now see the truth.

[Shishir99]

https://drive.google.com/file/d/1bZLTdt9wK8OJoG1eh82LFklQLONOL5R_/view?usp=sharing

Guys, I can smell something else here. This is not the first time a scammer pretended to be someone, reached out to companies, and offered to remove scam accusations and data from the forum if the company sent them money. @Sirplay, I believe this is not Albon but someone pretending to be Albon who sent you this offer.

@Albon, don't think they are trying to accuse you of being a scammer; they probably got this offer from someone else and thought it was you. Similar things happened before, and I think they actually received an offer like that from a scammer. The offer I can see is 2400 USDT/BTC. Not 2400 BTC. I think the scammer meant 2400 USD in Bitcoin.

[albon]

Guys, I can smell something else here. This is not the first time a scammer pretended to be someone, reached out to companies, and offered to remove scam accusations and data from the forum if the company sent them money. @Sirplay, I believe this is not Albon but someone pretending to be Albon who sent you this offer.

@Albon, don't think they are trying to accuse you of being a scammer; they probably got this offer from someone else and thought it was you. Similar things happened before, and I think they actually received an offer like that from a scammer. The offer I can see is 2400 USDT/BTC. Not 2400 BTC. I think the scammer meant 2400 USD in Bitcoin.

I don’t need anyone to pretend to be me, I discovered the issue myself and contacted them directly

I emailed them first to let them know about it but they ignored the official email and reached out to me via Telegram -> @SirplaySales instead.

I requested 2400 USDT/BTC for the report and help fixing the issue: giving them a detailed report and helping them fix the data leak with a basic NDA in place and this is normal in cybersecurity and common in the field.

The real scam here is the company’s trying to twist a $2400 offer into a 2400 BTC accusation to mislead people.

I saved everything, the video I posted already makes it clear. instead of talking about “impersonators” look at the leaked APKs and VCF files. and that’s the real issue here.

@Sirplay Instead of fabricating chat logs and twisting numbers (2400 BTC vs $2.4k), why don't you explain why your S3 bucket was exposed, leaking your official (info@) data and APK files?

[Zwei]

@Sirplay why is the whitelabel "product" you are providing a copy of shuffle UI? i asked OP about this on the other thread, but never got an answer.

The "amateur" characterization is opinion and we respect it. Players should always do due diligence before depositing anywhere.

i think it's a bit more than just an opinion at this point.

We'd only note that verifiable regulatory licensing, a publicly listed company, and full footer transparency are typically considered signs of legitimacy, not the opposite.

no they are not, the anjouan license is not a sign of legitimacy, having it is better than not, but it doesn't make a casino automatically legit just because they have it.
it's a license with almost no regulation, not to mention it's relatively cheap to get, which is why some scammers get it to look "legit".

Guess who is the scammer here?
https://drive.google.com/file/d/1bZLTdt9wK8OJoG1eh82LFklQLONOL5R_/view?usp=sharing

if you really think that is @albon, i have some volcano insurance to sell you.