Provably Fair: We Verified 847 Bets Across 5 Casinos. Here's How It Actually Works.
Everyone talks about provably fair. Most people don't actually verify anything. We did — 847 individual bets on Stake.com, Cloudbet, and three other platforms. Every single one checked out. This is what we learned, and how you can verify yours in under 60 seconds.
The trust problem nobody talks about
Traditional online casinos tell you their games are fair. They point to audits from companies like eCOGRA or GLI, done once a year on a sample of games. Between audits, you're trusting the operator with your money and no way to check if the roulette wheel or slot machine was honest on your specific spin.
That's not paranoia — it's math. eCOGRA tests a statistical sample. They can confirm that a game's RTP over millions of rounds is within spec. But they can't tell you whether round #4,387,201 — the one where you bet $500 — was manipulated. Nobody can. You just have to... trust.
Provably fair eliminates that gap. Not with auditors, not with reputation, not with regulation — with cryptography.
The sealed envelope analogy (then the real version)
Imagine this: before every round, the casino writes the result on paper, seals it in an envelope, and hands it to you. You play. Then you open the envelope and check. If the result doesn't match — you caught them cheating.
That's provably fair, except the "envelope" is a cryptographic hash and the "paper" is a server seed. Nobody can open a hash backwards or forge one that matches. The math is the same math that secures Bitcoin, HTTPS, and your bank's website.
Now the real version.
Three ingredients, one recipe
Every provably fair bet uses exactly three inputs:
1. Server seed — the casino's secret
A random string the casino generates. You don't see it (yet). But you do see its SHA-256 hash — a 64-character fingerprint. This hash is your guarantee: the casino committed to this specific seed before you bet. Changing the seed would change the hash, and you'd notice immediately.
2. Client seed — your contribution
A string you provide. Most casinos auto-generate one, but you can change it to literally anything. "pizza123", your birthday, random keyboard mash — doesn't matter. The point is that you added something the casino couldn't predict, so the casino couldn't pre-calculate and rig the result.
Pro tip: change your client seed before a big bet. It adds zero mathematical advantage but removes the theoretical concern that the casino pre-computed outcomes for the default seed.
3. Nonce — the counter
Starts at 0, goes up by 1 with every bet. Without it, the same server seed + client seed would produce the same result every round, which would be useless. The nonce makes each round unique even if you never change your seeds.
These three get combined through HMAC-SHA256 — the same cryptographic function that secures your banking sessions. The output is a 64-character hex string that gets converted to a game result (a crash multiplier, a dice roll, mine positions, etc.).
Deterministic means: same inputs = same output, every time. Once you know the server seed (revealed when you rotate to a new one), you can replay this calculation yourself and confirm the casino didn't tamper with anything.
We actually verified 847 bets. Here's what happened.
In March 2026, we pulled bet histories from five provably fair casinos and ran each one through our verification tool. The breakdown:
| Casino | Bets checked | Mismatches | Games |
|---|---|---|---|
| Stake.com | 312 | 0 | Crash, Dice, Mines, Plinko |
| Cloudbet | 198 | 0 | Dice, Hi-Lo |
| Roobet | 156 | 0 | Crash, Towers |
| Duelbits | 104 | 0 | Dice |
| BetFury | 77 | 0 | Crash |
847 bets, zero mismatches. Every single hash, seed, and nonce combination reproduced the exact game result shown during play. This doesn't prove these casinos will always be honest — but it means their provably fair implementation is working correctly right now, and you can catch them the moment it doesn't.
Verify your own bets (takes 60 seconds)
- Find your seeds. On Stake.com: click the fairness icon (shield) in any game. You'll see your current client seed, server seed hash, and nonce. Other casinos put this in Settings → Provably Fair or similar.
- Rotate your server seed. This reveals the previous server seed (the actual secret, not just the hash). You need this to verify past bets. After rotation, all future bets use a new seed pair.
- Plug into a verifier. Enter the revealed server seed, your client seed, and the nonce for the specific bet into our free provably fair checker. It runs the HMAC-SHA256 calculation in your browser (nothing sent to our servers) and shows you the computed result.
- Compare. Does the computed result match what the casino showed you during the game? If yes — that bet was provably fair. If no — screenshot everything and contact support (and maybe the community, because that would be big news).
We've done this hundreds of times across multiple platforms. The results have always matched. That doesn't mean you shouldn't check — it means checking works.
Which games support it (and which don't)
Not every game at a provably fair casino is actually provably fair. Here's the split:
Usually provably fair
- Crash (Aviator, Moon, etc.)
- Dice (over/under)
- Mines
- Plinko
- Limbo
- Hi-Lo / Tower
- Keno
These are casino "originals" — built in-house with provably fair baked in.
Usually NOT provably fair
- Slots (Pragmatic, NetEnt, etc.)
- Live dealer games
- Table games from providers
- Sports betting
Third-party provider games use their own RNG. The casino has no control and can't make them provably fair.
Slots are the big blind spot. When you play Gates of Olympus or Sweet Bonanza on a crypto casino, you're trusting Pragmatic Play's RNG — not the casino's provably fair system. The casino just hosts the game. That's why we built the live RTP tracker — it monitors actual payout rates across 7,700+ slots so you can at least see whether real-world results match the theoretical RTP.
Provably fair vs traditional RNG — real differences
| Aspect | Traditional RNG | Provably Fair |
|---|---|---|
| Who verifies? | Third-party auditors (eCOGRA, GLI) | You, personally, every bet |
| When? | Periodic audits (annually/quarterly) | Real-time, per round |
| Can casino cheat one bet? | Possible (audit wouldn't catch it) | Detectable immediately |
| Player influence on outcome | None | Yes (client seed) |
| Transparency of algorithm | Closed-source, proprietary | Open — HMAC-SHA256 is a public standard |
| Regulatory recognition | Universally accepted | Not recognized by most regulators (yet) |
The last row matters. UK Gambling Commission, MGA, Curaçao — none of them formally recognize provably fair as a compliance mechanism. You can be provably fair AND licensed, but the license doesn't care about your cryptography. It's a player-facing trust tool, not a regulatory one.
Three things provably fair does NOT mean
"Provably fair = you'll win"
No. Provably fair means the game is honest, not favorable. The house edge still exists — typically 1-4%. Over thousands of bets, you will lose money on average. What provably fair guarantees is that the casino isn't cheating you beyond that stated edge. Fair ≠ profitable.
"The casino can change the seed mid-round"
Mathematically impossible without changing the hash — which you already have. SHA-256 collision resistance makes this a non-issue. Nobody has ever publicly demonstrated a SHA-256 collision, and the global cryptography community has been trying since 2001.
"High RTP = provably fair"
These are independent concepts. RTP is a statistical measure over millions of rounds (how much the game returns on average). Provably fair is a per-bet cryptographic property (can you verify this specific round was honest). A slot can have 96% RTP without being provably fair. A crash game can be provably fair while having a 4% house edge.
Quick history — how we got here
2012: SatoshiDice launches on Bitcoin — one of the first provably fair gambling platforms. Primitive by today's standards (single SHA-256 hash, no client seed), but revolutionary. Players could verify outcomes on the blockchain for the first time.
2014-2016: HMAC-based systems emerge. Adding a client seed solved the critical flaw in SatoshiDice's model: the casino could pre-compute outcomes when only the server seed determined the result. The dual-seed + nonce pattern we use today was standardized during this period.
2017-2020: Stake.com and BC.Game popularize provably fair originals. "Crash" becomes the signature provably fair game. The model proves commercially viable — casinos realize transparency doesn't hurt business, it builds trust.
2024-now: Provably fair is table stakes (pun intended) for any serious crypto casino. If a crypto casino in 2026 doesn't offer provably fair on its originals, that's a red flag. The tech is standardized, open, and free to implement. There's no excuse not to.
So should you actually verify your bets?
Honest answer: probably not every one. But you should:
- Verify after any suspicious loss. Hit a mine on the first tile three times in a row? Verify those rounds. If the math checks out, it's just variance. If it doesn't — you have proof of fraud.
- Spot-check periodically. Pick 5-10 random bets per week and verify them. Think of it like checking your bank statement — you don't read every line, but you glance for anomalies.
- Always verify after big wins or big losses. Emotionally charged moments are when trust matters most. Let the math confirm what happened.
Our free verification tool runs entirely in your browser. Enter seeds, get results. Takes under a minute. No signup, no data collection, no catch.
Verify a bet right now
Enter your server seed, client seed, and nonce. See the result for yourself.
18+ | Play responsibly | Gambling involves risk