Introducing ProvablyFair.org Certification

You can already verify your own bets at any provably fair casino. Enter your seeds, run the casino’s checker, confirm the result. So why does ProvablyFair.org exist?

Because what that verification proves is far narrower than most players think it does.

When you verify a bet, you are checking the casino’s verifier against the casino’s live game. Both were written by the same casino. They share the same code and the same assumptions. They will almost always agree — not because the game is fair, but because two pieces of software with the same author are consistent with each other. What you have proven is that the casino is internally consistent. You have not proven that the casino is honest.

The category has a structural problem

Every major crypto casino now builds its own games in-house. Plinko, Mines, Crash, Limbo, Dice, Keno: written by the casino, run by the casino, and verified by a tool also built by the casino.

Traditional online gambling does not work this way. Game studios build the games; independent testing labs audit the studios. The lab and the studio are different organisations with different incentives. That separation is what makes the audit mean something.

In crypto, that separation has collapsed. The casino is the studio. There is no independent party checking whether the live game does what the casino publicly claims. The casino grades its own work, and “provably fair” is the badge it awards itself for doing so.

What that produces

Over the past six months, the consequences of that structure have become difficult to ignore. A pattern has emerged across multiple platforms: different casinos, different games, but the same underlying gap. Some of what independent technical analysis has surfaced:

• A casino lowered RTP by changing the pay table mid-stream. Its verifier updated to match. Self-verification kept passing while players had no idea the rules had changed.
• A casino’s “fairness checker” had a different RTP hardcoded than the figure it publicly advertised. Players were verifying their bets against a number the casino never actually claimed.
• A casino accepted a client seed but did not use it in the game logic. The seed players “contributed” had zero effect on outcomes. The protocol was decoration.
• A casino rotated its server seed every bet with the nonce stuck at zero, allowing it to pre-generate and discard unfavourable seeds while still passing its own verification.
• A casino displayed a pre-committed hash, then swapped it after the player entered their client seed. The commitment was theatre — precisely the manipulation that commit-reveal is supposed to make impossible.
• A casino’s “provably fair” game had no provably fair protocol at all: no server seed hash, no committed client seed, no nonce sequence. The protocol players were told to verify simply did not exist.
• A casino’s verifier and live game ran different code. The verifier was not connected to the production backend at all.

Every one of these was marketed as provably fair. Every one passed the casino’s own verification. None was caught by the cryptographic protocols the casinos themselves published — because a self-verification system cannot catch a problem its own author built into both sides.

The cases that surface only do so because someone went deeper: examined the source, captured real bets, recomputed the outcomes independently. That is not something an individual player can reasonably be expected to do. It takes time, tooling, and technical depth most players do not have, and should not need. That work is what ProvablyFair.org was built to do systematically.

Introducing ProvablyFair.org Certification

Today we are launching ProvablyFair.org Certification — an independent audit framework built specifically for casino-built original games.

Provably fair games let any player check a bet against the math. We built our audit framework on the same principle: it is fully open source and publicly checkable. An audit of a “verify-it-yourself” product should itself be something anyone can verify. As far as we are aware, it is the first open-source audit framework of its kind, and that is the point, not a footnote.

The method rests on one decision that separates it from self-verification. We rebuild each casino’s games from the published specification — not from the casino’s supplied code. Re-running a casino’s own code only confirms the casino is consistent with itself. Rebuilding the game from its stated rules, in our own independent implementation, tests something different and harder: whether the casino’s real, live implementation actually matches what it publicly claims.

From that independent rebuild, two distinct bodies of evidence follow. We place tens of thousands of real bets per casino and recompute every captured outcome: this is the live-game conformance work. Separately, we run hundreds of millions of simulated rounds to confirm the odds at scale, the statistical RTP work. Different evidence, different questions.

What an audit answers

Every ProvablyFair.org audit answers five questions. Each maps to a scored section of the methodology, and a single cryptographic failure means a game cannot be certified — not partially, not mostly.

1. Can the casino change your outcome after you bet? We verify the cryptographic commitment that locks the result before you play.
2. Is the randomness real? We independently implement the algorithm and prove your seed genuinely affects every outcome.
3. Does the game follow its own rules? We recompute every bet in our dataset. 100% must match: zero tolerance.
4. Is the house edge honest? We derive the RTP mathematically from first principles, never trusting the casino’s own numbers.
5. Does the system hold up under pressure? We test the game’s API for integrity issues that could compromise fairness under non-standard conditions.

Two further sections, not scored but required for certification, ensure the audit itself is player-accessible and fully reproducible. The complete technical methodology, including the per-section pass criteria, the statistical battery, and the worked examples from live audits, is published in full on our methodology page.

What is live today

Ten full game audits are published today, alongside the complete framework. We believe these are the deepest casino game audits ever made public. Anyone can clone a repository and re-run the entire audit end to end with a single command. Every finding, every dataset, and every line of verification code is open source.

Every certified casino also has a verification tool hosted on our domain, built by us and not by the casino, that any player can use to spot-check any bet. It runs the same independently-audited implementation the certification is based on, not a copy of the casino’s own verifier, so a player is checking their bet against the code an audit actually validated. That is the structural property the existing model lacks.

For casinos

We are already working with several more casinos, with further audit results to follow.

A casino that builds its own games and runs its own verifier is, today, the only party vouching for its own fairness. Independent certification changes who is making that claim. For an operator running honest games, that is not a risk — it is the strongest statement of confidence available, and one a self-graded badge cannot make.