Investigation: Winna Plinko RTP Modification

On March 10, 2026, Winna.com issued an incident report acknowledging that its Plinko game had operated under modified probability tables for nearly three months. The report described the change as a configuration error and offered refunds to affected players. Winna’s RTP for the affected period dropped from the publicly stated ~99% to approximately 98%.

This post documents what the technical record shows. The central observation is not the existence of the configuration change itself — Winna disclosed and corrected it. It is that throughout the affected period, Winna’s own provably fair verifier continued to return valid results for individual bets. The cryptographic layer was working exactly as designed. The probability tables sitting on top of it were not what the public materials described. A player verifying any single round during those three months would have received confirmation that the round was technically reproducible from its seeds, with no indication that the underlying odds had changed.

Baseline: Winna Plinko prior to December 17, 2025

ProvablyFair.org first reviewed Winna’s Plinko implementation in November 2025 as part of routine technical research into provably fair casino games. At that time, the algorithm operated as a per-pin coin-flip simulation: for each pin in the board, the HMAC-SHA256 RNG produced a single bit that determined whether the ball moved left or right. The final landing position determined the multiplier. This is the standard binomial-distribution approach to a Plinko-style game and is the construction that produces the well-known peaked distribution toward the centre.

To confirm the implementation was sound, ProvablyFair.org ran 67.5 million simulated rounds across 25 real Winna seed pairs covering all 27 difficulty and pin configurations. The RTP converged to approximately 99% across every configuration, matching what Winna publicly advertised.

ProvablyFair.org’s November 2025 simulation results across 67.5 million rounds. Every configuration converged toward ~99% RTP, consistent with the per-pin coin-flip algorithm and matching Winna’s public claims.

At the time of that review, the payout distribution and return-to-player matched both the standard binomial construction for a Plinko game and the figure Winna publicly advertised. That construction is worth understanding, because it is what the later modification departed from: in a standard Plinko, the odds of landing in each bucket are not a setting a casino chooses but a fixed mathematical consequence of the per-pin coin flips.

In a standard 16-pin Plinko, each pin is an independent 50/50 coin flip. The resulting bucket distribution — and the odds of the 1000× edges — is a mathematical constant, not a value the casino configures.

What changed in the live code

On December 17, 2025, Winna launched a release titled “Originals 2.0”, described in its marketing as a rebuild of its in-house games and including a new Plinko mode called Extreme. After this release, the game logic for Plinko was different.

After this release, the Plinko game logic was different. The post-update code chunk from Winna’s live frontend was independently archived by the Internet Archive’s Wayback Machine on January 27, 2026, before any public disclosure of the issue, providing a fixed third-party reference point for the logic described below.

The post-update algorithm no longer simulated the path through the pins. Instead, the code generated a single random float and mapped that float against a hardcoded probability table to select a bucket directly:

This is a structurally different game from a per-pin coin-flip Plinko. The randomness pipeline is still seeded by HMAC-SHA256 in the same provably fair way, but the outcome is no longer derived from a simulated 16-pin path. It is selected from a pre-set table whose contents determine the actual distribution.

The probability table extracted from Winna’s live frontend (February 2026). For 16-pin High Risk, the two 1000× edge buckets were reduced.

The shape of the modification

Across all three difficulty modes and all pin counts, the pattern in the extracted tables was consistent. The probability of landing in the highest-paying buckets was reduced. The removed probability was redistributed into a small number of low-value middle buckets. The remaining buckets continued to match fair binomial probability to 10 or more decimal places.

Some representative changes from the extracted tables, for the 16-pin configurations:

• High Risk: 1000× edge bucket reduced by approximately 32%. Fair odds of landing in this bucket are 1 in 32,768; the extracted table produced odds of approximately 1 in 48,188.
• Medium Risk: 110× edge bucket reduced by approximately 35%. 41× bucket reduced by approximately 88%.
• Low Risk: 9× bucket reduced by approximately 96%. 2× bucket reduced by approximately 99.5%.

The on-screen multipliers shown to players did not change. The probability of landing in each bucket did. All three modes, across all pin counts, converged to approximately 98.00% RTP rather than the ~99% the public materials described.

Bucket-level comparison across all three modes. Unmodified buckets matched fair binomial probability; the high-payout edges were reduced.

Winna’s incident report

On March 10, 2026, Winna issued an incident report to affected accounts. The relevant section read:

The report further stated that affected players would be refunded the difference between their actual outcomes and what they would have received under the intended 99% configuration, and that Winna had added automated RTP simulation tests to its deployment process to prevent recurrence. Players were directed to live chat support to claim refunds.

Winna’s incident report email of March 10, 2026, describing the issue as a configuration error and offering refunds.

Why this case is relevant to provably fair as a category

The technical detail that matters most here is not the size of the RTP reduction. It is that the cryptographic verification layer remained intact throughout the affected period.

Winna’s provably fair verifier worked. Server seeds were committed before bets. Nonces incremented per bet. The HMAC-SHA256 derivation was deterministic and reproducible. A player checking any individual bet during the affected period would have entered their seeds into Winna’s verifier and received a correct cryptographic confirmation that the random float used to resolve their bet was the one derived from those seeds. The verifier had no reason to flag anything. From its perspective, nothing was wrong.

The change was in the layer above the cryptography: the probability table that converted the verified random float into a bucket and a multiplier. That layer was not part of what Winna’s verifier checked, and not part of what most casino-operated provably fair verifiers check. This is the structural condition we have described elsewhere as partial provable fairness: the cryptographic primitives are correct, but the game logic sitting on top of them is not independently verified against the casino’s public specification.

An end-to-end audit covering live-game-versus-specification conformance would have surfaced this discrepancy within a single audit cycle. The fair binomial distribution for a 16-pin Plinko is a mathematical constant; reproducing the expected probability for each bucket from the published mechanics and comparing it against a statistically significant sample of live outcomes is a standard procedure. The deviation observed here — high-value buckets reduced, low-value buckets inflated, every mode converging to exactly 98.00% RTP — would have been detectable in any such comparison. The fact that it persisted for nearly three months reflects the absence of that kind of independent check, not any limitation of the cryptographic layer.

For affected players

If you played Winna Plinko between December 17, 2025 and March 10, 2026, ProvablyFair.org has published an independent verification tool that allows you to check your bets against fair binomial probabilities. The tool accepts your client seed, your unhashed server seed (available after seed rotation), and a nonce range. It reports which of your bets would have produced different outcomes under fair binomial math compared to the extracted probability tables.

The ProvablyFair.org Winna Plinko verification tool. Enter your seed pair and nonce range to check each bet against fair binomial math.

Winna’s incident report directed affected players to its live chat support to claim refunds under the intended 99% RTP configuration. The ProvablyFair.org tool is an independent reference that may be useful in those conversations or for players who want to confirm independently how their bets resolved under each set of probabilities.

Current status

On March 14, 2026, the Plinko game logic was re-extracted from Winna’s live frontend. The Low, Medium, and High modes had reverted to the per-pin coin-flip simulation used prior to December 17, 2025, and the bucket probabilities once again matched fair binomial math, with RTP across all configurations back in line with the ~99% the public materials describe. This reflects what a re-extraction of the live code shows; it is not a full audit of the current game.

The general point this case illustrates is one that applies across the category. Cryptographic verification of randomness is a necessary component of a provably fair game. It is not, on its own, sufficient. A game can have a correctly functioning commit-reveal layer, a correctly functioning RNG, and a correctly functioning verifier — and still produce outcomes that do not match its published mechanics, because the layer that translates random numbers into game outcomes is independent of all of the above. Audits that cover only the cryptographic surface will return valid results in those conditions, exactly as Winna’s verifier did. End-to-end audits that include live-game-versus-specification conformance are what close that gap.