Winna Casino - The Ghost in the Machine - Provably UNFAIR
The Discovery
I was on Winna clicking around and noticed something strange right away. Unlike major industry standards like Stake, Duel, or Shuffle, Winna wasn't listing the formulas for their original games. Most casinos proudly show exactly how their games work so you can verify the fairness yourself. Winna? Nothing.
This piqued my curiosity, and I had to know which implementations they were using—especially since I have a history of finding "provably fair" issues on other casinos (who, to their credit, handled it immediately and issued refunds).
I started testing my own seed pairs against the standard formulas used everywhere else, but nothing matched. Every nonce came out completely different. That's when I went into full detective mode.
2/18 - The Breakthrough
It took me a day or two of reverse engineering to crack their implementation. I trial and errored every possible way to build a Plinko board from the raw hash. After testing dozens of different approaches, I finally found the exact formula that matched their verifier at the time.
Once my results finally matched their site verifier, the math revealed exactly why they kept the formula hidden: they were using Pascal's weighted formula which takes the entire hash weights it into 16 segments for example 16 row plinko — Interesting choice, it's no longer industry standard, but we'll show through my tests why they used this formula and how it allowed them to introduce a nefarious percentage shrinkage on top tier payouts.
I ran iterations over 1, 2, 5, and 20 million nonces, 50 million and 100 million nonces. On paper, the math looked correct: the 5 million test generated 158 hits for the 1000x multiplier, which is right in line with theoretical expectations. However, when I manually cross-referenced these results with Winna's own site verifier, the "shave" was exposed. A massive portion of those 1000x hits were being downgraded to 130x (56 of the 158 fair value math 0 and 16 segment hits that showed up).
I documented my 5 million iteration test in an excel sheet. You can find corresponding screenshots of every 1000x that fired correctly on their verifier, and every 1000x that was clipped to a 130x.
View Full Excel DocumentationThe Confrontation
I went over my findings with the team in a TG group they had made when I initially brought up the issue as well as Paul himself in DMs. I did a 100 million nonce test live with him showing him nonce by nonce which 1000xs were clipping.
The Gaslighting Begins
The team and Paul himself made an excuse that it was their house edge of which they were doing 98% (never disclosed this either). They gaslit. They claimed it was their 98% RTP but any game dev knows that plinko RTP is from multiplier table, not through shrinking win chances of its binomial probability. It's why Duel a 99.9% RTP casino can still respect the 0.0015% win chance of a 99% RTP casino like Stake.
The Mathematical Evidence
The Cover-Up and Aftermath
After all this confrontation—presenting my tests and telling their team they need to respect binomial probability instead of shrinking win chances with a weighted Pascal's Triangle—they finally blinked.
Plinko's house edge should come from the multiplier tables, and industry-standard step-path generation is the only way to avoid "boundary mistakes" like this. On March 10, they changed their formula, announced a vague "RTP mistake," and issued small refunds.
The Victims
That night, after my audit went live and I explained that Paul would be issuing refunds, several players reached out. I ran their seeds and noticed a major discrepancy: their actual "misfire" losses were significantly larger than the refunds they received.
Real Victim #1 – Ecoguz27
Winna first refunded him ~$1,900 after I confronted them March 3 and they went public days later (March 10).
After I helped him run his seeds I told him 2 nonces to look for that would have clipped had he been on Plinko at those nonces and he scrolled into his archive and found 75k misfire. Paul banned Ecoguz27 for demanding the full payout and said it was BS.
After a lot of pressure from my group. Weeks later, "Paul" was forced to admit the real clipped amount was $88,000. Paul later paid the $88k… but told him to delete all evidence "to save their reputation.".
Another player got only $110 refund. I told him to check his seeds on my 16 row verifier—the real bet should have been 2 USD on 1000x for 2k but he was paid it as a 130x instead. After he took it to Twitter for four weeks, Paul finally replied: "You should have received those refunds ($1,750.65) – how much did you receive? I'll check what happened there & credit the difference now for you!".
This exact pattern happened over and over. I found another for $7.5k, another for $30,000, and countless others. There are likely hundreds of people out there who played Plinko on Winna and have no idea they weren't refunded their full "misfire."
The Public Verifier Tool
Since they were not cooperating, I took the verifier I had written—specifically designed to match their actual formula—and created a free public tool.
This tool allows anyone to input their client seed, unhashed server seed, and nonce range to see exactly where the Winna formula clipped fair value math on the 0 and 16 index (1000x) hits. It uses the 35% boundary shrink I discovered they were using across 16 rows.
Use the Verifier Tool
The Ugly Truth
They tried every dirty trick to make this disappear:
- They banned me from their site twice (I'm a diamond did 23 million wager at winna) for helping other players audit their own bets
- They sent 9,000 porn + abuse bots to raid and shut down our discussion group. Got several of my TGs banned on every public page I was creating on TG.
- Even their Dice game was being clipped last year. They personally "misfired" on me for $283k on the 9900x multiplier
They still do not list formulas for their original games—which is extremely suspicious and the exact reason I started looking into their Plinko this year. Having experienced them "clipping" me on Dice in the past, I had a gut feeling they were still doing something wrong.
They've just been quietly swapping them for new implementations after the heat I gave them for the Plinko situation.
⚠️ Important Notice
If you or your friends played Plinko on Winna between December 17, 2025, and March 10, 2026—run your seeds through the tool I've linked. Find your clipped wins. Demand every single dollar.
This is my first Twitter thread, and I've tried to summarize as much as possible from the audit I originally posted in my TG group a month ago. You can join the group to read the full investigation with even more details. I also have 100s of screenshots of convos with their team, tests I ran and will post more of them if need be.