Bonuses and withdrawals are leaking — silently.
Generic anti-fraud was built for card payments. We built ours for the actual fraud patterns that hit crypto-licensed iGaming operators every day.
Bonus abuse rings
Same device, same wallet, same card_hash across 8 accounts farming your welcome bonus.
Mixer-funded deposits
Wallets 4 hours old, funded straight from Tornado Cash or a sanctioned cluster. Untouchable on payout.
Account takeover
Password-reset → new device → withdraw, in 6 minutes. Your existing AML stack misses it entirely.
Affiliate self-dealing
Cohorts where 90% of "players" were created in the same hour, same /24, with the same fingerprint stack.
One POST. One synchronous decision. Three reasons.
No SDK lock-in. No 30-day batch jobs. Server-to-server, <100 ms p99, with explainable reasons your risk team can audit.
Send the event
signup · login · deposit · withdraw · bet · bonus_claim — six event types covering the full player lifecycle.
Get a decision
17+ rules + graph features + behavioral biometrics evaluated synchronously. Returns risk_score, decision, reasons.
Act on the reasons
Allow, hold for review, or block. Reasons are machine-readable so you can map them to your CRM, retention flow, or chargeback narrative.
# withdraw event — server-side curl -X POST https://api.antifraud.dev/v1/events \ -H "Authorization: Bearer $API_KEY" \ -H "Content-Type: application/json" \ -d '{ "operator_id": "op_3Yk...", "player_id": "plr_8721", "event_type": "withdraw", "timestamp": "2026-05-03T07:14:22Z", "amount_usd": 2400, "wallet_address": "0x9f2c...", "chain": "ethereum", "device_id": "d_a4f9...", "ip": "203.0.113.42" }' # → 200 OK · ~38 ms { "risk_score": 87, "decision": "block", "reasons": [ "wallet_funded_by_mixer", "shared_device_with_4_accounts", "withdraw_without_play" ] }
17 detection modules. Every one explainable.
Rules, graph features, server & device fingerprinting, behavioral biometrics, wallet intelligence, and a privacy-preserving cross-operator network — all returning machine-readable reasons.
Graph fraud rings
Connected components on shared cards, IPs, devices, email domains. Communities surfaced with PageRank + Louvain.
Wallet intelligence
BTC, EVM, Tron, Solana: chain age, OFAC clusters, mixer routers, multi-account-by-wallet fan-out.
Device fingerprinting
JS SDK + server-side JA3/JA4 + header-order. Catches emulators, headless Chrome, and VM stacks.
Account takeover
Per-player baselines: new country, new device, geo-impossibility, recovery → withdraw chains.
Behavioral biometrics
Mouse, keystroke cadence, scroll, form-fill timing — GDPR-clean, opt-in, no values captured.
Proxy & IP intel
Residential proxy heuristics, Tor exit nodes, datacenter ranges. Pluggable upgrade to IPQS / Spur / Greip.
Affiliate fraud
Cohort analytics per affiliate: self-referral, bot traffic, cross-affiliate collusion, dedicated cohort model.
Sanctions & mixers
OFAC list, Tornado Cash, ChipMixer, sanctioned exchange clusters — refreshed daily, versioned audit trail.
Velocity rules
Withdraw without play, deposit-to-withdraw <5min, bonus-to-withdraw ratio, rapid-fire signups per /24.
Catch the same fraudster on day one — not your 90th day.
An opt-in, privacy-preserving blocklist shared between participating operators. Identifiers are hashed with rotating peppers via HKDF-SHA256 — no operator can rebuild another's data, and reporters are never disclosed in lookups.
- HKDF-SHA256 with versioned peppers and per-identifier-type isolation
- 3-bucket coarse hit-counts — never expose raw numbers
- Write-only audit table; opt-in per-operator, revocable any time
- 4-adversary threat model documented; right-to-erase honoured
Built for crypto casinos. Not retrofitted from card-payments.
We don't compete with KYC providers — we point you to Sumsub for that. We compete with generic anti-fraud and we win on the patterns specific to your business.
Ship a sandbox integration this week.
Postman collection. OpenAPI 3.1. Code samples in Python, Node, PHP, Java. Onboarding without a sales call.