How we test

This page is the audit trail for every claim on the site. If a number on a money page or operator review contradicts what is below, the page is wrong, not the methodology. Tell me about it at [email protected] and the changelog will record the fix.

Three things readers care about with crypto-casino payouts:

1. Does this casino actually pay out? Answered by on-chain forensics. Yes for every operator on our leaderboard.
2. How long does it take? Split into approval time (operator side, between user click and broadcast) and settlement time (network side, between broadcast and confirmation). We measure settlement directly. We do not measure approval time first-hand at the moment.
3. What will trigger KYC? Answered by first-party withdrawal tests. We do not have these at scale yet.

The site is honest about which of these we answer:

• "On-chain payout activity" is measured from public blockchain data.
• "Settlement time" is measured from block times.
• "Approval time" is what operators claim, labelled Level C (operator-asserted). When we have our own test, the page shows Level A with a transaction hash.
• "KYC behaviour" is third-party reported until we test it ourselves.

Each operator on the leaderboard has at least one payout wallet attributed to them via Arkham Intelligence's public entity catalogue. Attribution is human-verified. A person clicks through to Arkham's labelled entity page and confirms the operator name matches before the wallet enters our tracking. Wallets that look right but lack an Arkham entity label stay inactive in our database.

For each active wallet we poll the public block explorer daily (Etherscan or Blockscout for Ethereum-family chains, TronScan for Tron). Every outgoing USDT transfer is filtered:

• The token contract must be the canonical Tether contract for that chain. Spoof tokens that share the "USDT" symbol but use a different contract address are rejected.
• The transfer must have non-zero value. Address-poisoning attacks send zero-value Transfer events from spoofed addresses; these are filtered out.
• The transfer must originate from the operator's tracked wallet, not just include it as a counterparty.

What survives the filter becomes an OnChainPayout row. The full transaction hash, block time, and amount are stored. The destination address is redacted in our public surfaces as first6…last4. Winners' addresses are not our story to publish.

You can verify any payout on the operator's review page by following the "verify" link to the public block explorer.

For every operator we record:

• The regulator the operator names (UKGC, MGA, Curaçao eGaming, Anjouan Gaming Board, etc.).
• The license number the operator publishes on its own pages.
• A regulatory tier classification. Tier 1 is primary jurisdictions like UKGC, MGA, US state regulators, Spelinspektionen. Tier 2 is recognised but lower enforcement bar (Curaçao, Anjouan). Tier 3 is company registration only.
• A registry-verified flag.

The registry-verified flag is True only when a person has clicked through to the regulator's own public registry and confirmed the license number resolves to the company the operator claims as owner. For UK Gambling Commission licenses, a separate weekly cron re-checks every active license against the public register and logs status changes (Granted, Revoked, Suspended, and so on). For Curaçao, Anjouan, and similar regulators that publish no machine-readable registry, this stays False even when the license appears on the operator's own page. That gap is honest.

Every claim on the site carries an evidence grade:

• A: first-party measurement. We conducted a withdrawal test. The page shows a transaction hash. There are zero of these in the database right now.
• B: third-party measurement. A documented test by a known third party (industry researcher, named YouTuber). Limited; included with explicit attribution.
• C: operator claim. The operator says it on its own pages. We record the source URL and the captured text verbatim. Treated as the weakest evidence.
• D: user report. Reddit, forum, or social-media claim. Anecdotal; we do not currently ingest these.
• E: unverified. Anything else.

The verdict (Verified / Caution advised / Insufficient evidence) is computed from licenses, registry checks, on-chain count, and evidence grades available on the operator. It is deterministic: same data in, same verdict out. The logic lives in apps/operators/services/verdict.py if you want to audit it.

Until first-party tests exist for an operator, that operator's page carries an audit-only banner: "We have not personally tested withdrawals from this operator." The page is then an audit profile based on on-chain activity, licenses, and operator-stated information. It is not a withdrawal test report.

The site will move out of audit-only mode for an operator only when one of the following happens:

1. We run our own withdrawal test.
2. A credible third-party test exists and we can cite it with a documented URL.

There is no editorial path to remove the audit-only banner. The code reads from the database.

We earn commission when a reader clicks an affiliate link on our site and registers at the operator. This income does not change verdicts, on-chain rankings, or banner copy. Affiliate links carry rel="noopener nofollow sponsored" and a visible disclosure above the first link on every page.

Operators in Watchlist tier have no affiliate links at all. The page is an audit profile, not a referral surface.

If you spot an error (wrong license number, stale homepage URL, an operator no longer accepting US players, a wallet attribution we got wrong), write to [email protected] with the page URL and the specific claim. I read everything and reply within a few days.

When a correction lands on the site, an entry goes into the changelog with the date and what changed. If a correction reveals a flaw in our methodology, not just in the data, the relevant section of this page changes too.

We do not publish:

• Full transaction hashes on operator pages. The redirect at /verify// resolves to the explorer when the test is first-party (Level A); the full hash is admin-only.
• Destination wallets of winners.
• Personal information about operator staff beyond what they publish themselves on About pages.
• Hype phrases promising certainty about payout outcomes, perfect safety, or superlatives without evidence. A site validator blocks the standard list of these phrases at save time.
• Affiliate links on Watchlist-tier operators.

If you find any of these on the site, that is a bug. Tell me.