Coverage Exclusion — Not Protected
This topic is a documented exclusion from the GOOD CASINO Guarantee Fund. Cases originating from confirmed software exploits, glitch abuse, or payout logic errors are not eligible for compensation under the standard guarantee. However, if you believe a casino has misclassified a legitimate win as an exploit, you may request a technical arbitration review.
Exploit & Glitch Abuse: Why Technical Malfunctions Are Not Covered
When casino software malfunctions produce impossible odds, inflated payouts, or repeated bonus triggers beyond design intent, resulting winnings are voidable under every major licensing jurisdiction. This guide explains how GOOD CASINO identifies genuine software faults, how casinos may and may not respond, and what options remain if you believe a void was applied incorrectly.
What Counts as an Exploit or Software Glitch
Not every technical anomaly counts as an exploit — and not every player who benefits from one is acting in bad faith. The legal and regulatory distinction turns on whether the player knew, or should have known, the outcome was not the result of normal game mechanics.
Payout Logic Collapse
A payout logic collapse occurs when the game engine's return-to-player (RTP) calculation produces outputs that are mathematically impossible under the published pay table. Examples include a slot machine paying out 100x the maximum displayed win, a roulette wheel crediting the same number three consecutive times despite player bets on different numbers, or a live dealer game crediting a losing hand as a winner. These are not lucky outcomes — they are software faults. All major game providers (Evolution, PG Soft, Pragmatic Play, Microgaming) maintain server-side RNG and payout logs that can prove the discrepancy within hours.
API Exploit
An API exploit involves a player discovering or using a known vulnerability in the casino's backend interface — typically discovered through manipulation of HTTP requests, replayed session tokens, or invalid API parameters that produce unintended bonus credits, free spins, or balance increments. Unlike a passive glitch, API exploitation generally requires active technical intervention. It is treated as fraudulent activity under virtually all casino terms of service and gaming regulations.
Balance Rollback Delay Exploitation
Some casino platforms handle failed transactions by queuing a balance rollback — restoring funds when a game round is voided on the server side. A small number of players have learned to exploit the window between a failed round's server-side void and the client-side balance update, placing additional bets during the delay. This is a systemic timing vulnerability rather than a player luck event.
Passive Glitch Exposure (Different Rules Apply)
A player who places a normal bet, wins due to a software fault they did not cause or intend to trigger, and then stops playing — may have a defensible claim depending on jurisdiction and casino terms. Passive exposure to a glitch is treated differently from active exploitation. GOOD CASINO's technical arbitration considers the player's action sequence, bet sizes, and the frequency of the anomalous outcome when evaluating these cases.
Bonus Trigger Loop Abuse
Some progressive bonus features contain a software bug that allows a player to re-trigger the feature repeatedly without meeting the statistical conditions normally required. Intentionally triggering the same bonus feature dozens of times via a known loop qualifies as exploit abuse even if each individual action appears superficially legitimate.
Legitimate Win vs. Exploit Abuse — Comparison
The table below shows the key distinctions our audit team uses when evaluating whether a disputed void was applied legitimately. These are the same criteria used by Malta Gaming Authority (MGA) adjudication panels and IBAS (Independent Betting Adjudication Service) precedents.
| Field | Legitimate Win | Exploit Abuse | Audit Conclusion Method |
|---|---|---|---|
| Trigger Mechanism | Normal bet placed within published pay table rules | Bet placed during known system state that bypasses RTP logic | Server RNG log vs. published pay table cross-reference |
| Player Action Pattern | Random or strategy-based bet sequence, no anomaly in frequency | Repeated identical actions targeting known fault condition | Session log analysis: bet timing, amount, and sequence |
| Payout Ratio | Within max win multiplier published for that game variant | Exceeds published maximum win; statistically impossible outcome | Provider pay table documentation vs. credited amount |
| Game Integrity | All RNG outcomes verified on server; no server-side error log | Server error log present; payout instruction flagged as invalid | Provider raw event log and error code review |
| Player Knowledge | No prior knowledge of fault; outcome appears within normal range | Fault widely documented in player forums, or player bet size escalated after first anomaly | Community disclosure timeline vs. player session start date |
Scroll right to see all columns
How Casinos Detect and Void Glitch-Derived Winnings
Casinos have multiple layers of fraud detection that flag anomalous payout events automatically. Here is the standard sequence from initial flag to void decision:
Automated RTP Monitoring Flags the Event
Every game session contributes to a rolling RTP calculation. When a single session's payout ratio deviates significantly from the game's published RTP (for example, a 97% RTP slot producing a 500% single-session return), the event is automatically flagged for review by the casino's risk management system.
Game Provider Log Request
The casino's compliance team contacts the game provider — Evolution Gaming, PG Soft, Pragmatic Play, Microgaming, etc. — and requests the raw server log for the flagged session. This log contains every RNG output, every payout calculation, every server-side event timestamp, and any error codes generated during the session.
Provider Confirms or Denies Software Fault
The provider reviews the log and issues a written confirmation: either the session operated within normal parameters (the payout was legitimate), or the session contains a documented software error (the payout was the result of a fault). This confirmation is the primary evidence in any dispute.
Casino Issues Void Decision
If the provider confirms a software fault, the casino voids the affected rounds and adjusts the player's balance accordingly. Most casino terms of service explicitly reserve this right. Under MGA regulations, casinos are required to notify the player in writing within 72 hours of a void decision and provide a summary of the reason.
Player Notified and Right to Dispute Explained
Responsible casinos notify the player of the void, explain the reason, cite the relevant terms of service clause, and provide information about the dispute process. If the casino fails to notify or refuses to provide the provider log confirmation, this is a procedural violation that GOOD CASINO can escalate to the relevant regulator.
Technical Verification Path: How GOOD CASINO Audits These Cases
When a player disputes a void decision — claiming that the win was legitimate and the casino misclassified it — GOOD CASINO follows a structured technical verification process. We do not accept casino assertions at face value.
Review Eligibility
- Player must provide session ID, bet history screenshot, and any casino correspondence regarding the void
- The casino must be a current GOOD CASINO guaranteed partner
- The void must have occurred within 90 days of the review request
- Player must not have accepted any part of the void as final through a settlement agreement
- The disputed amount must be above $200 (below this threshold, provider log retrieval cost exceeds claim value)
Audit Process
- 1GOOD CASINO issues a formal technical inquiry to the casino's compliance team, requesting the specific provider log for the disputed session
- 2If the casino is an Evolution, PG Soft, Pragmatic Play, or Microgaming licensee, GOOD CASINO has direct escalation contacts at each provider's compliance department
- 3The provider log is reviewed by GOOD CASINO's technical team against: (1) the published pay table, (2) the player's stated bet sequence, and (3) known bug reports for that game version
- 4If the log shows no error code and the payout is within published parameters, GOOD CASINO issues a finding that the void was improperly applied — and the casino is required to reinstate the win from the guarantee pool
- 5If the log confirms a software error, GOOD CASINO closes the case with a written explanation to the player and advises on any applicable passive-exposure defenses based on jurisdiction
Player Rights When a Casino Voids Winnings
Even when a void is legally justified, players have procedural rights that many casinos fail to honour. These rights exist regardless of whether you are a GOOD CASINO partner player or not.
- Right to written notification of the void decision within a reasonable timeframe (MGA standard: 72 hours)
- Right to a written explanation citing the specific terms of service clause and the nature of the software fault
- Right to request a copy of the provider log confirming the software error — in most jurisdictions, this cannot be withheld
- Right to dispute the void through the casino's internal complaints process before any external escalation is required
- Right to escalate to the casino's Alternative Dispute Resolution (ADR) body if the internal process does not resolve the dispute within 8 weeks
- Right to file a complaint with the casino's licensing authority (MGA, UKGC, Curaçao) if procedural rights were violated — even if the void itself was legitimate
- Right to retain all evidence of the disputed session (screenshots, chat transcripts, balance history) — casinos cannot demand deletion of this material
A casino that voids a win but refuses to provide the provider log, fails to notify you in writing, or cannot cite a specific terms clause is in procedural violation regardless of whether the underlying void was justified. Document this refusal — it is separately actionable with the regulator.
If You Believe the Casino Made a Mistake
Misclassified voids occur. A casino's automated system may flag a legitimate high-variance win as a glitch, or a compliance team may apply a void without retrieving the provider log. If you believe your win was legitimate, here is the structured path:
- Step 1: Document everything immediately — screenshot your balance before and after the void, your bet history, and any pop-up or notification from the casino
- Step 2: Request in writing (email, not live chat) the specific provider log confirmation used to justify the void. Ask the casino to cite the exact terms of service clause
- Step 3: If the casino is a GOOD CASINO partner, submit a technical arbitration request at help@good.casino with subject 'Void Dispute – Technical Review Request – [Casino] – [Session ID]'
- Step 4: If the casino refuses to provide the provider log or cites only their own internal review, escalate directly to the game provider's player support department — most major providers (Evolution, PG Soft, Pragmatic Play) have player-facing dispute contacts
- Step 5: File a formal complaint with the casino's ADR body — for MGA-licensed casinos this is eCOGRA or IBAS; for UKGC-licensed casinos this is the UKGC adjudication service
- Step 6: File a complaint with the licensing authority directly if the ADR process is blocked or ignored
The single most important evidence item is the provider log confirmation. If a casino cannot or will not produce it, no legitimate jurisdiction will accept the void as properly evidenced. This is your strongest procedural argument.
Prevention: Protecting Yourself from Accidental Exploit Exposure
Players can inadvertently benefit from software glitches without any intention of exploitation — and then face a void after withdrawing or continuing to play. These habits reduce that risk:
Stop Playing Immediately if Something Seems Wrong
If a game produces an outcome that seems impossibly large, displays a graphic error, or behaves unexpectedly — close the game immediately and contact support. Document the anomaly before continuing. Continuing to play after a visible fault is the clearest indicator of intentional exploitation in audit logs.
Do Not Repeat a Known Anomaly
If a specific bet sequence or game state produces an unexpectedly large win, do not attempt to reproduce it. Repeated identical actions targeting the same fault pattern is the primary audit flag distinguishing passive exposure from active abuse.
Check Game Version and Known Bugs Before Playing
Some game faults are publicly documented — in player forums, provider patch notes, or casino news feeds. Knowingly playing a game version with a documented, unpatched bug shifts the passive/active threshold significantly in any subsequent dispute.
Withdraw Promptly After Large Wins
The earlier you withdraw after a large win, the shorter the window in which a casino can void and claw back. Withdrawal requests that are pending or completed when a void is applied are handled differently in most jurisdictions than balances that remain in-account.
Believe Your Win Was Voided in Error?
If a casino voided your winnings and you believe it was a legitimate win — not an exploit — GOOD CASINO can request the original provider log and conduct a technical arbitration review at no cost to you.
Not sure if you violated the rules? Use our pre-check tool before filing a formal claim.