How to Manually Verify a Crypto Casino Bet Using SHA-256

This guide shows you how to independently verify a provably fair casino bet using nothing but a browser and the seed data from your casino account. No third-party tools, no plugins — just the maths.

If you’d rather skip the manual process, use our Provably Fair Verifier which does all of this automatically. But understanding how to do it manually gives you genuine independence: you verify against the algorithm, not against a tool someone else built.

For background on why this verification matters: What is Provably Fair? | Can Provably Fair Be Rigged?

---

What SHA-256 Is and Why It’s Used in Gambling

SHA-256 (Secure Hash Algorithm 256-bit) is a cryptographic hash function that takes any input and produces a fixed 64-character hexadecimal output. It is one of the most widely audited and trusted algorithms in computing — the same function that secures Bitcoin transactions.

In gambling, it serves one specific purpose: deterministic, one-way commitment. A casino uses it to prove they decided a game outcome before your bet was placed, without revealing what that outcome would be until after you played.

Two properties make SHA-256 ideal for this:

One-way: You cannot reverse-engineer the input from the output. Given the hash, you cannot determine the server seed that produced it. This is what makes the commitment meaningful — the casino can’t change their seed after seeing your bet.

Deterministic: The same input always produces the same output. Given the same seeds and nonce, you will always calculate the same hash. This is what makes independent verification possible — you can reproduce the exact calculation the casino ran.

Provably fair systems use a specific construction called HMAC-SHA-256 (Hash-based Message Authentication Code). This applies SHA-256 twice using a secret key, making it more resistant to certain attacks than raw SHA-256. The formula is:

HMAC-SHA-256(key = serverSeed, message = clientSeed:nonce)

---

What You Need to Verify a Bet

You need four pieces of data, all of which should be available in your casino account:

1. Revealed server seed — the server seed after it has been shown to you (this happens when you rotate your seed pair)
2. Your client seed — the seed you set (or accepted) for that session
3. Nonce — the bet counter for the specific bet you want to verify (starts at 0, increments by 1 per bet)
4. The recorded game result — what the casino says happened

That’s it. Everything else is computation.

---

Step 1: Find Your Seed Data

On Stake.com:

1. Log in and navigate to any in-house game (Dice, Mines, Plinko, etc.)
2. Click the shield/fairness icon in the game interface
3. Under “Previous Seeds,” you’ll see your revealed server seed and the client seed used during that session
4. For the nonce: check your bet history — the nonce is listed alongside each bet

On BC.Game:

1. Log in and open any in-house game
2. Click the fairness icon (shield symbol near the bet controls)
3. Select “Previous Seed” to see your revealed server seed and client seed
4. Nonce is available in your bet history alongside each transaction

If you are verifying a bet from a current (not yet rotated) seed chain, you need to rotate the seed pair first to get the server seed revealed. After rotating, the old seed is shown permanently in your seed history.

What you’re looking for:

Server seed (revealed):  a3f8c2d1e5b94720f6a1839c4d0e7b52a1c8f3e6d294b70e5a182d4c9f3b1e7
Client seed:             myVerifySession_2026
Nonce:                   7

---

Step 2: Construct the HMAC-SHA-256 Input

The message is simply your client seed and nonce concatenated with a colon:

message = clientSeed + ":" + nonce
message = "myVerifySession_2026:7"

The key is your revealed server seed:

key = "a3f8c2d1e5b94720f6a1839c4d0e7b52a1c8f3e6d294b70e5a182d4c9f3b1e7"

This is the complete input to the HMAC function. Nothing else goes in.

---

Step 3: Calculate the Hash

You have two options for running the calculation: browser console (fastest, no install required) or a command-line terminal if you have Node.js available.

Method A: Browser Console (Recommended — Works on Any Device)

Open any browser (Chrome, Firefox, Safari, Edge). Press F12 (or right-click → Inspect → Console). Paste this code, replacing the seed values with your own:

async function verifyBet(serverSeed, clientSeed, nonce) {
  const key = await crypto.subtle.importKey(
    'raw',
    new TextEncoder().encode(serverSeed),
    { name: 'HMAC', hash: 'SHA-256' },
    false,
    ['sign']
  );
  const message = `${clientSeed}:${nonce}`;
  const signature = await crypto.subtle.sign(
    'HMAC',
    key,
    new TextEncoder().encode(message)
  );
  return Array.from(new Uint8Array(signature))
    .map(b => b.toString(16).padStart(2, '0'))
    .join('');
}

verifyBet(
  'a3f8c2d1e5b94720f6a1839c4d0e7b52a1c8f3e6d294b70e5a182d4c9f3b1e7',
  'myVerifySession_2026',
  7
).then(hash => console.log('Hash:', hash));

This uses the browser’s native crypto.subtle API — no external libraries, no network requests.

Real output for our example values:

Hash: 6d787126b31e0b66580cebb23914f1b7612e69b52ada6a9fcec848979b49c952

Method B: Node.js Terminal

If you have Node.js installed, open a terminal and run:

const crypto = require('crypto');

const serverSeed = 'a3f8c2d1e5b94720f6a1839c4d0e7b52a1c8f3e6d294b70e5a182d4c9f3b1e7';
const clientSeed = 'myVerifySession_2026';
const nonce = 7;

const hmac = crypto.createHmac('sha256', serverSeed);
hmac.update(`${clientSeed}:${nonce}`);
console.log(hmac.digest('hex'));
// Output: 6d787126b31e0b66580cebb23914f1b7612e69b52ada6a9fcec848979b49c952

Both methods produce identical output. The browser console method works without any installation and is what we recommend for one-off verification.

---

Step 4: Map the Hash to a Game Result

The 64-character hash is a hexadecimal number. It needs to be converted to a decimal value, then scaled to the game’s result range. The exact process varies by game type.

For Dice Games (0–9999 range)

Step 4a: Take the first 8 characters of the hash.

Hash:      6d787126b31e0b66580cebb23914f1b7612e69b52ada6a9fcec848979b49c952
First 8:   6d787126

Step 4b: Convert from hexadecimal to decimal.

parseInt('6d787126', 16) = 1,836,609,830

Step 4c: Divide by the maximum 32-bit unsigned integer value (4,294,967,295) to get a float between 0 and 1.

1,836,609,830 ÷ 4,294,967,295 = 0.42761905...

Step 4d: Multiply by the game range (10,000 for a 0–9999 dice game) and take the floor.

Math.floor(0.42761905 × 10000) = 4276

Result: 4276

If the casino recorded a dice result of 4276 for that bet (nonce 7, with those seeds), the bet verified correctly.

In the browser console, you can do the full calculation in one step:

const hash = '6d787126b31e0b66580cebb23914f1b7612e69b52ada6a9fcec848979b49c952';
const first8 = hash.slice(0, 8);
const decimal = parseInt(first8, 16);
const float = decimal / 4294967295;
const diceResult = Math.floor(float * 10000);
console.log('Dice result:', diceResult); // → 4276

For Crash/Limbo Games

Crash games use a more complex formula that builds in the house edge. Stake’s crash (Limbo) uses:

const h = hash;
const e = 2 ** 52;
const s = (parseInt(h.slice(0, 13), 16) / e);
const crashPoint = Math.max(1, (100 / (1 - s * (1 - 0.01)))) / 100;

The exact formula varies by casino — always check the casino’s documented algorithm for games other than dice.

For Card Games

Shuffling from a hash involves a Fisher-Yates algorithm seeded by successive 8-character segments of the hash. Each segment maps to a card position. This is more complex to implement manually — for card games, using a tool like our Provably Fair Verifier or the casino’s own verifier is more practical.

---

Step 5: Compare With the Recorded Outcome

Go to your bet history in the casino. Find the bet for nonce 7 (or whichever nonce you verified). The recorded result should match your calculated result.

If it matches: the bet was determined by the documented algorithm. The outcome was fixed by the committed seeds before you played.

If it doesn’t match: you have a discrepancy. Before concluding anything, double-check:

• Did you use the correct nonce? (Nonces start at 0, not 1, in most implementations)
• Did you use the exact seed strings, including capitalisation?
• Is the game using a different hash formula than HMAC-SHA-256 with clientSeed:nonce format? (Check the casino’s documentation)

If discrepancies persist after checking these, contact the casino and document the verification attempt. A genuine discrepancy between the committed hash and the computed result is significant.

---

Common Mistakes and How to Avoid Them

Wrong nonce. The nonce starts at 0 for the first bet in a seed chain, not 1. If your casino starts at 1, check their documentation. Getting this wrong by one shifts every subsequent bet by one nonce.

String format errors. The message must be exactly clientSeed:nonce — colon between them, no spaces, nonce as a plain integer (not padded). myClientSeed:7 not myClientSeed: 7 or myClientSeed:007.

Copying the hashed server seed instead of the revealed one. The server seed hash (SHA-256 of the server seed) is shown before your session. The actual server seed is only revealed after rotation. Make sure you are using the revealed seed, not its hash.

Verifying the wrong bet. Nonces increment with every bet. If you placed 50 bets in a session, the 50th bet has nonce 49 (if starting from 0). Always cross-reference the nonce with your bet history to ensure you’re computing the right one.

Using the wrong game algorithm. Dice, Crash, and card games all have different mapping formulas. Verify you are using the algorithm documented for the specific game you played.

---

Why ProofBets Built the Verifier Tool

Manual verification works. But it has friction — you need to copy seeds, paste code, do the hex conversion. Most players won’t do it for every bet, and they shouldn’t need to.

Our Provably Fair Verifier removes the friction. Paste in your seeds and nonce, select the game type, and it runs the same calculation you just learned — instantly, in your browser, with no data sent to any server.

The difference between the manual method and our tool is speed, not trust. Both compute the same HMAC-SHA-256 using the same algorithm. If you distrust our tool, use the browser console method above. The result will be identical.

The tool becomes most valuable when you want to audit a batch of bets quickly, or when you’re verifying a specific game type (Crash, Plinko, Mines) where the mapping formula is less straightforward to compute manually.

---