Authorities in Vietnam have busted an online gambling ring that may have taken in as much as $3.8 billion USD in cryptocurrency bets (87,000 billion VND). The internet gambling sites seem to have been built on an insurance scam that promised to give “investors” in the scheme (those who gambled) their money back if they lost six deposits in a row.
However, when the casinos experienced heavy traffic, the operators would crash the sites and pilfer cryptocurrencies such as USDC (Tether) and Ethereum from the ‘investment’ wallets.
The ruse was orchestrated through a complex series of manipulations that seem to have included redirecting traffic from domains such as BigQueenpro.com to Skyqueenpro.com to Rocketgameslive.com to Superwarriorspro.com, with the traffic eventually processing through NagaClubs.com or Swiftonline.live, according to the original report on Vietnam Television (VTV.vn).
Our research shows that most if not all of the aforementioned sites were created in 2021 with the last major changes happening on November 9, when DNS Text Records (TXT) stopped being recorded. While the wording of the report could lead a foreigner to believe that VTV.vn stated the names of the websites had been changed, eventually evolving into the Naga and Swift brands, we don’t find any evidence of that.
With all of the sites shuttered it’s no longer possible to trace any paths of the redirects.
Sophisticated Manipulation of Systems
It is a fairly common practice for websites operating in the black markets (where online gambling is specifically prohibited by law) to use that sort of contrivance to cover the tracks of gamblers and avoid being blocked by local internet service providers who may be required to censor the internet by law. Some sites serving the Russian and Turkish markets actually redirect dynamically. A more detailed description of the process is available here.
The Vietnamese website states that Evolution AB provided games for the illegal websites. We were able to confirm that the games were at least promoted through Swiftonline.live by searching Google Cache recordings and through the Internet Archives. However, the domain artifacts left on Google Cache by NagaClubs indicate it was never more than a sign-up, sign-in, and pass-through site.
A December 3 report by Bloomberg states: “Subjects admitted to authorities that they organized online gambling on those sites, which were intermediaries to international betting platform Evolution.com to earn commissions.”
No Evidence of Game Provider Wrongdoing
Other reports in the news after that seem to intimate or directly state that Evolution has done something wrong or even illegal and some reports state that commissions were paid by Evolution to the gambling organizers without providing any evidence of such wrongdoing.
Evolution has come under pressure recently by an anonymous US-based party with “interests” in online gambling. Without a publically stated motive, the party funded a team of international investigators in an effort to document Evolution accepting bets from players in countries with gambling prohibitions as well as US Trade sanctioned countries such as Iran.
Investigators purportedly provided Bloomberg with video recordings that showed players in banned countries such as Singapore and Hong Kong (but not Vietnam) placing bets on Evolution live dealer games.
When the allegations were made public in the middle of November more than $11b was wiped from Evolution’s balance sheet in a matter of weeks and the stock remains depressed as of Friday’s closing of the markets.
World’s Number One Live Game Provider
Evolution is a publically traded company whose stock is listed on the Stockholm NASDAQ exchange (EVO:ST) and the parent company of such brands as NetEnt and Big Time Gaming among others. It is the world’s most prolific and successful supplier of live dealer games. NetEnt has its roots in Cherry dating back to 1968 and has operated in the regulated online marketplace since 1996.
In a statement last month, the company maintained that it is the sole responsibility of the gambling operator to make sure that the people playing their games are legally allowed to. The statement further compared its service of providing tables to that of a slot machine vendor placing gaming cabinets on a casino floor. It asserted that it is beyond the supplier’s control who the operator lets through the door or who the operator allows to play on the machine. KYC or “know your customer” requirements are incumbent upon the gambling operator, not the slot machine provider nor the remote live casino game provider.
The statement also provided forensic analysis of how the investigators were able to access Evolution’s games through “sophisticated technical manipulation” and stated that the invaders had made several unsuccessful attempts to access the servers from the blocked countries and that those attempts were rejected by Evolution servers.
Our analysis indicates that any access to Evolution games from computers in Vietnam would have had to employ dubious means and that another layer of manipulation may have been employed (redirects) by the shuttered gambling websites in order to facilitate gambling from within the country.