The online betting industry is built around speed, volume and global access. Real-time action and instant transactions fuel the excitement that customers love and return for. But that fast-and-furious tempo has also made real-money gaming (RMG) an attractive avenue for organized cybercriminals. Similar to what we see in cryptocurrency, remittance payments and alternative finance, direct access to cash winnings eliminates the need to transact in or monetize high-value goods, making online betting accounts convenient targets for fraudsters.

A recent Riskified analysis of dark web activity shows a sophisticated ecosystem where compromised and fraudulently created betting accounts are bought, sold and exploited at scale. The result is not just account theft; it’s also the emergence of a service-driven supply chain for laundering illicit funds through legitimate-looking betting activity.

For online gambling operators, Riskified’s findings expose growing operational and financial risk. Fraudsters’ ability to bypass know-your-customer (KYC) checks, mimic legitimate betting behaviors, and use high transaction volumes to conceal illicit activity erodes platform integrity, drives up compliance costs, and threatens their licensing status in regulated markets. Beyond potential financial damage, repeated exposure to such schemes undermines player trust and invites regulatory scrutiny.

Here’s what the analysis revealed about how criminals utilize RMG platforms to further their illicit activities and the role advanced fraud detection can play in creating more friction for fraudsters.

A ready-made market for betting accounts

Dark web evidence indicates that threat actors have established an active marketplace for selling betting accounts across numerous platforms and geographies. Those accounts may be existing platform accounts hacked from known users or fake accounts owned by synthetic identities. Sellers list accounts with details such as email/password combos and withdrawal-available balances. Accounts with attached payment methods or pre-funded balances command a premium because they provide immediate access to cash and bypass the user steps most likely to raise red flags, such as linking a new payment source.

Fraudulent account creation and KYC bypass

The black market is not limited to compromised credentials. Buyers can also set up their own accounts by purchasing ready-made identities to pass KYC, complete with supporting identification documents and turnkey instructions for perpetrating scams for making quick money or an easy exit with “clean” winnings.

Ready offerings include tailored account packages for specific regions, allowing fraudsters to utilize local payment rails and circumvent geo-based controls. Many dark web vendors also provide step-by-step instructions to minimize the risk of detection. For example, some recommend depositing a small amount and waiting a set period before cashing out to avoid automated security flags.

Cash-out techniques and money laundering

The primary motive behind acquiring or creating RMG accounts is to extract cash. Fraudsters employ a combination of direct theft (withdrawing balances from compromised accounts) and more sophisticated laundering techniques. One common method, “account loading,” involves depositing illicit funds into a betting account, placing large low-stakes or fully hedged bets, and receiving a return as “winnings.” Those funds can then be withdrawn to other betting accounts, bank accounts, or crypto wallets — effectively turning dirty funds into seemingly legitimate proceeds.

High transaction volumes on betting platforms help conceal these activities, and the use of verified accounts as “money mules” — often through partnerships with insiders who have access to legitimate, verified accounts — further complicates detection and recovery.

Fraud-as-a-Service (FaaS) is big business

Underpinning all of this is a mature fraud-as-a-service model. Specialist vendors offer services such as compromised accounts, document generation, KYC-fraud, blocked-account “reverification,” cashout toolkits and advice on how to pass platform controls.

Offerings are available that mimic legitimate services, such as a flash crypto scheme that temporarily shows a fake blockchain deposit to trigger a credit on a betting platform — a short-lived illusion that some actors exploit to obtain funds before the fake transaction disappears.

Online gaming operators must guard all entrances

Operators are facing a dark web industrial ecosystem that packages identity fraud, account provisioning, cash-out tooling, and laundering techniques into globally available services. With KYC becoming less effective against criminal infiltration, operators need additional and multi-layered controls in place to create roadblocks for fraud and cybercrime even after they are through the door.

Identity and payment verification systems, nuanced transactional analytics, and AI-driven behavioral baselining can all help operators make their betting platforms less useful to organized crime, which is where Riskified can offer essential tools and intelligence. However, it’s a fine balance. Not adding too much friction against all consumers is critical, as every moment of payment friction, from slow purchase authorizations to missing local methods, translates into lost revenue, trust, and lifetime value with good customers.

By leveraging a vast dataset of past transactions from a global merchant network that includes online betting and alternative finance platforms, Riskified provides online gaming & gambling operators with AI tools and advanced data intelligence to identify and prevent deposits that fuel criminal activity.

Riskified monitors deposits for the transactional signatures of fraud and account loading and provides instant decisioning on incoming payments to let customers easily top up their accounts while criminal accounts run dry.

To explore a fraud protection strategy for your platform, reach out to a Riskified expert.