The iGaming industry is worth billions of dollars, has millions of players, and hosts hundreds of platforms where the stakes involve not only luck but trust. However, history shows: even the largest operators and most popular poker rooms have repeatedly fallen victim to hackers, insiders, and fraudsters. Sometimes these were classic ransomware attacks, sometimes internal Ponzi-level schemes, and sometimes full-on “god modes” where players could literally see opponents’ cards.
In this selection, we gathered the top 5 cases when iGaming projects cracked under the pressure of attacks and scams — with consequences amounting to hundreds of millions of dollars, shattered reputations, and even the collapse of entire brands.
Massive Outages and Cyberattack on MGM Resort
On September 11, 2023, MGM Resorts (operator of hotels and casinos in Las Vegas and across the U.S.) suffered a large-scale cyberattack. Key systems went down: room reservations, slot machines, electronic room keys, and card payments. Hotels and casinos were forced to temporarily switch to manual guest service processes.
The incident lasted around 10 days before primary services were restored.
MGM confirmed that attackers gained access to customers’ personal data: names, contact information, birth dates, driver’s license numbers, and in some cases — passport numbers and Social Security numbers.
Experts estimated that data of more than 10.6 million customers could have been compromised.
The attack was carried out by the Scattered Spider cybercrime group, linked to the larger ALPHV/BlackCat ransomware syndicate. Hackers used social engineering, calling support services and gaining system access.
Total estimated losses exceeded $100 million.
The Scattered Spider Case (Caesars Entertainment)
Caesars Entertainment — one of the world’s largest gaming corporations — was attacked in August–September 2023. The attack was attributed to Scattered Spider/ALPHV (BlackCat). Investigators also noted involvement of larger cyber-structures supplying ransomware and tools.
The attackers used social engineering, phishing, and MFA bypass to access internal systems.
Hackers claimed to have stolen up to 6 terabytes of data. Key services were disrupted: electronic room keys, slot machines, booking systems, and employee email.
Reports suggested that Caesars paid part of the ransom — around $15 million.
For comparison: MGM Resorts refused to pay ransom that same month and later reported losses of roughly $100 million.
The FBI and private cybersecurity firms were involved. In 2024–2025, members of the group were arrested and prosecuted.
The “God Mode” Scandal: Players Could See Opponents’ Cards on UltimateBet and Absolute Poker
In the mid-to-late 2000s, two major poker rooms — Absolute Poker and UltimateBet — were engulfed in scandal: certain users gained access to opponents’ hole cards and systematically won high-stakes games. It became one of the biggest frauds in online poker history.
Suspicion arose in 2007 when players noticed “perfect” decision-making and consistent massive winnings from certain accounts. Hand histories and logs revealed impossible insights — including full visibility of hidden cards.
Investigations confirmed that the platforms had internal “superuser” or “god mode” functionality allowing real-time viewing of all players’ hole cards.
At UltimateBet, the system was reportedly used from around 2004 to 2007/08, with beneficiaries linked to known figures, including Russ Hamilton.
Losses to players amounted to millions.
UltimateBet eventually compensated around $22 million, while Absolute Poker initially reimbursed around $1.6 million.
The scandal deeply damaged trust in online poker, pushed regulators toward stricter RNG audits, logging, and transparency, and highlighted how player communities can act as effective watchdogs.
After U.S. market restrictions and the collapse of the Cereus Network, both UltimateBet and Absolute Poker shut down without fully repaying users.
Paddy Power and Betfair: Data Breach Affected up to 800,000 Customers
In July 2025, Flutter Entertainment confirmed a data incident affecting Paddy Power and Betfair. Around 800,000 usersin Ireland and the UK were impacted.
Leaked data included:
- usernames/logins, email addresses, IP addresses
- device IDs, account metadata, activity logs
- in some cases — the first line of home addresses
Not leaked (according to Flutter):
- passwords
- identity documents
- payment cards and financial data
Experts warned that compromised data could enable spear-phishing attacks, especially given modern AI tools that generate highly personalized messages.
Full Tilt Poker: A Ponzi Scheme in the Online Poker World
Full Tilt Poker was one of the largest poker rooms of the 2000s, rivaling PokerStars. The brand was promoted by famous pros: Phil Ivey, Howard Lederer, Chris Ferguson, and others.
“Black Friday” – April 15, 2011
The U.S. Department of Justice charged Full Tilt, PokerStars, and the Cereus Network with violating UIGEA. Sites were blocked for U.S. players, and accounts were frozen.
In September 2011, prosecutors stated:
Full Tilt Poker was not a poker room — it was a “global Ponzi scheme,” having misappropriated over $300 million of players’ funds.
The company advertised that player funds were securely stored, but in reality the money was being used to pay owners and insiders.
Players were owed $350+ million, while only about $60 million remained on Full Tilt accounts.
PokerStars later acquired Full Tilt’s assets and repaid player balances as part of a settlement.
The story became a symbol of the “dark side” of iGaming and pushed the industry toward stricter regulation.
What a Ponzi Scheme Is
A Ponzi scheme is a type of financial pyramid named after early 20th-century fraudster Charles Ponzi.
How it works:
- The organizer promises high and “guaranteed” returns.
- Early investors are paid not from real profit but from the deposits of new participants.
- The scheme survives only while new money flows in.
- When the flow stops — the system collapses, and most people lose their money.
Conclusion
The stories of MGM, Caesars, Full Tilt, and others have shown:
in iGaming, no operator is unsinkable.
A single code vulnerability, internal leak, or sophisticated hack can destroy the trust of millions and cost companies hundreds of millions of dollars.
Today, offering entertainment isn’t enough — operators must invest heavily in cybersecurity and transparency, or the risk of new “Black Fridays” remains very real.
