This summer, Alea, the award-winning casino game aggregator, expanded its partnership with Continent 8 to double down on its commitment to security and the robustness of its platform. As part of it, Alea undertook Continent 8’s Vulnerability Assessment and Penetration Testing (VAPT), Security Audit and Vulnerability Scan services, providing insight into both its technology and operational processes.
At SBC Summit 2025, the partnership culminated in a live certification and press conference covering the importance of cybersecurity in iGaming.
Alexandre Tomic, founder of Alea, noted that he first became acutely aware of the need to boost cybersecurity in iGaming when attempting to integrate APIs with different providers who didn’t necessarily have any authentication.
When performing these integrations, there were risks of credit card fraud or DDoS attacks as money moved in and out of the platform. With cybersecurity at the core of the company, Alea wanted to address these risks immediately.
Tomic explained: “If the game API is hacked, it’s not just a leak of data. Attackers can literally print money. They can place a bet without risking money and get the win. We noticed that and asked who we could work with. This is when we met Continent 8 and realised we were both speaking the same language when it comes to cybersecurity.”
During a conversation with iGaming Expert live at SBC Summit 2025, Continent 8’s Product Principal, Secure Solutions, Craig Lusher, emphasised the purpose and value of these assessments.
“We ask Alea several questions based on their technology, their platform, and the processes in place. VAPT is a practical test that attempts to breach a network and assess how well the technology holds up. The security maturity assessment, meanwhile, evaluates the processes and frameworks the company follows. These assessments help companies understand exactly what’s working and what isn’t. From there, a prioritisation plan can be built to strengthen cybersecurity maturity across the organisation.”
Lusher noted that Alea continues to demonstrate strong alignment with security frameworks and procedures recognised across the global cybersecurity industry. While Continent 8’s assessments revealed minor areas for refinement, he emphasised that Alea’s platform stands on a robust and resilient foundation, one that not only safeguards its own infrastructure but also strengthens the wider iGaming ecosystem.
This proactive stance, he added, reflects how Alea is helping operators and partners navigate an increasingly complex and fast-evolving threat landscape, setting a new benchmark for collaboration and accountability within the sector.
Passing Along the Wisdom
The growing threat of fraud in iGaming was highlighted by Continent 8’s Chief Product Officer Justin Cosnett, who noted that attacks that used to take seven to eight hours to infiltrate a customer system nowadays take, on average, around 45 minutes.
It is for this reason and others that Alea seeks not only to protect its own cybersecurity mechanisms but also those of the companies it works with.
Tomic outlined that Alea is planning to enforce these cybersecurity standards across providers who want to integrate into its system.
He explained: “We’re okay being perceived as difficult suppliers. Some say it’s very hard to integrate with us, but our answer is that, actually, it’s very hard to integrate with us because you are not at the required level, and it’s a difficult conversation to have.”
Alea’s founder continued by likening it to being a teacher and teaching a toddler how to speak, rather than being the Tower of Babel, teaching hundreds of languages.
“By requiring providers to pass pen tests, security assessments, and certification, we can ensure that operators can trust the entire supply chain, and that’s really what we are aiming for” he said.
Cybersecurity Ensures a Sustainable Industry
Asked whether Alea’s partnership with Continent 8 is a regulatory or a business requirement, Tomic said it was very much a business decision. While some jurisdictions do require certain cybersecurity standards, Tomic outlined that all operators and suppliers should undertake such tests because the threat from fraudsters can be huge.
He recalled anecdotes from operators who were bleeding up to $3 million per month due to API and game fraud, sometimes unnoticed.
“The industry is literally being harvested by an ecosystem of hackers that came also at the same time as the ‘crypto kids’ who are very good at hacking game APIs because they’re very easy to hack. Some operators think that it isn’t a big deal as the game might be worth 0.5–1% of GGR. They find it’s not about exposure. Hackers might find that it is the software that has a vulnerability and then target it with every operator.”
This is why Alea places cybersecurity at the heart of its operations, reinforced through its partnership with Continent 8. By advocating for rigorous assessments across the sector, the company helps strengthen the resilience of the wider iGaming ecosystem.
As Lusher added: “Alea’s performance in the assessment was excellent, and we’re now working with them to address the few minor issues that were identified. Continuous improvement is key, especially as the platform evolves and new capabilities are added. Regular assessment is essential to maintain resilience against emerging threats.”