Crypto payments and stablecoins: features on-chain/off-chain

Full article

💡 18+. Educational material for platforms/operators/providers. Not a call to play. Comply with local laws and restrictions on the use of crypto assets.

1) Why crypto payments to the platform

Access to global markets: less reliance on classic PSPs, fast cross-border transfers.

Less friction: round-the-clock calculations, predictable commissions in a number of networks.

Stablecoins: Reduced volatility vs. native coins (ETH/BTC).

Risks: sanctions/AML, loss of keys, fraud in the online world, technical forks/congestion of networks.

2) Reception models: on-chain vs off-chain

On-chain (native reception on the network)

What is it: the platform or its provider generates an address/memo, waits for an on-chain confirmation and credits the player's wallet.

Pros: transparency (blockchain trail), independence from a single custodian, control of rules.

Cons: unpredictable delays, commissions (gas), complex compliance, key security.

Off-chain (via custom/processor)

What is it: the provider (VAS P/exchange/processor) accepts crypto on its wallets and issues an offchain loan to your internal Ledger through the API.

Pros: speed (almost instantly), fixed fees, reduction of onchain risks.

Cons: dependence on the provider, custom risks, KYC/Travel Rule on the provider's side, possible limits/" black windows."

Hybrid: small deposits - offchain, large/VIP - onchain directly to the "warm" wallet.

3) Stablecoins: what and what is the difference

FIAT-backed (USDT, USDC, EURC): provided with issuer reserves, can have "blacklist/freeze" functions.

Crypto-collateral (DAI): secured by collateral in online protocols, risk of collateral degradation.

Algorithmic: high technological/market riskiness - avoid for the main cash flow.

Networks/standards: ERC-20 (Ethereum/Arbitrum/OP), TRC-20 (TRON), BEP-20 (BSC), SPL (Solana). Carefully map the token to ↔ network ↔ decimals: error = loss of funds.

4) Networks and their features (in short)

Ethereum L1: high safety, higher gas; EIP-1559 (base fee + priority).

L2 (Arbitrum/OP/BASE): cheaper/faster, bridges and access to L1.

TRON: low fees for USDT (TRC-20), energy model (bandwidth/energy).

BSC: low gas, higher risks of validators/ecosystem-quality.

Solana: high throughput, bankroll for reception; features of the mempool and finality.

UTXO networks (BTC/LN): different address model and UTXO, separate providers.

5) Custody, keys and security

Models: self-custody (your keys), custom at the provider, MRS/multisig (distributed keys).

Storage gradations: hot (operational), warm (limit), cold (storage/reserves).

Practices: HSM/Vault, white address lists (withdraw), limits per transaction/day/ASN, "four eyes" on large conclusions, timelocks, address books.

DR: Forks/congestion plan, backup routes, "pause new on-chain" business rules.

6) Money Invariants and Ledger

The truth of the player's balance is the inner wallet (Ledger). Onchain arrival → a loan to the player after the finality criteria.

All write commands ('wallet. credit/debit/rollback ') - idempotent, key' X-Idempotency-Key '.

Hard separation of OLTP/OLAP and outbox/CDC for'deposit/withdraw/settle 'events.

7) Deposit flow (on-chain)

1. Address: we issue a unique address/memo (XRP/XLM/TRX tag, ETH nonce label in memo, or HD derivation/xpub).

2. Monitoring mempool/blocks: we see → incoming tx status' PENDING '.

3. Finality criterion: N confirmations (e.g. ETH = 12, TRON = 20, SOL = 32; depends on risk policy).

4. Credit in Ledger: 'wallet. credit '(idempotent) by transaction hash, event' deposit. succeeded`.

5. Hedge/conversion (option): auto-swap stablecoin/fiat to reduce volatility.

6. Reconciliation: daily reconciliation of "↔ Ledger chain ↔ custom/processor report."

Clarifications:

For XRP/XLM/ATOM, Destination Tag/Memo is critical - loss = complex manual recovery.
For UTXO, hold the UTXO pool; aggregate small inlets (UTXO consolidation) outside the gas peaks.

8) Output flow (on-chain)

1. Request for withdraw → RG/AML/KYC checks (sanitary lists, address-risk, velocity limits).

2. Address verification: checksum/format, network/token compatibility, issuer sanctions/blacklists (USDT/USDC).

3. Gas orchestration: calculation fee (EIP-1559 maxFee/maxPriority), gas coin balance.

4. Signature/MRS → translation → status machine ('SUBMITTED → CONFIRMED/FAILED').

5. Event'withdraw. settled 'after finality; in the case of fail - compensation/repetition with the same idempotency.

Returns/Refunds: there is no one "chargeback" - this is a new transaction to the return address, demand from the player "return address/chain" and confirmation of ownership (message-sign/microtest).

9) Off-chain flow through the processor

Create intent → Receive credit webhook from provider (signed HMAC/EdDSA) → 'wallet. credit`.

Risks/pros: fast UX, the provider takes over the network/Travel Rule, but you depend on its availability/SLA.

Mandatory: dedup by 'event _ id '/txid, DLQ, repeated reconciliation of reports (reconciliation) T + 1.

10) Compliance: KYC/KYT/Travel Rule

KYC/AML: before admission to the on-chain - verification of identity/source of funds.

KYT (Know Your Transaction): screening addresses/tx by risk metrics (sanctions, mixers, darknet market, high-risk services).

Travel Rule (for VASP): exchange of sender/receiver data for transfers above the threshold between VASP (TRISA/TRUST/equivalent).

Blacklist/Freeze in stablecoins: the issuer can freeze assets - take into account in risky policies.

Data residency: journals/addresses/PII - by region (EU/UK/BR...), cross-region reading ban.

11) Volatility and treasuries

Auto-conversion of a deposit into a stable (or fiat) according to the rule "immediately after the final."

Natural hedge: Keep in the currency in which you pay winnings.

Limit policies: ceilings on the remains of native coins (gas buffers separately), rebalance on a schedule.

Accounting/taxes: realized/unrealized PnL, exchange rate differences, custom reports for audit.

12) Observability, SLO and incidents

SLO landmarks (example):

`deposit. finality` p95: ETH-L2/TRON/SOL ≤ 5–10 мин; ETH L1 ≤ 15-30 min (network/load dependent).
`withdraw. submit→confirm 'p95: ≤ 10 min (online).
Webhook delivery p99: ≤ 5 min
"Lost/duplicate credits/debits" = 0.

Metrics: mempool lag, confirmations ETA, gas spike detector, address-risk-speed, webhook-retry storms, orphan/reorg rate.

Incidents:

Spike gas - auto-increase fee/postpone non-priority conclusions.
Reorg/fork - waiting for additional confirmations, recalculation of statuses.
Network/bridge stop - "pause new on-chain" mode, offchain loans are prohibited for the corresponding network.

13) Reconciliation

On-chain: block scanners/nodes → inbound/outbound showcase ↔ Ledger.

Off-chain: provider reports (SFTP/API) ↔ Ledger; mismatch classification ('missing _ chain', 'missing _ platform', 'amount _ mismatch', 'timing').

Alerts: aging of non-true> N days, growth 'amount _ mismatch', decimals/chain-id discrepancy.

14) API contracts (reference fragments)

Issue deposit address


POST /v1/crypto/deposit-address
{ "player_id":"p_123", "asset":"USDT", "network":"TRON" }
→ 200 { "address":"TXX...9k", "memo": null, "expires_at":"2025-10-30T00:00:00Z" }

Onchain credit after finality


POST /v1/wallet/credit
Headers: X-Idempotency-Key: chain_tx_<txid>
{
"player_id":"p_123",  "amount":{"amount":100. 00,"currency":"USDT-TRC20"},  "reference":{"txid":"...","network":"TRON","confirmations":25}
}
→ 200 {"status":"credited","entry_id":"w_789"}

Webhook from the processor (off-chain)


POST /webhooks/crypto/deposit
X-Signature: eddsa=...
{
"event_id":"uuid",  "asset":"USDC",  "network":"ARB",  "amount_minor":100000000,  "player_ref":"p_123",  "txid":"0x..",  "confirmations":20,  "status":"finalized"
}


POST /v1/crypto/withdraw
Headers: X-Idempotency-Key: wd_001
{
"player_id":"p_123",  "asset":"USDT",  "network":"ETH",  "to_address":"0xAbc...",  "amount_minor":1000000,  "max_fee_wei":"..."
}
→ 202 {"status":"SUBMITTED","withdraw_id":"wd_001"}

15) Checklists

Platform/Operator

Separate stacks per network/region; tokens/addresses are validated.
The identity of all write operations; 'trace _ id' and 'txid' in the logs.
KYT Address Screening/tx + Travel Rule for VASP transfers.
Finality policies by network; SLO dashboards and alerts.
Whitelisting and "four eyes" on large leads; MPC/HSM.
Auto-conversion/hedge; balance limits, rebalance.
Daily Reconciliation - ↔ Ledger Chain/Processor ↔ BI Mart
DR-plan: gas-adhesions, forks, down-time networks/bridges.

Provider/Custom/Processor

Signed webhooks + dedup by 'event _ id'.
SLA finality over networks; T + 1 reports, integrity/hash signatures.
Targeted Screening Mechanisms/Travel Rules and Journals.

16) Red flags (anti-patterns)

Mempool balance credit (no confirmations).

Reception of USDT without fixing which network and 'decimals'.

No memo/tag check for XLM/XRP/BNB - "lost" deposits.

Output from a shared hot wallet without whitelists/limits.

Webhooks without signature and validity window → replay.

No QT/sledge screening/Travel Rule.

No outbox/CDC for deposit/output events.

No policy for reorgs/add. confirmations.

Mixing PII/online logs of all regions in one bucket.

17) The bottom line

Crypto payments and stablecoins in iGaming work reliably when monetary invariants remain iron: finality before credit, idempotent commands, strict KYT/Travel Rule, secure keys and managed network risk. On-chain gives transparency and independence, off-chain - speed and easier than UX; in practice, a hybrid with proper orchestration, SLO, and daily reconciliation wins. On such a foundation, the platform safely expands geography, reduces costs and remains compliant.