Betting platforms hit by bot attacks during World Cup

Sports betting platforms have come under a wave of bot attacks during the 2026 FIFA World Cup, according to DataDome. The cyber security company said one European operator received nearly 19 million malicious requests in three weeks.

Its research points to a sharp rise in automated traffic as tournament betting volumes increase, with attacks aimed largely at disrupting access to betting websites rather than targeting user accounts. One incident came on the eve of the opening match, when a betting platform was hit with 786,000 malicious requests in 87 seconds.

DataDome traced that burst of traffic mainly to Biterika Group, a hosting provider based in Russia. The company said the provider had previously been linked to distributed denial-of-service attacks against media organisations, and that its telemetry showed 91% of traffic from the provider was malicious.

For one major European betting platform, blocked traffic averaged about 200,000 requests a day in early June before rising steadily through the month, the findings showed. By the day before the tournament's opening match, daily blocked traffic had risen almost tenfold from the start of the month.

The attack pattern appears to have mixed sustained pressure with short, intense bursts. Some bot campaigns spread requests over hours to stay below common detection thresholds, while the flash incident before the opening match delivered traffic at a peak rate of almost 18,000 requests per second.

Attack pattern

Most of the activity was directed at the platform's web layer rather than customer account functions. DataDome said 99.79% of the malicious traffic focused on the web interface, while 0.21% targeted login pages and 0.01% reached account creation endpoints.

That distribution suggests the immediate objective was to disrupt the betting service at a time of high user demand. Major sporting events have long drawn cyber attacks because traffic surges can make it harder for operators to distinguish between legitimate users and malicious bots.

Bookmakers are especially exposed during global tournaments because betting activity becomes highly concentrated around match schedules, team announcements and opening fixtures. Even short-lived attacks can therefore have an outsized effect if they coincide with moments when large numbers of customers are trying to place bets.

DataDome said it blocked both the longer attack wave and the shorter burst in real time. Its Galileo threat research team examined the incident and said the underlying botnet used known proxy infrastructure.

Rising pressure

The data adds to a broader picture of cyber pressure on consumer-facing digital platforms during large international events. Betting sites, ticketing services and streaming providers often see traffic spikes that can attract attackers seeking either disruption or concealment within heavy legitimate demand.

In this case, the sustained attack wave built gradually from late May before increasing sharply in the days leading up to the opening match. One spike on June 10 exceeded one million requests in a single measurement bucket, more than three times the highest point seen on preceding days.

DataDome also said one of its detection models was responsible for mitigating more than 10 million of the malicious requests recorded in the campaign. Time-based signal patterns were important in identifying the broader attack wave, particularly where requests were paced to avoid obvious thresholds.

Cyber security groups have increasingly warned that denial-of-service tactics are becoming more fragmented and shorter in duration, making them harder to spot with systems that rely on building a larger body of evidence before responding. Flash attacks can be over before slower systems determine that an anomaly is under way.

For bookmakers, the issue is not only service availability but also customer trust. If users cannot reach markets or place wagers around key fixtures, operators risk immediate revenue loss and complaints at moments when consumer attention is at its highest.

DataDome said the trend it observed underlines the pressure global sporting events place on betting platforms as attackers exploit periods of exceptional online demand.