3. Your slogan Hack us you mean you're pretty sure your code is secured, but why you still faced a vulnerability in your casino?
OK that's like putting a huge bullseye for hackers on your casino.
Just for information you can use this sites
https://www.toolsley.com/hash.html to validate the cards hash, just copy the deck cards and you will see an exact hash on SHA256 to validate.
I would host this locally if it's even possible, because as I mentioned in a previous post, DNS hijacking is a real thing and can send back different validations or even hashes. Do not make a network request to that resource in production.