A VPN routes your connection through another server, so the service sees the VPN's address instead of yours. It hides your real IP — but it does not hide that a VPN is being used. Detecting that is a different, and easier, problem.
Datacenter addresses look different
Home internet connections and datacenter connections come from different parts of the internet's address space. VPN servers live in datacenters. The ranges of addresses assigned to datacenters are publicly known, so when a connection arrives from one of those ranges, a service can reasonably guess it is not a person's home connection. This is the single most common VPN-detection signal.
IP reputation databases
There is an entire industry of IP-reputation data. Specialised providers maintain lists of addresses known to belong to VPNs, proxies and hosting providers, updated continuously. A service can check an incoming address against such a list and get an immediate verdict. Commercial VPNs, because they are widely used, are widely catalogued.
Other tell-tale signals
Detection can go further. Many users sharing one address at once suggests a shared VPN endpoint. A mismatch between the address's apparent location and other signals can stand out. Connection characteristics sometimes differ from a typical home line. None of these is conclusive alone, but combined they raise confidence.
Why services bother
Games and platforms detect VPNs for specific reasons: to enforce regional rules and pricing, to stop banned players returning through a new address, and to fight fraud, since VPNs and proxies are common in abuse. It is not that VPN use is assumed malicious — it is that VPNs remove a signal services rely on, so they replace it with VPN detection.
The takeaway
A VPN successfully hides your real IP address, but it does not hide the fact of being a VPN. Datacenter address ranges and IP-reputation databases make VPN use easy to spot. The hidden detail is your specific address; the use of a VPN itself is rarely a secret.