Nathan Austad, 21, of Minnesota, has been sentenced to 18 months in federal prison for orchestrating the November 2022 credential-stuffing assault on DraftKings. The sentence, handed down on June 23, 2026, by the U.S. District Court for the Southern District of New York, closes a judicial chapter that exposed how the reuse of stolen passwords can generate six-figure criminal profits without any technical sophistication. Austad never wrote an exploit; he ran a marketplace, recruited accomplices, and monetized access to roughly 60,000 accounts.
- Nathan Austad, alias 'Snoopy,' was sentenced to 18 months in federal prison on June 23, 2026, for computer intrusion conspiracy.
- The November 2022 attack compromised approximately 60,000 DraftKings accounts via credential stuffing with previously stolen credentials.
- Attackers added payment methods they controlled to roughly 1,600 accounts, stealing a total of approximately $600,000.
- Austad operated the 'Snoopy' criminal marketplace to sell residual access and received approximately $465,000 in cryptocurrency, including proceeds from the criminal activity.
The Method: Credential Stuffing as an Industrial Supply Chain
The attack exploited no zero-day vulnerabilities and did not bypass DraftKings' infrastructure. According to cited sources, Austad and his accomplices used credentials obtained from prior data breaches, feeding automated credential-stuffing tools against the betting platform. The goal was to identify users who reused the same username-password combination across multiple services.
The criminal differentiation lay not in the intrusion technique but in the organization of monetization. Of the roughly 60,000 compromised accounts, only a minority — approximately 1,600 — were directly exploited for theft by adding attacker-controlled payment methods. The rest became inventory: Austad ran his own shop, named 'Snoopy' after the Peanuts character, through which he sold access to the residual accounts. The model is access-as-a-service, where compromise is merely the production phase of a criminal supply chain.
The Fraud Structure: Three Tiers, Three Convictions
Federal prosecutors mapped an operational hierarchy. Austad was not the technical executor but the fraud entrepreneur: he controlled the marketplace, distributed access, and collected the proceeds. Before him, the judicial chain had already caught two accomplices: Joseph Garrison, sentenced to 18 months in January 2024, and Kamerin Stokes, alias 'TheMFNPlug,' sentenced to 30 months in April 2026. Austad is the third link to close, with a sentence that confirms the pursuit of middlemen as well as executors.
Restitution ordered exceeds $1.3 million, with a forfeiture of $463,000 — specified as $463,684 by a secondary source — and three years of supervised release. Cryptocurrency accounts controlled by Austad received approximately $465,000 in assets, including proceeds of the criminal activity, according to documentation cited by the primary source.
"The defendants acknowledged the federal investigation into their conduct while they were committing their crimes, even having the hubris to say the FBI could not do anything about it. They were wrong." — Jay Clayton, U.S. Attorney
The Messages That Nailed Them: Full Awareness of the Investigation
Private exchanges recovered by investigators leave no room for inexperience. In December 2022, while the FBI investigation was already underway, Austad wrote to a co-conspirator: "everyone shouldve been prepared for this before cashing out lol." Another message, from subsequent months, is even more explicit: "like we didnt know the risk when we started lol . . . everyone knows their [sic] committing fraud." A accomplice replied with "lol fbi can't do s--t." The pair of messages documents full awareness of legal risk, an aggravating factor the court considered in sentencing.
The source does not specify how the messages were recovered — whether through device seizure or third-party cooperation. Their availability indicates, however, that the criminal communication chain was not protected by end-to-end encryption or that such protections were bypassed.
The Damage Revised: From $300,000 to a Nearly Doubled Count
The financial impact reconstruction went through two phases. DraftKings initially reported theft under $300,000 in November 2022, then revised the count to 67,995 compromised accounts. Subsequent judicial filings quantified the total stolen from the ~1,600 accounts where fraudulent payment methods were activated at approximately $600,000. The discrepancy between compromised accounts and drained accounts — roughly 2.7% of the total — highlights the criminal selection logic: not all accesses had immediate value, but all were marketable.
Why It Matters
The Austad case defines an emerging criminal profile that federal law enforcement is learning to prosecute: the fraud entrepreneur who writes no code but organizes the market. The source does not specify whether DraftKings introduced specific technical mitigations post-2022, nor whether the 'Snoopy' marketplace operated for platforms beyond the betting company. The dossier also does not document whether additional defendants remain unprosecuted, nor the final destination of funds beyond the $465,000 in seized cryptocurrency.
The takeaway is that credential stuffing continues to be treated as a low-tier attack, but its industrialization — dedicated marketplaces, division of labor, differentiated monetization — transforms it into a systemic risk for the online gaming and betting sector, where the rapid addition of payment methods is a product feature, not a bug.
Frequently Asked Questions
What is credential stuffing and why did it work against DraftKings?
It is an automated attack that tests username and password combinations obtained from previous breaches on other services. It works because it reuses already-exposed credentials, exploiting user password reuse.
Why is the sentence only 18 months?
According to cited sources, Austad pleaded guilty in December 2025 to conspiracy to commit computer intrusion; the guilty plea and typical judicial cooperation typically reduce the sentence compared to a trial.
Have the stolen funds been recovered?
The dossier does not specify whether the DOJ recovered funds beyond the ordered forfeiture of $463,000–$463,684. Total restitution ordered exceeds $1.3 million, but its actual realization is not documented.
Sources
- https://cyberscoop.com/draftkings-hack-sentencing-nathan-austad-snoopy/
- https://www.helpnetsecurity.com/2026/06/25/hacker-sentenced-draftkings-credential-stuffing-attac/
- https://www.bleepingcomputer.com/news/security/draftkings-hacker-snoopy-sentenced-to-18-months-in-prison/
- https://unit42.paloaltonetworks.com/soc-72-minute-race/
- https://unit42.paloaltonetworks.com/microsoft-teams-phishing/
- https://www.law360.com/cybersecurity-privacy/articles/2492799/hacker-who-orchestrated-draftkings-intrusion-gets-18-mos-?about
- https://www.bleepingcomputer.com/
- https://www.bleepingcomputer.com/tutorials/
- https://www.bleepingcomputer.com/download/
- https://deals.bleepingcomputer.com/
Information verified against cited sources and current as of publication.