"AUSTAD directly controlled and profited from his own shop, which was named after the character Snoopy from the Peanuts comic strip," the U.S. Department of Justice said.
The attack and the account numbers
In November 2022, DraftKings disclosed that hackers accessed customer accounts through credential stuffing attacks that exploited weak passwords or reused login credentials. The company initially reported that less than $300,000 had been stolen from affected customers; a month after the breach it disclosed that 67,995 customer accounts had been compromised.
In December 2025, Nathan Austad of Minnesota — a 21-year-old who used the alias "Snoopy" — pleaded guilty to conspiracy to commit computer intrusion, admitting that he and co-conspirators compromised 60,000 DraftKings user accounts. During the attack, the hackers added payment methods under their control to 1,600 accounts and stole $600,000, according to court filings cited by prosecutors.
Nathan Austad: plea, sentence, and financial penalties
Austad pleaded guilty in December 2025 and has since been sentenced to 18 months in prison. In addition to the prison term, Austad received three years of supervised release and was ordered to pay $463,684 in forfeiture and $1,327,061 in restitution. The Department of Justice noted that Austad’s cryptocurrency accounts received approximately $465,000 in assets.
The DoJ also referenced direct messages Austad sent to co‑conspirators in which he openly admitted to perpetrating fraudulent activity and warned others to prepare, according to the department's announcement.
Co‑conspirators, prior charges, and marketplaces
U.S. authorities began criminal actions in the months after the breach. In May 2023, prosecutors charged Joseph Garrison for his role in the scheme, accusing him and co‑conspirators of selling access to hacked DraftKings accounts through online marketplaces such as the "Goat Shop." In January 2024, prosecutors charged additional suspects for the cyberattack, including Kamerin Stokes, who used the handle "TheMFNPlug," and Nathan Austad.
Sentences for related defendants are already on the record: Joseph Garrison received an 18‑month imprisonment sentence in January 2024, and Kamerin Stokes received a 30‑month sentence in April 2026.
How the fraud worked: account takeovers and monetization
The public record in the DoJ filings and DraftKings disclosures describes a multi‑step operation. Attackers used credential stuffing to take over accounts when customers had weak or reused passwords. Once inside, the hackers added payment methods controlled by the attackers to affected accounts — the filings say 1,600 accounts were altered — and extracted funds totaling $600,000.
Prosecutors say some conspirators monetized access by selling it on online shops. Austad reportedly operated his own shop under the "Snoopy" name and also used other platforms to sell access to compromised accounts. The DoJ's press release does not disclose the total amount the hackers earned from selling access, but it does identify roughly $465,000 moved into Austad’s cryptocurrency accounts.
What this means for end users, security teams, and prosecutors
- End users: The breach underscores the cost of weak and reused credentials — attackers were able to leverage those weak points to add payment methods and withdraw funds. Thousands of accounts were affected and hundreds of victims had payment methods altered.
- Security teams: The attack highlights the ongoing risk from credential stuffing and account takeover fraud. The operation combined automated credential abuse with post‑compromise financial manipulations (adding payment methods), showing how initial access can be quickly monetized.
- Prosecutors and law enforcement: The timeline of charges and sentences — including Garrison in January 2024, Stokes in April 2026, and Austad’s plea and sentence culminating in late 2025/2026 — illustrates an extended investigative and prosecutorial effort that produced criminal convictions, prison terms, forfeiture and restitution orders.
The record in the Department of Justice filings and DraftKings disclosures ties a large criminal scheme — account takeovers, added payment methods and marketplace sales — to specific defendants and measurable financial outcomes: $600,000 stolen during the attack, $465,000 routed to Austad’s cryptocurrency accounts, and court‑ordered forfeiture and restitution of $463,684 and $1,327,061 respectively. The DoJ did not disclose how much the co‑conspirators earned from reselling access on marketplaces, leaving that piece of the ledger unspecified in the public notice of the case.
Original reporting: BleepingComputer — DraftKings hacker 'Snoopy' sentenced to 18 months in prison
