Sentencing of Nathan Austad, known online as “Snoopy”
A 21-year-old Minnesota man who used the alias “Snoopy” was sentenced Tuesday to 18 months in federal prison for his role in a credential stuffing attack that prosecutors say compromised roughly 60,000 user accounts on a fantasy sports and betting platform. Nathan Austad pleaded guilty in December to one count of conspiring to commit computer intrusion in the U.S. District Court for the Southern District of New York, which imposed the sentence. In addition to the prison term, Austad was ordered to serve three years of supervised release, pay over $1.3 million in restitution, and forfeit an additional $463,000.
The November 2022 credential stuffing operation
Federal prosecutors say Austad and his co-conspirators launched the attack in November 2022 using credential stuffing techniques, successfully compromising approximately 60,000 accounts. In roughly 1,600 of those cases, the attackers added a new payment method under their control and withdrew available funds, stealing about $600,000 in total. Access to the remaining compromised accounts was sold through cybercriminal marketplaces.
“Snoopy” as a cybercrime marketplace and cryptocurrency traces
Austad operated a cybercrime marketplace bearing the Snoopy name, investigators said. Evidence presented in court included private messages in which Austad and co-conspirators discussed the scheme and acknowledged that federal investigators were examining their activities even while the attack was ongoing. In one exchange from December 2022, Austad wrote, “everyone shouldve been prepared for this before cashing out lol.” A co-conspirator replied, “lol fbi can’t do s–t.” Months later, Austad wrote: “like we didnt know the risk when we started lol . . . everyone knows their [sic] committing fraud.” U.S. Attorney Jay Clayton cited those exchanges in his statement following the sentencing.
Investigators also identified cryptocurrency accounts under Austad’s control that received approximately $465,000 in assets, including proceeds from the criminal activity, according to the record described by prosecutors.
DraftKings disclosure and how prosecutors described the target
The company publicly disclosed the breach in November 2022, initially reporting that less than $300,000 had been stolen from affected customers. A month later the company revised that figure and disclosed that 67,995 accounts had been compromised. Federal prosecutors have not officially named DraftKings in court filings, referring to the target as a “fantasy sports and betting website,” though the details of the attack reported by prosecutors match the company’s public disclosures.
Co-conspirators and prior sentences
Austad is the third defendant sentenced in the case. Joseph Garrison received 18 months in prison in January 2024. Kamerin Stokes, who used the alias “TheMFNPlug,” received 30 months in April 2026. The sentences, together with Austad’s, reflect the prosecutors’ framing of a multi-defendant scheme that combined account takeovers, forced payment-method changes, cash-outs, and the resale of access on cybercriminal marketplaces.
What this means for DraftKings users, security teams, and law enforcement
- DraftKings users: The breach disclosures show both an initial undercount and a later, larger tally of compromised accounts; affected customers and those watching similar services will note the gap between early loss estimates and revised account-impact figures.
- Security and fraud teams: The attack involved credential stuffing at scale, payment-method insertion and cash-outs, and the resale of access. Those tactics reinforce the technical and process areas—account takeover detection, payment-method change controls, and marketplace monitoring—that defenders will need to prioritize.
- Law enforcement and prosecutors: The case demonstrates the use of traditional criminal charges, restitution and forfeiture, and cryptocurrency tracing in a coordinated enforcement posture—evidenced by documented private messages, seized cryptocurrency receipts, and multiple prison terms across co-defendants.
The prosecution emphasized the defendants’ awareness of federal scrutiny while the scheme continued; U.S. Attorney Jay Clayton highlighted those messages in his statement, saying, “The defendants acknowledged the federal investigation into their conduct while they were committing their crimes, even having the hubris to say the FBI could not do anything about it.” The sentence imposed on Austad adds to prior penalties in the case and includes restitution, forfeiture, supervised release and a custodial term—concrete outcomes that follow the disclosure, forensic tracing of funds, and court-recorded communications.
Source: CyberScoop — Minnesota man known as ‘Snoopy’ sentenced in DraftKings hack
