DraftKings Hacker Sentenced to 18 Months: Legal Consequences

Post Views: 22

A third individual involved in a 2022 cyberattack targeting a fantasy sports and betting platform has received an 18-month prison sentence, according to a statement from the Department of Justice.

Overview of the Cyberattack

The attack, which compromised over 60,000 user accounts, utilized credentials obtained from prior data breaches to gain unauthorized access. Attackers either drained funds from compromised accounts or distributed access to these accounts on illicit online marketplaces.

Sentencing Details

The defendant, Nathan Austad, also known as Snoopy, pleaded guilty in December 2025 and was ordered to serve 18 months in prison followed by three years of supervised release. He is also required to pay $1.8 million in restitution and forfeited assets.

Financial Impact of the Attack

Investigations revealed that Austad and his co-conspirators stole approximately $600,000 from 1,600 accounts. A website operated by Austad facilitated the sale of stolen account details, and law enforcement identified cryptocurrency accounts linked to the scheme, containing roughly $465,000 in illicit funds.

Other Individuals Involved

Two other individuals associated with the attack have already received sentences: Kamerin Stokes was sentenced to 30 months in April 2026, while Joseph Garrison received 18 months in early 2024.

Legal and Investigative Findings

Federal authorities disclosed communications among the three suspects, which demonstrated awareness of their illegal activities. A statement from Jay Clayton, US Attorney for the Southern District of New York, emphasized the collaboration between the DOJ and FBI in addressing such crimes.

“Austad’s sentence underscores the commitment of federal agencies to safeguarding online financial systems,” Clayton stated.

Technical Aspects of the Attack

The attack exploited credential stuffing techniques, leveraging reused login credentials from previous breaches to bypass security measures. The case highlights the financial and operational impact of credential-based attacks on digital platforms, with perpetrators using both direct fund extraction and secondary markets to monetize stolen data.