Nathan Austad is the third individual to plead guilty to launching a credential stuffing attack against a fantasy sports and betting website, the DoJ announced.
Austad, 21, of Farmington, Minnesota, also known as ‘Snoopy’, admitted in court to his role in a scheme to hack thousands of user accounts and sell access to them to drain their funds.
According to documents and statements presented in court, Austad and his co-conspirators compromised over 60,000 user accounts at the betting website.
The hackers added a new payment method to the compromised accounts, stealing roughly $600,000 from approximately 1,600 victims.
Additionally, the documents show, the hackers sold access to the victim accounts through various online shops.
Austad controlled one such shop, as well as cryptocurrency accounts that received roughly $465,000 worth of virtual assets, including proceeds from the scheme.
The court documents also show that Austad messaged his co-conspirators about the existence of an investigation into their campaign.
Austad, who pleaded guilty to computer intrusion conspiracy, faces up to five years in prison.
While the impacted betting website was not named, it is likely DraftKings, which in November 2022 announced that approximately 68,000 user accounts were compromised in a credential stuffing attack.
Two other individuals were arrested and indicted as part of the DraftKings hacks, namely Joseph Garrison and Kamerin Stokes.
Garrison pled guilty in November 2023 and was sentenced to 18 months in prison in early 2024. Stokes pled guilty in April 2024.
In October 2025, DraftKings warned of a new wave of credential stuffing attacks targeting its users.
As part of such an attack, threat actors use credential pairs obtained from past data breaches to log into user accounts on unrelated websites. The attacks bank on the use of the same usernames and passwords for multiple accounts.
Related: Former Accenture Employee Charged Over Cybersecurity Fraud
Related: US Indicts Extradited Ukrainian on Charges of Aiding Russian Hacking Groups
Related: Australian Man Sentenced to Prison for Wi-Fi Attacks at Airports and on Flights
Related: Recent GeoServer Vulnerability Exploited in Attacks
