Skip to content

Minnesota man known as ‘Snoopy’ sentenced in DraftKings hack

Chimera readability score 66 out of 100, Academic reading level.

A 21-year-old Minnesota man who operated under the online alias “Snoopy” was sentenced Tuesday to 18 months in federal prison for his role in a 2022 credential stuffing attack that compromised roughly 60,000 user accounts on the fantasy sports and betting platform DraftKings, resulting in hundreds of thousands of dollars in losses to customers.
Nathan Austad pleaded guilty in December to one count of conspiring to commit computer intrusion in the U.S. District Court for the Southern District of New York, which imposed the sentence. In addition to the prison term, Austad was ordered to serve three years of supervised release, pay over $1.3 million in restitution, and forfeit an additional $463,000.
In November 2022, Austad and his co-conspirators launched the attack against DraftKings via credential stuffing, successfully compromising approximately 60,000 accounts. In roughly 1,600 of those cases, the attackers added a new payment method under their own control to the compromised account and withdrew the available funds, stealing approximately $600,000 in total.
Access to the remaining compromised accounts was sold through cybercriminal marketplaces. Austad operated his own such shop, named after the Peanuts comic strip character Snoopy. Investigators also identified cryptocurrency accounts under Austad’s control that received approximately $465,000 in assets, including proceeds from his criminal activity.
Among the evidence presented in court were private messages in which Austad and his co-conspirators acknowledged that federal investigators were examining their activities even as the scheme was ongoing. In Dec. 2022, Austad wrote to a co-conspirator: “everyone shouldve been prepared for this before cashing out lol.” The co-conspirator replied: “lol fbi can’t do s–t.” Months later, Austad wrote: “like we didnt know the risk when we started lol . . . everyone knows their [sic] committing fraud.”
U.S. Attorney Jay Clayton cited those exchanges in his statement following the sentencing.
“The defendants acknowledged the federal investigation into their conduct while they were committing their crimes, even having the hubris to say the FBI could not do anything about it,” Clayton said. “They were wrong.”
DraftKings disclosed the breach in Nov. 2022, initially reporting that less than $300,000 had been stolen from affected customers. A month later, the company revised that figure, disclosing that 67,995 accounts had been compromised.
Federal prosecutors have not officially named DraftKings in court filings, referring to the target as a “fantasy sports and betting website,” though the details of the attack match the breach the company disclosed publicly.
Austad is the third defendant to be sentenced in the case. Joseph Garrison received 18 months in prison in January 2024, and Kamerin Stokes, who used the alias “TheMFNPlug,” received 30 months in April 2026.

Facts Only

* Nathan Austad pleaded guilty to conspiring to commit computer intrusion.
* The attack against DraftKings occurred in November 2022 via credential stuffing.
* The attack compromised approximately 60,000 user accounts.
* Attackers stole approximately $600,000 in total funds.
* Access to compromised accounts was sold through cybercriminal marketplaces.
* Nathan Austad operated a shop named "Snoopy" for selling access.
* Cryptocurrency accounts under Austad’s control received approximately $465,000 in assets.
* Astad was sentenced to 18 months in federal prison.
* Astad was ordered to pay over $1.3 million in restitution and forfeit $463,000.
* Joseph Garrison received 18 months in prison in January 2024.
* Kamerin Stokes received 30 months in prison in April 2026.

Executive Summary

A 21-year-old Minnesota man, Nathan Austad, was sentenced to 18 months in federal prison for participating in a credential stuffing attack against the DraftKings platform in November 2022. The attack successfully compromised approximately 60,000 user accounts, leading to the theft of roughly $600,000 from customers through the addition of new payment methods and fund withdrawals. Access to the remaining compromised accounts was sold on cybercriminal marketplaces, with Austad operating a shop named "Snoopy." In addition to the prison sentence, Austad was ordered to pay over $1.3 million in restitution and forfeit an extra $463,000. Investigators also identified cryptocurrency assets totaling approximately $465,000 under his control, including criminal proceeds. The federal prosecutors referenced private messages between Austad and co-conspirators which acknowledged their awareness of the investigation while the scheme was ongoing, suggesting a perception of impunity regarding the risks taken.

Full Take

The narrative of the sentencing highlights a collision between systemic financial vulnerability and individual agency, framed by communications that reveal a hubristic dismissal of legal consequences. The dialogue where the defendants acknowledged federal scrutiny while simultaneously expressing confidence that the FBI "can’t do s–t" functions as an emotional exploit, leveraging fear to mitigate responsibility for the criminal act itself. This pattern minimizes the gravity of the actions, suggesting that the perceived freedom to act without consequence outweighed the inherent risk of cybercrime. The systemic implication is that when financial platforms amass massive user data, the distribution of responsibility shifts: from the platform's failure in security to the criminals’ self-assigned belief that they were above detection. This dynamic masks a broader structural issue where complex digital systems create an environment ripe for exploitation and subsequent deflection of accountability onto individual actors operating within those compromised systems. The pattern is the use of informal language to normalize criminal risk, which serves to distract from the tangible financial harm inflicted upon customers and the erosion of public trust in digital safety.

Sentinel — Human

Confidence

The text exhibits characteristics consistent with professionally written news media, showing no significant markers of machine-generated content or coordinated synthetic production.

Signals Detected
low severity: Natural variance in sentence length and tone; inclusion of colloquial quotes demonstrating human voice.
low severity: Clear, fact-focused narrative structure typical of legal reporting, lacking unnecessary philosophical hedging.
low severity: Standard journalistic structure (who, what, when, where) and proper use of attributed legal statements.
Human Indicators
The inclusion of informal quotes from the defendants and the subsequent formal citation by U.S. Attorney Jay Clayton suggest human editorial layering rather than pure LLM generation.
The text maintains a natural flow characteristic of beat reporting, which is often less uniform than purely synthesized prose.