DraftKings hacker 'Snoopy' sentenced to 18 months in prison
Nathan Austad, known online as 'Snoopy,' was sentenced to 18 months in prison for his role in the November 2022 credential-stuffing attack that compromised 60,000 DraftKings accounts.
A 21-year-old Minnesota man who operated under the alias 'Snoopy' was sentenced to 18 months in federal prison on June 24, 2026, for his role in the November 2022 credential-stuffing attack against DraftKings. Nathan Austad pleaded guilty in December 2025 to conspiracy to commit computer intrusion, admitting that he and co-conspirators compromised tens of thousands of user accounts on the fantasy sports and sports betting platform.
The attack exploited reused or weak passwords — a classic credential-stuffing technique — to access 67,995 DraftKings accounts. Once inside, the hackers added payment methods under their control to 1,600 of those accounts and ultimately stole $600,000. DraftKings initially reported losses of less than $300,000 before the full scope of the breach became clear.
Austad's role went beyond simply participating in the account takeovers. According to the U.S. Department of Justice, he directly operated his own online shop — named after the Peanuts character Snoopy — where he sold access to the compromised accounts. Investigators determined that Austad's cryptocurrency accounts received approximately $465,000 in assets from his illicit sales.
The case has seen multiple co-conspirators sentenced over the past two years. In January 2024, Joseph Garrison received an 18-month prison term. Kamerin Stokes, known as 'TheMFNPlug,' received a 30-month sentence in April 2026. All three were part of a network that sold access to hacked DraftKings accounts through online marketplaces such as the 'Goat Shop.'
In addition to his prison sentence, Austad was ordered to serve three years of supervised release, pay $463,684 in forfeiture, and pay $1,327,061 in restitution to victims. The sentencing underscores the U.S. government's continued focus on prosecuting individuals involved in credential-stuffing and account-takeover schemes, which remain a persistent threat to online platforms.
The attack serves as a reminder of the risks posed by credential reuse. DraftKings has since pushed for stronger authentication measures, but the incident exposed how a single compromised password can cascade into widespread account theft when users fail to enable multi-factor authentication.