Overview
- Stokes, 23, of Memphis, was sentenced Friday to 30 months in federal prison, three years of supervised release, $1,327,061 in restitution, and $125,965.53 in forfeiture.
- In the 2022 attack, criminals used stolen username‑password pairs from prior breaches to automate logins at DraftKings and break into tens of thousands of accounts.
- Once inside, they added a new payment method, verified it with a small $5 deposit, and then withdrew victims’ balances to accounts they controlled.
- Prosecutors say hackers Joseph Garrison and Nathan Austad sold access to the accounts for over $2.1 million as roughly $635,000 was stolen from about 1,600 users, and Stokes bought accounts in bulk and resold them as “TheMFNPlug.”
- After pleading guilty, Stokes reopened his shop with the slogan “fraud is fun” and was remanded for violating release terms, while DraftKings refunded hundreds of thousands of dollars and later warned in October 2025 that password‑reuse attacks continued to target its users.