Overview
- Prosecutors say Nathan Austad, who pleaded guilty in December 2025, was sentenced Tuesday to 18 months in prison, three years of supervised release, and about $1.8 million in combined restitution and forfeiture.
- Federal filings trace a November 2022 credential-stuffing attack that used reused credentials to compromise roughly 60,000 accounts on a fantasy sports and betting site and add payment methods to about 1,600 accounts.
- Investigators say the attackers withdrew about $600,000 from victim accounts and sold remaining account access on criminal marketplaces known as “shops.”
- Austad ran a shop branded “Snoopy” and controlled cryptocurrency wallets that received roughly $465,000 in proceeds, details prosecutors used to link him to the scheme.
- The case follows earlier guilty pleas and sentences for co-defendants Joseph Garrison and Kamerin Stokes and signals growing enforcement against account-takeover crimes that rely on password reuse and crypto-enabled sales.