**Third Defendant Pleads Guilty in Fantasy Sports Betting Hack Case**
A Minnesota man has become the third individual to plead guilty in connection with a massive cyber-attack against a fantasy sports and betting platform, according to US prosecutors.
Nathan Austad, 21, of Farmington, Minnesota, who was known online as "Snoopy," admitted in court last Friday to conspiring to commit computer intrusion. This development comes after two other individuals tied to the breach had already pleaded guilty.
The case involves a credential stuffing scheme that led to the compromise of tens of thousands of user accounts and significant financial losses for affected customers. Prosecutors said Austad and his co-conspirators targeted a betting website in November 2022, using stolen login credentials to gain unauthorized access to user accounts.
**Criminal Activity Uncovered**
Court documents show that more than 60,000 accounts were successfully compromised. In many cases, the attackers added new payment methods under their control and drained existing balances. Roughly $600,000 was stolen from approximately 1600 victims through this process.
Access to the hijacked accounts was also sold on online marketplaces specializing in trafficking compromised accounts. The attack relied on credential stuffing, a technique that uses username and password pairs obtained from previous data breaches. Those credentials were systematically tested against the betting website in the hope that users had reused the same login details.
**Online Activities Exposed**
Prosecutors said Austad operated one such online shop himself and controlled cryptocurrency accounts that received about $465,000 in digital assets, including proceeds linked to the scheme. Investigators also uncovered messages in which Austad discussed awareness of an active investigation.
In one exchange, he expressed that participants should have anticipated law enforcement scrutiny, while another message acknowledged the criminal nature of the activity. This evidence suggests that Austad was not only aware of the risks but also actively tried to evade detection.
**Previous Cases and Sentencing**
Two other individuals tied to the breach, Joseph Garrison and Kamerin Stokes, have already pleaded guilty. Garrison was sentenced to 18 months in prison in early 2024, while Stokes entered his plea in April 2024.
Austad faces a maximum sentence of five years in prison. His sentencing hearing is scheduled for April 10, 2026.
**Related Story: Credential Stuffing Attacks**
In related news, Aussie Pension Savers Hit with Wave of Credential Stuffing Attacks highlights the growing threat of credential stuffing attacks. This technique uses username and password pairs obtained from previous data breaches to gain unauthorized access to user accounts.
The affected betting platform was not named in the court filings, but the facts align with a November 2022 announcement by DraftKings that around 68,000 user accounts had been compromised in a credential stuffing incident.