Tennessee Man Sentenced to 30 Months for High-Profile DraftKings Hacking Scheme and Post-Arrest Fraud Operations

Kamerin Stokes, a 23-year-old resident of Memphis, Tennessee, has been sentenced to 30 months in federal prison for his pivotal role in a sophisticated cybercrime ring that targeted tens of thousands of users on the popular sports betting platform DraftKings. The sentencing, handed down in the Southern District of New York, marks a significant milestone in the federal government’s ongoing efforts to dismantle the underground economy of stolen account credentials. Beyond the prison term, U.S. District Judge Victor Marrero ordered Stokes to serve three years of supervised release and pay a staggering $1,327,061 in restitution, along with a forfeiture of $125,965.53. The case has drawn intense scrutiny not only for the scale of the initial breach but for Stokes’ audacious decision to resume his criminal activities while out on bail, marketing his illicit services under the brazen slogan, “fraud is fun.”

The origins of the case date back to November 2022, when DraftKings became the target of a massive credential-stuffing attack. Credential stuffing is a cyberattack method where hackers use lists of compromised usernames and passwords—often harvested from previous, unrelated data breaches—to gain unauthorized access to accounts on other platforms. Because many internet users recycle the same login credentials across multiple websites, a breach at a minor retailer can provide a "master key" to more sensitive accounts, such as those used for banking or sports betting. In this instance, the attack successfully compromised approximately 68,000 DraftKings accounts, exposing the personal information and financial balances of thousands of unsuspecting bettors.

According to court documents and federal prosecutors, the primary architects of the breach were Nathan Austad, known online as "Snoopy," and Joseph Garrison. Garrison, who was 18 at the time of his initial charges in May 2023, collaborated with Austad to deploy automated software that systematically tested stolen credentials against the DraftKings login portal. Once they secured access to the accounts, the duo did not merely stop at data theft. They facilitated a massive "cash-out" operation that resulted in the direct theft of approximately $635,000 from roughly 1,600 of the compromised accounts.

The methodology used to drain the accounts was notably methodical. To bypass security triggers and verify the liquidity of the hijacked accounts, the hackers or their associates would add a new payment method to the profile. They would then make a small, $5 deposit to confirm the new payment method was valid and linked correctly. Once the "verification" was complete, they would proceed to withdraw all available funds from the victim’s account balance into their own controlled accounts. This technique allowed the criminals to siphon hundreds of thousands of dollars before many users even realized their accounts had been accessed.

While Austad and Garrison focused on the technical execution of the hack, Kamerin Stokes operated as a high-volume reseller in the digital underworld. Operating under the online alias "TheMFNPlug," Stokes purchased access to hijacked accounts in bulk from the primary hackers. He then resold these accounts through his own illicit "shop," an online storefront dedicated to the sale of stolen credentials. While the primary focus of the federal investigation remained on the DraftKings breach, evidence presented in court revealed that the criminal enterprise was far-reaching. The group also trafficked in stolen accounts for FanDuel, another major sports betting platform, as well as retail accounts for companies like Chick-fil-A. In total, the sale of these hijacked accounts through various underground shops generated more than $2.1 million in illicit revenue.

The case took a turn for the surreal following Stokes’ initial arrest. After being charged and pleading guilty to federal crimes, Stokes was released on bail while awaiting his sentencing hearing. Rather than maintaining a low profile, Stokes demonstrated a remarkable lack of remorse and a blatant disregard for the legal system. He chose to relaunch his online shop, updating the branding to include the tagline “fraud is fun.” He continued to sell access to compromised accounts for various retailers and services, effectively resuming the very business that had led to his federal prosecution.

When federal authorities discovered the revived operation, Stokes was promptly arrested for violating the conditions of his pretrial release. In a series of admissions to investigators, Stokes reportedly stated that he had been running these types of account shops for three years. Most tellingly, he claimed that he had reopened the shop specifically because he "gotta pay my attorneys," suggesting that he intended to fund his legal defense through the proceeds of further criminal activity. This "audacious" behavior was a focal point of the prosecution’s sentencing memorandum, highlighting the need for a custodial sentence to deter both the defendant and others in the cybercrime community.

U.S. Attorney Jay Clayton, in a press release following the sentencing, emphasized the severity of the impact on the victims. "Kamerin Stokes victimized thousands of users of an online betting website through a cyberattack," Clayton noted. "After pleading guilty to federal crimes, Stokes audaciously reopened his criminal business, marketed using the tagline ‘fraud is fun,’ and said that he opened the new shop in part because he ‘gotta pay my attorneys,’ referring to his prosecution in this case. Today’s sentence sends a clear message that those who profit from cybercrime and show contempt for the law will face serious consequences."

The broader implications of the DraftKings breach have resonated throughout the cybersecurity and online gaming industries. Following the November 2022 attack, DraftKings was forced to issue a public apology and commit to refunding hundreds of thousands of dollars to affected customers. The incident highlighted a critical vulnerability in the sports betting sector: the reliance on traditional password-based authentication. In the wake of the breach, industry analysts have called for more robust security measures, including the mandatory implementation of multi-factor authentication (MFA) and more aggressive monitoring for credential-stuffing patterns.

From a technical perspective, the DraftKings case serves as a textbook example of the dangers of password reuse. While the betting platform itself was not "breached" in the traditional sense—meaning its internal databases remained secure—the attackers exploited the "human element" of security. By leveraging data stolen from other sources, they were able to walk through the front door of thousands of accounts. This highlights a growing trend in cybercrime where attackers focus on identity-based vulnerabilities rather than complex software exploits.

The timeline of the investigation and subsequent legal proceedings illustrates the complexity of prosecuting modern cybercrime rings.

• November 2022: The credential-stuffing attack targets DraftKings, compromising 68,000 accounts.
• December 2022: DraftKings publicly acknowledges the breach and begins the process of restoring funds to victims.
• May 2023: Joseph Garrison is charged in connection with the hack, revealing the involvement of Nathan Austad and the resale network.
• Late 2023: Kamerin Stokes is identified as a primary reseller and arrested.
• Pre-Trial Period: Stokes is released on bail, reopens his shop with the "fraud is fun" branding, and is subsequently re-arrested.
• April 2024: Stokes is sentenced to 30 months in prison.

The financial fallout for Stokes is also substantial. The $1.3 million in restitution is intended to compensate the victims and the platform for the losses incurred during the theft and the subsequent administrative costs of the cleanup. The $125,965.53 forfeiture represents the personal profits Stokes is believed to have pocketed from his specific role in the resale of the stolen accounts.

As sports betting continues to expand across the United States, with more states legalizing the practice and more users depositing significant sums into digital wallets, the incentive for cybercriminals only grows. Platforms like DraftKings and FanDuel are essentially financial institutions that operate with the speed and frequency of a social media app, making them prime targets for "cash-out" schemes. Security experts suggest that the "fraud is fun" mentality displayed by Stokes is common in certain corners of the dark web, where young hackers often view their activities as a victimless game of cat-and-mouse with large corporations, ignoring the very real financial and emotional toll on the individual account holders.

The sentencing of Kamerin Stokes serves as a cautionary tale for the burgeoning "account shop" industry. While the anonymity of the internet often provides a sense of invincibility, the persistent efforts of federal agencies like the FBI and the Department of Justice demonstrate that the digital paper trail left by bulk resellers is traceable. The case also underscores the necessity for consumers to adopt better cyber hygiene. Security professionals recommend that users of betting platforms use unique, complex passwords for every site and enable biometric or app-based MFA whenever possible to prevent their accounts from becoming another statistic in a credential-stuffing database.

In the final analysis, the 30-month sentence for Stokes reflects a balance between the severity of the initial crime and his blatant recidivism while under court supervision. As he begins his term in federal prison, the cybersecurity community continues to monitor the evolving tactics of groups like those led by Austad and Garrison, recognizing that as long as there is a market for stolen data, there will be individuals like Stokes willing to facilitate its trade. The "fraud is fun" era for Kamerin Stokes has come to a definitive end, replaced by the sober reality of federal incarceration and a lifelong debt of restitution.