DraftKings Scheme: ‘Fraud-for-Fun’ Network Participant Sentenced in $600K Fraud |

Published on: April 20, 2026, 05:49h.

Updated on: April 20, 2026, 05:49h.

Cybercriminals exploited DraftKings accounts using compromised login details
Fraudsters added payment methods and utilized minimal deposits for verification
This event underscores the escalating risks associated with online betting account security

A resident of Memphis, Tennessee, has been sentenced to 30 months in federal prison for his involvement in the November 2022 DraftKings breach, where over 60,000 accounts were compromised and approximately $600,000 stolen.

DraftKings hack, account takeover, online betting security, payment fraud, cybersecurity incident, Kamerin Stokes, Jospeh Garrison, Nathan Austad, fraud network — The November 2022 DraftKings breach led to a 5% decline in the company’s share price as investors worried about diminishing consumer trust in its new mobile app. (Image: DraftKings/Shutterstock)

Kamerin Stokes, 23, who operated under the alias “TheMFNPlug,” admitted guilt nearly two years ago for one charge of conspiracy to engage in computer intrusion, according to the U.S. Attorney’s Office for the Southern District of New York.

In addition to his prison sentence, Stokes will serve three years under supervised release and has been mandated to forfeit $125,965.53 along with paying $1,327,061 in restitution for his involvement in a credential-stuffing attack that led to a 5% decline in DraftKings shares on Nasdaq.

Understanding Credential Stuffing

Credential stuffing is a cyberattack method where criminals take usernames and passwords stolen from previous data breaches and attempt to use them across various websites, often on a large scale. If users have reused passwords, attackers can access their accounts without needing to break into the targeted company’s systems.

This breach affected the stock price since DraftKings had recently introduced its mobile sportsbook in multiple U.S. markets, leading to investor concerns regarding potential drops in consumer trust.

Stokes utilized automated tools to identify valid logins to betting accounts, which he sold on the dark web, thereby enabling others to fraudulently withdraw funds.

Among those involved was a teenager from Madison, Wisconsin, named Jospeh Garrison, who jokingly informed a coconspirator that “fraud is fun.”

After gaining access to DraftKings accounts, Garrison and his accomplices added new payment options and made a $5 deposit to verify those accounts, allowing them to subsequently withdraw all funds present.

‘Infatuated With Fraud’

Garrison, who referred to himself as “addicted to seeing money in my account” and “fixated on bypassing systems,” reportedly earned $2.1 million from cyber fraud by the age of 18, as stated by federal prosecutors. He pleaded guilty to conspiracy to commit computer intrusion in November 2023 and was sentenced to 18 months in prison in January 2024.

A third participant, Nathan Austad, pleaded guilty in December 2025 and is currently awaiting sentencing.

Following his plea, Stokes embraced Garrison’s “fraud is fun” slogan, reopening his operation under that name, claiming the need to generate funds for his legal representation.

“Fraud is not enjoyable,” federal prosecutors emphasized in a press release. “Both street and online fraud will be addressed firmly. Today’s federal prison sentence is a clear warning to others who assume online fraud is acceptable.”

Source link