A 21-year-old Minnesota man who operated under the online alias “Snoopy” was sentenced Tuesday to 18 months in federal prison for his role in a 2022 credential stuffing attack that compromised roughly 60,000 user accounts on the fantasy sports and betting platform DraftKings, resulting in hundreds of thousands of dollars in losses to customers.

Nathan Austad pleaded guilty in December to one count of conspiring to commit computer intrusion in the U.S. District Court for the Southern District of New York, which imposed the sentence. In addition to the prison term, Austad was ordered to serve three years of supervised release, pay over $1.3 million in restitution, and forfeit an additional $463,000.

In November 2022, Austad and his co-conspirators launched the attack against DraftKings via credential stuffing, successfully compromising approximately 60,000 accounts. In roughly 1,600 of those cases, the attackers added a new payment method under their own control to the compromised account and withdrew the available funds, stealing approximately $600,000 in total.

Access to the remaining compromised accounts was sold through cybercriminal marketplaces. Austad operated his own such shop, named after the Peanuts comic strip character Snoopy. Investigators also identified cryptocurrency accounts under Austad’s control that received approximately $465,000 in assets, including proceeds from his criminal activity.

Among the evidence presented in court were private messages in which Austad and his co-conspirators acknowledged that federal investigators were examining their activities even as the scheme was ongoing. In Dec. 2022, Austad wrote to a co-conspirator: “everyone shouldve been prepared for this before cashing out lol.” The co-conspirator replied: “lol fbi can’t do s–t.” Months later, Austad wrote: “like we didnt know the risk when we started lol . . . everyone knows their [sic] committing fraud.”

U.S. Attorney Jay Clayton cited those exchanges in his statement following the sentencing.

“The defendants acknowledged the federal investigation into their conduct while they were committing their crimes, even having the hubris to say the FBI could not do anything about it,” Clayton said. “They were wrong.”

DraftKings disclosed the breach in Nov. 2022, initially reporting that less than $300,000 had been stolen from affected customers. A month later, the company revised that figure, disclosing that 67,995 accounts had been compromised. 

Federal prosecutors have not officially named DraftKings in court filings, referring to the target as a “fantasy sports and betting website,” though the details of the attack match the breach the company disclosed publicly.

Austad is the third defendant to be sentenced in the case. Joseph Garrison received 18 months in prison in January 2024, and Kamerin Stokes, who used the alias “TheMFNPlug,” received 30 months in April 2026. 

The post Minnesota man known as ‘Snoopy’ sentenced in DraftKings hack appeared first on CyberScoop.

An Algerian man known online as “SPOX” was extradited from Spain and charged with running a black-market cybercrime operation that prosecutors say defrauded thousands of victims and funneled roughly $900,000 through a cryptocurrency account over a three-year period.

Abdellah Belmili, 26, made his initial appearance Monday in the U.S. District Court for the Western District of New York in Buffalo. He faces a single count of conspiracy to commit bank fraud, which carries a maximum sentence of 30 years in prison. 

He was extradited from Spain earlier this month.

Federal investigators say Belmili allegedly created and administered at least two illicit online marketplaces, market0day.com and spoxy.us, that operated similarly to commercial e-commerce platforms. The marketplaces sold financial credentials, phishing kits, compromised email server access, and other tools used to carry out fraud. All transactions on the sites were conducted in Bitcoin.

According to court documents, the FBI became aware of the marketplaces in September 2020 through a confidential source. The site’s administrator was already known to investigators as a prolific creator of phishing kits targeting major U.S. financial institutions.

In 2020, undercover FBI agents used the marketplace to buy a phishing kit designed to replicate JPMorgan Chase’s login page and capture victims’ personal information. Agents also purchased access to a compromised email server. A third item — access to a website control panel — was paid for but never delivered, prompting customer complaints on Belmili’s Telegram channel.

Shortly after those complaints surfaced, Belmili announced he was closing market0day.com and redirecting customers to a new site, spoxy.us, which he described as a “new store for bulk sms,” which typically refers to mass phishing via text message. 

The new site used the same template, color scheme, and navigation structure as its predecessor and was registered using the stolen identity of a 77-year-old Texas resident.

Investigators identified Belmili through a combination of open-source research, search warrants, and records obtained from technology and financial companies. Early versions of his phishing kit code contained his full name, “Dila Belmili,” embedded in the source alongside his Telegram handle and a link to the marketplaces. Facebook accounts linked to the alias “spox_coder” listed “Dila Belmili (spox)” as the display name, and customers had posted complaints about phishing kit purchases directly on his profile.

Records obtained from Google showed that Belmili used his personal email account to search for financial institution logos, hacking tools, and methods for generating fake identities and credit card numbers. The same account received approximately 1,400 emails containing victims’ stolen personal information from active phishing kits targeting American Express, Bank of America, Cash App, JP Morgan Chase, PayPal, and Wells Fargo.

Investigators also found that Belmili had built hidden backdoors into phishing kits he sold to other criminals, allowing him to continue harvesting victim data even after the kits changed hands.

Records from cryptocurrency exchange Binance showed approximately $900,000 deposited into an account registered to Belmili between Jan. 2020 and Jan. 2023. Of that amount, roughly $760,000 was transferred to other accounts or converted into other forms of cryptocurrency, while approximately $41,000 was withdrawn from ATMs. 

In total, investigators identified approximately 595 distinct phishing kits created by Belmili. Analysis of victim data exported to Telegram pages and email accounts linked to the operation identified roughly 5,600 victims in the United States and internationally.

“This defendant thought that he could get away with defrauding thousands of victims out of hundreds of thousands of dollars by using fake names and hiding behind a keyboard to steal bank account and credit card numbers,” said U.S. Attorney Michael DiGiacomo in a release. “This arrest makes clear that, regardless of where you operate, our law enforcement partners will find you – and when they do, you will face the full consequences of your actions.” 

You can read the court documents below. 

The post Algerian man charged with running two cybercrime marketplaces appeared first on CyberScoop.