Defendant Sentenced To Prison For Hacking Betting Website

United States Attorney for the Southern District of New York, Jay Clayton, announced today that KAMERIN STOKES, a/k/a "TheMFNPlug," was sentenced to 30 months in prison for his role in a scheme to hack user accounts on a fantasy sports and betting website (the "Betting Website") and sell access to those accounts, resulting in losses of hundreds of thousands of dollars to the users. STOKES was sentenced today before U.S. District Judge Naomi Reice Buchwald. On April 25, 2024, STOKES pled guilty to one count of conspiring to commit computer intrusion.

"Kamerin Stokes victimized thousands of users of an online betting website though a cyberattack," said U.S. Attorney Jay Clayton. "After pleading guilty to federal crimes, Stokes audaciously reopened his criminal business, marketed using the tagline 'fraud is fun,' and said that he opened the new Shop in part because 'gotta pay my attorneys,' referring to his prosecution in this case. Fraud is not fun; fraud on the street or fraud online will not be tolerated. Today's federal prison sentence is a direct message to any others who think online fraud is different."

According to the charging documents and other filings and statements made in court:

On or about November 18, 2022, several individuals launched a "credential stuffing attack" on the Betting Website. During a credential stuffing attack, a cyber threat actor collects stolen credentials, or username and password pairs, obtained from other large-scale data breaches of other companies, which can be purchased on the dark web. The threat actor then systematically attempts to use those stolen credentials to obtain unauthorized access to accounts held by the same user with other companies and providers, in order to compromise accounts where the user has maintained the same password. Here, in connection with the attack on the Betting Website, there was a series of attempts to log into the Betting Website accounts using a large list of stolen credentials.

Those individuals successfully accessed approximately 60,000 accounts at the Betting Website (the "Victim Accounts") through the credential stuffing attack. In some instances, the individuals who unlawfully accessed the Victim Accounts were able to add a new payment method on the account, deposit $5 into that account through the new payment method to verify that method, and then withdraw all the existing funds in the Victim Account through the new payment method (i.e., to a newly added financial account belonging to the hacker), thus stealing the funds in the Victim Account.

Access to the Victim Accounts was sold on various websites that traffic in stolen accounts, which are frequently referred to as "Shops." STOKES controlled his own Shop, used the alias "TheMFNPlug," and purchased Victim Accounts in bulk. STOKES obtained Victim Accounts from the Betting Website with a total listed account value of over $125,000 and then offered access to those accounts for sale on his Shop.

After pleading guilty, STOKES reopened his Shop website, offering for sale access to stolen accounts of various retailers. STOKES advertised his reopened Shop using the tagline "fraud is fun," and said that he had been running these types of shops for three years. He further said that he opened the new Shop in part because "gotta pay my attorneys," referring to his prosecution in this case. After reopening his Shop website, STOKES was rearrested for violating the conditions of his pretrial release and remanded into federal custody.

* * *

In addition to the prison term, STOKES, 23, of Memphis, Tennessee, was sentenced to three years of supervised release and ordered to pay $125,965.53 in forfeiture and $1,327,061 in restitution.

Mr. Clayton praised the outstanding work of the Federal Bureau of Investigation.

The case is being prosecuted by the Office's Complex Frauds and Cybercrime Unit. Assistant U.S. Attorneys Kevin Mead and Micah Fergenson are in charge of the prosecution.