Hacking schemes are unfortunately a staple of the online sports betting industry. And it appears to be on the rise.
Most recently, a Wisconsin teenager pleaded guilty to a hacking scheme that culminated in around $600,000 in stolen funds from DraftKings accounts. It is one of the largest reported issues in the industry on record, and the nitty-gritty details are fairly wild.
The first thing to note is that this saga doesn’t necessarily impact sports betting in Wisconsin. Though sports gambling is allowed at select retail locations inside casinos throughout the state, online sports betting in Wisconsin has yet to be legalized. The defendant in this matter is merely a resident of The Badger State. It is not clear at this time whether any Wisconsin sports bettors who may hold DraftKings accounts in different states were impacted by the hack.
So, what exactly is the 19-year-old defendant—and his co-conspirators—accused of doing? And might this highly publicized scandal dissuade Wisconsin from legalizing online sports betting in the near future?
Full Details of DraftKings Online Sports Betting Hack
Antonio Pequeño IV of Forbes unpacked the full details of the latest online sports betting scandal:
“Federal prosecutors in Manhattan said the defendant Joseph Garrison and other unnamed people accessed approximately 60,000 accounts on DraftKings, a sports betting platform, and stole around $600,000 from about 1,600 accounts. Garrison faces a maximum sentence of five years in prison and is scheduled to be sentenced in January . Prosecutors say Garrison carried out the scheme through a credential stuffing attack on DraftKings accounts, a tactic which uses stolen user credentials from other platforms and checks if those credentials work on the targeted website.
“Law enforcement searched Garrison’s home in February this year, finding programs and files typically used for credential stuffing attacks on his computer, according to the prosecutors’ statement, which added that investigators also found conversations between Garrison and co-conspirators about how to hack DraftKings. In one of the conversations viewed by law enforcement, Garrison messaged an unnamed co-conspirator saying fraud was fun and that he was addicted to seeing money in his account.”
This process of “credential stuffing” is well-known throughout the sports betting industry. Many online sportsbooks in the United States, including DraftKings, have urged customers to create unique usernames and passwords so that leaks on other sites don’t jeopardize their funds elsewhere.
Hacking is an Omnipresent Danger for Online Sports Gambling Sites
Though “credential stuffing” is not specific to online sports betting sites, it has taken the industry by storm.
The general rise of sports gambling throughout the United States is no doubt at the root of it. Thirty-eight of 50 states have no legalized sports betting in some form. And as both the popularity of and access to sports betting sites in the United States has increased, so has the money being bandied about.
Smaller, not-so-densely populated states routinely report monthly sports betting handles—i.e. the total dollar amount of wagers placed—in the nine figures. Take the launch of online sports betting in Kentucky, for example. During their first month of legal gambling across all platforms, the state reported a total handle of almost $250 million. Nearly 94 percent of that money was processed through an online sports betting site.
For the most part, it’s the same story in other states with licensed online operators. Not every region has 90 percent or more of their bets being processed online. But over 80 percent of all bets placed in the United States this year are on track to run through online sportsbooks.
What’s more, a vast majority of this business is taking place at a small minority of online betting sites. DraftKings and FanDuel own a lion’s share of the United States online sports betting market. Other operators like BetMGM, Caesars, Fanatics and, now, ESPN Bet factor in, as well. But odds are that anyone who casually or religiously bets on sports has a DraftKings or FanDuel account. The volume of business and users at these two sportsbooks invariably renders them prime targets for “credential stuffing” attacks.
Could Hacking Scandals Prevent Wisconsin Online Sports Betting from Being Legalized?
Scandals like this are always noteworthy to markets without online sports betting. Wisconsin will be no different. Especially when the defendant hails from America’s Dairyland.
Still, the absence of online sports betting in Wisconsin likely has little to do with the risk of hacking. More than anything, it’s a logistical issue—and preference.
In the approximately two years since the state legalized sports betting, it has rolled out retail licenses to casinos on an extremely limited basis. In fact, Wisconsin is still waiting on certain operators to set up permanent locations and outfit themselves with sports betting kiosks. So, the primary focus of state officials continues to lie with on-site sports betting.
Whether that’s comforting is a separate matter. Gambling enthusiasts no doubt would like access to online sports betting apps in the United States. Right now, Wisconsinites are unable to bet online unless they’re on the property of licensed casino operators.
In the end, online Wisconsin sports betting remains a matter of “when” rather than “if.” The CEO of Potawatomi Casino previously said Wisconsin online sports betting was an inevitability. That tracks with growing trends in the industry.
But is Wisconsin online sports gambling an imminent or distant inevitability? That’s the question. Most tend to believe its introduction is five to 15 years away. And while this particular online sports betting scandal carried out by a Wisconsin resident may not directly impact that timeline, it certainly isn’t doing any favors for it, either.
Take a look at this list of the top online sportsbooks so you can find one that works for all of your sports betting needs: