CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Massive FanDuel Fraud Scheme Using Stolen Identities

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Two Connecticut men, Amitoj Kapoor and Siddharth Lillaney, have been charged with defrauding FanDuel and other online gambling sites of $3 million over several years using stolen identities of approximately 3,000 victims. The scheme involved purchasing stolen personally identifiable information (PII) from darknet markets and Telegram, creating fraudulent accounts, and exploiting promotional bonuses. The defendants used background-check services to verify identities and organized stolen data in a spreadsheet. They transferred winnings to virtual stored-value cards and moved fraudulent proceeds to their bank and investment accounts. The indictment was returned by a federal grand jury in New Haven on February 3, 2026, and the defendants were released on a $300,000 bond each pending further proceedings.

Timeline

  1. 09.02.2026 13:41 2 articles · 11h ago

    Two Men Charged in $3 Million FanDuel Fraud Scheme

    Amitoj Kapoor and Siddharth Lillaney were arrested on a 45-count indictment for defrauding FanDuel and other online gambling sites of $3 million using stolen identities of approximately 3,000 victims. The scheme involved purchasing stolen PII, creating fraudulent accounts, and exploiting promotional bonuses. The defendants face multiple charges, including wire fraud, identity fraud, aggravated identity theft, and money laundering. The indictment was returned by a federal grand jury in New Haven on February 3, 2026, and the defendants were released on a $300,000 bond each pending further proceedings.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

US Seizes E-Note Crypto Exchange for Ransomware Laundering

The U.S. Department of Justice, led by the FBI and collaborating with international partners, has seized the E-Note cryptocurrency exchange for allegedly laundering over $70 million in ransomware and account takeover proceeds. The operation involved confiscating domains, servers, and customer databases, with an indictment unsealed against the Russian national Mykhalio Petrovich Chudnovets, believed to be the operator of E-Note. Chudnovets targeted US healthcare and critical infrastructure sectors through his money laundering services, which he began offering in 2010. This action may lead to further identification of cybercriminals involved in the laundering scheme.

Open in new tab

Credential Stuffing Attack on Fantasy Sports Betting Platform

A Minnesota man, Nathan Austad (online alias “Snoopy”), pleaded guilty to participating in a large-scale credential stuffing attack targeting a fantasy sports and betting platform. The attack compromised over 60,000 user accounts, resulting in financial losses of approximately $600,000 from around 1,600 victims. Austad and his co-conspirators used stolen login credentials to gain unauthorized access, draining account balances and selling access to compromised accounts on online marketplaces. Austad is the third defendant to plead guilty in this case, with two others, Joseph Garrison and Kamerin Stokes, previously convicted. Austad faces up to five years in prison, with sentencing scheduled for April 2026.

Open in new tab

FBI Warns of $262M Stolen in Account Takeover Fraud Schemes

Since January 2025, cybercriminals impersonating bank support teams have stolen over $262 million through account takeover (ATO) fraud schemes. The FBI's Internet Crime Complaint Center (IC3) has received over 5,100 complaints, affecting individuals and businesses across various sectors. Criminals gain unauthorized access to online financial accounts using social engineering techniques or fraudulent websites. Once in control, they wire funds to crypto wallets and often change account passwords, making recovery difficult. The FBI advises monitoring financial accounts, using strong passwords, enabling MFA, and avoiding search results for banking websites. Victims are urged to contact their financial institutions immediately and file complaints with the IC3. Recent reports highlight the growing use of AI-powered phishing campaigns, SEO poisoning, and exploitation of e-commerce vulnerabilities, particularly ahead of the holiday season. Additionally, purchase scams and mobile phishing (mishing) sites have seen a significant increase, leveraging trusted brand names to deceive users. The U.S. Justice Department (DoJ) has seized the fraud domain web3adspanels[.]org, which was used to host and manipulate illegally harvested bank login credentials. The scheme targeted 19 victims across the U.S., including two companies in the Northern District of Georgia, with attempted losses of approximately $28 million and actual losses of approximately $14.6 million. The confiscated domain stored the stolen login credentials of thousands of victims and hosted a backend server to facilitate takeover fraud as recently as November 2025. The FBI and Estonian law enforcement collaborated in this seizure, and the domain now displays a law enforcement banner indicating it is under the control of authorities. No arrests have been made yet, but the investigation may reveal clues leading to the operators.

Open in new tab

Crypto Laundering Scheme Involving $230M Heist Uncovered

A 45-year-old California man, Kunal Mehta, has pleaded guilty to laundering at least $25 million stolen in a $230 million cryptocurrency heist. The scheme involved a large group that used social engineering to access victims' accounts between October 2023 and March 2025. The group, which included members from various states and abroad, was involved in organizing, hacking, and stealing funds. Mehta served as a money launderer, creating shell companies to launder funds through bank accounts. The stolen cryptocurrency was used to finance lavish lifestyles, including luxury cars and international travel. The FBI has emphasized the importance of being vigilant against online scams.

Open in new tab

International Law Enforcement Dismantles Credit Card Fraud Networks

International authorities have dismantled three large-scale credit card fraud and money laundering networks in Operation Chargeback. The operation targeted 44 suspects, including American, Austrian, Canadian, Danish, Dutch, German, and Lithuanian nationals, and resulted in the arrest of 18 individuals. The fraud networks affected over 4.3 million cardholders across 193 countries, causing losses exceeding €300 million. The operation involved over 60 searches and the execution of 18 arrest warrants. The fraudsters created over 19 million fake online subscriptions for services like pornography, dating, and streaming. They disguised monthly charges of about €50 to avoid detection. The operation was led by the Cybercrime Department of the General Prosecutor’s Office in Koblenz and the German Federal Criminal Police Office, supported by Europol and Eurojust. Authorities seized assets worth over €35 million, including luxury vehicles, cryptocurrency, and electronic devices. The suspects face accusations of organized computer fraud, membership in a criminal group, and money laundering. The fraudsters abused four major German payment service providers to launder proceeds, with six employees allegedly helping the fraudsters in exchange for fees. The suspects concealed their activities through numerous shell companies obtained through crime-as-a-service providers, primarily registered in the UK and Cyprus. The estimated attempted damages from the fraud schemes surpass €750 million (~$865 million).

Open in new tab