A Manhattan federal courtroom just closed the book on the online antics of Kamerin Stokes, the 23-year-old who called himself “TheMFNPlug” and treated stolen betting accounts like a side hustle. On Thursday, a federal judge sentenced Stokes to 30 months in prison after prosecutors said he bought and sold thousands of compromised accounts from a fantasy sports and betting website.
According to prosecutors, Stokes did not quietly await his fate. After pleading guilty, he reopened his online shop, splashed it with the tagline “fraud is fun,” and bragged he needed to get the new operation going because he “gotta pay my attorneys.” That move violated his release conditions and landed him back behind bars even before the formal sentence.
In a press release from the U.S. Attorney's Office for the Southern District of New York, U.S. Attorney Jay Clayton did not mince words, calling Stokes’s decision to relaunch and market the shop “audacious.” Clayton added a blunt warning: “Fraud is not fun; fraud on the street or fraud online will not be tolerated.” The office said U.S. District Judge Naomi Reice Buchwald imposed a sentence of 30 months in prison, three years of supervised release, $125,965.53 in forfeiture, and $1,327,061 in restitution.
How the scheme worked
Court filings show the breach kicked off on or about November 18, 2022, when a credential-stuffing campaign used stolen username and password combinations to bombard the betting site and successfully break into roughly 60,000 accounts. Once inside, the attackers added new payment methods, ran small test deposits to confirm they worked, then pulled money out to accounts they controlled. The compromised profiles were then bundled and sold in bulk on various “shops,” according to court filings reviewed by Leagle.
Shop reopened and rearrest
Prosecutors say Stokes operated one of those marketplaces under the alias “TheMFNPlug,” buying victim accounts with a total listed value of more than $125,000, then flipping access to those accounts for sale. After he pleaded guilty in April 2024, he reopened the shop and promoted it with the line “fraud is fun,” while explaining that part of his motivation was that he “gotta pay my attorneys.” That post-plea relaunch, described in a press release from the U.S. Attorney's Office for the Southern District of New York, led to his rearrest for violating pretrial release and his remand into federal custody.
Penalty and legal context
Stokes pleaded guilty on April 25, 2024, to one count of conspiracy to commit computer intrusion, a charge that carries a maximum sentence of five years in prison, according to court records. The 30-month prison term, three years of supervised release, and roughly $1.45 million in combined restitution and forfeiture are set to be reflected in the formal judgment, which is available through online dockets at Casemine.
Prosecutors framed the outcome as a warning shot to anyone who still thinks online fraud is a low-risk game. The case was handled by the SDNY’s Complex Frauds and Cybercrime Unit, which pointed to Stokes’s sentence as a reminder that federal enforcement is watching the marketplaces where stolen accounts are bought and sold.
