Dunno if it has anything to do with it but they did get haxx0red last year at the same time as MGM, except Caesars paid up and MGM didn't. Hotel room cards, casino play cards, etc were down for ten days at a bunch of the MGM-owned properties (a.k.a. the half of the Strip not owned by Caesars) https://en.wikipedia.org/wiki/MGM_Resorts_International#Las_...
About a month after the conference would be enough time to discredit an obvious connection to the conference, while still making use of security breaches that might have been found during the conference. Most security experts know you have to abandon security hopes if you give the hardware to the user with direct access. And with a conference of DEF CON's size, you only need 1% malicious actors for 300 tragedy of the commons results.
MGM's not that far away on the strip for somebody to find a security exploit, and then start checking every nearby casino to see if it works at those casinos. Found a $1 million exploit? Might walk a few blocks to see if it can turn into a $10 million exploit. Non-negligible risk from a casino perspective.
Average casino-win per customer is usually ~$100/admission. [1] Three days [2] gambling for 30,000 = 9,000,000. Hotel stay revenue helps, yet it's usually only 25% of revenue per guest. [3] Casino visitation and attendance has also rebounded significantly in the last few years. [4]
So, higher than normal costs per attendee, attendees who believe they all spend less than normal conference participants, anecdotal stories of repeated high cost issues each year to resolve (ex: concrete poured in sinks on purpose, rooms broken into, satellite dishes stolen), increasing attendance numbers in Vegas, and a multi-$10 million slap a month afterward based on social engineering.
https://www.bloomberg.com/news/articles/2023-09-13/caesars-e...
https://www.vox.com/technology/2023/9/15/23875113/mgm-hack-c...