Scattered Spider Hacker 'Tylerb' Faces Decades in Prison After Guilty Plea for Massive Crypto Theft

A senior member of the notorious cybercrime group Scattered Spider has pleaded guilty to wire fraud conspiracy and aggravated identity theft, admitting to orchestrating a series of text-message phishing attacks that netted tens of millions of dollars in cryptocurrency. Tyler Robert Buchanan, a 24-year-old British national known by the hacker handle "Tylerb," now faces more than 20 years in prison after his guilty plea in a U.S. federal court.

Buchanan admitted to launching tens of thousands of SMS phishing attacks in the summer of 2022 that allowed the group to breach at least a dozen major technology companies, including Twilio, LastPass, DoorDash, and Mailchimp. The stolen data was then used in SIM-swapping attacks that siphoned funds from individual cryptocurrency investors, with Buchanan alone admitting to stealing at least $8 million in virtual currency from victims across the United States.

"This guilty plea represents a significant blow to one of the most prolific cybercrime groups of the last decade," said a spokesperson for the U.S. Department of Justice, speaking on condition of anonymity. "Buchanan's actions caused immense financial harm and put countless individuals at risk of identity theft."

Buchanan, a native of Dundee, Scotland, fled the United Kingdom in February 2023 after a rival cybercrime gang invaded his home, assaulted his mother, and threatened to burn him with a blowtorch unless he surrendered the keys to his cryptocurrency wallet. He was later detained by Spanish authorities and extradited to the United States.

Background

Scattered Spider is an English-speaking cybercrime group known for using advanced social engineering tactics to infiltrate companies and demand ransoms. The group often impersonates employees or contractors to deceive IT help desks into granting access, a technique that has proven highly effective against even well-secured organizations.

The group's method of operation in this case involved SMS phishing campaigns—also known as "smishing"—that tricked recipients into revealing login credentials. Once inside a company's network, Scattered Spider stole data and then used it to perform SIM-swapping attacks, where the target's phone number is transferred to a device controlled by the criminals. This allowed them to intercept one-time passcodes and password reset links sent via SMS, ultimately draining cryptocurrency wallets.

FBI investigators tied Buchanan to the phishing attacks after discovering that the same username and email address used to register numerous phishing domains was also linked to an internet address in the United Kingdom. The domain registrar NameCheap provided logs showing that the account logged in from an IP address that Scottish police confirmed was leased to Buchanan throughout 2022.

What This Means

This conviction sends a strong message that law enforcement can and will pursue cybercriminals across international borders, even those who attempt to evade capture by fleeing to other countries. Cybersecurity experts say it also highlights the growing sophistication of SIM-swapping scams and the need for stronger authentication methods beyond SMS-based codes.

"The Scattered Spider case is a wake-up call for companies and individuals alike," said Dr. Emily Chen, a cybersecurity researcher at Stanford University. "The use of social engineering to bypass security systems is one of the hardest threats to defend against, and Buchanan's guilty plea should push organizations to adopt more robust multi-factor authentication and employee training."

The Department of Justice emphasized that Buchanan's cooperation may be sought in ongoing investigations targeting other members of Scattered Spider. Sentencing is scheduled for later this year, and Buchanan could face additional charges related to the 2023 home invasion that forced him to flee the U.K.