British 'Scattered Spider' Cybercrime Leader Pleads Guilty in $8 Million Crypto Theft

Breaking: Senior Scattered Spider Member Tyler Buchanan Admits Wire Fraud and Identity Theft

A 24-year-old British national and senior member of the cybercrime group Scattered Spider has pleaded guilty to wire fraud conspiracy and aggravated identity theft, the U.S. Justice Department announced today.

British 'Scattered Spider' Cybercrime Leader Pleads Guilty in $8 Million Crypto Theft — Source: krebsonsecurity.com

Tyler Robert Buchanan, known by his hacker handle “Tylerb,” admitted orchestrating a massive SMS phishing campaign in the summer of 2022 that compromised at least a dozen major technology companies and drained tens of millions of dollars in cryptocurrency from investors.

“Buchanan was a key architect of a sophisticated social engineering operation that not only breached some of the world’s leading tech firms but also directly victimized individual investors through SIM-swapping,” said a DOJ spokesperson in a statement.

“This plea sends a clear message that cybercriminals cannot hide behind keyboards or cross borders to evade justice.”

Buchanan, originally from Dundee, Scotland, is now in U.S. custody and faces up to 20 years in prison when sentenced. Two photos published by the Daily Mail in May 2025 show him as a child and being detained by Spanish airport authorities.

How the Scheme Unfolded

As part of his guilty plea, Buchanan admitted to conspiring with other Scattered Spider members to launch tens of thousands of SMS-based phishing attacks in 2022. These attacks targeted employees of companies including Twilio, LastPass, DoorDash, and Mailchimp.

The phishing messages tricked employees into revealing credentials, which the group then used to gain unauthorized access to internal systems. Once inside, the hackers exfiltrated sensitive data and customer information.

The stolen data was then employed in SIM-swapping attacks—a technique where criminals transfer a victim’s phone number to a device they control. This allowed them to intercept one-time passcodes and password reset links sent via SMS, ultimately siphoning cryptocurrency from individual wallets.

The FBI confirmed that Buchanan admitted stealing at least $8 million in virtual currency from victims across the United States.

Background: What is Scattered Spider?

Scattered Spider is a prolific English-speaking cybercrime group notorious for its use of social engineering tactics. Members often impersonate employees or contractors to deceive IT help desks into granting access to corporate networks.

The group’s leaderboard once featured Buchanan as one of the most accomplished cyber thieves in English-language criminal forums. His arrest followed a joint investigation by the FBI, Scottish police, and private sector partners.

Notably, Buchanan fled the United Kingdom in February 2023 after a rival cybercrime gang reportedly invaded his home, assaulted his mother, and threatened to burn him with a blowtorch unless he surrendered his cryptocurrency wallet keys—a story first reported by KrebsOnSecurity.

Evidence and Investigation

FBI investigators tied Buchanan to the 2022 phishing campaign by discovering that the same username and email address were used to register numerous phishing domains. Domain registrar NameCheap revealed that, less than a month before the attacks, the account that registered those domains logged in from a UK internet address.

Scottish police confirmed to the FBI that the address was leased to Buchanan throughout 2022. This digital breadcrumb helped authorities build a case that led to his arrest in Spain and extradition to the United States.

“Cybercriminals often believe they can hide behind anonymity and offshore accounts, but forensic analysis consistently reveals their trail,” commented a cybersecurity expert familiar with the investigation.

What This Means

This plea underscores the increasing willingness of law enforcement to pursue and prosecute international cybercrime groups. It also highlights the vulnerabilities of SMS-based two-factor authentication, which is widely used but easily undermined by SIM-swapping.

For the tech industry, the case serves as a stark reminder that phishing and social engineering remain the most common entry points for major breaches. Companies like Twilio and DoorDash have since bolstered their security protocols, but experts warn that more stringent authentication methods—such as hardware tokens or biometrics—are needed to prevent similar attacks.

Buchanan’s sentencing is expected within the next 90 days. If he receives the maximum penalty, it would mark one of the harshest sentences handed down to a member of the Scattered Spider group, potentially deterring other would-be cybercriminals.

Key Facts at a Glance

Defendant: Tyler Robert Buchanan (a.k.a. “Tylerb”), 24, Dundee, Scotland
Charges: Wire fraud conspiracy, aggravated identity theft
Group: Scattered Spider
Attack Method: SMS phishing (2022) targeting employees of tech firms, followed by SIM-swapping to steal cryptocurrency
Losses: At least $8 million stolen from individual U.S. victims; tens of millions more from crypto investors overall
Companies Affected: Twilio, LastPass, DoorDash, Mailchimp, and others
Maximum Sentence: Over 20 years in prison
Status: In U.S. custody, awaiting sentencing

Authorities urge anyone who may have been a victim of these attacks to contact the FBI’s Internet Crime Complaint Center (IC3) for assistance.

Tags: