Scattered Spider Leader 'Tylerb' Pleads Guilty in $8 Million Crypto Phishing Scheme

A senior member of the notorious cybercrime group Scattered Spider has admitted to orchestrating a massive phishing campaign that stole millions from cryptocurrency investors. Tyler Robert Buchanan, known online as 'Tylerb,' pleaded guilty in a U.S. federal court to wire fraud conspiracy and aggravated identity theft. The 24-year-old British national now faces up to 20 years in prison when sentenced.

The guilty plea covers a series of SMS-based phishing attacks in summer 2022 that compromised at least a dozen major technology companies, including Twilio, LastPass, and DoorDash. Prosecutors say the group used stolen data to execute SIM-swapping attacks, siphoning over $8 million in virtual currency from victims across the United States. 'This case demonstrates our commitment to holding cybercriminals accountable, no matter where they operate,' a Department of Justice spokesperson said in a statement.

Background

Scattered Spider is an English-speaking cybercrime group known for sophisticated social engineering tactics. Members often impersonate employees or contractors to deceive IT help desks into granting network access. The group has been linked to high-profile ransomware attacks, including one on U.K. retailer Marks & Spencer.

Buchanan's hacker handle 'Tylerb' once topped a leaderboard tracking the most accomplished cyber thieves in the English-language hacking scene. He was arrested in Spain in early 2025 and extradited to the U.S. FBI investigators traced the phishing domains used in the 2022 campaign to a U.K. internet address registered in Buchanan's name.

Details of the Crime

According to court documents, Buchanan conspired with other Scattered Spider members to launch tens of thousands of SMS phishing messages. The texts, disguised as legitimate security alerts, tricked employees of target companies into revealing login credentials. Once inside, the group stole customer data and used it to hijack phone numbers through SIM swapping.

'SIM swapping allowed them to intercept one-time passcodes and password reset links,' explained a cybersecurity expert familiar with the case. 'That gave them direct access to victims' crypto wallets.' Buchanan admitted to personally stealing at least $8 million from individual investors.

Flight and Arrest

Buchanan fled the U.K. in February 2023 after a rival cybercrime gang attacked his home in Dundee, Scotland. The assailants assaulted his mother and threatened to burn him with a blowtorch unless he surrendered his cryptocurrency keys. He was later detained by airport authorities in Spain and extradited to the U.S.

What This Means

The guilty plea marks a significant victory for law enforcement in dismantling Scattered Spider's leadership. However, experts warn that the group's infrastructure remains active. 'This sends a strong deterrent message, but the threat is far from over,' said a former FBI cybercrime investigator. 'Other members may adapt their tactics.'

Buchanan's sentencing is expected in the coming months. The case highlights the growing use of SIM swapping and phishing to target cryptocurrency holders, urging companies and individuals to adopt multi-factor authentication methods beyond SMS.