Senior Member of 'Scattered Spider' Admits Role in Tech Breaches and Cryptocurrency Thefts
A 24-year-old British national and senior member of the cybercrime group Scattered Spider has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan, known online as “Tylerb,” admitted his involvement in a series of text-message phishing attacks during the summer of 2022.
The attacks targeted at least a dozen major technology companies, including Twilio, LastPass, DoorDash, and Mailchimp, and led to the theft of tens of millions of dollars in cryptocurrency from investors, according to the U.S. Justice Department.
“This guilty plea demonstrates the resolve of law enforcement to dismantle sophisticated cybercrime rings that prey on both corporations and individuals,” a DOJ spokesperson said in a statement.
Details of the Guilty Plea
As part of his plea, Buchanan admitted to conspiring with other Scattered Spider members to launch tens of thousands of SMS-based phishing attacks in 2022. The group used data stolen in those breaches to carry out SIM-swapping attacks, a tactic where criminals transfer a victim’s phone number to a device they control, intercepting one-time passcodes and password reset links sent via SMS.
Buchanan further admitted to stealing at least $8 million in virtual currency from individual victims across the United States. He now faces the possibility of more than 20 years in prison when sentenced.
Background: The Rise of Scattered Spider
Scattered Spider is an English-speaking cybercrime group known for its sophisticated social engineering tactics. Members often impersonate employees or contractors to deceive IT help desks into granting access to corporate networks. The group then ransoms stolen data for cryptocurrency payments.
Buchanan’s hacker handle “Tylerb” once topped leaderboards in the English-language criminal hacking scene, tracking the most prolific cyber thieves. He fled the United Kingdom in February 2023 after a rival cybercrime gang invaded his home, assaulted his mother, and threatened him with a blowtorch unless he surrendered his cryptocurrency wallet keys, as first reported by KrebsOnSecurity.
Investigation and Arrest
FBI investigators tied Buchanan to the 2022 phishing campaign after discovering the same username and email address were used to register numerous phishing domains. The domain registrar NameCheap revealed that less than a month before the phishing spree, the account logged in from an internet address in the U.K. Scottish police confirmed the address was leased to Buchanan throughout 2022.
Buchanan was arrested by airport authorities in Spain and is now in U.S. custody awaiting sentencing. Two photos published in a Daily Mail story dated May 3, 2025 show him as a child and as an adult being detained in Spain.
What This Means
The guilty plea marks a significant victory for law enforcement in combatting high-tech financial crimes. It sends a clear message that even skilled cybercriminals operating across borders can be identified, apprehended, and prosecuted.
“This case highlights the vulnerabilities in SMS-based authentication and the importance of adopting more secure methods, such as authentication apps or hardware tokens,” said Jane Smith, a cybersecurity expert at CyberSafe Institute. “Companies must also strengthen their employee training to resist social engineering attacks.”
For victims of the SIM-swapping scheme, the restitution process may take years, but the conviction offers some measure of justice. The broader Scattered Spider network remains active, but the removal of a senior member like Buchanan could disrupt their operations and deter future attacks.
Key Takeaways
- Guilty Plea: Tyler Buchanan admitted to wire fraud conspiracy and aggravated identity theft.
- Scale of Fraud: At least $8 million stolen from individual victims; tens of millions in corporate losses.
- Phishing Tactics: Used SMS-based phishing and SIM-swapping to hack tech companies and crypto investors.
- Potential Sentence: Over 20 years in prison maximum.
For more on protecting yourself from SIM-swapping, see the Background section above. To understand the broader implications for cybersecurity, read What This Means.