Senior Scattered Spider Hacker Pleads Guilty in $8 Million Crypto Heist

The Guilty Plea

A 24-year-old British national who rose through the ranks of the notorious cybercrime group Scattered Spider has admitted his role in a series of devastating phishing attacks. Tyler Robert Buchanan, known online as “Tylerb”, pleaded guilty in a U.S. federal court to charges of wire fraud conspiracy and aggravated identity theft. The plea marks a significant breakthrough in the fight against one of the most prolific English-speaking hacking collectives.

Buchanan, originally from Dundee, Scotland, once topped a leaderboard that tracked the most accomplished cyber thieves in the underground hacking scene. Now in U.S. custody and awaiting sentencing, he faces the possibility of more than 20 years behind bars. Two photographs published by the Daily Mail in May 2025 show Buchanan as a child and being detained by Spanish authorities at an airport. The images also reference Marks & Spencer (M&S), a major U.K. retailer that fell victim to a ransomware attack orchestrated by Scattered Spider last year.

The Phishing Campaign

As part of his guilty plea, Buchanan admitted to conspiring with other Scattered Spider members to launch tens of thousands of SMS-based phishing attacks in the summer of 2022. The campaign targeted employees at major technology firms, tricking them into handing over login credentials. The compromised companies included:

• Twilio – a cloud communications platform
• LastPass – a popular password manager
• DoorDash – a food delivery service
• Mailchimp – an email marketing platform

These breaches collectively affected at least a dozen organizations and enabled the group to steal tens of millions of dollars worth of cryptocurrency from investors.

SIM-Swap Thefts

Once the group obtained sensitive data from the phishing attacks, they pivoted to SIM-swapping – a technique in which criminals transfer a victim’s phone number to a device they control. This allows them to intercept text messages and phone calls, including one-time passcodes and password reset links sent via SMS. According to the U.S. Justice Department, Buchanan alone admitted to stealing at least $8 million in virtual currency from individual victims across the United States.

The SIM swaps were carried out methodically, draining cryptocurrency wallets and leaving victims unable to recover their funds. The group’s ability to chain phishing with SIM swapping made them particularly dangerous in the cybercrime ecosystem.

The Investigation and Arrest

FBI investigators linked Buchanan to the 2022 SMS phishing campaign after discovering that the same username and email address were used to register numerous phishing domains. Domain registrar NameCheap revealed that less than a month before the phishing spree began, the account responsible for those domains logged in from an IP address in the United Kingdom. Scottish police confirmed to the FBI that the address was leased to Buchanan throughout 2022.

Buchanan fled the U.K. in February 2023, shortly after a rival cybercrime gang broke into his home, assaulted his mother, and threatened to burn him with a blowtorch unless he surrendered the keys to his cryptocurrency wallet. The incident, detailed in previous reports, forced him to seek refuge abroad. He was eventually tracked down by Spanish authorities and extradited to the United States.

Motive and Background

Scattered Spider is a loosely organized English-speaking group known for its reliance on social engineering tactics. Members often impersonate employees or contractors to deceive IT help desks into granting unauthorized access to corporate networks. The group’s methods have caused millions in losses and disrupted operations at high-profile targets, including the Marks & Spencer ransomware incident.

Buchanan’s rise to prominence in the hacking scene was fueled by his skill in orchestrating phishing campaigns. However, his downfall came when law enforcement agencies on both sides of the Atlantic collaborated to dismantle the group. The home invasion by a rival gang adds a layer of chaos to the story, highlighting the violent rivalries that sometimes erupt in the underground cybercrime world.

Potential Sentence

With his guilty plea, Buchanan now awaits sentencing in a U.S. federal court. The charges of wire fraud conspiracy and aggravated identity theft carry a maximum penalty of over 20 years in prison. Legal experts expect the judge to weigh the scale of the financial damage, the number of victims, and Buchanan’s cooperation with authorities. The case serves as a stark warning to other hackers that even the most elusive cybercriminals can be brought to justice.