A 24-year-old British nationwide and senior member of the cybercrime group “Scattered Spider” has pleaded responsible to wire fraud conspiracy and aggravated identification theft. Tyler Robert Buchanan admitted his function in a sequence of text-message phishing assaults in the summertime of 2022 that allowed the group to hack into at the very least a dozen main expertise corporations and steal tens of hundreds of thousands of {dollars} price of cryptocurrency from traders.
Buchanan’s hacker deal with “Tylerb” as soon as graced a leaderboard within the English-language legal hacking scene that tracked probably the most achieved cyber thieves. Now in U.S. custody and awaiting sentencing, the Dundee, Scotland native is going through the potential for greater than 20 years in jail.
Two pictures printed in a Each day Mail story dated Could 3, 2025 present Buchanan as a baby (left) and as an grownup being detained by airport authorities in Spain. “M&S” on this screenshot refers to Marks & Spencer, a significant U.Ok. retail chain that suffered a ransomware assault final yr by the hands of Scattered Spider.
Scattered Spider is the identify given to a prolific English-speaking cybercrime group recognized for utilizing social engineering techniques to interrupt into corporations and steal information for ransom, usually impersonating workers or contractors to deceive IT assist desks into granting entry.
As a part of his responsible plea, Buchanan admitted conspiring with different Scattered Spider members to launch tens of 1000’s of SMS-based phishing assaults in 2022 that led to intrusions at numerous expertise corporations, together with Twilio, LastPass, DoorDash, and Mailchimp.
The group then used information stolen in these breaches to hold out SIM-swapping assaults that siphoned funds from particular person cryptocurrency traders. In an unauthorized SIM-swap, crooks switch the goal’s telephone quantity to a tool they management and intercept any textual content messages or telephone calls to the sufferer’s system — equivalent to one-time passcodes for authentication and password reset hyperlinks despatched by way of SMS. The U.S. Justice Division stated Buchanan admitted to stealing at the very least $8 million in digital foreign money from particular person victims all through the US.
FBI investigators tied Buchanan to the 2022 SMS phishing assaults after discovering the identical username and electronic mail handle was used to register quite a few phishing domains seen within the marketing campaign. The area registrar NameCheap discovered that lower than a month earlier than the phishing spree, the account that registered these domains logged in from an Web handle within the U.Ok. FBI investigators stated the Scottish police advised them the handle was leased to Buchanan all through 2022.
As first reported by KrebsOnSecurity, Buchanan fled the UK in February 2023, after a rival cybercrime gang employed thugs to invade his dwelling, assault his mom, and threaten to burn him with a blowtorch except he gave up the keys to his cryptocurrency pockets. That very same yr, U.Ok. investigators discovered a tool at Buchanan’s Scotland residence that included information stolen from SMS phishing victims and seed phrases from cryptocurrency theft victims.
Buchanan was arrested by Spanish authorities in June 2024 whereas making an attempt to board a flight to Italy. He was extradited to the US and has remained in U.S. federal custody since April 2025.
Buchanan is the second recognized Scattered Spider member to plead responsible. Noah Michael City, 21, of Palm Coast, Fla., was sentenced to 10 years in federal jail final yr and ordered to pay $13 million in restitution. Three different alleged co-conspirators — Ahmed Hossam Eldin Elbadawy, 24, a.okay.a. “AD,” of Faculty Station, Texas; Evans Onyeaka Osiebo, 21, of Dallas, Texas; and Joel Martin Evans, 26, a.okay.a. “joeleoli,” of Jacksonville, North Carolina – nonetheless face legal costs.
Two different alleged Scattered Spider members will quickly be tried in the UK. Owen Flowers, 18, and Thalha Jubair, 20, are going through costs associated to the hacking and extortion of a number of giant U.Ok. retailers, the London transit system, and healthcare suppliers in the US. Each have pleaded not responsible, and their trial is slated to start in June.
Investigators say the Scattered Spider suspects are a part of a sprawling cybercriminal neighborhood on-line referred to as “The Com,” whereby hackers from totally different cliques boast publicly on Telegram and Discord about high-profile cyber thefts that just about invariably start with social engineering — tricking individuals over the telephone, electronic mail or SMS into gifting away credentials that enable distant entry to company inside networks.
One of many extra common SIM-swapping channels on Telegram has lengthy maintained a leaderboard of probably the most rapacious SIM-swappers, listed by their supposed conquests in stealing cryptocurrency. That leaderboard beforehand listed Buchanan’s hacker alias Tylerb at #65 (out of 100 hackers), with City’s moniker “Sosa” coming in at #24.
Buchanan’s sentencing listening to is scheduled for August 21, 2026. In response to the Justice Division, he faces a statutory most sentence of twenty-two years in federal jail. Nonetheless, any sentence the decide palms down on this case could also be considerably tempered by numerous mitigating elements within the U.S. Sentencing Pointers, together with the defendant’s age, legal historical past, time already served in U.S. custody, and the diploma to which they cooperated with federal authorities.
