A 24-year-old British nationwide and senior member of the cybercrime group “Scattered Spider” has pleaded responsible to wire fraud conspiracy and aggravated identification theft. Tyler Robert Buchanan admitted his function in a collection of text-message phishing assaults in the summertime of 2022 that allowed the group to hack into at the least a dozen main know-how corporations and steal tens of tens of millions of {dollars} value of cryptocurrency from traders.
Buchanan’s hacker deal with “Tylerb” as soon as graced a leaderboard within the English-language legal hacking scene that tracked probably the most completed cyber thieves. Now in U.S. custody and awaiting sentencing, the Dundee, Scotland native is dealing with the potential of greater than 20 years in jail.
Two photographs revealed in a Every day Mail story dated Could 3, 2025 present Buchanan as a toddler (left) and as an grownup being detained by airport authorities in Spain. “M&S” on this screenshot refers to Marks & Spencer, a significant U.Ok. retail chain that suffered a ransomware assault final yr by the hands of Scattered Spider.
Scattered Spider is the identify given to a prolific English-speaking cybercrime group recognized for utilizing social engineering techniques to interrupt into corporations and steal knowledge for ransom, usually impersonating workers or contractors to deceive IT assist desks into granting entry.
As a part of his responsible plea, Buchanan admitted conspiring with different Scattered Spider members to launch tens of hundreds of SMS-based phishing assaults in 2022 that led to intrusions at quite a lot of know-how corporations, together with Twilio, LastPass, DoorDash, and Mailchimp.
The group then used knowledge stolen in these breaches to hold out SIM-swapping assaults that siphoned funds from particular person cryptocurrency traders. In an unauthorized SIM-swap, crooks switch the goal’s cellphone quantity to a tool they management and intercept any textual content messages or cellphone calls to the sufferer’s gadget — similar to one-time passcodes for authentication and password reset hyperlinks despatched through SMS. The U.S. Justice Division stated Buchanan admitted to stealing at the least $8 million in digital forex from particular person victims all through america.
FBI investigators tied Buchanan to the 2022 SMS phishing assaults after discovering the identical username and electronic mail deal with was used to register quite a few phishing domains seen within the marketing campaign. The area registrar NameCheap discovered that lower than a month earlier than the phishing spree, the account that registered these domains logged in from an Web deal with within the U.Ok. FBI investigators stated the Scottish police advised them the deal with was leased to Buchanan all through 2022.
As first reported by KrebsOnSecurity, Buchanan fled the UK in February 2023, after a rival cybercrime gang employed thugs to invade his house, assault his mom, and threaten to burn him with a blowtorch except he gave up the keys to his cryptocurrency pockets. That very same yr, U.Ok. investigators discovered a tool at Buchanan’s Scotland residence that included knowledge stolen from SMS phishing victims and seed phrases from cryptocurrency theft victims.
Buchanan was arrested by Spanish authorities in June 2024 whereas attempting to board a flight to Italy. He was extradited to america and has remained in U.S. federal custody since April 2025.
Buchanan is the second recognized Scattered Spider member to plead responsible. Noah Michael City, 21, of Palm Coast, Fla., was sentenced to 10 years in federal jail final yr and ordered to pay $13 million in restitution. Three different alleged co-conspirators — Ahmed Hossam Eldin Elbadawy, 24, a.ok.a. “AD,” of School Station, Texas; Evans Onyeaka Osiebo, 21, of Dallas, Texas; and Joel Martin Evans, 26, a.ok.a. “joeleoli,” of Jacksonville, North Carolina – nonetheless face legal costs.
Two different alleged Scattered Spider members will quickly be tried in the UK. Owen Flowers, 18, and Thalha Jubair, 20, are dealing with costs associated to the hacking and extortion of a number of massive U.Ok. retailers, the London transit system, and healthcare suppliers in america. Each have pleaded not responsible, and their trial is slated to start in June.
Investigators say the Scattered Spider suspects are a part of a sprawling cybercriminal neighborhood on-line generally known as “The Com,” whereby hackers from totally different cliques boast publicly on Telegram and Discord about high-profile cyber thefts that just about invariably start with social engineering — tricking individuals over the cellphone, electronic mail or SMS into making a gift of credentials that permit distant entry to company inner networks.
One of many extra in style SIM-swapping channels on Telegram has lengthy maintained a leaderboard of probably the most rapacious SIM-swappers, listed by their supposed conquests in stealing cryptocurrency. That leaderboard beforehand listed Buchanan’s hacker alias Tylerb at #65 (out of 100 hackers), with City’s moniker “Sosa” coming in at #24.
Buchanan’s sentencing listening to is scheduled for August 21, 2026. In response to the Justice Division, he faces a statutory most sentence of twenty-two years in federal jail. Nevertheless, any sentence the decide palms down on this case could also be considerably tempered by quite a lot of mitigating components within the U.S. Sentencing Tips, together with the defendant’s age, legal historical past, time already served in U.S. custody, and the diploma to which they cooperated with federal authorities.
