The Guilty Plea
A 24-year-old British national and senior member of the cybercrime group known as Scattered Spider has pleaded guilty to charges of wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan, who operated under the hacker handle "Tylerb," admitted his involvement in a series of text-message phishing attacks during the summer of 2022. These attacks enabled the group to infiltrate at least a dozen major technology companies and siphon off tens of millions of dollars in cryptocurrency from investors. Buchanan now faces the possibility of more than 20 years in prison as he awaits sentencing in U.S. custody.
The Phishing Campaign
Scattered Spider is an English-speaking cybercrime group notorious for using social engineering techniques to breach corporate networks. Members often impersonate employees or contractors to trick IT help desks into granting access. As part of his guilty plea, Buchanan confessed to collaborating with other group members to launch tens of thousands of SMS-based phishing messages in 2022. These attacks targeted well-known technology firms, including Twilio, LastPass, DoorDash, and Mailchimp.
SIM-Swapping and Cryptocurrency Theft
After stealing data from these breaches, the group executed SIM-swapping attacks to drain funds from individual cryptocurrency investors. In a SIM-swap, criminals transfer a victim's phone number to a device they control, intercepting text messages and calls—including one-time passcodes for authentication and password reset links. The U.S. Justice Department stated that Buchanan admitted to stealing at least $8 million in virtual currency from victims across the United States.
Investigation and Arrest
The FBI linked Buchanan to the 2022 SMS phishing campaign after discovering that the same username and email address were used to register numerous phishing domains. Domain registrar NameCheap reported that, less than a month before the phishing spree, the account logged in from an Internet address in the United Kingdom. Scottish police confirmed to the FBI that the address was leased to Buchanan throughout 2022.
Flight from the UK and Capture
According to KrebsOnSecurity, Buchanan fled the United Kingdom in February 2023 after a rival cybercrime gang hired thugs to invade his home. The intruders assaulted his mother and threatened to burn him with a blowtorch unless he handed over the keys to his cryptocurrency wallet. Later that year, U.K. investigators discovered a device at Buchanan's residence containing evidence of his criminal activities. He was eventually detained by airport authorities in Spain, as shown in a photograph published by the Daily Mail in May 2025.
Broader Impact on Companies
Scattered Spider's tactics have affected many organizations. Notably, the group was responsible for a ransomware attack on Marks & Spencer (M&S), a major U.K. retail chain, in the previous year. The group's leaderboard once featured Buchanan's handle "Tylerb," marking him as one of the most accomplished cyber thieves in the English-speaking criminal hacking scene.
Aftermath and Sentencing
Buchanan's guilty plea marks a significant step in holding senior members of Scattered Spider accountable. With a potential sentence exceeding 20 years, the case sends a strong message to cybercriminals who use social engineering and phishing to cause financial harm. Investigations into other group members continue, as law enforcement seeks to dismantle the entire network.