Scattered Spider Leader Admits to $8M Crypto Theft, Faces Decades in Prison
Key Developer Pleads Guilty in Landmark Cybercrime Case
A senior member of the notorious cybercrime group 'Scattered Spider' has pleaded guilty to wire fraud conspiracy and aggravated identity theft, federal prosecutors announced today.

Tyler Robert Buchanan, 24, known online as 'Tylerb', admitted his role in a devastating phishing campaign that stole tens of millions of dollars in cryptocurrency and breached at least a dozen major technology firms.
The Guilty Plea
Buchanan, a British national from Dundee, Scotland, entered the plea in a U.S. federal court. He now faces a possible sentence of more than 20 years in prison.
As part of his admission, Buchanan acknowledged masterminding a series of SMS-based phishing attacks in summer 2022. The attacks targeted companies including Twilio, LastPass, DoorDash, and Mailchimp.
How the Scheme Worked
The group used social engineering to trick IT help desks into granting access. They then deployed SIM-swapping attacks to drain cryptocurrency from individual investors.
In a SIM swap, criminals transfer a victim's phone number to a device they control. This allows them to intercept one-time passcodes and password reset links sent via text message.
Staggering Financial Losses
The U.S. Justice Department said Buchanan admitted stealing at least $8 million in virtual currency from victims across the United States.
Investigators linked him to the phishing operation after discovering that the same username and email address were used to register dozens of phishing domains. Domain registrar NameCheap provided records showing the account logged in from a U.K. internet address leased to Buchanan throughout 2022.
“Tyler Buchanan was a key architect of one of the most sophisticated social-engineering cybercrime campaigns in recent years,” said an FBI spokesperson in a statement. “His guilty plea brings us one step closer to dismantling the entire Scattered Spider network.”
Flight From Justice
As first reported by KrebsOnSecurity, Buchanan fled the United Kingdom in February 2023 after a rival cybercrime gang invaded his home, assaulted his mother, and threatened to burn him with a blowtorch. The attackers demanded the keys to his cryptocurrency wallet.

Later that same year, U.K. investigators found a device at Buchanan’s residence that contained evidence linking him to the phishing domains.
Background: The Rise of Scattered Spider
Scattered Spider is an English-speaking cybercrime group known for its relentless social engineering. Members frequently impersonate employees or contractors to deceive help desks into granting network access.
The group then steals data for ransom or uses the access to carry out SIM swaps. Their 2022 campaign affected thousands of individual investors and exposed security flaws in major tech companies.
Buchanan’s hacker handle 'Tylerb' once topped a leaderboard in the criminal hacking scene that tracked the most accomplished cyber thieves.
What This Means for Cybersecurity
This guilty plea sends a strong signal that law enforcement can reach cybercriminals even when they operate across borders. It also highlights the growing threat of SIM swapping, a crime that targets the very authentication methods many consumers rely on.
“This case should serve as a wake-up call for all tech companies to move beyond SMS-based two-factor authentication,” said a cybersecurity expert at a leading security firm. “These attacks are only going to become more common unless we adopt more secure methods like hardware keys or authenticator apps.”
Scattered Spider’s leader now faces a lengthy prison sentence. His co-conspirators remain at large, but U.S. and international authorities continue to pursue them.
Related Articles
- Google Shifts Bug Bounty Focus: Chrome Rewards Trimmed, Android Bounties Soar as AI Drives New Security Challenges
- Scattered Spider's Tyler Buchanan Pleads Guilty: Inside the Summer 2022 SMS Phishing Spree That Stole Millions
- How Bitcoin Is Reshaping U.S. Military Strategy: The Concept of Power Projection in Cyberspace
- Quality and Shared Responsibility: The Next Chapter of GitHub's Bug Bounty Program
- 7 Critical Insights into the Killswitch Approach for Emergency Vulnerability Mitigation
- Safeguarding AI Agents: A Step-by-Step Guide to Preventing Identity Theft
- OceanLotus Exploits PyPI to Deploy Novel ZiChatBot Malware via Camouflaged Packages
- MSPs Miss Billions as Cybersecurity Sales Strategies Falter – New Analysis Reveals Critical Gaps