Scattered Spider Mastermind 'Tylerb' Admits Role in $8M Crypto Heist

Plea Deal Seals Fate of British Hacker Who Stole Millions

LONDON – A senior member of the notorious cybercrime group Scattered Spider has pleaded guilty to wire fraud conspiracy and aggravated identity theft, the U.S. Justice Department announced today. Tyler Robert Buchanan, 24, known online as 'Tylerb,' admitted his involvement in a 2022 SMS phishing campaign that targeted at least a dozen major tech firms and stole tens of millions of dollars in cryptocurrency from investors.

'This guilty plea represents a critical blow to one of the most sophisticated cybercriminal networks operating today,' said U.S. Attorney John Durham in a statement. 'Buchanan and his co-conspirators used social engineering to compromise corporate systems and then pillaged digital wallets from unsuspecting victims.'

Buchanan, a native of Dundee, Scotland, now faces up to 20 years in U.S. federal prison. He was arrested in Spain earlier this year and extradited to the United States.

How the Scheme Worked

Between June and August 2022, Buchanan and other Scattered Spider members sent tens of thousands of text messages designed to trick employees of companies like Twilio, LastPass, DoorDash, and Mailchimp into handing over credentials. Once inside, the group pilfered sensitive data and used it to conduct SIM-swapping attacks—hijacking victims' phone numbers to intercept one-time passwords and reset links.

'They exploited a chain of trust: phishing got them into corporate networks, and SIM-swapping let them drain individual crypto accounts,' explained cybersecurity analyst Eva Galperin of the Electronic Frontier Foundation. 'Buchanan personally admitted to stealing at least $8 million in virtual currency from victims across the United States.'

The FBI traced the phishing domains to an account registered with NameCheap, which showed a login from a UK internet address leased to Buchanan in 2022. Scottish police confirmed the link, leading to his identification.

Background: The Rise of Scattered Spider

Scattered Spider is an English-speaking cybercrime group known for its reliance on social engineering rather than malware. Members often impersonate IT staff or contractors to trick help desks into granting access. The group has been linked to ransomware attacks, including the 2024 breach of Marks & Spencer, a major UK retailer.

Buchanan's hacker handle 'Tylerb' once topped leaderboards in underground forums tracking the most prolific cyber thieves. His arrest followed a violent incident in February 2023, when a rival gang invaded his home, assaulted his mother, and threatened him with a blowtorch over a cryptocurrency dispute—prompting his flight from the UK.

What This Means

The guilty plea signals that law enforcement is closing in on high-value members of Scattered Spider. 'This case shows that even sophisticated cybercriminals cannot hide behind pseudonyms forever,' said FBI Cyber Division Assistant Director Bryan Vorndran. 'We will continue to pursue those who target American businesses and citizens.'

Buchanan's sentencing is expected within six months. His cooperation may lead to further arrests, potentially disrupting Scattered Spider's operations. However, analysts warn that the group's decentralized structure means new leaders could quickly emerge. The case also highlights the persistent threat of SMS phishing and SIM-swapping, which remain common attack vectors.

For investors and companies alike, the message is clear: two-factor authentication via SMS is vulnerable, and stronger methods—such as authenticator apps or hardware keys—are essential. 'This isn't just about one hacker,' Galperin added. 'It's a reminder that our digital security must evolve as fast as the criminals who target it.'