British Cybercriminal Tylerb of ‘Scattered Spider’ Pleads Guilty to $8 Million Cryptocurrency Theft

A significant development in the realm of cybercrime has emerged with the guilty plea of 24-year-old British national Tyler Robert Buchanan, a senior member of the notorious cybercrime group known as “Scattered Spider.” Buchanan has admitted to charges of wire fraud conspiracy and aggravated identity theft, stemming from a series of text-message phishing attacks that occurred during the summer of 2022. These attacks enabled the group to infiltrate at least a dozen major technology companies, resulting in the theft of tens of millions of dollars in cryptocurrency from unsuspecting investors.

The Rise and Fall of Tylerb

Buchanan, who operated under the hacker alias “Tylerb,” was once a prominent figure in the English-language criminal hacking scene, even appearing on leaderboards that ranked the most skilled cyber thieves. Currently in U.S. custody and awaiting sentencing, the Dundee, Scotland native faces the prospect of over 20 years in prison for his crimes.

The cybercrime group Scattered Spider is notorious for employing social engineering tactics to breach corporate networks and steal sensitive data for ransom. Members often impersonate employees or contractors to deceive IT help desks into granting unauthorized access.

Phishing Attacks and SIM-Swapping

As part of his plea agreement, Buchanan acknowledged his involvement in orchestrating tens of thousands of SMS-based phishing attacks in 2022. These attacks targeted various technology companies, including Twilio, LastPass, DoorDash, and Mailchimp. The data obtained from these breaches facilitated a series of SIM-swapping attacks, which siphoned funds from individual cryptocurrency investors.

In a SIM-swap attack, criminals transfer a victim’s phone number to a device they control, allowing them to intercept text messages and phone calls. This includes one-time passcodes for authentication and password reset links sent via SMS. The U.S. Justice Department has stated that Buchanan admitted to stealing at least $8 million in virtual currency from victims across the United States.

Investigative Breakthroughs

FBI investigators linked Buchanan to the 2022 phishing attacks by identifying the same username and email address used to register multiple phishing domains associated with the campaign. The domain registrar NameCheap reported that the account responsible for these registrations logged in from an Internet address in the U.K. less than a month before the phishing spree. Scottish police confirmed that this address was leased to Buchanan throughout 2022.

In February 2023, Buchanan fled the United Kingdom after a rival cybercrime gang threatened him and his family, demanding access to his cryptocurrency wallet. Investigators later discovered a device at his residence in Scotland containing data stolen from SMS phishing victims and seed phrases from cryptocurrency theft victims.

Arrest and Extradition

Buchanan was apprehended by Spanish authorities in June 2024 while attempting to board a flight to Italy. Following his arrest, he was extradited to the United States and has been in federal custody since April 2025. His case marks a significant moment in the ongoing battle against cybercrime, particularly as he is the second known member of Scattered Spider to plead guilty.

Noah Michael Urban, a 21-year-old from Palm Coast, Florida, was sentenced to 10 years in federal prison last year and ordered to pay $13 million in restitution. Three other alleged co-conspirators, including Ahmed Hossam Eldin Elbadawy, Evans Onyeaka Osiebo, and Joel Martin Evans, are still facing criminal charges.

Broader Implications of Scattered Spider’s Activities

The activities of Scattered Spider extend beyond individual crimes; they are part of a larger cybercriminal community known as “The Com.” This online network allows hackers to boast about their exploits on platforms like Telegram and Discord. The group’s operations often begin with social engineering tactics, tricking individuals into divulging credentials that provide remote access to corporate networks.

Buchanan’s hacker alias, Tylerb, was previously ranked #65 on a leaderboard of SIM-swappers, highlighting the competitive nature of cybercrime. His sentencing hearing is scheduled for August 21, 2026, with the Justice Department indicating that he faces a statutory maximum sentence of 22 years. However, mitigating factors such as his age, criminal history, and cooperation with authorities may influence the final sentence.

The case underscores the ongoing challenges faced by law enforcement in combating sophisticated cybercrime networks and the need for enhanced security measures within the technology sector. As cybercriminals continue to evolve their tactics, the implications for businesses and individual investors remain significant.

For further details on this case, refer to the original reporting source: KrebsOnSecurity.

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.