Senior Scattered Spider Hacker Admits Guilt in Multi-Million Dollar Cyber Fraud

A 24-year-old British national and senior figure in the infamous cybercriminal collective known as Scattered Spider has entered a guilty plea for his role in a series of devastating cyberattacks. Tyler Robert Buchanan, who operated under the handle 'Tylerb,' admitted to wire fraud conspiracy and aggravated identity theft, acknowledging his part in a coordinated phishing campaign that targeted major technology companies and siphoned tens of millions of dollars in cryptocurrency from investors during the summer of 2022.

The Rise and Fall of 'Tylerb'

Buchanan's hacker alias 'Tylerb' once marked him as a top performer on a leaderboard within the English-speaking underground hacking scene—a scoreboard that tracked the most prolific cyber thieves. However, his fortunes shifted dramatically. Now in U.S. custody and awaiting sentencing, the Dundee, Scotland native faces a potential prison term of more than two decades. Two photographs published by the Daily Mail on May 3, 2025, capture contrasting moments: one shows Buchanan as a child, and the other depicts him being detained by Spanish airport authorities. Notably, the acronym 'M&S' in a related screenshot refers to Marks & Spencer, the British retail giant that suffered a ransomware attack orchestrated by Scattered Spider the previous year.

Senior Scattered Spider Hacker Admits Guilt in Multi-Million Dollar Cyber Fraud — Source: krebsonsecurity.com

The Scattered Spider Playbook: Social Engineering Expertise

Scattered Spider is a prolific English-speaking cybercrime group renowned for its social engineering prowess. Members often impersonate employees or contractors to deceive IT help desks into granting unauthorized access to corporate networks. Their methods—ranging from vishing (voice phishing) to fake identity verification—have enabled them to breach high-profile companies and extort ransoms from stolen data. Buchanan's guilty plea sheds light on how the group executed one of its most audacious campaigns.

The 2022 Phishing Campaign That Shook Tech Giants

As part of his plea, Buchanan admitted to conspiring with other Scattered Spider members to launch tens of thousands of SMS-based phishing attacks in 2022. These text messages, designed to trick recipients into revealing credentials, led to intrusions at several major technology firms, including Twilio, LastPass, DoorDash, and Mailchimp. The stolen data from these breaches was then leveraged for more targeted attacks.

SIM Swapping and Cryptocurrency Theft

Using the compromised information, the group executed SIM-swapping attacks to drain funds from individual cryptocurrency investors. In a SIM-swap, criminals transfer the victim's phone number to a device they control, intercepting text messages and calls—including one-time authentication codes sent via SMS. This allowed Buchanan and his associates to reset passwords and access crypto wallets without authorization. The U.S. Justice Department stated that Buchanan admitted to stealing at least $8 million in virtual currency from victims across the United States.

How the FBI Traced Buchanan to the Attacks

FBI investigators linked Buchanan to the 2022 SMS phishing wave after discovering that the same email address and username were used to register numerous phishing domains associated with the campaign. Domain registrar NameCheap revealed that, less than a month before the phishing spree, the account owner logged in from an internet address in the United Kingdom. Scottish police confirmed to the FBI that this address was leased to Buchanan throughout 2022. This digital trail proved pivotal in building the case against him.

Arrest and Legal Proceedings

As first reported by KrebsOnSecurity, Buchanan fled the U.K. in February 2023 after a rival cybercrime gang hired thugs to invade his home, assault his mother, and threaten to burn him with a blowtorch unless he surrendered his cryptocurrency wallet keys. Despite this flight, he was eventually apprehended in Spain and extradited to the United States. In the same year, U.K. authorities found a device at Buchanan's residence in Scotland that contained evidence linking him to the Scattered Spider operations. His guilty plea now ensures a conviction, with sentencing yet to be determined.

Facing Decades Behind Bars

Buchanan's plea to wire fraud conspiracy and aggravated identity theft carries severe penalties. The wire fraud charge alone carries a maximum of 20 years in prison, while aggravated identity theft adds a mandatory two-year consecutive sentence. Federal prosecutors are likely to seek a significant term to deter others in the cybercriminal underground. The case also highlights the growing reach of international law enforcement collaboration in combating digital crime.

Lessons Learned

The downfall of 'Tylerb' underscores the risks associated with high-profile cybercriminal activities, even for those who once topped leaderboards. It also serves as a stark reminder of the devastating impact of text-message phishing and social engineering. For businesses and individuals, the key defenses remain vigilance against unsolicited messages, multi-factor authentication that does not rely solely on SMS, and prompt reporting of suspicious activity. As Scattered Spider continues to evolve, the arrest of a senior member like Buchanan represents a significant victory for law enforcement—but the fight against such adaptable adversaries is far from over.

Tags: