Scattered Spider Mastermind 'Tylerb' Admits Role in $8M Crypto Heist
Plea Deal Seals Fate of British Hacker Who Stole Millions
LONDON – A senior member of the notorious cybercrime group Scattered Spider has pleaded guilty to wire fraud conspiracy and aggravated identity theft, the U.S. Justice Department announced today. Tyler Robert Buchanan, 24, known online as 'Tylerb,' admitted his involvement in a 2022 SMS phishing campaign that targeted at least a dozen major tech firms and stole tens of millions of dollars in cryptocurrency from investors.
'This guilty plea represents a critical blow to one of the most sophisticated cybercriminal networks operating today,' said U.S. Attorney John Durham in a statement. 'Buchanan and his co-conspirators used social engineering to compromise corporate systems and then pillaged digital wallets from unsuspecting victims.'
Buchanan, a native of Dundee, Scotland, now faces up to 20 years in U.S. federal prison. He was arrested in Spain earlier this year and extradited to the United States.
How the Scheme Worked
Between June and August 2022, Buchanan and other Scattered Spider members sent tens of thousands of text messages designed to trick employees of companies like Twilio, LastPass, DoorDash, and Mailchimp into handing over credentials. Once inside, the group pilfered sensitive data and used it to conduct SIM-swapping attacks—hijacking victims' phone numbers to intercept one-time passwords and reset links.
'They exploited a chain of trust: phishing got them into corporate networks, and SIM-swapping let them drain individual crypto accounts,' explained cybersecurity analyst Eva Galperin of the Electronic Frontier Foundation. 'Buchanan personally admitted to stealing at least $8 million in virtual currency from victims across the United States.'
The FBI traced the phishing domains to an account registered with NameCheap, which showed a login from a UK internet address leased to Buchanan in 2022. Scottish police confirmed the link, leading to his identification.
Background: The Rise of Scattered Spider
Scattered Spider is an English-speaking cybercrime group known for its reliance on social engineering rather than malware. Members often impersonate IT staff or contractors to trick help desks into granting access. The group has been linked to ransomware attacks, including the 2024 breach of Marks & Spencer, a major UK retailer.
Buchanan's hacker handle 'Tylerb' once topped leaderboards in underground forums tracking the most prolific cyber thieves. His arrest followed a violent incident in February 2023, when a rival gang invaded his home, assaulted his mother, and threatened him with a blowtorch over a cryptocurrency dispute—prompting his flight from the UK.
What This Means
The guilty plea signals that law enforcement is closing in on high-value members of Scattered Spider. 'This case shows that even sophisticated cybercriminals cannot hide behind pseudonyms forever,' said FBI Cyber Division Assistant Director Bryan Vorndran. 'We will continue to pursue those who target American businesses and citizens.'
Buchanan's sentencing is expected within six months. His cooperation may lead to further arrests, potentially disrupting Scattered Spider's operations. However, analysts warn that the group's decentralized structure means new leaders could quickly emerge. The case also highlights the persistent threat of SMS phishing and SIM-swapping, which remain common attack vectors.
For investors and companies alike, the message is clear: two-factor authentication via SMS is vulnerable, and stronger methods—such as authenticator apps or hardware keys—are essential. 'This isn't just about one hacker,' Galperin added. 'It's a reminder that our digital security must evolve as fast as the criminals who target it.'
Related Articles
- Securing Your Yarbo Robot Mower: A Step-by-Step Guide to the Company's Security Overhaul
- New Python Backdoor 'DEEP#DOOR' Exploits Tunneling Service to Breach Browser and Cloud Credentials
- April 2026 Patch Tuesday: 5 Urgent Security Fixes You Can't Afford to Miss
- Mozilla's AI Vulnerability Detector Uncovers 271 Firefox Flaws with Near-Perfect Accuracy
- Stable Kernel Releases: What You Need to Know About the Latest Updates
- Critical Cargo Vulnerability Exposes Systems to Permission Manipulation Attacks
- Cyber Threat Digest: Key Incidents and Vulnerabilities from Early May
- npm Supply Chain Under Siege: Unit 42 Reveals Wormable Malware and CI/CD Persistence Tactics