A 24-year-old British national and senior member of the notorious cybercrime group 'Scattered Spider' has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan, known online as 'Tylerb,' admitted orchestrating a series of text-message phishing attacks in summer 2022 that compromised at least twelve major technology companies and drained tens of millions of dollars in cryptocurrency from investors.
Buchanan now faces a potential sentence of over 20 years in a U.S. federal prison. The Dundee, Scotland native was arrested in Spain and is currently in U.S. custody awaiting sentencing. His hacker handle once topped a leaderboard in the English-language cybercrime underground that tracked the most prolific thieves.
Background
Scattered Spider is an English-speaking cybercrime group infamous for using social engineering to infiltrate corporate networks. The gang often impersonates employees or contractors to trick IT help desks into granting access, then steals data for ransom or sells it on the dark web.
As part of his plea, Buchanan admitted launching tens of thousands of SMS-based phishing attacks in 2022 that led to breaches at companies including Twilio, LastPass, DoorDash, and Mailchimp. The group then used stolen data to perform SIM-swapping attacks, transferring victims' phone numbers to devices under their control and intercepting one-time passcodes sent via text. The U.S. Justice Department said Buchanan admitted stealing at least $8 million in virtual currency from individual victims across the United States.
FBI investigators linked Buchanan to the phishing campaign after discovering the same username and email address were used to register numerous phishing domains. The domain registrar NameCheap revealed that less than a month before the attacks, the account logged in from a U.K. internet address that Scottish police confirmed was leased to Buchanan throughout 2022.
SIM-Swapping Explained
In an unauthorized SIM-swap, criminals transfer a target's phone number to a device they control. This allows them to intercept calls and texts, including authentication codes and password reset links sent via SMS, enabling them to access cryptocurrency wallets and financial accounts.
What This Means
This case highlights the critical vulnerability of SMS-based two-factor authentication (2FA) in protecting high-value accounts. Cybersecurity experts urge companies and individuals to adopt more secure methods like authenticator apps or hardware tokens.
"Buchanan's guilty plea sends a clear message that law enforcement will pursue cybercriminals across borders," said a DOJ official. "Groups like Scattered Spider exploit human trust, but international cooperation is closing in on them." The case also demonstrates how rival cybercrime gangs can accelerate law enforcement efforts: Buchanan fled the U.K. in early 2023 after a rival gang assaulted his mother and threatened to burn him with a blowtorch. That incident led to a police investigation that uncovered evidence of his crimes.