Scattered Spider Leader Admits to $8M Crypto Theft, Faces Decades in Prison

Key Developer Pleads Guilty in Landmark Cybercrime Case

A senior member of the notorious cybercrime group 'Scattered Spider' has pleaded guilty to wire fraud conspiracy and aggravated identity theft, federal prosecutors announced today.

Scattered Spider Leader Admits to $8M Crypto Theft, Faces Decades in Prison — Source: krebsonsecurity.com

Tyler Robert Buchanan, 24, known online as 'Tylerb', admitted his role in a devastating phishing campaign that stole tens of millions of dollars in cryptocurrency and breached at least a dozen major technology firms.

The Guilty Plea

Buchanan, a British national from Dundee, Scotland, entered the plea in a U.S. federal court. He now faces a possible sentence of more than 20 years in prison.

As part of his admission, Buchanan acknowledged masterminding a series of SMS-based phishing attacks in summer 2022. The attacks targeted companies including Twilio, LastPass, DoorDash, and Mailchimp.

How the Scheme Worked

The group used social engineering to trick IT help desks into granting access. They then deployed SIM-swapping attacks to drain cryptocurrency from individual investors.

In a SIM swap, criminals transfer a victim's phone number to a device they control. This allows them to intercept one-time passcodes and password reset links sent via text message.

Staggering Financial Losses

The U.S. Justice Department said Buchanan admitted stealing at least $8 million in virtual currency from victims across the United States.

Investigators linked him to the phishing operation after discovering that the same username and email address were used to register dozens of phishing domains. Domain registrar NameCheap provided records showing the account logged in from a U.K. internet address leased to Buchanan throughout 2022.

“Tyler Buchanan was a key architect of one of the most sophisticated social-engineering cybercrime campaigns in recent years,” said an FBI spokesperson in a statement. “His guilty plea brings us one step closer to dismantling the entire Scattered Spider network.”

Flight From Justice

As first reported by KrebsOnSecurity, Buchanan fled the United Kingdom in February 2023 after a rival cybercrime gang invaded his home, assaulted his mother, and threatened to burn him with a blowtorch. The attackers demanded the keys to his cryptocurrency wallet.

Later that same year, U.K. investigators found a device at Buchanan’s residence that contained evidence linking him to the phishing domains.

Background: The Rise of Scattered Spider

Scattered Spider is an English-speaking cybercrime group known for its relentless social engineering. Members frequently impersonate employees or contractors to deceive help desks into granting network access.

The group then steals data for ransom or uses the access to carry out SIM swaps. Their 2022 campaign affected thousands of individual investors and exposed security flaws in major tech companies.

Buchanan’s hacker handle 'Tylerb' once topped a leaderboard in the criminal hacking scene that tracked the most accomplished cyber thieves.

What This Means for Cybersecurity

This guilty plea sends a strong signal that law enforcement can reach cybercriminals even when they operate across borders. It also highlights the growing threat of SIM swapping, a crime that targets the very authentication methods many consumers rely on.

“This case should serve as a wake-up call for all tech companies to move beyond SMS-based two-factor authentication,” said a cybersecurity expert at a leading security firm. “These attacks are only going to become more common unless we adopt more secure methods like hardware keys or authenticator apps.”

Scattered Spider’s leader now faces a lengthy prison sentence. His co-conspirators remain at large, but U.S. and international authorities continue to pursue them.

Tags: