Scattered Spider's 'Tylerb' Pleads Guilty: Inside the Cybercrime Group's Massive SMS Phishing and Cryptocurrency Theft
A Senior Member’s Day in Court
In a significant development for cybercrime prosecutions, 24-year-old British national Tyler Robert Buchanan—known online by his handle “Tylerb”—has pleaded guilty to charges of wire fraud conspiracy and aggravated identity theft. Buchanan was a senior figure in the notorious English-speaking cybercrime collective called Scattered Spider. His admission in a U.S. court marks the culmination of a sprawling investigation into a series of devastating SMS phishing attacks that rocked the technology industry in the summer of 2022 and siphoned tens of millions of dollars from cryptocurrency investors.
The Scattered Spider Group: Masters of Social Engineering
Scattered Spider is not your typical cybercrime ring. The group is infamous for using sophisticated social engineering tactics rather than technical hacking to break into corporate networks. Members often impersonate employees or contractors, tricking IT help desks into granting them access to internal systems. Once inside, they steal data, deploy ransomware, and demand payments. The group’s methods have proven remarkably effective, targeting major organizations like Marks & Spencer—which suffered a ransomware attack linked to Scattered Spider in 2024.
The Role of SIM Swapping
After gaining access to corporate systems and stealing credentials, Scattered Spider pivoted to SIM-swapping attacks. In a SIM swap, criminals trick a mobile carrier into transferring the victim’s phone number to a device they control. This allows them to intercept one-time passcodes, password reset links, and other authentication messages sent via SMS. With this control, they drain cryptocurrency wallets and bank accounts. Buchanan admitted to stealing at least $8 million in virtual currency from individual victims across the United States as part of this scheme.
The 2022 SMS Phishing Campaign
In the summer of 2022, Buchanan and other Scattered Spider members launched a massive phishing blitz. They sent tens of thousands of text messages designed to trick employees of major tech companies into revealing their login credentials. The campaign successfully breached at least a dozen high-profile firms, including Twilio, LastPass, DoorDash, and Mailchimp. Data stolen from these intrusions was then used to fuel the SIM-swapping attacks that emptied cryptocurrency accounts.
How Investigators Caught “Tylerb”
FBI analysts traced the phishing domains used in the campaign back to a common registrant—the same username and email address that Buchanan had used. The domain registrar NameCheap confirmed that, less than a month before the phishing spree, the account that registered those domains logged in from a U.K. internet address. Scottish police informed the FBI that the address had been leased to Buchanan throughout 2022. This digital breadcrumb was critical in building the case.
Arrest and Extradition
Buchanan fled the United Kingdom in February 2023 after rival cybercriminals invaded his home, assaulted his mother, and threatened to burn him with a blowtorch unless he surrendered the keys to his cryptocurrency wallet. He was later detained by authorities in Spain, as shown in Daily Mail photographs from May 2025. Now in U.S. custody, he awaits sentencing.
Sentencing and Consequences
Buchanan faces a maximum penalty of more than 20 years in federal prison. His guilty plea to wire fraud conspiracy and aggravated identity theft carries severe mandatory minimums. The case sends a strong message to cybercriminals who believe they can operate with impunity by hiding behind encrypted handles and cross-border anonymity.
The Human Toll of Cybercrime
Beyond the legal fallout, the Scattered Spider saga highlights the real-world violence that can accompany digital theft. The attack on Buchanan’s family—including the assault on his mother—is a stark reminder that cybercrime often spills over into physical threats. For the victims who lost their life savings in cryptocurrency, the financial and emotional damage is profound. As Buchanan awaits his fate, the tech industry continues to grapple with the vulnerabilities exposed by groups like Scattered Spider, reinforcing the need for robust authentication and better employee training against phishing.
This case also underscores the global nature of modern cybercrime: a Scottish hacker targeting American companies and investors, arrested in Spain, prosecuted in the United States. The digital world is small, and as Tylerb has learned, the long arm of the law can reach anywhere.