7 Shocking Revelations from the 'Scattered Spider' Mastermind's Guilty Plea
When a 24-year-old from Scotland topped the leaderboard of English-speaking cyber thieves, few could have imagined the chaos he would unleash. Tyler Robert Buchanan, known online as 'Tylerb,' recently pleaded guilty to wire fraud conspiracy and aggravated identity theft, exposing the inner workings of the notorious 'Scattered Spider' group. This numbered list unpacks the key details from the case, from his phishing spree to his dramatic arrest in Spain. Read on to learn how a teenager turned into one of the most wanted cybercriminals—and why his story is a wake-up call for digital security.
- A British Teenager at the Top of the Cybercrime Leaderboard
- The Phishing Campaign That Targeted Tech Giants
- How SIM-Swapping Stole Millions from Investors
- The Role of SMS Fraud in a Ransomware Attack on M&S
- A Rival Gang’s Attack That Forced Him to Flee
- The Digital Trail That Led FBI to His Door
- What His Guilty Plea Means for the Future of Cybercrime
1. A British Teenager at the Top of the Cybercrime Leaderboard
At just 24 years old, Tyler Robert Buchanan—known as 'Tylerb' in criminal circles—was already a senior figure in the Scattered Spider syndicate. His name once dominated a leaderboard dedicated to tracking the most accomplished English-speaking hackers. Born and raised in Dundee, Scotland, Buchanan’s rise to infamy started early. He honed his skills in social engineering, using fake personas to trick people into handing over sensitive data. By the time he was arrested in Spain, he had become a legend in the underground scene. Now facing over 20 years in prison, his guilty plea marks a stunning fall from grace for a young man who thought he was untouchable.
2. The Phishing Campaign That Targeted Tech Giants
In the summer of 2022, Buchanan and his accomplices launched a massive SMS-based phishing blitz. Tens of thousands of text messages were sent, each disguised as legitimate alerts from companies like Twilio, LastPass, DoorDash, and Mailchimp. Employees at these firms clicked on malicious links, handing over login credentials. This allowed Scattered Spider to breach at least a dozen major tech organizations. The group then sifted through stolen databases to find valuable data—including access to cryptocurrency exchange accounts. The attack was so sophisticated that it left cybersecurity experts scrambling to contain the damage. Buchanan admitted in court that he orchestrated these intrusions with precision.
3. How SIM-Swapping Stole Millions from Investors
Once inside the tech companies, the group moved to steal digital assets. Their weapon of choice: SIM-swapping. This technique involves tricking a mobile carrier into transferring a victim’s phone number to a hacker-controlled device. With the number, they could intercept SMS-based two-factor authentication codes and password reset links. Buchanan confessed to stealing at least $8 million in cryptocurrency from individual investors across the United States. The victims were often high-net-worth individuals who held large amounts of Bitcoin or Ethereum. The U.S. Justice Department highlighted how the group used stolen phone numbers to drain wallets and transfer funds to obscure crypto addresses.
4. The Role of SMS Fraud in a Ransomware Attack on M&S
Scattered Spider didn’t stop at crypto theft. They also deployed ransomware against major corporations. One high-profile victim was Marks & Spencer (M&S), the iconic U.K. retail chain. In a 2024 attack, the group used similar social engineering tactics to break into M&S’s systems, encrypt data, and demand payment. The incident was widely reported by British media, including the Daily Mail. Two photos from that coverage show Buchanan as a smiling child and as a handcuffed adult being detained by Spanish airport authorities. The M&S breach proved that the group’s methods could cripple brick-and-mortar giants, not just digital firms.
5. A Rival Gang’s Attack That Forced Him to Flee
In February 2023, Buchanan’s criminal life took a violent turn. A rival cybercrime syndicate hired thugs to invade his home in Scotland. They assaulted his mother and threatened to burn him with a blowtorch unless he surrendered the keys to his cryptocurrency wallet. Terrified, Buchanan fled the United Kingdom. He became a fugitive, traveling across Europe until Spanish authorities arrested him in early 2025. The incident, first reported by KrebsOnSecurity, exposed the brutal turf wars within the hacking underworld. Even for a seasoned thief like Buchanan, the dangers were too real.
6. The Digital Trail That Led FBI to His Door
FBI investigators connected Buchanan to the 2022 phishing campaign through digital breadcrumbs. The same username and email address appeared in registrations for hundreds of phishing domains. The domain registrar NameCheap traced the account back to a U.K. internet address. Scottish police confirmed that address was leased to Buchanan throughout 2022. The FBI also analyzed communication patterns and cryptocurrency transactions. The case shows that cybercriminals leave vast digital footprints—if law enforcement knows where to look. Buchanan’s arrest was a triumph of forensic analysis over anonymity.
7. What His Guilty Plea Means for the Future of Cybercrime
Buchanan’s guilty plea sends a clear message: even the most cunning hackers can be caught and punished. He now faces a maximum of 20 years in federal prison for wire fraud conspiracy and a mandatory two-year term for aggravated identity theft. The case also highlights the growing sophistication of social engineering attacks, which exploit human error rather than software flaws. Companies are now investing heavily in employee training and multi-factor authentication methods that are resistant to SIM-swapping. While Scattered Spider remains active, losing a senior member like Buchanan is a major blow. For aspiring cybercriminals, the message is simple: the cost of stealing might be your freedom.
In conclusion, the downfall of 'Tylerb' reveals both the vulnerabilities in our digital infrastructure and the relentless pursuit of justice by international law enforcement. From a teenager obsessed with leaderboards to a fugitive hunted by FBI, Buchanan’s story is a cautionary tale. It underscores the need for stronger defenses against phishing, better SIM security, and international cooperation in cybercrime investigations. As technology evolves, so do threats—but so do the efforts to stop them.