Senior Scattered Spider Hacker Pleads Guilty: ‘Tylerb’ Admits Role in Major Cyberattacks

Introduction

A 24-year-old British national and a high-ranking member of the notorious cybercrime group Scattered Spider has entered a guilty plea for wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan, known by his hacker alias “Tylerb,” admitted orchestrating a sophisticated phishing campaign in the summer of 2022 that compromised at least a dozen major technology companies and siphoned tens of millions of dollars in cryptocurrency from investors. Buchanan now faces up to 20 years in U.S. federal prison.

The Phishing Campaign and Breaches

As part of his plea, Buchanan confessed to conspiring with other Scattered Spider members to launch tens of thousands of SMS-based phishing attacks in 2022. These attacks targeted high-profile tech firms, including Twilio, LastPass, DoorDash, and Mailchimp. By tricking employees into revealing credentials, the group gained unauthorized access to internal systems, stealing vast amounts of sensitive data.

Data Used for SIM-Swapping

The stolen data from these breaches was then leveraged for SIM-swapping attacks. In a SIM-swap, criminals transfer a victim’s phone number to a device they control, intercepting text messages and calls—including one-time passwords for authentication and password reset links. This allowed the group to drain cryptocurrency wallets. The U.S. Justice Department confirmed that Buchanan admitted to stealing at least $8 million in virtual currency from victims across the United States.

Buchanan’s Cybercriminal Background

Before his arrest, Buchanan’s alias “Tylerb” appeared on a leaderboard for the English-language criminal hacking scene, tracking the most successful cyber thieves. Originally from Dundee, Scotland, he is now in U.S. custody awaiting sentencing. Two photographs published by the Daily Mail on May 3, 2025, show Buchanan as a child and as an adult being detained by airport authorities in Spain. The screenshot also references Marks & Spencer, a U.K. retail chain that suffered a ransomware attack attributed to Scattered Spider last year.

Scattered Spider’s Tactics

Scattered Spider is a prolific English-speaking cybercrime group famed for using social engineering to breach organizations. They frequently impersonate employees or contractors to deceive IT help desks into granting access, then demand ransoms for stolen data. Buchanan’s role in the group was central to its operations during the 2022 campaign.

How Investigators Tracked Him Down

FBI investigators connected Buchanan to the phishing attacks after discovering that the same username and email address used to register numerous phishing domains matched those observed in the campaign. The domain registrar NameCheap reported that less than a month before the phishing spree, the account logging into those domains originated from a U.K. IP address. Scottish police confirmed to the FBI that this address was leased to Buchanan throughout 2022.

Understanding SIM-Swapping

SIM-swapping involves fraudulently transferring a victim’s phone number to a SIM card controlled by the attacker. Once the swap is complete, the attacker can intercept SMS-based two-factor authentication codes and password reset links, enabling them to access bank accounts, email, and cryptocurrency platforms. In Buchanan’s case, this method was used to steal millions from individual investors.

Aftermath and Flight

As first reported by KrebsOnSecurity, Buchanan fled the United Kingdom in February 2023 after a rival cybercrime gang hired thugs to invade his home, assault his mother, and threaten to burn him with a blowtorch unless he surrendered his cryptocurrency wallet keys. The attack forced him to escape to Spain, where he was eventually detained. Around the same time, U.K. investigators discovered a device at Buchanan’s Scottish residence containing evidence of the phishing domains and communications with other gang members.

Legal Implications and Sentencing

Buchanan faces more than 20 years in prison when sentenced, with the court likely considering the magnitude of the theft and the sophisticated nature of the crimes. His guilty plea marks a significant win for U.S. law enforcement in the fight against transnational cybercrime, though the broader Scattered Spider network remains active.

Conclusion

The case of “Tylerb” highlights the growing threat of social engineering and phishing-based cyberattacks, as well as the extensive damage they can inflict. With a guilty plea secured, authorities hope to dismantle parts of the Scattered Spider group and deter future cybercriminals. However, the group’s reliance on agile tactics and global recruitment means that continued vigilance is required from both companies and individuals.