A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology companies and steal tens of millions of dollars worth of cryptocurrency from investors.
Buchanan’s hacker handle “Tylerb” once appeared on a leaderboard tracking the most active SIM-swappers in English-language cybercrime circles. Now in U.S. Custody and awaiting sentencing, the Dundee, Scotland native faces a statutory maximum sentence of 22 years in federal prison, according to the U.S. Justice Department. His sentencing hearing is scheduled for August 21, 2026.
As part of his guilty plea, Buchanan admitted conspiring with other Scattered Spider members to launch tens of thousands of SMS-based phishing attacks in 2022 that led to intrusions at technology companies including Twilio, LastPass, DoorDash, and Mailchimp. The group then used stolen data to conduct SIM-swapping attacks that siphoned funds from individual cryptocurrency investors. In such attacks, criminals transfer a victim’s phone number to a device they control to intercept one-time passcodes and password reset links sent via SMS.
The U.S. Justice Department stated Buchanan admitted to stealing at least $8 million in virtual currency from individual victims throughout the United States. FBI investigators tied him to the 2022 SMS phishing campaign after discovering the same username and email address was used to register numerous phishing domains. The domain registrar NameCheap found that less than a month before the phishing spree, the account that registered those domains logged in from an Internet address in the U.K., which Scottish police confirmed was leased to Buchanan throughout 2022.
According to KrebsOnSecurity, Buchanan fled the United Kingdom in February 2023 after a rival cybercrime gang invaded his home, assaulted his mother, and threatened to burn him with a blowtorch unless he surrendered his cryptocurrency wallet keys. That same year, U.K. Investigators found a device at his Scotland residence containing data stolen from SMS phishing victims and seed phrases from cryptocurrency theft victims.
Buchanan was arrested by Spanish authorities in June 2024 while attempting to board a flight to Italy. He was extradited to the United States and has remained in U.S. Federal custody since April 2025. He is the second known Scattered Spider member to plead guilty, following Noah Michael Urban, who was sentenced to 10 years in federal prison in August 2025 and ordered to pay $13 million in restitution.
Three other alleged co-conspirators — Ahmed Hossam Eldin Elbadawy (a.k.a. “AD”), Evans Onyeaka Osiebo, and Joel Martin Evans (a.k.a. “joeleoli”) — still face criminal charges in the United States. Two other alleged members, Owen Flowers and Thalha Jubair, are set to stand trial in the United Kingdom in June 2026 on charges related to the hacking and extortion of several large U.K. Retailers, the London transit system, and U.S. Healthcare providers. Both have pleaded not guilty.
Investigators say the Scattered Spider suspects are part of a broader cybercriminal community known as “The Com,” where hackers from different groups boast on Telegram and Discord about high-profile thefts that typically start with social engineering — tricking individuals into revealing credentials via phone, email, or SMS to gain remote access to corporate networks. One popular SIM-swapping channel on Telegram previously ranked Buchanan’s alias “Tylerb” at #65 and Urban’s alias “Sosa” at #24 on its leaderboard of the most prolific cryptocurrency thieves.
Scattered Spider, also referred to as UNC3944 and more recently identified as ShinyHunters, is a hacking group mostly made up of teens and young adults believed to reside in the United States and the United Kingdom. The group gained notoriety for its involvement in the hacking and extortion of Caesars Entertainment and MGM Resorts International, two of the largest casino and gambling companies in the U.S. It has also targeted Visa, Marks & Spencer, PNC Financial Services, Transamerica, New York Life Insurance, Synchrony Financial, Truist Bank, Twilio, and JLR.
Members of Scattered Spider have been connected with hacks against Snowflake cloud storage customers in the U.S. And, more recently, against Qantas, the flag carrier of Australia. A collective of cybercrime groups including Scattered Spider, Lapsus$, and ShinyHunters was formed in 2025, which has created at least 16 Telegram channels since August 8, 2025.
Buchanan’s case highlights the growing threat of SIM-swapping and social engineering attacks targeting both corporations and individual cryptocurrency holders. As law enforcement continues to dismantle cybercriminal networks like The Com, cases such as this underscore the importance of multi-factor authentication, vigilance against phishing attempts, and timely reporting of suspicious activity.
For updates on this case and related cybercrime developments, readers can refer to official filings from the U.S. Department of Justice and press releases from the Federal Bureau of Investigation. The next confirmed checkpoint in this case is Buchanan’s sentencing hearing on August 21, 2026.
We encourage readers to share their thoughts on this story in the comments below and to share this article with others interested in cybersecurity and digital crime trends.