Scattered Spider's 'Tylerb' Admits Guilt: Inside the SMS Phishing Campaign
In a major development for cybersecurity, Tyler Robert Buchanan, a 24-year-old British national and a senior figure in the criminal group Scattered Spider, pleaded guilty to wire fraud conspiracy and aggravated identity theft. Buchanan, known by the hacker handle 'Tylerb,' led a sophisticated SMS phishing operation in 2022 that breached multiple tech giants and siphoned tens of millions in cryptocurrency. Now in U.S. custody and facing over 20 years in prison, his case exposes the inner workings of a modern cybercrime ring. Below, we break down the key details.
Who is Tyler Buchanan and what did he plead guilty to?
Tyler Robert Buchanan is a 24-year-old from Dundee, Scotland, who operated as a senior member of the Scattered Spider cybercrime group. Using the alias 'Tylerb,' he admitted to wire fraud conspiracy and aggravated identity theft. These charges stem from a coordinated SMS phishing campaign in the summer of 2022 that targeted major technology companies. By tricking employees into revealing credentials, Buchanan and his accomplices gained unauthorized access to systems, stole sensitive data, and ultimately looted millions of dollars from cryptocurrency investors. He now awaits sentencing in the U.S., where he could receive more than two decades behind bars.
How did the Scattered Spider phishing attacks work?
The group executed a classic social engineering scheme. They sent tens of thousands of text messages—appearing to be from legitimate sources—to employees of tech companies. These messages urged recipients to click links that led to fake login pages. Once victims entered their credentials, the hackers could infiltrate corporate networks. Buchanan admitted using stolen data to launch SIM-swapping attacks: they transferred victims' phone numbers to devices they controlled, intercepting one-time passcodes and password reset links. This allowed them to empty cryptocurrency wallets. The scale of the theft is staggering.
Which companies were targeted and how much was stolen?
The breach affected at least a dozen technology firms, including Twilio, LastPass, DoorDash, and Mailchimp. The hackers leveraged the stolen corporate data to target individual investors. Buchanan admitted stealing at least $8 million in virtual currency from U.S. victims alone, though overall losses from the cryptocurrency heists are estimated in the tens of millions. Additionally, Scattered Spider executed a ransomware attack on Marks & Spencer (M&S), a major UK retailer, using similar tactics. The group's ability to pivot from corporate breaches to personal theft highlights their sophistication.
How did law enforcement catch Tyler Buchanan?
Investigators from the FBI traced the SMS phishing campaign back to Buchanan after noticing that the same username and email address were used to register numerous phishing domains. NameCheap, the domain registrar, reported that the account logged in from a UK internet address less than a month before the attacks. Scottish police confirmed that address was leased to Buchanan throughout 2022. This digital footprint, combined with financial records, linked him directly to the crimes. Despite his flight from the UK, he was eventually arrested in Spain and extradited to the U.S.
Why did Buchanan flee the United Kingdom in 2023?
In February 2023, Buchanan fled the UK after a violent confrontation with a rival cybercrime gang. According to reports, hired thugs invaded his home, assaulted his mother, and threatened to burn him with a blowtorch unless he handed over the keys to his cryptocurrency wallet. Terrified for his and his family's safety, he escaped to Spain. However, his freedom was short-lived: airport authorities detained him, and he was later transferred to U.S. custody. The episode underscores the dangerous rivalry within the cybercriminal underground.
What is Scattered Spider known for?
Scattered Spider is an English-speaking cybercrime group notorious for social engineering. They bypass technical defenses by impersonating employees or contractors, calling IT help desks to request password resets or new access credentials. Their methods are low-tech but devastatingly effective. Beyond the SMS campaigns, they have executed ransomware attacks and data breaches. The group's leaderboard once featured Buchanan's handle 'Tylerb' as one of the most accomplished thieves. This case reveals how coordinated and brazen such criminal networks can be.
What is the significance of the guilty plea for cybersecurity?
Buchanan's guilty plea marks a rare legal win against a major cybercrime figure. It demonstrates that law enforcement can trace digital identities across borders and hold criminals accountable, even when they hide behind anonymous handles. The case also highlights vulnerabilities in SMS-based authentication—which many companies still rely on. Security experts recommend moving to app-based or hardware authentication to thwart SIM-swapping. Moreover, the plea may encourage other members of Scattered Spider to reconsider their actions, as the threat of 20+ years in prison becomes real.
Related Articles
- Securing Cargo: A Practical Guide to the tar Crate Vulnerability (CVE-2026-33056)
- 6 Critical Lessons from the KICS and Trivy Supply Chain Attacks of 2026
- How to Identify and Mitigate PyPI Malware Attacks Using Zulip APIs
- Critical Supply Chain Attack Hits PyTorch Lightning and Intercom-client Packages: Credential Theft Confirmed
- Amazon SES Exploited in Massive Phishing Campaign; Experts Warn of Credential Theft
- How to Fortify Your Organization Against Insider Threats: Lessons from the NSA's Snowden Crisis
- Breaking: Zero-Day Supply Chain Attacks Neutralized—Defenses That Stop Unseen Payloads Prove Critical
- Ransomware Defense and Legal Pitfalls: A Case Study of the BlackCat Sentencing