British Cybercriminal 'Tylerb' Admits Role in Scattered Spider's Sophisticated Phishing and Crypto Thefts

In a significant development in the fight against cybercrime, a key figure from the notorious hacking group Scattered Spider has entered a guilty plea. Tyler Robert Buchanan, known online as 'Tylerb,' now faces severe legal consequences for orchestrating a series of text-message phishing attacks that targeted major tech companies and siphoned off millions in cryptocurrency. This Q&A dives into the details of the case, the group's methods, and what this means for the future of digital security.

Who is Tylerb and what role did he play in Scattered Spider?

Tyler Robert Buchanan, a 24-year-old British national from Dundee, Scotland, was a senior member of the cybercrime group Scattered Spider. Operating under the hacker handle 'Tylerb,' he often appeared on leaderboards that tracked the most successful cyber thieves in English-language hacking circles. Buchanan admitted to being a central figure in a 2022 campaign that used SMS-based phishing to breach at least a dozen major technology firms, including Twilio, LastPass, DoorDash, and Mailchimp. His guilty plea covers charges of wire fraud conspiracy and aggravated identity theft, with the Justice Department noting he personally stole over $8 million in virtual currency from victims across the United States. Now in U.S. custody, he awaits sentencing which could exceed 20 years in prison.

How did Scattered Spider carry out its phishing attacks?

Scattered Spider is known for using social engineering tactics to infiltrate companies. During the summer of 2022, Buchanan and his accomplices launched tens of thousands of SMS-based phishing messages, impersonating employees or contractors to trick IT help desks into granting access. Once inside, they stole sensitive data which they then used in SIM-swapping attacks. This technique involves transferring a victim's phone number to a device controlled by the attackers, allowing them to intercept authentication codes and password reset links sent via text message or call. With this access, they drained cryptocurrency wallets from individual investors. The group's methods were highly targeted and effective, exploiting trust in everyday communication channels.

Which companies were targeted and what was the impact?

The phishing campaign in 2022 primarily hit technology companies, including cloud communication platform Twilio, password manager LastPass, food delivery service DoorDash, and email marketing firm Mailchimp. These breaches allowed Scattered Spider to gather credentials and access to internal systems, which then enabled SIM-swapping attacks against individual cryptocurrency investors. The U.S. Justice Department states that Buchanan admitted to stealing at least $8 million in virtual currency from victims throughout the United States. Beyond financial losses, the breaches exposed sensitive customer data and eroded trust in these services, highlighting the cascading effects of targeted cyber attacks that start with simple phishing texts.

How did investigators catch Tyler Buchanan?

FBI investigators tied Buchanan to the attacks by analyzing the phishing domains used in the campaign. They discovered that the same username and email address were used to register numerous domains through the registrar NameCheap. Notably, less than a month before the phishing spree began in 2022, the account that registered these domains logged in from an internet address in the United Kingdom. Scottish police confirmed that this address was leased to Buchanan throughout 2022. This digital footprint provided enough evidence to link him directly to the crimes, leading to his eventual arrest and extradition.

What happened after Buchanan fled the UK?

In February 2023, Buchanan fled the United Kingdom following a violent incident. According to reports first covered by KrebsOnSecurity, a rival cybercrime gang hired thugs to invade his home, assault his mother, and threaten him with a blowtorch unless he surrendered his cryptocurrency wallet keys. This attack prompted him to leave the country. He was later detained by airport authorities in Spain, as shown in photos published by the Daily Mail in May 2025. After his detention, he was extradited to the United States to face charges. The incident underscores the dangerous rivalries that can erupt within the cybercrime underworld.

What sentence does Buchanan face and what does this mean for cybercrime?

Tyler Buchanan pleaded guilty to wire fraud conspiracy and aggravated identity theft, which carries a maximum penalty of over 20 years in prison. His sentencing is pending. This case highlights the global reach of cybercrime and the increasing efforts by law enforcement to dismantle groups like Scattered Spider. It also serves as a warning that even sophisticated hackers can be tracked down through digital breadcrumbs. For companies and individuals, the case reinforces the importance of robust authentication methods beyond SMS, such as app-based 2FA, and the need for constant vigilance against social engineering attacks. The guilty plea marks a significant victory for U.S. and international authorities in the fight against digital extortion.