UK Hacker 'Tylerb' of Scattered Spider Group Pleads Guilty to $8M Crypto Theft Conspiracy

A 24-year-old British national and senior member of the cybercrime group Scattered Spider has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan, also known by his hacker handle ‘Tylerb’, admitted his role in a series of text-message phishing attacks during the summer of 2022.

These attacks enabled the group to infiltrate at least a dozen major technology companies and steal tens of millions of dollars’ worth of cryptocurrency from investors. Buchanan’s hacker handle once appeared on a leaderboard in the English-language criminal hacking scene, ranking among the most accomplished cyber thieves.

Now in U.S. custody and awaiting sentencing, the Dundee, Scotland native faces up to 20 years in prison. Two photos published in a Daily Mail story dated May 3, 2025, show Buchanan as a child (left) and as an adult being detained by airport authorities in Spain. The caption ‘M S’ refers to Marks & Spencer, a major U.K. retail chain that suffered a ransomware attack last year attributed to Scattered Spider.

Who Is Scattered Spider?

Scattered Spider is a prolific English-speaking cybercrime group notorious for using social engineering tactics to breach companies, steal data for ransom, and impersonate employees or contractors to deceive IT help desks into granting unauthorized access.

Buchanan’s Role in the 2022 Cyberattacks

As part of his guilty plea, Buchanan admitted conspiring with other Scattered Spider members to launch tens of thousands of SMS-based phishing attacks in 2022. These attacks targeted several technology companies, including:

• Twilio
• LastPass
• DoorDash
• Mailchimp

The group then exploited the stolen data to execute SIM-swapping attacks, siphoning funds from individual cryptocurrency investors. In a SIM-swap scam, criminals transfer a victim’s phone number to a device they control, intercepting text messages or calls—such as one-time passcodes or password reset links sent via SMS—to gain access to accounts.

The U.S. Justice Department stated that Buchanan admitted to stealing at least $8 million in virtual currency from victims across the United States.

Investigation and Arrest Timeline

FBI investigators linked Buchanan to the 2022 SMS phishing attacks after discovering that the same username and email address were used to register numerous phishing domains. The domain registrar NameCheap found that less than a month before the phishing campaign, the account registering these domains logged in from an Internet address in the U.K.

Investigators confirmed with Scottish police that the address was leased to Buchanan throughout 2022.

Fleeing the U.K. and Subsequent Arrest

In February 2023, Buchanan fled the United Kingdom after a rival cybercrime gang hired assailants to invade his home, assault his mother, and threaten him with a blowtorch unless he surrendered the keys to his cryptocurrency wallet.

Later that year, U.K. investigators seized a device from Buchanan’s Scotland residence containing data stolen from SMS phishing victims and seed phrases from cryptocurrency theft victims.

Buchanan was arrested by Spanish authorities in June 2024 while attempting to board a flight to Italy. He was subsequently extradited to the United States to face charges.