In a landmark case against one of the most prolific English-speaking cybercrime groups, a senior member known by the alias "Tylerb" has pleaded guilty to federal charges in the United States. Tyler Robert Buchanan, a 24-year-old from Dundee, Scotland, admitted to orchestrating a series of text-message phishing attacks in 2022 that compromised major technology firms and led to tens of millions of dollars in cryptocurrency theft. This article breaks down the key facts of the case, the group's methods, and what lies ahead for the convicted hacker.

Who Is Tylerb, and What Did He Plead Guilty To?

Tyler Robert Buchanan, known online as Tylerb, was a high-ranking member of the cybercrime gang Scattered Spider. He entered a guilty plea in U.S. federal court to charges of wire fraud conspiracy and aggravated identity theft. These charges stem from his involvement in SMS-based phishing campaigns during the summer of 2022 that targeted at least a dozen technology companies. As part of the plea, Buchanan admitted to conspiring with others to launch tens of thousands of deceptive text messages, which tricked employees into revealing credentials. This allowed the group to breach networks and steal sensitive data, ultimately siphoning millions in cryptocurrency from individual investors. Buchanan now faces a potential sentence of more than 20 years in prison.

What Is Scattered Spider and How Did They Operate?

Scattered Spider is the name assigned to a loose-knit, English-speaking cybercrime group notorious for using social engineering tactics. Their hallmark method involved impersonating employees or contractors to deceive IT help desks into granting unauthorized access. Once inside a company's systems, they would steal data and demand ransoms. The group gained notoriety for targeting high-profile tech firms including Twilio, LastPass, DoorDash, and Mailchimp during the 2022 campaign. Their attacks often began with phishing texts designed to harvest login credentials, followed by SIM-swapping — a technique where they transfer a victim's phone number to a device they control to intercept one-time passwords and authentication codes. This allowed them to drain cryptocurrency wallets.

How Was Buchanan Tracked Down by Investigators?

FBI investigators linked Buchanan to the phishing campaign after discovering that the same username and email address were used to register numerous phishing domains. The domain registrar NameCheap assisted in the investigation, finding that less than a month before the phishing spree, the account logged in from an Internet Protocol address in the United Kingdom. Further cooperation with Scottish police revealed that this address was leased to Buchanan throughout 2022. This digital trail provided the crucial evidence needed to identify him as a key operator. The case highlights how routine registration data can become a powerful tool in cybercrime investigations when combined with law enforcement cooperation across borders.

What Was the SIM-Swapping Scheme and How Much Was Stolen?

After breaching tech companies, Scattered Spider used the stolen data to execute SIM-swapping attacks on individual cryptocurrency investors. In a SIM swap, criminals transfer the target's phone number to a device they control, intercepting text messages and calls — including one-time passcodes for authentication and password reset links. This allowed the group to access victims' crypto accounts and drain their funds. The U.S. Justice Department stated that Buchanan admitted to stealing at least $8 million in virtual currency from individual victims across the United States. The total losses across all victims, including the corporate breaches, reached tens of millions of dollars. The scheme demonstrated how phishing attacks on companies could be leveraged for large-scale financial theft.

Why Did Buchanan Flee the UK, and What Happened Next?

In a dramatic turn, Buchanan fled the United Kingdom in February 2023 after a rival cybercrime gang targeted him. According to reporting by KrebsOnSecurity, the rival gang hired thugs who invaded his home, assaulted his mother, and threatened to burn him with a blowtorch unless he surrendered the keys to his cryptocurrency wallet. This violent incident prompted Buchanan to leave the country. He was later detained by airport authorities in Spain, as shown in photos published by the Daily Mail in May 2025. His capture abroad led to extradition proceedings and eventually his guilty plea in the United States. The case underscores the dangerous rivalries that exist within the cybercriminal underground.

What Sentence Does Buchanan Face?

Having pleaded guilty to wire fraud conspiracy and aggravated identity theft, Tyler Buchanan now faces a maximum sentence of more than 20 years in federal prison. Aggravated identity theft carries a mandatory minimum of two years, which must run consecutively to any other term. The exact sentence will be determined by a judge, who will consider factors such as the scale of the financial harm, the number of victims, and Buchanan's cooperation — though it is unclear if he is cooperating with authorities. His case serves as a warning to other cybercriminals that law enforcement can and will pursue them across international borders.