British Hacker 'Tylerb' Pleads Guilty in Multi-Million Dollar Cryptocurrency Theft

Overview of the Case

Tyler Robert Buchanan, a 24-year-old from Dundee, Scotland, has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Known by his hacker handle "Tylerb", Buchanan was a senior figure in the cybercrime group Scattered Spider. His guilty plea marks a significant development in the investigation of a series of text-message phishing attacks that targeted major technology companies and resulted in the theft of tens of millions of dollars in cryptocurrency from investors.

The Scattered Spider Group

Scattered Spider is a prolific English-speaking cybercrime group notorious for using social engineering tactics to infiltrate organizations. Members often impersonate employees or contractors to deceive IT help desks into granting access. The group is also known to have conducted high-profile ransomware attacks, including one on the UK retail chain Marks & Spencer last year.

Buchanan's handle "Tylerb" once appeared on a leaderboard tracking the most accomplished cyber thieves in the English-speaking criminal hacking scene. Now in U.S. custody and awaiting sentencing, he faces the possibility of more than 20 years in prison.

The Phishing Campaign of Summer 2022

As part of his guilty plea, Buchanan admitted to conspiring with other Scattered Spider members to launch tens of thousands of SMS-based phishing attacks in 2022. These attacks targeted employees of several technology companies, including Twilio, LastPass, DoorDash, and Mailchimp. The phishing messages tricked recipients into revealing credentials, allowing the group to breach internal systems.

How the Attacks Worked

The stolen data from these breaches was then used to carry out SIM-swapping attacks. In a SIM swap, criminals transfer a victim’s phone number to a device they control. This allows them to intercept text messages and calls, including one-time passcodes used for authentication and password reset links. By gaining control of the victim’s phone number, the attackers could access cryptocurrency accounts and siphon funds.

According to the U.S. Justice Department, Buchanan admitted to stealing at least $8 million in virtual currency from individual victims across the United States.

Investigation and Arrest

FBI investigators linked Buchanan to the 2022 phishing attacks by tracking the same username and email address used to register numerous phishing domains. The domain registrar NameCheap reported that less than a month before the phishing spree, the account used to register those domains logged in from an IP address in the U.K. Scottish police confirmed to the FBI that the address was leased to Buchanan throughout 2022.

Buchanan fled the United Kingdom in February 2023 after a rival cybercrime gang invaded his home, assaulted his mother, and threatened to burn him with a blowtorch unless he surrendered his cryptocurrency wallet. He was later detained in Spain by airport authorities. Photos released by the Daily Mail show Buchanan as a child and as an adult being taken into custody.

Conclusion

With his guilty plea, Buchanan joins a growing list of cybercriminals facing justice. The case underscores the severity of phishing and SIM-swapping attacks and the international cooperation required to bring perpetrators to account. Sentencing is pending, and Buchanan could spend more than two decades behind bars.