10 Key Revelations from the ‘Scattered Spider’ Member’s Guilty Plea
In a significant development for cybersecurity and law enforcement, Tyler Robert Buchanan—known by his hacker handle “Tylerb”—has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Buchanan, a 24-year-old British national from Dundee, Scotland, was a senior member of the notorious cybercrime group Scattered Spider. His actions in the summer of 2022 led to massive phishing campaigns, cryptocurrency theft, and breaches of major tech companies. Here are ten essential facts that emerge from this case, shedding light on the group’s methods, the investigation, and the consequences for cybercriminals.
1. Who Is Tylerb? Rise and Fall of a Cyber Thief
Tyler Robert Buchanan, operating under the alias “Tylerb,” was a standout figure in the English-speaking cybercrime underground. His name once topped leaderboards for stolen assets, marking him as one of the most accomplished digital thieves. That all changed when he pleaded guilty in a U.S. court. Buchanan’s path from a respected hacker to a convicted felon highlights the risks of cybercrime. Now in custody, he faces over 20 years in prison. The irony is stark: the same skills that earned him infamy now seal his fate. His story serves as a cautionary tale for aspiring hackers, proving that digital footprints are hard to erase, especially when FBI agents and international police collaborate.
2. The 2022 SMS Phishing Blitz
Buchanan admitted to orchestrating tens of thousands of SMS-based phishing attacks in the summer of 2022. These messages impersonated trusted brands, tricking victims into clicking malicious links. The campaign targeted employees at major technology firms, including Twilio, LastPass, DoorDash, and Mailchimp. Once inside corporate networks, the group harvested credentials and sensitive data. This operation was not a random spree—it was a calculated, large-scale assault on some of the world’s most secure companies. The success of these attacks underscores the vulnerability of human trust in cybersecurity. Even sophisticated IT systems fall when an employee takes the bait. Learn how they exploited this data next.
3. SIM Swapping: The Final Heist
After breaching companies and stealing data, Scattered Spider executed a series of SIM-swapping attacks. In a SIM swap, criminals transfer a victim’s phone number to a device they control. This allows them to intercept text messages and calls, including one-time passcodes used for authentication and password resets. With this access, they drained cryptocurrency wallets of individual investors. Buchanan admitted to stealing at least $8 million in virtual currency from victims across the United States. The SIM swap tactic highlights a critical flaw in two-factor authentication that relies on SMS. For cryptocurrency investors, this was a devastating blow. Many lost life savings in seconds.
4. The $8 Million Cryptocurrency Theft
Buchanan’s guilty plea includes admitting to stealing a minimum of $8 million in virtual currency from American victims. This sum, while substantial, likely represents only a fraction of the group’s overall haul. The Justice Department emphasized that Buchanan directly participated in the theft, moving funds from compromised accounts. Cryptocurrency’s anonymity made it a prime target, but the FBI’s blockchain analysis helped trace the flows. The stolen money financed lavish lifestyles for some members, but for Buchanan, it will lead to restitution orders and a long prison term. This case demonstrates that cybercrime doesn’t pay in the long run—especially when law enforcement uses advanced tracking tools.
5. How FBI Traced the Digital Trail
FBI investigators linked Buchanan to the phishing campaign through a combination of digital breadcrumbs. The key discovery: the same username and email address were used to register numerous phishing domains. Domain registrar NameCheap provided crucial records showing that the account logged in from an IP address in the U.K. less than a month before the attacks. Scottish police confirmed that IP was leased to Buchanan throughout 2022. This meticulous tracing shows how cybercriminals often underestimate the persistence of logs. Every digital action leaves a trace, and in this case, those traces formed an unbreakable chain of evidence. Read about what happened when he tried to run.
6. A Rival Gang’s Violent Attack and His Escape
In a twist that sounds like a thriller, Buchanan fled the United Kingdom in February 2023 after a rival cybercrime gang sent thugs to his home. The intruders assaulted his mother and threatened to burn him with a blowtorch unless he surrendered the keys to his cryptocurrency wallet. Terrified, Buchanan escaped to Spain, where he was eventually detained by airport authorities in May 2025. Photos from a Daily Mail article show him as a child and later being arrested. This violent incident underscores the dangerous world of cybercrime gangs—where online rivalries spill into real-world violence. Buchanan’s escape bought him two years of freedom, but it also added to his legal troubles.
7. Scattered Spider: A Social Engineering Powerhouse
Scattered Spider is a prolific, English-speaking cybercrime group known for its social engineering prowess. They impersonate employees or contractors to deceive IT help desks into granting access. The group’s methods are sophisticated yet rely on human error. Their attacks on companies like Twilio and LastPass sent shockwaves through the tech industry. In 2023, they also hit Marks & Spencer, a major U.K. retailer, with a ransomware attack. The group’s ability to adapt and target multiple sectors makes them a persistent threat. Buchanan’s guilty plea provides a rare window into their operations, but many members remain at large. The fight against such groups requires constant vigilance and improved security training.
8. Impact on Major Technology Companies
The 2022 phishing attacks breached at least a dozen major technology companies, including Twilio, LastPass, DoorDash, and Mailchimp. For LastPass, the breach led to a cascade of security incidents, exposing encrypted vaults of millions of users. Twilio suffered a similar fate, with hackers gaining internal tools. DoorDash reported data exposure of delivery drivers and customers. These intrusions not only caused financial losses but also damaged reputations. Companies had to invest millions in incident response, customer notifications, and security upgrades. The ripple effects of Scattered Spider’s attacks continue to be felt, as the cybersecurity industry analyzes the breaches to prevent future ones.
9. Legal Consequences: Up to 20+ Years in Prison
Buchanan’s guilty plea to wire fraud conspiracy and aggravated identity theft carries severe penalties. Aggravated identity theft alone mandates a minimum two-year consecutive sentence. Combined with wire fraud, he faces over 20 years in U.S. federal prison. Sentencing will consider the scale of the theft, his role as a senior member, and the trauma inflicted on victims. The case sets a precedent for prosecuting international cybercriminals under U.S. law, even if they never set foot in the country. Buchanan’s cooperation with authorities might reduce his sentence, but the message is clear: cybercrime has real-world consequences, and the long arm of the law extends across borders.
10. Lessons for Cybersecurity and Individual Protection
This case offers critical lessons for both companies and individuals. First, SMS-based two-factor authentication is vulnerable; use app-based authenticators or hardware tokens. Second, employee training on phishing must be continuous and realistic. Third, cryptocurrency investors should avoid storing large amounts in hot wallets accessible via phone. Fourth, companies should limit help desk access based on behavioral biometrics. Finally, international cooperation between law enforcement agencies is vital—the FBI and Scottish police succeeded where borders might have hindered. Buchanan’s downfall proves that no hacker is untouchable. Stay informed, stay skeptical, and secure your digital life. Start from the beginning to review the story.
The guilty plea of Tyler Robert Buchanan marks a pivotal moment in the fight against cybercrime. From his rise as a top thief to his violent downfall and arrest, his story encapsulates the risks, rewards, and ultimate price of cybercrime. While Scattered Spider remains active, the conviction of a senior member sends a powerful deterrent signal. For the rest of us, it’s a reminder to bolster our defenses and never underestimate the importance of cybersecurity. The digital world is safer for this arrest, but the battle is far from over.