6 Shocking Facts About the Scattered Spider Hacker Who Just Pleaded Guilty
In a landmark case that underscores the growing threat of cybercrime, a senior member of the notorious Scattered Spider hacking group has admitted to his role in a massive phishing and cryptocurrency theft scheme. Tyler Robert Buchanan, known online as "Tylerb," pleaded guilty to wire fraud conspiracy and aggravated identity theft, facing over 20 years in prison. This article breaks down the key details of his crimes, the group's methods, and the trail that led to his arrest.
1. Who Is Tyler Buchanan and the Scattered Spider Group?
Tyler Robert Buchanan, a 24-year-old from Dundee, Scotland, was a senior member of Scattered Spider, an English-speaking cybercrime group infamous for using social engineering to infiltrate companies. The group impersonates employees or contractors to trick IT help desks into granting access, then steals data for ransom. Buchanan's hacker handle "Tylerb" once topped a leaderboard of accomplished cyber thieves. He is now in U.S. custody after his guilty plea, which includes conspiracy and identity theft charges that could send him to prison for more than two decades.
2. The Phishing Campaign That Targeted Tech Giants
In the summer of 2022, Buchanan conspired with other Scattered Spider members to launch tens of thousands of SMS-based phishing attacks. These messages tricked employees at major technology companies into revealing credentials, leading to breaches at firms like Twilio, LastPass, DoorDash, and Mailchimp. The stolen data was then used to break into corporate networks and steal sensitive information. According to court documents, the phishing campaign was meticulously planned, using fake login pages that mirrored legitimate company portals.
3. SIM Swapping and Cryptocurrency Theft
After breaching companies, the group executed SIM-swapping attacks to drain cryptocurrency from individual investors. In a SIM swap, criminals transfer a victim's phone number to a device they control, intercepting authentication codes sent via SMS. With access to email and two-factor codes, Buchanan and his co-conspirators stole at least $8 million in virtual currency from victims across the United States. The U.S. Justice Department estimates the total losses from the group's activities exceed tens of millions of dollars.
4. How FBI Tracked Down Tylerb
FBI investigators linked Buchanan to the 2022 phishing attacks by tracing the username and email address used to register phishing domains. The domain registrar NameCheap revealed that the account logging in from a U.K. internet address less than a month before the attacks belonged to Buchanan, as confirmed by Scottish police. This digital footprint, combined with cryptocurrency transaction records, built a solid case. Buchanan's online alias "Tylerb" had been active on hacking forums, further cementing his identity.
5. The Violent Rivalry and Escape to Spain
In February 2023, Buchanan fled the United Kingdom after a rival cybercrime gang hired thugs to attack his home. The intruders assaulted his mother and threatened to burn him with a blowtorch unless he surrendered his cryptocurrency wallet keys. This incident, first reported by KrebsOnSecurity, forced Buchanan to leave Scotland. He was later detained by airport authorities in Spain, as shown in photos published by the Daily Mail. The same Scattered Spider group also targeted Marks & Spencer, a major UK retailer, in a separate ransomware attack.
6. Legal Consequences and What's Next
Buchanan now awaits sentencing in the United States, where he faces more than 20 years in prison for wire fraud conspiracy and aggravated identity theft. His guilty plea marks a significant victory for law enforcement, but the fight against Scattered Spider continues. The group remains active, using similar social engineering techniques to target companies worldwide. This case serves as a warning about the real-world dangers of cybercrime—from financial ruin for victims to violent reprisals among criminals. Buchanan's cooperation could lead to further arrests within the group.
Conclusion: The downfall of Tyler Buchanan reveals the intertwined nature of digital theft and physical violence in the cybercriminal underground. While his sentence may provide some justice, the Scattered Spider network still poses a threat. Stay informed and protect your accounts—use hardware security keys and avoid SMS-based authentication where possible.