Scattered Spider guilty plea: UK hacker Tylerb admits $8 million crypto theft

Scattered Spider guilty plea reveals $8 million crypto heist

The recent Scattered Spider guilty plea by 24‑year‑old Tyler Robert Buchanan, alias Tylerb, marks a watershed moment in trans‑Atlantic cybercrime enforcement. Buchanan, a senior member of the notorious English‑speaking hacking collective, admitted to orchestrating a wave of SMS‑phishing attacks in summer 2022 that breached at least a dozen tech firms, including Twilio, LastPass, DoorDash and Mailchimp.

Federal investigators say the group leveraged stolen credentials to execute SIM‑swapping schemes, siphoning ↑ $8 million in cryptocurrency from U.S. investors. The Justice Department filed a conspiracy count for wire fraud and aggravated identity theft, and prosecutors are seeking a sentence up to ↓ 22 years in prison. According to Bloomberg, the case underscores the growing threat of social‑engineering attacks.

“The scale of the operation demonstrates how social engineering can cripple even well‑funded enterprises,” a spokesperson for the Reuters cyber‑crime unit said.

From Dundee to a U.S. courtroom

Born in Dundee, Scotland, Buchanan fled the UK in early 2023 after a rival gang allegedly threatened his family. He was detained by Spanish authorities in June 2024, extradited to the United States in April 2025, and has remained in federal custody pending a sentencing hearing set for August 21 2026.

He is the second Scattered Spider affiliate to plead guilty; Noah Michael Urban received a ten‑year term and was ordered to pay $13 million in restitution. Three co‑accused remain at large in the United States, while two younger members face trial in the United Kingdom.

Intel provided by: Isla Thorne

Guest Technology Correspondent
(Note: Isla Thorne is covering this desk while Nova Stirling is recovering from the flu.)