Cybercrime Group Scattered Spider Member Pleads Guilty: The Rise and Fall of 'Tylerb'
Introduction
A 24-year-old British national and senior member of the prolific cybercrime group known as Scattered Spider has entered a guilty plea to charges of wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan, who operated under the hacker handle “Tylerb,” admitted to orchestrating a series of text-message phishing attacks in the summer of 2022. These attacks enabled the group to breach at least a dozen major technology companies and steal tens of millions of dollars in cryptocurrency from investors.
The Guilty Plea and Charges
Buchanan, originally from Dundee, Scotland, now awaits sentencing in U.S. custody. He faces a potential prison sentence of more than 20 years. The charges stem from his role in a coordinated campaign that targeted individuals and large corporations alike.
Background: Scattered Spider and Social Engineering
Scattered Spider is an English-speaking cybercrime group renowned for its use of social engineering tactics. They often impersonate employees or contractors to deceive IT help desks into granting unauthorized access to corporate networks. The group’s methods have included ransomware attacks and data theft for extortion. Notably, the U.K. retail chain Marks & Spencer fell victim to a ransomware attack attributed to Scattered Spider.
The 2022 SMS Phishing Campaign
As part of his guilty plea, Buchanan admitted to conspiring with other members of Scattered Spider to launch tens of thousands of SMS-based phishing attacks in 2022. These attacks led to intrusions at major technology companies, including Twilio, LastPass, DoorDash, and Mailchimp. The stolen data from these breaches was then used to carry out SIM-swapping attacks against individual cryptocurrency investors.
Victim Companies
Among the companies targeted were:
- Twilio
- LastPass
- DoorDash
- Mailchimp
Understanding SIM Swapping
In an unauthorized SIM swap, cybercriminals transfer the target’s phone number to a device they control. This allows them to intercept text messages and phone calls, including one-time passcodes for authentication and password reset links sent via SMS. The U.S. Justice Department stated that Buchanan admitted to stealing at least $8 million in virtual currency from individual victims across the United States.
Investigation and Evidence
FBI investigators linked Buchanan to the 2022 phishing attacks by discovering that the same username and email address were used to register numerous phishing domains observed in the campaign. The domain registrar NameCheap reported that less than a month before the phishing spree, the account logged in from an internet address in the U.K. The FBI, with help from Scottish police, confirmed that this address was leased to Buchanan throughout 2022.
Flight and Capture
As first reported by KrebsOnSecurity, Buchanan fled the United Kingdom in February 2023 after a rival cybercrime gang hired thugs to invade his home, assault his mother, and threaten to burn him with a blowtorch unless he gave up his cryptocurrency wallet keys. He was later detained by authorities in Spain, as shown in photos published by the Daily Mail on May 3, 2025.
What Lies Ahead for Buchanan
With his guilty plea, Buchanan now faces the possibility of spending more than two decades in U.S. prison. The case highlights the growing sophistication of cybercrime groups like Scattered Spider and the international cooperation required to bring them to justice.
Conclusion
The downfall of “Tylerb” serves as a stark reminder of the consequences of cybercrime. As these attacks become more common, both individuals and companies must remain vigilant against social engineering and phishing threats. The legal proceedings against Buchanan are a step toward holding cybercriminals accountable.