A 24-year-old British national once celebrated in underground hacking circles has admitted his role in a devastating cybercrime spree. Tyler Robert Buchanan, known by the handle 'Tylerb,' pleaded guilty to wire fraud conspiracy and aggravated identity theft, marking a major victory for law enforcement against the notorious 'Scattered Spider' group. Here are 10 crucial details about this case, from his phishing tactics to the violent events that led to his capture.

1. Who Is Tyler Buchanan and What Role Did He Play in Scattered Spider?

Tyler Robert Buchanan, a 24-year-old from Dundee, Scotland, was a senior member of Scattered Spider, an English-speaking cybercrime group infamous for social engineering attacks. Using the alias 'Tylerb,' his name once topped leaderboards tracking accomplished cyber thieves. His role involved orchestrating text-message phishing campaigns and coordinating SIM-swapping attacks. Buchanan’s activities were far from petty: he admitted to stealing at least $8 million in cryptocurrency from individual victims across the United States.

2. How Did the Phishing Campaign Work?

In the summer of 2022, Buchanan conspired with other group members to launch tens of thousands of SMS-based phishing attacks. These messages impersonated legitimate companies, tricking recipients into revealing credentials or installing malware. The campaign targeted employees at major technology firms, including Twilio, LastPass, DoorDash, and Mailchimp. The stolen data later enabled more sophisticated attacks, such as unauthorized SIM swaps, which allowed the group to drain cryptocurrency accounts.

3. What is a SIM Swap and Why Was It Dangerous?

A SIM-swap attack involves fraudulently transferring a victim's phone number to a device controlled by criminals. Once they have control, they intercept SMS-based two-factor authentication codes and password reset links. Buchanan and his crew used data from the phishing breaches to execute dozens of SIM swaps, siphoning funds from individual cryptocurrency investors. The U.S. Justice Department stated that Buchanan alone admitted to stealing over $8 million in virtual currency through this method, causing significant financial harm to victims nationwide.

4. How Did the FBI Trace the Attacks Back to Buchanan?

FBI investigators linked Buchanan to the 2022 SMS phishing attacks through digital breadcrumbs. The same username and email address were used to register numerous phishing domains associated with the campaign. Domain registrar NameCheap provided logs showing that, less than a month before the phishing waves, the account logged in from a U.K. internet address. Scottish police confirmed that address was leased to Buchanan throughout 2022, building a solid case that led to charges.

5. What Charges Did Buchanan Plead Guilty To?

Appearing in U.S. federal court, Buchanan pleaded guilty to two serious charges: wire fraud conspiracy and aggravated identity theft. Wire fraud conspiracy carries a maximum sentence of 20 years, while aggravated identity theft adds a mandatory consecutive two-year term. By pleading guilty, he admitted to intentionally participating in a scheme that defrauded individuals and companies of millions, while also unlawfully using stolen identities to access cryptocurrency wallets.

6. What Violent Incident Caused Him to Flee the UK?

In February 2023, Buchanan’s criminal lifestyle turned dangerous. According to reports first published by KrebsOnSecurity, a rival cybercrime gang hired thugs to invade his home. The attackers assaulted his mother and threatened to burn him with a blowtorch unless he surrendered the keys to his cryptocurrency wallet. Terrified, Buchanan fled the United Kingdom shortly after. This event ultimately led law enforcement to locate him abroad, eventually leading to his arrest in Spain.

7. How Was He Arrested and Extradited?

After fleeing the UK, Buchanan was detained by airport authorities in Spain in early 2023. Photographs from a Daily Mail story show him being held by Spanish police. He was later extradited to the United States to face charges. The extradition process, while lengthy, demonstrated the international cooperation required to bring a member of a transnational cybercrime group to justice. Buchanan now remains in U.S. custody pending sentencing.

8. What Was the Financial Impact on Victims?

The financial damage caused by Buchanan and Scattered Spider was substantial. Beyond the corporate breaches (which included a ransomware attack on the UK retail chain Marks & Spencer), individual investors suffered direct losses. Buchanan admitted to stealing at least $8 million in virtual currency from U.S. victims. For many, this represented life savings. The stolen funds were often laundered through complex cryptocurrency transactions, making recovery difficult.

9. What Is Scattered Spider and Why Are They Dangerous?

Scattered Spider is a prolific, English-speaking cybercrime group known for advanced social engineering. They commonly impersonate employees or contractors to deceive IT help desks, granting them access to corporate networks. Once inside, they steal data for ransom. The group has been linked to high-profile breaches at companies like Twilio and LastPass. Their mix of technical skill and human manipulation makes them a persistent threat to organizations worldwide.

10. What Sentence Does Buchanan Face?

Buchanan now faces a potential sentence of more than 20 years in federal prison. The wire fraud conspiracy charge alone carries up to 20 years, plus the mandatory two-year addition for aggravated identity theft. His sentencing date has not yet been set. The case sends a strong message that even sophisticated cybercriminals cannot evade justice—especially when their actions involve violence and theft on a massive scale.

The guilty plea of Tyler Buchanan marks a significant chapter in the fight against cybercrime. It highlights the vulnerabilities in our digital infrastructure and the lengths criminals will go to exploit them. As law enforcement agencies collaborate globally, individuals and companies must remain vigilant against phishing and SIM-swapping attacks. The story of 'Tylerb' serves as both a warning and a testament to the resilience of justice.