Scattered Spider's 'Tylerb' Pleads Guilty to $8M Crypto Theft Spree

Tyler Robert Buchanan, a 24-year-old Scottish national and senior operator in the Scattered Spider cybercrime collective, has pleaded guilty in U.S. federal court to wire fraud conspiracy and aggravated identity theft. His 2022 campaign — tens of thousands of SMS phishing lures targeting employees at Twilio, LastPass, DoorDash, Mailchimp and others — gave the group a foothold inside at least a dozen major tech firms, which it then leveraged into SIM-swap attacks that drained a confirmed $8 million in cryptocurrency from individual investors.

The attribution trail was unusually clean: Buchanan reused the same username and email across phishing domain registrations at NameCheap, and logged into that account from a U.K. IP leased to him throughout 2022. Forensics on a device seized at his Dundee residence surfaced stolen SMS phishing data and crypto seed phrases. He fled the U.K. in early 2023 after a rival Com crew sent enforcers to his home — assaulting his mother and threatening blowtorch torture for wallet keys — was arrested in Spain in mid-2024, and has been in U.S. custody since April 2025.

Buchanan is the second Scattered Spider member to plead; Noah Urban (“Sosa”) drew 10 years and $13M restitution. Three U.S. co-conspirators still face charges, and two more alleged members go to trial in the U.K. in June over retail, transit, and healthcare intrusions. The cases reinforce what the group’s track record already showed: industrial-scale breaches of hardened tech companies continue to start with help-desk social engineering and SMS phishing, not novel exploits.