The cyber underworld thrives on anonymity, but when the mask slips, the consequences can be brutal. In a landmark case, Tyler Robert Buchanan—known online as ‘Tylerb’—a senior member of the notorious English-speaking hacking group Scattered Spider, has pleaded guilty to wire fraud conspiracy and aggravated identity theft. The 24-year-old from Dundee, Scotland, admitted orchestrating a wave of SMS-based phishing attacks during the summer of 2022 that compromised major tech firms and siphoned tens of millions in cryptocurrency. Facing over 20 years in prison, his story is a cautionary tale of hubris, betrayal, and relentless law enforcement. Here are eight crucial details about his case and the group’s operations.

1. Who Is Tylerb? The Rise of a Scottish Hacker

Tyler Robert Buchanan, known by the hacker handle ‘Tylerb’, once topped the leaderboards of an English-language criminal hacking community that ranked the most successful cyber thieves. Growing up in Dundee, Scotland, he transitioned from a teenage gamer to a key figure in Scattered Spider—a group infamous for social engineering attacks. Photos published in a 2025 Daily Mail article capture two sides of his life: a childhood image and an adult being detained by Spanish authorities. Buchanan’s ascent was fueled by a knack for tricking help desks into handing over access, a skill that earned him notoriety and a place in the FBI’s crosshairs. His guilty plea marks a dramatic fall from the top of the criminal leaderboard to the brink of a federal prison sentence.

2. The Summer 2022 Phishing Blitz

In the summer of 2022, Buchanan conspired with other Scattered Spider members to launch tens of thousands of SMS-based phishing attacks. These text messages, designed to look legitimate, tricked employees of major technology companies into revealing login credentials and other sensitive data. The campaign was meticulously planned: domains registered under a single username and email address were linked to the phishing infrastructure, as later traced by FBI investigators. Key targets included Twilio, LastPass, DoorDash, and Mailchimp—a list that underscores the group’s focus on high-value digital assets. The breaches gave Scattered Spider a foothold inside corporate networks, from which they could pivot to more lucrative thefts.

3. SIM Swapping: The Crypto Heist Method

Once inside the breached companies, Scattered Spider used stolen data to execute SIM-swapping attacks on individual cryptocurrency investors. In a SIM swap, fraudsters transfer a victim’s phone number to a device they control, intercepting SMS-based authentication codes and password reset links. This allowed the group to drain crypto wallets worth tens of millions of dollars. Buchanan admitted stealing at least $8 million in virtual currency from victims across the United States. The technique exploits a fundamental weakness in SMS-based two-factor authentication, highlighting the dangers of relying on text messages for security.

4. How the FBI Tracked Him Down

Investigators connected Buchanan to the 2022 phishing spree by tracing the digital breadcrumbs left behind. The same username and email address used to register numerous phishing domains were discovered during the analysis. Domain registrar NameCheap revealed that just weeks before the attack, the account logged in from a U.K. internet address. Scottish police confirmed that the address was leased to Buchanan throughout 2022. This digital footprint, combined with witness testimony and financial records, built a case that led to an international arrest warrant.

5. The Rival Gang Attack and Flight from the U.K.

As first reported by KrebsOnSecurity, Buchanan’s life took a violent turn in February 2023. A rival cybercrime gang hired thugs to invade his home, assault his mother, and threaten to burn him with a blowtorch unless he surrendered the keys to his cryptocurrency wallet. Fearing for his safety, Buchanan fled the United Kingdom. This incident illustrates the cutthroat nature of the cybercrime ecosystem, where disputes are settled with physical violence. His departure from the U.K. delayed his arrest but ultimately led to his capture in Spain, where he was detained by airport authorities.

6. Extradition and Guilty Plea in the U.S.

After his arrest in Spain, Buchanan was extradited to the United States to face federal charges. In court, he pleaded guilty to wire fraud conspiracy and aggravated identity theft—charges that reflect both the financial harm and the personal violation of identity fraud. The U.S. Justice Department emphasized the severity of the crimes, noting that Buchanan’s actions affected thousands of victims. His plea avoids a trial but does not guarantee leniency; he now awaits sentencing with the possibility of more than 20 years in prison. The case sets a precedent for prosecuting international cybercriminals who target American companies and citizens.

7. Scattered Spider’s Broader Operations

Scattered Spider is not just a phishing group; it is a prolific ransomware syndicate known for social engineering. The group often impersonates employees or contractors to deceive IT help desks into granting system access. Once inside, they deploy ransomware or steal data for extortion. Notably, Marks & Spencer—a major U.K. retailer—fell victim to a Scattered Spider ransomware attack last year. The group’s English-speaking members make them particularly effective in targeting U.S. and U.K. firms, as they can convincingly mimic corporate communication.

8. The Road Ahead: Sentencing and Implications

Buchanan’s guilty plea sends a strong signal to the cybercrime community: even top hackers can be caught and prosecuted. His sentencing hearing will determine whether he serves decades in federal prison. The case also underscores the importance of international cooperation between law enforcement agencies in the U.S., U.K., and Spain. For businesses, it serves as a stark reminder to move away from SMS-based authentication and invest in more secure methods like app-based tokens or hardware keys. As for Scattered Spider, the group remains active, but the loss of a senior member like ‘Tylerb’ likely weakens their operational capabilities.

In conclusion, the downfall of Tyler Buchanan—aka ‘Tylerb’—is a testament to the reach of modern cybercrime investigations and the high stakes involved in digital theft. From a teenage hacker in Scotland to a prisoner awaiting sentencing in America, his journey highlights both the allure and the steep price of cybercrime. As security measures evolve, so too must our understanding of the human stories behind the hacks.