British Hacker 'Tylerb' Pleads Guilty in Multi-Million Dollar Cryptocurrency Theft
Overview of the Case
Tyler Robert Buchanan, a 24-year-old from Dundee, Scotland, has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Known by his hacker handle "Tylerb", Buchanan was a senior figure in the cybercrime group Scattered Spider. His guilty plea marks a significant development in the investigation of a series of text-message phishing attacks that targeted major technology companies and resulted in the theft of tens of millions of dollars in cryptocurrency from investors.
The Scattered Spider Group
Scattered Spider is a prolific English-speaking cybercrime group notorious for using social engineering tactics to infiltrate organizations. Members often impersonate employees or contractors to deceive IT help desks into granting access. The group is also known to have conducted high-profile ransomware attacks, including one on the UK retail chain Marks & Spencer last year.
Buchanan's handle "Tylerb" once appeared on a leaderboard tracking the most accomplished cyber thieves in the English-speaking criminal hacking scene. Now in U.S. custody and awaiting sentencing, he faces the possibility of more than 20 years in prison.
The Phishing Campaign of Summer 2022
As part of his guilty plea, Buchanan admitted to conspiring with other Scattered Spider members to launch tens of thousands of SMS-based phishing attacks in 2022. These attacks targeted employees of several technology companies, including Twilio, LastPass, DoorDash, and Mailchimp. The phishing messages tricked recipients into revealing credentials, allowing the group to breach internal systems.
How the Attacks Worked
The stolen data from these breaches was then used to carry out SIM-swapping attacks. In a SIM swap, criminals transfer a victim’s phone number to a device they control. This allows them to intercept text messages and calls, including one-time passcodes used for authentication and password reset links. By gaining control of the victim’s phone number, the attackers could access cryptocurrency accounts and siphon funds.
According to the U.S. Justice Department, Buchanan admitted to stealing at least $8 million in virtual currency from individual victims across the United States.
Investigation and Arrest
FBI investigators linked Buchanan to the 2022 phishing attacks by tracking the same username and email address used to register numerous phishing domains. The domain registrar NameCheap reported that less than a month before the phishing spree, the account used to register those domains logged in from an IP address in the U.K. Scottish police confirmed to the FBI that the address was leased to Buchanan throughout 2022.
Buchanan fled the United Kingdom in February 2023 after a rival cybercrime gang invaded his home, assaulted his mother, and threatened to burn him with a blowtorch unless he surrendered his cryptocurrency wallet. He was later detained in Spain by airport authorities. Photos released by the Daily Mail show Buchanan as a child and as an adult being taken into custody.
Conclusion
With his guilty plea, Buchanan joins a growing list of cybercriminals facing justice. The case underscores the severity of phishing and SIM-swapping attacks and the international cooperation required to bring perpetrators to account. Sentencing is pending, and Buchanan could spend more than two decades behind bars.
Related Articles
- Canvas System Cyberattack Disrupts Final Exams Across Thousands of Schools
- How to Detect and Remediate Malicious Container Images from the KICS and Trivy Supply Chain Attacks
- Deceptive Helpdesk: How UNC6692 Exploited Trust to Deliver Custom Malware
- npm Supply Chain Under Siege: Unit 42 Reveals Wormable Malware and CI/CD Persistence Tactics
- 10 Critical Facts About Microsoft’s Latest Phishing Alert Targeting US Businesses
- Massive cPanel Zero-Day Attack: Over 40,000 Servers Breached
- Craft Your Own Dual-Format 3D Printed Pinhole Camera for Wigglegrams
- UNC6692 Breach: Fake IT Helpdesk Exploits Microsoft Teams to Deploy Custom Malware Suite