8 Shocking Facts About the 'Scattered Spider' Hacker Who Just Pleaded Guilty

The digital underworld just witnessed a major takedown: Tyler Robert Buchanan, a 24-year-old senior member of the notorious Scattered Spider cybercrime group, has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Known by his hacker handle 'Tylerb,' he once topped leaderboards for stealing crypto. Now, he faces over two decades in U.S. prison. Below are eight critical facts that reveal the cunning methods, high-stakes heists, and dramatic downfall of this Scottish cyber thief.

1. Who Is Tyler 'Tylerb' Buchanan?

Tyler Robert Buchanan, from Dundee, Scotland, was a key player in the English-language cybercrime ring Scattered Spider. At just 24, he admitted to orchestrating a massive 2022 phishing campaign that netted tens of millions of dollars in cryptocurrency. His handle 'Tylerb' once appeared on a criminal leaderboard tracking the most prolific digital thieves. Now in U.S. custody, Buchanan faces a potential sentence of more than 20 years for his role in stealing at least $8 million from individual victims nationwide.

8 Shocking Facts About the 'Scattered Spider' Hacker Who Just Pleaded Guilty — Source: krebsonsecurity.com

2. The Summer 2022 SMS Phishing Blitz

Buchanan and his Scattered Spider cohorts launched tens of thousands of SMS-based phishing attacks during the summer of 2022. These messages tricked employees at major tech firms into revealing credentials. The breaches hit companies like Twilio, LastPass, DoorDash, and Mailchimp. Using stolen data, the group then targeted individual cryptocurrency investors through SIM-swapping attacks. This dual-layer scheme allowed them to bypass two-factor authentication and drain digital wallets.

3. SIM Swapping and Cryptocurrency Theft

After breaking into corporate networks, Scattered Spider executed SIM-swapping attacks on high-value victims. By transferring the target's phone number to a device they controlled, the hackers intercepted one-time passcodes and password reset links. This granted them access to cryptocurrency exchanges and personal wallets. Buchanan admitted to stealing at least $8 million in virtual currency from victims across the United States, though the group's total haul is estimated in the tens of millions.

4. How the FBI Tracked Him Down

FBI investigators linked Buchanan to the 2022 phishing campaigns by spotting a consistent username and email address used to register numerous phishing domains. The domain registrar NameCheap revealed that the account behind these domains logged in from a U.K. internet address just weeks before the attacks. Scottish police confirmed that address was leased to Buchanan throughout 2022. This digital footprint provided the crucial evidence needed to build the case against him.

5. A Rival Gang's Violent Attack

In February 2023, Buchanan's criminal career took a dangerous turn. A rival cybercrime gang hired thugs to invade his home, assault his mother, and threaten to burn him with a blowtorch unless he surrendered the keys to his cryptocurrency wallet. Terrified, Buchanan fled the United Kingdom to Spain. This incident, first reported by KrebsOnSecurity, highlights the violent rivalries that often simmer beneath the surface of the hacker underground.

6. Capture and Extradition to the U.S.

While in Spain, Buchanan was detained by airport authorities. Photos published in a Daily Mail article show him being arrested—one image as a child, another as an adult in custody. He was eventually extradited to the United States to face charges. His guilty plea in 2025 marks a significant victory for law enforcement, but the case also exposes how international boundaries can delay justice for cybercriminals who flee across borders.

7. Scattered Spider's Social Engineering Tactics

Scattered Spider is infamous for using social engineering to bypass security. They impersonate employees or contractors, calling IT help desks and tricking them into granting access. This method was used in the 2022 attacks and also in a separate ransomware strike on Marks & Spencer, a major U.K. retailer. The group's ability to exploit human trust—rather than technical vulnerabilities—makes them particularly dangerous and hard to defend against.

8. The Harsh Price: 20+ Years in Prison

With his guilty plea, Buchanan now faces a maximum of 20 years for wire fraud conspiracy plus a mandatory two-year consecutive sentence for aggravated identity theft. His sentencing will set a precedent for how U.S. courts handle international cybercriminals who prey on American investors. While Buchanan's downfall sends a warning to other hackers, it also underscores the need for stronger global cooperation to combat groups like Scattered Spider.

Conclusion
The case of Tyler Buchanan is a stark reminder that even the most skilled cybercriminals can be caught—and that the consequences can be severe. From a small town in Scotland to a U.S. courtroom, his journey illustrates both the reach of modern cybercrime and the relentless efforts of law enforcement. As Scattered Spider continues to evolve, this guilty plea may be just one chapter in an ongoing battle against digital extortion.