10 Key Facts About the 'Scattered Spider' Hacker Who Just Pleaded Guilty

In a major development for the cybersecurity world, a 24-year-old British man has admitted to his role in a series of devastating cyberattacks that shook major tech firms and crypto investors. Tyler Robert Buchanan, once revered among online criminals, now faces decades in U.S. prison. Here are 10 crucial details you need to understand this case.

1. Who Is the Hacker Behind 'Tylerb'?

Tyler Robert Buchanan, a 24-year-old from Dundee, Scotland, was a senior member of the notorious cybercrime group Scattered Spider. Operating under the alias 'Tylerb,' he built a reputation in English-language hacking circles for pulling off large-scale intrusions. His online handle once appeared on a leaderboard tracking the most accomplished cyber thieves. In May 2025, Buchanan pleaded guilty in a U.S. court, marking a stunning fall from grace for a young man who went from a local British hacker to a high-value target for law enforcement.

10 Key Facts About the 'Scattered Spider' Hacker Who Just Pleaded Guilty — Source: krebsonsecurity.com

2. What Charges Did He Plead Guilty To?

Buchanan pleaded guilty to two federal charges: wire fraud conspiracy and aggravated identity theft. These serious offenses stem from his central role in orchestrating SMS-based phishing campaigns during the summer of 2022. The wire fraud conspiracy charge alone carries a maximum sentence of 20 years, while the identity theft charge adds a mandatory two-year prison term. His admission of guilt means he faces the very real possibility of spending more than two decades behind bars in the United States.

3. What Was the Scattered Spider Group?

Scattered Spider is an English-speaking cybercrime collective notorious for its sophisticated social engineering tactics. The group doesn't rely on fancy malware; instead, it tricks company employees into handing over access. By impersonating staff or contractors, members convince IT help desks to reset passwords or grant permissions. This low-tech but highly effective approach allowed Scattered Spider to breach dozens of organizations, demanding ransoms and stealing data. Buchanan was one of its most active senior members.

4. How Did the SMS Phishing Attacks Work?

In the summer of 2022, Buchanan and his co-conspirators launched tens of thousands of SMS phishing (smishing) attacks. They sent deceptive text messages designed to trick recipients into clicking malicious links that harvested login credentials. These attacks targeted employees of major technology companies, including Twilio, LastPass, DoorDash, and Mailchimp. Once inside, the group stole sensitive data, which became the fuel for their next phase of crimes.

5. How Did the Hackers Steal Cryptocurrency?

After gaining access through phishing, Scattered Spider used stolen data to execute SIM-swapping attacks against individual cryptocurrency investors. In a SIM swap, criminals trick a mobile carrier into transferring a victim's phone number to a device they control. That allows them to intercept one-time passcodes and password reset links sent via SMS. Buchanan admitted to stealing at least $8 million in virtual currency from victims across the United States through this method.

6. How Did the FBI Catch Buchanan?

Investigators from the FBI connected Buchanan to the 2022 phishing campaign by tracing the digital breadcrumbs. They found that the same username and email address used in the attacks registered numerous phishing domains. The domain registrar NameCheap revealed that the account used to register those domains logged in from a U.K. internet address just weeks before the spree. Scottish police confirmed that address was leased to Buchanan throughout 2022, sealing the evidence against him.

7. Why Did He Flee the United Kingdom?

In February 2023, Buchanan abruptly fled the U.K. after a violent incident. According to KrebsOnSecurity, a rival cybercrime gang hired thugs to invade his home. The attackers assaulted his mother and threatened to burn him with a blowtorch unless he surrendered the keys to his cryptocurrency wallet. Understandably terrified, Buchanan escaped to Spain, where he was later detained by airport authorities. The incident underscores the dangerous, often violent world of underground hacking.

8. What Is His Hacking Legacy?

Before his arrest, Buchanan's alias 'Tylerb' was a familiar name on leaderboards that ranked cybercriminals by their heists. He was considered a rising star in the underground scene. However, his guilty plea has tarnished whatever reputation he had. The case serves as a stark reminder that even the most skilled hackers are not beyond the reach of law enforcement. His transition from celebrated thief to convicted felon is a cautionary tale for aspiring cybercriminals.

9. What Is the Likely Sentence?

Buchanan now awaits sentencing in U.S. custody. Given the severity of the charges and the scale of the theft, legal experts predict a sentence of over 20 years. The wire fraud conspiracy charge alone can bring up to 20 years in prison, and adding the aggravated identity theft charge mandates at least two extra years. The judge will also consider the emotional and financial impact on victims, including the trauma caused by physical attacks on his family.

10. What Broader Impact Did Scattered Spider Have?

The Scattered Spider group didn't just target tech firms and crypto investors. They also attacked major retailers like Marks & Spencer (M&S), a U.K. institution. In 2024, M&S suffered a ransomware attack attributed to the group, disrupting operations and leaking sensitive data. Buchanan's case highlights how a single individual can be part of a larger, cross-border criminal enterprise that causes havoc across industries, from technology to retail, and from the U.S. to the U.K.

In conclusion, Tyler Buchanan’s guilty plea marks a turning point in the fight against sophisticated cybercrime. It shows that even the most elusive hackers can be tracked down and held accountable. However, the damage done by Scattered Spider — millions stolen, companies compromised, and families endangered — reminds us of the urgent need for stronger cybersecurity measures and international cooperation. As Buchanan awaits his fate, the rest of us must stay one step ahead of the next 'Tylerb.'