British hacker Tylerb admits role in $100M+ crypto theft from tech firms via text phishing in 2022.
- 24-year-old Tyler Robert Buchanan pleaded guilty to wire fraud and identity theft
- His 2022 text-phishing attacks let Scattered Spider hack a dozen tech firms
- Buchanan faces over 20 years in prison after pleading guilty in U.S. court
A 24-year-old British national admitted in a U.S. courtroom that he played a key role in one of the most brazen cybercrime sprees of the past decade. Tyler Robert Buchanan, known online as Tylerb, pleaded guilty to wire fraud conspiracy and aggravated identity theft last week. Prosecutors say his work helped the cybercrime group Scattered Spider steal tens of millions of dollars worth of cryptocurrency from investors in mid-2022. The stolen funds came from breaches at a dozen major tech companies, including a high-profile ransomware attack on Marks & Spencer, a major U.K. retailer that suffered a devastating intrusion last year. Buchanan is now in U.S. custody and facing a possible sentence of more than 20 years when he’s formally sentenced later this year.
Scattered Spider is an English-speaking cybercrime gang that specializes in social engineering attacks—tricking employees into giving up login credentials or installing malware. The group’s tactics often start with a text message or phone call to a company’s help desk, pretending to be an employee locked out of their account. Once inside, they move laterally through corporate networks, stealing data and installing ransomware. Buchanan’s online handle Tylerb once appeared on a leaderboard tracking the most active cybercriminals in the English-language hacking scene, a rare public display of skill that drew attention from both law enforcement and rival hackers.
How the 2022 attacks unfolded
Federal prosecutors outlined Buchanan’s role in a series of coordinated phishing campaigns that summer. The attacks relied on text messages sent to employees at tech firms, often posing as IT support or a company executive. The messages contained links to fake login pages that captured usernames and passwords. Once credentials were stolen, Buchanan and others in the group used them to access internal systems, impersonate employees, and transfer cryptocurrency from investor accounts. Prosecutors say the stolen crypto was then laundered through a web of anonymous wallets and cryptocurrency mixers, making it nearly impossible to trace.
The scale of the thefts was staggering. Court documents allege that Buchanan’s actions directly contributed to losses exceeding $100 million across multiple incidents. The breaches affected companies in the U.S., U.K., and Canada, with victims spanning industries from e-commerce to software development. One of the most publicized attacks involved a ransomware strike on Marks & Spencer, which disrupted operations for days and forced the retailer to pay an undisclosed ransom to restore systems. While Buchanan wasn’t directly named in that case, prosecutors confirmed his involvement in similar attacks on other tech firms around the same time.
From Dundee to a U.S. prison cell
Buchanan, a native of Dundee, Scotland, was arrested in Spain in early 2024 during a joint operation by U.S. and European law enforcement. Photos published by the Daily Mail show Buchanan as a child and again as an adult being detained by airport authorities in Madrid. His arrest marked a rare success for investigators tracking Scattered Spider, a group that has long operated with near impunity thanks to its use of encrypted communications and a decentralized structure. Buchanan’s guilty plea is the first public admission of guilt from a senior member of the group, though prosecutors say more arrests are likely in the coming months.
The case highlights the growing threat posed by English-speaking cybercrime gangs that blend old-school social engineering with modern cryptocurrency theft. Unlike ransomware groups that demand payments in traditional currency, Scattered Spider and its affiliates prefer crypto because it’s fast, irreversible, and harder to track. Buchanan’s admission also underscores the risks companies face from insider threats—employees or contractors who use their access to facilitate crimes. Prosecutors say Buchanan’s role went beyond phishing; he allegedly helped coordinate the theft of sensitive data and even impersonated executives to authorize fraudulent transactions.
What happens next
Buchanan is scheduled to be sentenced on October 15, 2025. If he receives the maximum penalty, he could spend the next two decades in federal prison. His case is just one of several high-profile prosecutions targeting Scattered Spider’s members, including the recent arrests of two other British nationals in connection with the group’s activities. For now, Buchanan remains in U.S. custody, with authorities reportedly preparing additional charges related to money laundering and computer fraud. The case serves as a warning to other cybercriminals: even the most sophisticated hackers can be caught, especially when they leave a digital trail as visible as Tylerb’s.
What You Need to Know
- Source: Krebs on Security
- Published: April 21, 2026 at 14:53 UTC
- Category: Security
- Topics: #krebs · #security · #cybersecurity · #hacking · #scattered-spider · #member
Read the Full Story
This is a curated summary. For the complete article, original data, quotes and full analysis:
All reporting rights belong to the respective author(s) at Krebs on Security. GlobalBR News summarizes publicly available content to help readers discover the most relevant global news.
Curated by GlobalBR News · April 21, 2026
🇧🇷 Resumo em Português
Um jovem hacker britânico de apenas 24 anos, conhecido no submundo digital como “Tylerb”, admitiu culpa em um tribunal dos Estados Unidos por fraude eletrônica e roubo de identidade, após sua participação em um esquema que desviou dezenas de milhões de dólares em criptomoedas de grandes empresas de tecnologia. Seu caso expõe não apenas a sofisticação crescente dos cibercriminosos, mas também a vulnerabilidade de gigantes do setor, mesmo com altos investimentos em segurança.
A revelação ganha contornos ainda mais preocupantes ao considerar o impacto global, inclusive no Brasil, onde o uso de criptomoedas cresce exponencialmente. Tylerb fazia parte do grupo “Scattered Spider”, especializado em ataques de engenharia social, que enganam vítimas para obter credenciais e acesso a sistemas. Especialistas alertam que, embora o acusado tenha sido identificado, a técnica empregada segue sendo replicada por outros grupos, exigindo maior vigilância por parte das empresas e dos usuários brasileiros, especialmente aqueles menos familiarizados com os riscos digitais.
O desfecho judicial, que pode resultar em anos de prisão para o hacker, serve como alerta para o setor: enquanto a justiça avança contra os responsáveis, os ataques cibernéticos seguem evoluindo, obrigando governos e corporações a reforçarem suas defesas em um cenário cada vez mais complexo.
Krebs on Security
Read full article at Krebs on Security →This post is a curated summary. All rights belong to the original author(s) and Krebs on Security.
Was this article helpful?
Discussion