A Scottish man linked to the Scattered Spider cybercrime crew has pleaded guilty in the US to a phishing and SIM-swap scheme that stole at least $8 million in cryptocurrency.
Tyler Robert Buchanan, 24, pleaded guilty in California to one count of conspiracy to commit wire fraud and one count of aggravated identity theft, and now faces a statutory maximum prison sentence of 22 years.
Originally from Dundee, the Scot was arrested in Palma airport in June 2024, and has been held in US custody since April 2025.
His identity was originally withheld from Spanish police reports, which only mentioned the arrest of a 22-year-old Brit with alleged ties to serious cybercrime, although many suspected Buchanan was the individual in question.
Buchanan, who also went by aliases such as “Dread Pirate Roberts,” “Evefan,” and “tylerb,” was formally identified after his extradition from Spain to the US in April last year.
Buchanan admitted to being part of the group that, between September 2021 and April 2023, defrauded at least a dozen US companies, their employees, and various individuals, too.
The Department of Justice (DoJ) did not identify this group as Scattered Spider specifically, although it is widely reported that Buchanan was a member during the specified period.
The Scot further admitted involvement in thefts totaling at least $8 million in virtual currency.
Together with the other alleged co-conspirators named in court documents [PDF], the gang is accused of stealing at least $11 million through a spate of cybercrimes during the year-and-a-half period.
Noah Michael Urban was the first Scattered Spider leader pleaded guilty in the US. He is currently serving a 10-year prison sentence handed to him in August 2025.
Three others – Ahmed Hossam Eldin Elbadawy, 24, Evans Onyeaka Osiebo, 21, and Joel Martin Evans, 26 – still face criminal charges. All three are described as senior figures in the Scattered Spider operation.
SIM swappers, crypto thieves
The offenses described by the DoJ cover both Scattered Spider and Buchanan as an individual.
Scattered Spider’s MO is well-known. They are known for carrying out sophisticated SIM swapping attacks to socially engineer their way into launching financially driven cyberattacks.
The list of Scattered Spider’s victims is enormous. They include MGM Resorts and Caesars Entertainment – both part of the great Las Vegas Casino ransomware attacks of 2023 – Transport for London, and the UK retail attacks of summer 2025.
These attacks, the group’s most notorious, were all carried out after Buchanan’s involvement ended, per the timeline specified by the DoJ.
However, according to the official allegations, Buchanan, Elbadawy, Osiebo, and Urban had various responsibilities when it came to carrying out attacks.
In addition to carrying out the phishing schemes and computer intrusions, all four allegedly worked behind the scenes creating, managing, and paying for infrastructure, like domain names and copycat websites to support the phishing attacks.
One example of the phishing messages sent to victims included warnings that their VPNs were about to expire, and to follow a link to ensure their service remained active.
Others simply involved directing users to fake sites where their credentials were harvested and later used to compromise accounts.
The $8 million that Buchanan pleaded guilty to stealing came from individuals whose cryptocurrency wallets he raided while using data stolen from companies and Scattered Spider’s familiar methods.
“Buchanan further admitted that he and several co-conspirators used the information stolen from company intrusions to identify and gain access to virtual currency accounts and wallets belonging to individual victims to steal millions of dollars’ worth of virtual currency,” the DoJ’s announcement read.
“To gain access to individual victims’ virtual currency wallets and accounts, and bypass two-factor authentication security features, Buchanan and others gained unauthorized access to victims’ online accounts and conducted SIM swaps of victims’ mobile telephone numbers to devices that the conspirators controlled.”
In April 2023, police found evidence at Buchanan’s Scotland residence of names and addresses of individuals, as well as a text file containing wallet seed phrases and the login details for one victim’s account.
Buchanan is set to be sentenced on August 21, 2026. ®
Click Here For The Original Source.
