Inside the Fall of 'Scattered Spider' Hacker Tylerb: 10 Critical Facts

Introduction

In a landmark case that underscores the global reach of cybercrime, a 24-year-old British national named Tyler Robert Buchanan — known by his online alias "Tylerb" — has pleaded guilty to wire fraud conspiracy and aggravated identity theft. As a senior member of the notorious cybercrime group Scattered Spider, Buchanan orchestrated a series of sophisticated text-message phishing attacks during the summer of 2022 that targeted major technology companies and siphoned tens of millions of dollars from cryptocurrency investors. Now in U.S. custody and facing a potential sentence of over 20 years, his case offers a rare glimpse into the inner workings of one of the English-speaking world's most prolific hacking collectives. Below are 10 critical takeaways from this case, each revealing a layer of the plot that led to his downfall.

1. The Guilty Plea: A Rare Admission

On [date], Tyler Robert Buchanan stood before a U.S. federal court and formally admitted to charges of wire fraud conspiracy and aggravated identity theft. This guilty plea is a significant milestone in the fight against cybercrime, as it marks one of the few times a high-ranking member of Scattered Spider has faced legal consequences. Buchanan acknowledged his role in a coordinated phishing campaign that leveraged SMS messages to trick employees into revealing login credentials. The plea agreement also implicates unnamed co-conspirators, hinting at a broader web of criminal activity that law enforcement continues to unravel.

2. Who Is "Tylerb"? A Hacker on the Rise

Buchanan's hacker handle "Tylerb" once topped leaderboards in English-language cybercriminal forums that ranked the most prolific thieves. Originating from Dundee, Scotland, he was a rising star in the illegal hacking scene before his arrest. His skills in social engineering and phishing made him a valuable asset to Scattered Spider. A Daily Mail article from May 2025 published two revealing photos: one of Buchanan as a child, and another showing him being detained by Spanish airport authorities. The contrast between his normal upbringing and his criminal trajectory highlights how cybercrime can lure young talents into a life of theft and fraud.

3. The SMS Phishing Campaign: How It Worked

During the summer of 2022, Buchanan and his accomplices launched tens of thousands of SMS-based phishing attacks. These messages were carefully crafted to impersonate legitimate companies, tricking recipients into clicking malicious links that harvested credentials. The sheer volume of messages — sent to employees of targeted firms — overwhelmed security protocols and allowed the group to breach networks undetected. This tactic, known as smishing, exploits human trust rather than technical vulnerabilities, making it especially dangerous. The Justice Department confirmed that Buchanan admitted to orchestrating this campaign, which served as the gateway to larger attacks.

4. Companies Under Fire: Twilio, LastPass, and More

The phishing spree successfully infiltrated at least a dozen major technology companies, including household names like Twilio, LastPass, DoorDash, and Mailchimp. Each intrusion provided Scattered Spider with sensitive data, ranging from employee credentials to customer information. For example, the Twilio breach exposed internal systems that later allowed the group to target cryptocurrency investors. Similarly, the LastPass hack compromised vaults holding thousands of users' passwords. These attacks demonstrate the interconnected nature of modern cybercrime: a single phishing email can cascade into a multi-company catastrophe.

5. SIM Swapping: The Crypto Theft Method

After stealing data from companies, the group pivoted to SIM-swapping attacks to empty cryptocurrency wallets. In a SIM swap, criminals transfer a victim's phone number to a device they control, intercepting SMS-based two-factor authentication codes. This allowed them to reset passwords and drain digital currency holdings. Buchanan admitted to orchestrating these swaps, which targeted individual investors across the United States. The technique exploits the common use of SMS for account recovery, a security weakness that law enforcement and tech firms are now racing to address.

6. The Stolen Funds: At Least $8 Million

As part of his plea, Buchanan confessed to stealing no less than $8 million in virtual currency from victims spread throughout the U.S. This figure likely represents only a portion of the group's total haul, which federal investigators estimate to be tens of millions. The stolen crypto was quickly laundered through mixers and exchanges, making recovery difficult. However, the admission of guilt means Buchanan must now forfeit any remaining assets and provide restitution. The financial impact on victims — many of whom lost life savings — underscores the human cost of cybercrime.

7. The FBI Investigation: Tracing the Digital Footprint

Federal Bureau of Investigation agents linked Buchanan to the 2022 phishing attacks through a meticulous digital trail. They discovered that the same username and email address used to register numerous phishing domains were also used to log into a domain registrar account from a U.K. internet address. That address, according to Scottish police, was leased to Buchanan throughout 2022. This breadcrumb — combined with IP logs and registrar data — built a compelling case. The investigation showcases how cooperation between international law enforcement agencies can unravel even the most careful cybercriminals.

8. A Violent Rivalry: The Home Invasion

Buchanan's criminal career took a dark turn in February 2023 when a rival cybercrime gang hired thugs to invade his home in Scotland. The assailants assaulted his mother and threatened to burn him with a blowtorch unless he surrendered the keys to his cryptocurrency wallet. This harrowing incident, first reported by KrebsOnSecurity, forced Buchanan to flee the United Kingdom. It illustrates the dangerous world of cybercrime, where online disputes can escalate into real-world violence. The attack also disrupted his operations, potentially accelerating his eventual capture.

9. Flight and Arrest: From Scotland to Spain

After the home invasion, Buchanan went on the run, eventually making his way to Spain. U.K. investigators found a device at his property that contained evidence of the phishing campaign, but he had already left. Spanish authorities detained him at an airport, and he was later extradited to the United States. The Marks & Spencer reference in the Daily Mail photo caption alludes to a separate Scattered Spider ransomware attack on the U.K. retail chain in 2024 — further evidence of the group's reach. Buchanan's arrest in Spain underscores the global cooperation needed to bring cybercriminals to justice.

10. The Sentence Ahead: Over 20 Years Possible

Now in federal custody awaiting sentencing, Buchanan faces a maximum of more than 20 years in prison. The combination of wire fraud conspiracy and aggravated identity theft carries severe penalties, especially given the scale of the theft and the use of identity information. His sentencing will send a message to other members of Scattered Spider and the broader hacking community. Moreover, the case highlights the vulnerability of SMS-based authentication and the need for stronger security measures, such as app-based authentication or hardware keys. Buchanan's fall from the top of a leaderboard to a prison cell is a cautionary tale for aspiring cybercriminals everywhere.

Conclusion

The guilty plea of Tyler Robert Buchanan — the Scattered Spider member known as "Tylerb" — represents a significant victory for law enforcement and a stark warning for the cyber underground. From his rise on hacker leaderboards to his arrest in Spain, his story is laced with ambition, violence, and eventual consequence. The phishing and SIM-swapping attacks he led cost investors millions, but the investigation that caught him proves that digital crimes leave indelible traces. As the Justice Department continues to dismantle Scattered Spider, Buchanan's case stands as a reminder that even the most cunning hackers can be brought to justice. For the rest of us, it reinforces the importance of staying vigilant against phishing attempts and securing our online accounts with more robust authentication methods. The sky is no longer the limit for cybercriminals — the net is closing in.