ZadeNor AI
Back to Blog
Cybersecurity

'Scattered Spider' Member 'Tylerb' Pleads Guilty

May 23, 2026
5 min
589 views
By ZadeNor AI Team
'Scattered Spider' Member 'Tylerb' Pleads Guilty

‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty

The Rise and Fall of a Cybercrime Mastermind: Tylerb's Guilty Plea

Tyler Robert Buchanan, a 24-year-old British national and senior member of the cybercrime group "Scattered Spider," has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Buchanan's hacker handle "Tylerb" once graced a leaderboard in the English-language criminal hacking scene, but now he's facing the possibility of more than 20 years in prison.

The Scattered Spider Group: A Prolific Cybercrime Organization

Scattered Spider is a prolific English-speaking cybercrime group known for using social engineering tactics to break into companies and steal data for ransom. The group impersonates employees or contractors to deceive IT help desks into granting access, often using SMS-based phishing attacks to gain initial entry. In 2022, Scattered Spider launched tens of thousands of SMS-based phishing attacks that led to intrusions at a number of technology companies, including Twilio, LastPass, DoorDash, and Mailchimp.

The SIM-Swapping Scheme: Stealing Cryptocurrency from Individual Investors

After gaining access to company systems, Scattered Spider used stolen data to carry out SIM-swapping attacks that siphoned funds from individual cryptocurrency investors. In an unauthorized SIM-swap, crooks transfer the target's phone number to a device they control and intercept any text messages or phone calls to the victim's device – such as one-time passcodes for authentication and password reset links sent via SMS. The U.S. Justice Department said Buchanan admitted to stealing at least $8 million in virtual currency from individual victims throughout the United States.

The Investigation: Uncovering the Identity of Tylerb

FBI investigators tied Buchanan to the 2022 SMS phishing attacks after discovering the same username and email address was used to register numerous phishing domains seen in the campaign. The domain registrar NameCheap found that less than a month before the phishing spree, the account that registered those domains logged in from an Internet address in the U.K. FBI investigators said the Scottish police told them the address was leased to Buchanan throughout 2022.

The Extradition and Trial: A Long Road to Justice

Buchanan fled the United Kingdom in February 2023, after a rival cybercrime gang hired thugs to invade his home, assault his mother, and threaten to burn him with a blowtorch unless he gave up the keys to his cryptocurrency wallet. He was arrested by Spanish authorities in June 2024 while trying to board a flight to Italy. Buchanan was extradited to the United States and has remained in U.S. federal custody since April 2025.

The Sentencing: A Statutory Maximum of 22 Years in Federal Prison

Buchanan's sentencing hearing is scheduled for August 21, 2026. According to the Justice Department, he faces a statutory maximum sentence of 22 years in federal prison. However, any sentence the judge hands down in this case may be significantly tempered by a number of mitigating factors in the U.S. Sentencing Guidelines, including the defendant's age, criminal history, time already served in U.S. custody, and the degree to which they cooperated with federal authorities.

The Implications: A Warning to Cybercrime Groups and Individuals

The guilty plea of Tylerb serves as a warning to cybercrime groups and individuals that the authorities are taking a tough stance on cybercrime. The use of social engineering tactics and SIM-swapping attacks to steal cryptocurrency is a serious offense that can result in significant prison time. The case also highlights the importance of cooperation with law enforcement and the need for individuals to take steps to protect themselves from cybercrime.

The Future of Cybercrime: A Growing Threat

Cybercrime is a growing threat that is becoming increasingly sophisticated. The use of social engineering tactics and SIM-swapping attacks is just one example of the types of attacks that cybercrime groups are using to steal cryptocurrency and other valuable assets. As the use of cryptocurrency continues to grow, so too will the threat of cybercrime. It is essential that individuals and organizations take steps to protect themselves from cybercrime and that law enforcement agencies continue to work to bring cybercrime groups to justice.

Conclusion

The guilty plea of Tylerb serves as a reminder of the serious consequences of engaging in cybercrime. The use of social engineering tactics and SIM-swapping attacks to steal cryptocurrency is a serious offense that can result in significant prison time. The case also highlights the importance of cooperation with law enforcement and the need for individuals to take steps to protect themselves from cybercrime. As the use of cryptocurrency continues to grow, so too will the threat of cybercrime. It is essential that individuals and organizations take steps to protect themselves from cybercrime and that law enforcement agencies continue to work to bring cybercrime groups to justice.

Source: https://krebsonsecurity.com/2026/04/scattered-spider-member-tylerb-pleads-guilty/

Source: https://krebsonsecurity.com/2026/04/scattered-spider-member-tylerb-pleads-guilty/

About the Author

ZadeNor AI Team is a leading expert in CYBERSECURITY, contributing to cutting-edge research and development in the field.

Share this article

TwitterLinkedInFacebookWhatsAppRedditEmail

Related Posts

Alleged Kimwolf Botmaster 'Dort' Arrested, Charged in U.S. and Canada

Alleged Kimwolf Botmaster 'Dort' Arrested, Charged in U.S. and Canada

Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity publicly named the suspect in February 2026 after the accused launched a volley of DDoS, doxing and swatting campaigns against this author and a security researcher. He now faces criminal hacking charges in both Canada and the United States.

419
5 min
CISA Admin Leaked AWS GovCloud Keys on Github

CISA Admin Leaked AWS GovCloud Keys on Github

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.

411
5 min
Patch Tuesday, April 2026 Edition

Patch Tuesday, April 2026 Edition

Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that can lead to remote code execution.

930
5 min