British Scattered Spider hacker pleads guilty to crypto theft charges
British Scattered Spider leader Tyler Buchanan pleads guilty to $8M crypto theft via SMS phishing.
Summary
Tyler Robert Buchanan, 24, believed to be the leader of the Scattered Spider cybercrime collective, has pleaded guilty in U.S. federal court to wire fraud and aggravated identity theft charges. Between September 2021 and April 2023, Buchanan and co-conspirators stole at least $8 million in cryptocurrency by conducting SMS phishing attacks against employees at over a dozen companies, stealing credentials to perform SIM swap attacks and hijack virtual currency wallets. Buchanan faces a maximum 22-year sentence, with sentencing scheduled for August 21, 2026; three co-conspirators also face up to 20 years in prison.
Full text
British Scattered Spider hacker pleads guilty to crypto theft charges By Sergiu Gatlan April 20, 2026 09:33 AM 0 A British man, believed to be the leader of the Scattered Spider cybercrime collective, has pleaded guilty in the United States to charges of wire fraud and aggravated identity theft. In November 2024, U.S. prosecutors accused 24-year-old Tyler Robert Buchanan and four other suspects of stealing at least $8 million in cryptocurrency after hacking at least a dozen companies through text-message phishing attacks between September 2021 and April 2023. The list of breached organizations includes companies from a wide range of industries, such as entertainment, telecommunications, technology, business process outsourcing (BPO), and information technology (IT) suppliers, as well as cloud communications providers, virtual currency providers, and individuals. "As part of the scheme, Buchanan and his co-conspirators conducted Short Message Service (SMS) phishing attacks by sending hundreds of SMS phishing messages to the mobile telephones of a victim company's employees. The messages purported to be from the victim company or a contracted IT or BPO supplier for the victim company," the Justice Department said on Friday. "The SMS phishing messages contained links to phishing websites designed to look like legitimate websites of a victim company or a contracted IT or BPO supplier. The websites then lured the recipient into providing confidential information, including personal identifying information (PII), and account usernames and passwords." According to court documents, they used the stolen information to hijack the victims' email accounts in SIM swap attacks, allowing them to gain control of their phone numbers and virtual currency wallets and transfer millions to wallets they controlled. Buchanan was arrested in June 2024 in Palma de Mallorca, Spain, has been in U.S. federal custody since April 2025, and will be sentenced on August 21, 2026, facing a statutory maximum sentence of 22 years in prison. Three of his accomplices (Ahmed Hossam Eldin Elbadawy, Evans Onyeaka Osiebo, and Joel Martin Evans) were also charged in November 2024 with wire fraud, wire fraud conspiracy, and aggravated identity theft and are facing up to 20 years in federal prison if found guilty. Noah Michael Urban (known online as Sosa and Elijah), a fourth conspirator and another key member of the Scattered Spider cybercrime collective, was sentenced to 10 years in prison after pleading guilty to wire fraud and conspiracy charges one year ago. The Scattered Spider hacking collective Also tracked as 0ktapus, Scatter Swine, Octo Tempest, Starfraud, UNC3944, and Muddled Libra, the Scattered Spider gang is a loose-knit group of English-speaking threat actors (as young as 16) that orchestrates attacks using Telegram channels, Discord servers, and hacker forums. According to the FBI, they're using various tactics to breach corporate networks, including social engineering, phishing, multi-factor authentication (MFA) bombing (targeted MFA fatigue), and SIM swapping. Some Scattered Spider members are also believed to be part of "the Com," another hacking collective linked to violent incidents and cyberattacks. Since the start of 2023, Scattered Spider has also partnered with several Russian ransomware gangs, including BlackCat/AlphV, Qilin, and RansomHub. In July 2024, UK police also arrested another 17-year-old suspected Scattered Spider hacker, believed to have been involved in the 2023 MGM Resorts ransomware attack. Other high-profile attacks linked to this cybercrime group include breaches at Caesars, Riot Games, MailChimp, Twilio, DoorDash, and Reddit. 99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop. Claim Your Spot Related Articles: Over 20,000 crypto fraud victims identified in international crackdownFBI arrests suspect linked to $46M crypto theft from US MarshalsMan gets 30 months for selling thousands of hacked DraftKings accountsUS charges two more suspects with DraftKings account hacksFBI: Americans lost a record $21 billion to cybercrime last year