## Scattered Spider Hacker Faces Prison Time **Tyler Robert Buchanan**, known online as "**Tylerb**," has pleaded guilty in a U.S. court to charges related to his involvement with the cybercrime group **Scattered Spider**. Buchanan admitted to participating in a series of text-message phishing attacks during the summer of 2022, which compromised at least a dozen major technology firms and led to the theft of tens of millions of dollars in cryptocurrency from investors.  _Two photos published in a Daily Mail story dated May 3, 2025 show Buchanan as a child (left) and as an adult being detained by airport authorities in Spain. “M&S” in this screenshot refers to Marks & Spencer, a major U.K. retail chain that suffered a ransomware attack last year at the hands of Scattered Spider._ ## The Modus Operandi: Social Engineering and SIM Swapping **Scattered Spider** is infamous for its sophisticated social engineering tactics. The group often impersonates employees or contractors to deceive IT help desks, gaining unauthorized access to internal networks. Once inside, they steal sensitive data, which is then used for ransom demands or further attacks. Buchanan confessed to conspiring with other members of **Scattered Spider** to launch tens of thousands of SMS-based phishing attacks in 2022. These attacks targeted companies like **Twilio**, **LastPass**, **DoorDash**, and **Mailchimp**. The stolen data was subsequently used to conduct SIM-swapping attacks, targeting individual cryptocurrency investors. By transferring a victim's phone number to a device under their control, the attackers intercepted SMS-based one-time passcodes and password reset links, enabling them to siphon funds from cryptocurrency accounts. The U.S. Justice Department stated that Buchanan admitted to stealing at least $8 million in virtual currency from individual victims throughout the United States. ## Tracing the Digital Footprint FBI investigators linked Buchanan to the 2022 SMS phishing attacks by tracing the username and email address used to register numerous phishing domains. The domain registrar **NameCheap** confirmed that the account used to register these domains logged in from a U.K. Internet address, which Scottish police identified as being leased to Buchanan throughout 2022. ## From Scotland to a U.S. Courtroom Prior to his arrest, Buchanan fled the United Kingdom in February 2023 after an attack on his home by a rival cybercrime gang. He was eventually apprehended by Spanish authorities in June 2024 while attempting to board a flight to Italy and was extradited to the United States in April 2025. Buchanan is not the first **Scattered Spider** member to face justice. **Noah Michael Urban** was sentenced to 10 years in federal prison last year and ordered to pay $13 million in restitution. Other alleged co-conspirators are also facing criminal charges, while two more are slated for trial in the United Kingdom. ## The Com: A Cybercriminal Nexus Investigators believe that **Scattered Spider** is part of a larger cybercriminal community known as "**The Com**." This online network facilitates collaboration between hackers, who often boast about their exploits on platforms like Telegram and Discord. Social engineering remains a core tactic, allowing attackers to gain initial access to corporate networks. Buchanan's sentencing hearing is scheduled for August 21, 2026. He faces a maximum sentence of 22 years in federal prison. However, mitigating factors such as his age, criminal history, and cooperation with authorities could influence the final sentence.