Cybercrime British Scattered Spider Hacker Pleads Guilty in the US Tyler Buchanan admitted in court to hacking into various companies, defrauding them, and stealing cryptocurrency from multiple individuals. By Ionut Arghire | April 20, 2026 (8:21 AM ET) Flipboard Reddit Whatsapp Whatsapp Email A British national has pleaded guilty in a US court to conspiracy to hack into the networks of dozens of companies and to stealing millions in cryptocurrency, the Department of Justice announced. The man, Tyler Robert Buchanan, 24, of Dundee, Scotland, was arrested in June 2024 in Spain and was charged in the US in November 2024 for his role in the financially motivated hacking group Scattered Spider. Buchanan admitted to conducting SMS phishing attacks, bombarding a victim company’s employees with hundreds of messages linking to phishing sites designed to harvest credentials and personally identifiable information (PII). Using the stolen information, Buchanan and his co-conspirators accessed the employees’ accounts and the victim company’s systems, stealing sensitive information such as intellectual property, PII, credentials, and confidential documents. They used a phishing kit to capture the employees’ credentials and send them to a Telegram channel that Buchanan and a co-conspirator managed. Buchanan also admitted to using the stolen information to identify virtual currency accounts and wallets of numerous individuals. He and his co-conspirators stole at least $8 million in cryptocurrency from victims in the US. Advertisement. Scroll to continue reading. To access the wallets and bypass multi-factor authentication (MFA), the conspirators relied on SIM swapping, which involves reassigning the victim’s phone number to a SIM card under the attackers’ control. This allowed the hackers to intercept two-factor authentication codes and access the victims’ accounts. In April 2023, law enforcement found at Buchanan’s Scotland residence a device containing the names and addresses of multiple victims, as well as a file containing cryptocurrency seed phrases and login information for a victim account. Buchanan is scheduled for sentencing on August 21. In August last year, his co-conspirator Noah Michael Urban was sentenced to 10 years in prison for his role in the Scattered Spider group. Three other individuals were charged in the case: Ahmed Hossam Eldin Elbadawy, 23, of College Station, Texas; Evans Onyeaka Osiebo, 20, of Dallas, Texas; and Joel Martin Evans, 25, of Jacksonville, North Carolina. Also known as Muddled Libra, Scatter Swine, Starfraud, and UNC3944, Scattered Spider made headlines several times over the past years for high-profile cyber intrusions such as the hospitality and entertainment giant MGM Resorts and last year’s attacks against retailers in the UK and the US. Related: Another DraftKings Hacker Sentenced to Prison Related: Two North Korean IT Worker Scheme Facilitators Jailed in the US Related: Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure Related: 53 DDoS Domains Taken Down by Law Enforcement Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Two North Korean IT Worker Scheme Facilitators Jailed in the US Cursor AI Vulnerability Exposed Developer Devices 53 DDoS Domains Taken Down by Law Enforcement Artemis Emerges From Stealth With $70 Million in Funding Splunk Enterprise Update Patches Code Execution Vulnerability NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software Cisco Patches Critical Vulnerabilities in Webex, ISE Ransomware Hits Automotive Data Expert Autovista Latest News Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking Hackers Abuse QEMU for Defense Evasion Bluesky Disrupted by Sophisticated DDoS Attack Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in House Half of the 6 Million Internet-Facing FTP Servers Lack Encryption Next.js Creator Vercel Hacked Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: A Step-by-Step Approach to AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move Anti-ransomware platform Halcyon has named Kirstjen Nielsen and Chris Inglis as Strategic Advisors. ThreatModeler has appointed Kevin Gallagher as Chief Executive Officer. Thomas Bain has been appointed Chief Marketing Officer at Silent Push. More People On The Move Expert Insights Government Can’t Win the Cyber War Without the Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email