Back

Scattered Spider Hacker Tyler Buchanan Pleads Guilty to $8 Million Crypto Theft

Severity: High (Score: 65.8)

Sources: www.documentcloud.org, www.mandiant.com, Securityaffairs.Co, www.guidepointsecurity.com, Databreaches

Summary

Tyler Robert Buchanan, a 24-year-old from Scotland, pleaded guilty in a California court to conspiracy to commit wire fraud and aggravated identity theft, linked to the Scattered Spider cybercrime group. He and his co-conspirators executed SMS phishing attacks targeting employees of various companies, leading to the theft of at least $8 million in cryptocurrency between September 2021 and April 2023. The group is known for sophisticated SIM swapping techniques that allowed them to hijack victims' accounts and wallets. Buchanan was arrested in June 2024 in Spain and has been in U.S. custody since April 2025. He faces a maximum sentence of 22 years in prison, with sentencing scheduled for August 21, 2026. Other members of the group, including three co-defendants, are still facing charges. The Scattered Spider group has been implicated in multiple high-profile cyberattacks, including those against MGM Resorts and Caesars Entertainment. Their operations highlight the ongoing threat of organized cybercrime targeting various sectors. Key Points: • Tyler Buchanan pleaded guilty to stealing at least $8 million through phishing and SIM swapping. • The Scattered Spider group used SMS phishing to compromise employee accounts across multiple industries. • Buchanan faces a maximum sentence of 22 years, with three co-defendants still facing charges.

Key Entities

  • Scattered Spider (apt_group)
  • Phishing (attack_type)
  • Caesars (company)
  • Caesars Entertainment (company)
  • Doordash (company)
  • Mailchimp (company)
  • MGM Resorts (company)
  • Scotland (country)
  • Spain (country)
  • United States (country)
  • CWE-287 - Improper Authentication (cwe)
  • Entertainment (industry)
  • Retail (industry)
  • Technology (industry)
  • Telecommunications (industry)
  • T1566.002 - Spearphishing Link (mitre_attack)
  • T1566 - Phishing (mitre_attack)
  • Discord (platform)
  • Telegram (platform)
  • BlackCat/ALPHV (ransomware_group)
  • Qilin (ransomware_group)
  • Ransomhub (ransomware_group)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed