Scattered Spider Hacker Admits $8M Crypto Theft

A 24-year-old man from Scotland has admitted his role in a sophisticated cybercrime operation that defrauded American victims of more than $8 million in cryptocurrency. Tyler Robert Buchanan of Dundee entered a guilty plea to charges of conspiracy to commit wire fraud and aggravated identity theft. His admission is part of a broader case against the Scattered Spider hacking group, a collective known for its aggressive social engineering campaigns.

Federal authorities in the United States initially charged Buchanan and four other alleged group members in November 2024. The indictment detailed a scheme that ran from September 2021 through April 2023, targeting a wide array of victims. These included companies in the interactive entertainment, telecommunications, and technology sectors, alongside business process outsourcing firms, IT service providers, cloud communications companies, and individual cryptocurrency holders.

The group’s primary method was SMS phishing attacks, also known as smishing. Buchanan and his accomplices sent hundreds of deceptive text messages to employees at their target companies. These messages were crafted to appear as official communications from the victim’s organization or a trusted IT supplier. Each text contained a link directing the recipient to a fraudulent website that mimicked a legitimate login portal. Once there, employees were tricked into surrendering sensitive personal identifying information (PII), usernames, and passwords.

This stolen access allowed the hackers to breach corporate systems and ultimately siphon off virtual currency. Evidence of the scheme was discovered during a search of Buchanan’s residence in April 2023. Police found a digital device containing the names and addresses of numerous victims, along with a text file holding cryptocurrency seed phrases and account login credentials.

Buchanan, who has been in federal custody since April 2025, now faces a maximum sentence of 22 years in prison. One of his co-conspirators, Noah Michael Urban, is already serving a 10-year federal sentence and was ordered to pay $13 million in restitution after pleading guilty last year. Three other defendants charged alongside Buchanan, Ahmed Hossam Eldin Elbadawy, Evans Onyeaka Osiebo, and Joel Martin Evans, are still awaiting trial on related criminal charges.

Also identified by cybersecurity researchers as UNC3944, Muddled Libra, and Octo Tempest, the Scattered Spider group is notable for its composition of young, native English-speaking hackers. They specialize in social engineering tactics, often impersonating IT and help-desk personnel to gain initial access, bypass multi-factor authentication, and compromise entire enterprise networks. The group rose to prominence following major attacks on Caesars Entertainment and MGM Resorts International, where they executed high-profile hacks and extortion campaigns against the casino giants.

Despite increasing law enforcement pressure and the arrest of several members, including four linked to ransomware attacks on UK retailers last year, the group persists in its activities. Analysts note that new members frequently replace those apprehended, indicating the ongoing challenge of dismantling such adaptive cybercrime networks.