Scot Pleads Guilty in Scattered Spider Cybercrime Case
Scot Pleads Guilty in Scattered Spider Cybercrime Case 🚨
A Scottish man linked to the Scattered Spider cybercrime crew has pleaded guilty in the US to a phishing and SIM-swap scheme that stole at least $8 million in cryptocurrency. Tyler Robert Buchanan, 24, pleaded guilty in California to one count of conspiracy to commit wire fraud and one count of aggravated identity theft, facing a statutory maximum prison sentence of 22 years.
Buchanan admitted to being part of the group that, between September 2021 and April 2023, defrauded at least a dozen US companies, their employees, and various individuals. He further acknowledged involvement in thefts totaling at least $8 million in virtual currency.
Buchanan, who also went by aliases such as “Dread Pirate Roberts,” “Evefan,” and “tylerb,” was formally identified after his extradition from Spain to the US in April last year. The Department of Justice (DoJ) did not specifically identify this group as Scattered Spider, although it is widely reported that Buchanan was a member during the specified period.
Noah Michael Urban was the first Scattered Spider leader to plead guilty in the US and is currently serving a 10-year prison sentence handed to him in August 2025. Three others - Ahmed Hossam Eldin Elbadawy, 24, Evans Onyeaka Osiebo, 21, and Joel Martin Evans, 26 - still face criminal charges and are described as senior figures in the Scattered Spider operation.
Scattered Spider’s modus operandi is well-known for carrying out sophisticated SIM swapping attacks to socially engineer their way into launching financially driven cyberattacks. According to the official allegations, Buchanan, Elbadawy, Osiebo, and Urban had various responsibilities in executing these attacks. They not only carried out phishing schemes and computer intrusions but also worked behind the scenes to create, manage, and pay for infrastructure, like domain names and copycat websites to support the phishing attacks.
One example of the phishing messages sent to victims included warnings that their VPNs were about to expire, urging them to follow a link to ensure their service remained active. Others simply directed users to fake sites where their credentials were harvested and later used to compromise accounts.
Buchanan further admitted that he and several co-conspirators used the information stolen from company intrusions to identify and gain access to virtual currency accounts and wallets belonging to individual victims, stealing millions of dollars’ worth of virtual currency. To gain access to individual victims’ virtual currency wallets and accounts, and bypass two-factor authentication security features, Buchanan and others gained unauthorized access to victims’ online accounts and conducted SIM swaps of victims’ mobile telephone numbers to devices controlled by the conspirators.
In April 2023, police found evidence at Buchanan’s Scotland residence, including names and addresses of individuals, as well as a text file containing wallet seed phrases and the login details for one victim’s account. Buchanan is set to be sentenced on August 21, 2026.